14 matches found
Updated xrdp packages fix security vulnerability
The updated packages fix a security vulnerability Access to the font glyphs in xrdppainter.c is not bounds-checked. Since some of this data is controllable by the user, this can result in an out-of-bounds read within the xrdp executable. The vulnerability allows an out-of-bounds read within a...
CVE-2023-42822
xrdp is an open source remote desktop protocol server. Access to the font glyphs in xrdppainter.c is not bounds-checked . Since some of this data is controllable by the user, this can result in an out-of-bounds read within the xrdp executable. The vulnerability allows an out-of-bounds read within...
CVE-2023-42822
xrdp is an open source remote desktop protocol server. Access to the font glyphs in xrdppainter.c is not bounds-checked . Since some of this data is controllable by the user, this can result in an out-of-bounds read within the xrdp executable. The vulnerability allows an out-of-bounds read within...
CVE-2023-42822 Unchecked access to font glyph info in xrdp
xrdp is an open source remote desktop protocol server. Access to the font glyphs in xrdppainter.c is not bounds-checked . Since some of this data is controllable by the user, this can result in an out-of-bounds read within the xrdp executable. The vulnerability allows an out-of-bounds read within...
xrdp -- unchecked access to font glyph info
xrdp team reports: Access to the font glyphs in xrdppainter.c is not bounds-checked. Since some of this data is controllable by the user, this can result in an out-of-bounds read within the xrdp executable. The vulnerability allows an out-of-bounds read within a potentially privileged process. On...
Vyper's `_abi_decode` input not validated in complex expressions
Impact abidecode does not validate input when it is nested in an expression. the following example gets correctly validated bounds checked: vyper x: int128 = abidecodeslicemsg.data, 4, 32, int128 however, the following example is not bounds checked vyper @external def abidecodex: uint256 - uint25...
GHSA-5X36-7567-3CW6 partial_sort contains Out-of-bounds Read in release mode
Affected versions of this crate were using a debug assertion to validate the last parameter of partialsort. This would allow invalid inputs to cause an out-of-bounds read instead of immediately panicking, when compiled without debug assertions. All writes are bounds-checked, so the out-of-bounds...
Possible out-of-bounds read in release mode
Affected versions of this crate were using a debug assertion to validate the last parameter of partialsort. This would allow invalid inputs to cause an out-of-bounds read instead of immediately panicking, when compiled without debug assertions. All writes are bounds-checked, so the out-of-bounds...
RUSTSEC-2023-0016 Possible out-of-bounds read in release mode
Affected versions of this crate were using a debug assertion to validate the last parameter of partialsort. This would allow invalid inputs to cause an out-of-bounds read instead of immediately panicking, when compiled without debug assertions. All writes are bounds-checked, so the out-of-bounds...
OracleVM 3.2 : xen (OVMSA-2017-0159)
The remote OracleVM system is missing necessary patches to address critical security updates : - The code of OVM3.2.9 is quite old, there is no getpage/putpage pair to protect the ownership and references of page table page which is mapped in emulatemapdest. This patch fix it by adding getpage in...
Design/Logic Flaw
For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in the kernel mode layer nvlddmkm.sys handler for DxgDdiEscape where a user input to index an array is not bounds checked, leading to denial of...
CVE-2016-7381
For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in the kernel mode layer nvlddmkm.sys handler for DxgDdiEscape where a user input to index an array is not bounds checked, leading to denial of...
Comodo AntiVirus - Heap Overflow in LZX Decompression
Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=737 LzxDecoder::init initializes the vector LzxDecoder-window to a fixed size of 2^method bytes, which is then used during LzxDecoder::Extract. It's possible for LZX compressed streams to exceed this size. Writes to the window buff...
USN-693-1: LittleCMS vulnerability
It was discovered that certain gamma operations in lcms were not correctly bounds-checked. If a user or automated system were tricked into processing a malicious image, a remote attacker could crash applications linked against liblcms1, leading to a denial of service, or possibly execute arbitrar...