CVE-2022-25819

CVE-2022-25819 is an OOB read vulnerability in the hdcp2 device node prior to Samsung SMR Mar-2022 Release 1, allowing an attacker to view kernel stack memory. Affected component: hdcp2 device node; root cause: out-of-bounds read. Impact: potential kernel memory exposure. Remediation: Samsung pro...

CVE-2021-43619

Trusted Firmware M 1.4.x through 1.4.1 has a buffer overflow issue in the Firmware Update partition. In the IPC model, a psafwuwrite caller from SPE or NSPE can overwrite stack memory locations...

Buffer overflow

Trusted Firmware M 1.4.x through 1.4.1 has a buffer overflow issue in the Firmware Update partition. In the IPC model, a psafwuwrite caller from SPE or NSPE can overwrite stack memory locations...

CVE-2021-43619

Trusted Firmware M 1.4.x through 1.4.1 has a buffer overflow issue in the Firmware Update partition. In the IPC model, a psafwuwrite caller from SPE or NSPE can overwrite stack memory locations...

Security Bulletin: IBM Spectrum Control (formerly IBM Tivoli Storage Productivity is affected by an OpenSSL vulnerabilitiy (CVE-2018-0739)

Summary An OpenSSL vulnerability was disclosed March 2018 by the OpenSSL Project. OpenSSL, used by IBM Spectrum Control formerly Tivoli Storage Productivity Center, has addressed the applicable CVE. Vulnerability Details CVEID: CVE-2018-0739 DESCRIPTION: OpenSSL is vulnerable to a denial of...

Mageia: Security Advisory (MGASA-2017-0003)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mageia: Security Advisory (MGASA-2020-0205)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mageia: Security Advisory (MGASA-2017-0094)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mageia: Security Advisory (MGASA-2015-0038)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2021-46195

A flaw was discovered in the GNU libiberty library within the demanglepath function in rust-demangle.c, as distributed in the GNU Compiler Collection GCC. This flaw allows a crafted symbol to cause stack memory to be exhausted, leading to a crash...

Real-Time Innovations Connext Dds多款产品缓冲区错误漏洞

Real-Time Innovations Connext Dds Professional and Connext Dds Secure are both products of Real-Time Innovations, Inc. Connext Dds Professional is a software framework designed to meet the demanding connectivity requirements of autonomous systems. Connext Dds Secure is a trusted software...

EulerOS 2.0 SP5 : exiv2 (EulerOS-SA-2021-2495)

According to the versions of the exiv2 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. A read of uninitialize...

Stack-based Buffer Overflow in gwsw/less

Description The less utility is a pager used by many applications and setups. One such setup is access to log files. If permissions are not sufficient for regular users, less can be called with sudo. LESSSECURE=1 can be set to disable many dangerous operations which a regular user should not be...

OracleVM 3.4 : kernel-uek (OVMSA-2021-0030)

The remote OracleVM system is missing necessary patches to address security updates: - In the Android kernel in Pixel C USB monitor driver there is a possible OOB write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User...

Buffer overflow and format vulnerabilities in ncurses

ncurses exposes functions from the ncurses library which: Pass buffers without length to C functions that may write an arbitrary amount of data, leading to a buffer overflow. instr, mvwinstr, etc Passes rust &str to strings expecting C format arguments, allowing hostile input to execute a format...

Information Disclosure

Linux is vulnerability information disclosure. The vulnerability exists due to uninitialized data structure from the kernel stack memory...

openSUSE 15 Security Update : libu2f-host (openSUSE-SU-2021:1755-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:1755-1 advisory. - Yubico libu2f-host 1.1.6 contains unchecked buffers in devs.c, which could enable a malicious token to exploit a buffer overflow. An...

SUSE SLES12 Security Update : kernel (SUSE-SU-2021:2321-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:2321-1 advisory. - An issue was discovered in the Linux kernel before 5.0.19. The XFRM subsystem has a use-after-free, related to an xfrmstatefini...

SUSE-SU-2021:2324-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-33624: Fixed a bug which allows unprivileged BPF program to leak the contents of arbitrary kernel memory and therefore, of all physical memory via a...

FreeBSD : Exiv2 -- Multiple vulnerabilities (d49f86ab-d9c7-11eb-a200-00155d01f201)

Exiv2 teams reports : Multiple vulnerabilities covering buffer overflows, out-of-bounds, read of uninitialized memory and denial of serivce. The heap overflow is triggered when Exiv2 is used to read the metadata of a crafted image file. An attacker could potentially exploit the vulnerability to...