CVE-2020-13987

An issue was discovered in Contiki through 3.0. An Out-of-Bounds Read vulnerability exists in the uIP TCP/IP Stack component when calculating the checksums for IP packets in upperlayerchksum in net/ipv4/uip.c...

Contiki-NG 输入验证错误漏洞

Contiki is an open source, highly portable, networked multitasking operating system for memory-constrained systems. An infinite loop vulnerability exists in the processing of IPv6 extended headers in exthdroptionsprocess in net/ipv6/uip6.c in the uIP TCP/IP stack component in Contiki 3.0 and...

The vulnerability of Moxa EDR-G902 and EDR-G903 microcontroller-based software, related to buffer overflow in the stack, allows attackers to compromise the confidentiality, integrity, or accessibility of the protected information.

The vulnerability of the microprogramming software of Moxa EDR-G902 and EDR-G903 is related to buffer overflow in the stack. Exploiting this vulnerability can allow an attacker to compromise the confidentiality, integrity, or accessibility of the protected information...

Treck TCP/IP Stack Input Validation Error Vulnerability

Treck TCP/IP is a suite of TCP Transmission Control Protocol/IP Internet Interconnection Protocol from Treck, Inc. dedicated to embedded systems. An input validation error vulnerability exists in the Treck TCP/IP stack. The vulnerability originates from a network system or product that does not...

DEBIAN-CVE-2019-15691

TigerVNC version prior to 1.10.1 is vulnerable to stack use-after-return, which occurs due to incorrect usage of stack memory in ZRLEDecoder. If decoding routine would throw an exception, ZRLEDecoder may try to access stack variable, which has been already freed during the process of stack...

CVE-2019-10269

BWA aka Burrow-Wheeler Aligner before 2019-01-23 has a stack-based buffer overflow in the bnsrestore function in bntseq.c via a long sequence name in a .alt file...

The vulnerability of the network stack implementation in Cisco NX-OSS devices allows a hacker to induce a service failure.

The vulnerability of the network stack implementation in Cisco NX-OSS devices relates to resource management errors. Exploiting this vulnerability can allow a malicious actor to cause service interruptions remotely...

CVE-2018-20679

An issue was discovered in BusyBox before 1.30.0. An out of bounds read in udhcp components consumed by the DHCP server, client, and relay allows a remote attacker to leak sensitive information from the stack by sending a crafted DHCP message. This is related to verification in udhcpgetoption in...

CVE-2018-6922

creationtimestamp| type| source ---|---|--- 2018-12-31 08:32:57+00:00| seen| https://www.kyberturvallisuuskeskus.fi/fi/tcp-pinojen-haavoittuvuus...

CVE-2018-19974

In YARA 3.8.1, bytecode in a specially crafted compiled rule can read uninitialized data from VM scratch memory in libyara/exec.c. This can allow attackers to discover addresses in the real stack not the YARA virtual stack...

DEBIAN-CVE-2018-18700

An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. There is a stack consumption vulnerability resulting from infinite recursion in the functions dname, dencoding, and dlocalname in cp-demangle.c. Remote attackers could leverage this vulnerability to...

DEBIAN-CVE-2018-17281

There is a stack consumption vulnerability in the reshttpwebsocket.so module of Asterisk through 13.23.0, 14.7.x through 14.7.7, and 15.x through 15.6.0 and Certified Asterisk through 13.21-cert2. It allows an attacker to crash Asterisk via a specially crafted HTTP request to upgrade the connecti...

UBUNTU-CVE-2018-17281

There is a stack consumption vulnerability in the reshttpwebsocket.so module of Asterisk through 13.23.0, 14.7.x through 14.7.7, and 15.x through 15.6.0 and Certified Asterisk through 13.21-cert2. It allows an attacker to crash Asterisk via a specially crafted HTTP request to upgrade the connecti...

The vulnerability of the Qualcomm Data Network Stack & Connectivity component of the Android operating system allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the Qualcomm Data Network Stack & Connectivity component of the Android operating system relates to the use of memory after it is freed during event processing by the DPM framework. Exploiting this vulnerability can allow a remote attacker to compromise the confidentiality,...

oniguruma: Out-of-bounds stack read in match_at() during regular expression searching

An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds read occurs in matchat during regular expression searching. A logical error involving order of validation and access in matchat could result in an...

SUSE-SU-2017:2780-1 Security update for Linux Kernel Live Patch 21 for SLE 12

This update for the Linux Kernel 3.12.61-5272 fixes one issue. The following security bugs were fixed: - CVE-2017-15274: security/keys/keyctl.c in the Linux kernel did not consider the case of a NULL payload in conjunction with a nonzero length value, which allowed local users to cause a denial o...

SUSE-SU-2017:2769-1 Security update for Linux Kernel Live Patch 20 for SLE 12

This update for the Linux Kernel 3.12.61-5269 fixes one issue. The following security bugs were fixed: - CVE-2017-15274: security/keys/keyctl.c in the Linux kernel did not consider the case of a NULL payload in conjunction with a nonzero length value, which allowed local users to cause a denial o...

Out-of-Bounds

Overview Affected versions of this package are vulnerable to Out-of-Bounds. A stack-consumption vulnerability was found in libqpdf in QPDF 6.0.0, which allows attackers to cause a denial of service via a crafted file, related to the QPDF::resolveObjectsInStream function in QPDF.cc, aka an "infini...

CVE-2017-1000376

libffi requests an executable stack allowing attackers to more easily trigger arbitrary code execution by overwriting the stack. Please note that libffi is used by a number of other libraries. It was previously stated that this affects libffi version 3.2.1 but this appears to be incorrect. libffi...

PT-2017-19106 · Gnu +1 · Gnuplot +1

Name of the Vulnerable Software and Affected Versions: gnuplot version 5.2.rc1 Description: The issue is related to an uninitialized stack variable vulnerability in the load tic series function in set.c. This vulnerability can be exploited when a victim opens a specially crafted file, potentially...