PT-2023-12966 · Intel · Intel Server Boards

Name of the Vulnerable Software and Affected Versions: IntelR Server Board BIOS firmware affected versions not specified Description: The issue is related to improper buffer restrictions in the BIOS firmware, which may allow a privileged user to potentially enable escalation of privilege via loca...

Information disclosure

Access of memory location after end of buffer issue exists in TELLUS v4.0.15.0 and TELLUS Lite v4.0.15.0. Opening a specially crafted V8 file may lead to information disclosure and/or arbitrary code execution...

CVE-2023-32270

Access of memory location after end of buffer issue exists in TELLUS v4.0.15.0 and TELLUS Lite v4.0.15.0. Opening a specially crafted V8 file may lead to information disclosure and/or arbitrary code execution...

PT-2023-14039 · Intel · Intel Qat Driver For Linux

Name of the Vulnerable Software and Affected Versions: Intel QAT Driver for Linux versions prior to 1.7.l.4.12 Description: The issue is related to improper buffer restriction in the software, which may allow an authenticated user to potentially enable denial of service via local access...

SUSE CVE-2020-28010

Exim 4 before 4.94.2 allows Out-of-bounds Write because the main function, while setuid root, copies the current working directory pathname into a buffer that is too small on some common platforms...

The vulnerability of the jsonrpc microprogramming system used in D-Link DIR-825 routers allows a hacker to execute arbitrary code or cause a service failure.

The vulnerability of the jsonrpc microprogramming system used in D-Link DIR-825 routers lies in the fact that the operation results are stored outside of the buffer in memory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code or cause service failures...

Mozilla: Symlinks may resolve to partially uninitialized buffers

The Mozilla Foundation Security Advisory describes this flaw as: When resolving a symlink such as file:///proc/self/fd/1, an error message may be produced where the symlink was resolved to a string containing unitialized memory in the buffer...

Mozilla: Symlinks may resolve to partially uninitialized buffers

The Mozilla Foundation Security Advisory describes this flaw as: When resolving a symlink such as file:///proc/self/fd/1, an error message may be produced where the symlink was resolved to a string containing unitialized memory in the buffer...

NonCustodialPSM.mint and redeem using mint control buffer in the inverted way

Lines of code Vulnerability details Impact Now there is no control of VOLT's issuance. For example, super fast VOLT mining is allowed, while mint control buffer will sit capped at its bufferCap, not affecting anything. This way mint speed control is disabled. The issue is that NonCustodialPSM.min...

CLSA-2022-1646915699 Fix CVE(s): CVE-2022-0729, CVE-2022-0572, CVE-2022-0685, CVE-2022-0554

SECURITY UPDATE: May end up with no current buffer - debian/patches/CVE-2022-0554.patch: When deleting the current buffer to not pick a quickfix buffer as the new current buffer - CVE-2022-0554 SECURITY UPDATE: Crash when repeatedly using :retab - debian/patches/CVE-2022-0572.patch: Bail out when...

CLSA-2022-1646915634 Fixed CVEs in vim: CVE-2022-0729, CVE-2022-0572, CVE-2022-0554, CVE-2022-0685

CVE-2022-0554: fix ending up with no current buffer - CVE-2022-0572: fix crashing when repeatedly using :retab - CVE-2022-0685: fix crashing when using special multi-byte character - CVE-2022-0729: fix crashing with specific regexp pattern and string...

The vulnerability of the win_lbr_chartabsize() function in the Vim text editor, which allows a hacker to cause a service failure

The vulnerability of the winlbrchartabsize function in the Vim text editor is related to the occurrence of an operation outside the buffer during the use of the “vartabstop” value. Exploiting this vulnerability can allow a hacker to cause a service failure using a specially created file...

Design/Logic Flaw

LibEtPan through 1.9.4, as used in MailCore 2 through 0.6.3 and other products, has a STARTTLS buffering issue that affects IMAP, SMTP, and POP3. When a server sends a "begin TLS" response, the client reads additional data e.g., from a meddler-in-the-middle attacker and evaluates it in a TLS...

DEBIAN-CVE-2020-4067

In coturn before version 4.5.1.3, there is an issue whereby STUN/TURN response buffer is not initialized properly. There is a leak of information between different client connections. One client an attacker could use their connection to intelligently query coturn to get interesting bytes in the...

The vulnerability of the oemcmd_handler function in the Android operating system’s WLAN component from the CAF repository allows a hacker to disclose protected information.

The vulnerability of the oemcmdhandler function in the Android operating system’s WLAN component from the CAF repository is related to the execution of operations outside the buffer in memory. Exploiting this vulnerability could allow a malicious actor to disclose sensitive information using a...

CVE-2017-8257

In all Qualcomm products with Android releases from CAF using the Linux kernel, when accessing the sderotator debug interface for register reading with multiple processes, one process can free the debug buffer while another process still has the debug buffer in use...