Linux: buffer overrun in netback due to unusual packet

ISSUE DESCRIPTION The fix for XSA-423 added logic to Linux'es netback driver to deal with a frontend splitting a packet in a way such that not all of the headers would come in one piece. Unfortunately the logic introduced there didn't account for the extreme case of the entire packet being split...

CVE-2023-39181

A vulnerability has been identified in Solid Edge SE2023 All versions V223.0 Update 7. The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted PAR file. This could allow an attacker to execute code in the context of the curren...

CVE-2023-38679

A vulnerability has been identified in Tecnomatix Plant Simulation V2201 All versions V2201.0008, Tecnomatix Plant Simulation V2302 All versions V2302.0002. The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. Thi...

The vulnerability of the CmpTraceMgr component in CODESYS and Schneider Electric software products allows a hacker to trigger a service failure or execute arbitrary code.

The vulnerability of the CmpTraceMgr component in CODESYS and Schneider Electric software products relates to the ability to write data beyond the buffer boundaries into memory. Exploiting this vulnerability could allow a remote attacker to cause service interruptions or execute arbitrary code...

The vulnerability of the CmpTraceMgr component in CODESYS and Schneider Electric software products allows a hacker to trigger a service failure or execute arbitrary code.

The vulnerability of the CmpTraceMgr component in CODESYS and Schneider Electric software products relates to the ability to write data beyond the buffer boundaries into memory. Exploiting this vulnerability could allow a remote attacker to cause service interruptions or execute arbitrary code...

The vulnerability of the CmpTraceMgr component in CODESYS and Schneider Electric software products allows a hacker to trigger a service failure or execute arbitrary code.

The vulnerability of the CmpTraceMgr component in CODESYS and Schneider Electric software products relates to the ability to write data beyond the buffer boundaries into memory. Exploiting this vulnerability could allow a remote attacker to cause service interruptions or execute arbitrary code...

PT-2023-4315 · Linux +6 · Linux +6

Name of the Vulnerable Software and Affected Versions: Linux affected versions not specified Description: The issue is related to the Linux netback driver, which was modified to handle a frontend splitting a packet in a way that not all headers come in one piece. However, the introduced logic did...

The vulnerability of the MacOS operating system’s kernel allows a hacker to gain unauthorized access to protected information.

The vulnerability of the MacOS operating system’s kernel is related to the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability can allow a remote attacker to gain unauthorized access to protected information...

The vulnerability of Mozilla Firefox, Firefox ESR, and the email client Thunderbird relates to the execution of operations beyond the buffer in memory, allowing an attacker to execute arbitrary code.

The vulnerabilities of Mozilla Firefox, Firefox ESR, and the email client Thunderbird are related to state management errors caused by excessive amounts of cookies in the document.cookie file. Exploiting these vulnerabilities can allow an attacker to influence the integrity of protected informati...

The vulnerability of the software environment of Siemens Tecnomatix Plant Simulation, related to the execution of operations beyond the buffer boundaries in memory, allows a hacker to execute arbitrary code.

The vulnerability of the software environment of Siemens Tecnomatix Plant Simulation lies in the execution of operations beyond the buffer boundaries in memory when processing STP files. Exploiting this vulnerability can allow an attacker to execute arbitrary code...

Huawei EulerOS: Security Advisory for tpm2-tss (EulerOS-SA-2023-2458)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for tpm2-tss (EulerOS-SA-2023-2483)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS Virtualization 2.10.1 : tpm2-tss (EulerOS-SA-2023-2458)

According to the versions of the tpm2-tss package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - tpm2-tss is an open source software implementation of the Trusted Computing Group TCG Trusted Platform Module TPM 2 Software Sta...

The vulnerability of the FvDesigner software for creating operator panels, related to the execution of operations outside the buffer boundaries in memory, allows a hacker to execute arbitrary code on the target system.

The vulnerability of the FvDesigner software for creating operator panels is related to the execution of operations outside the buffer boundaries in memory. Exploiting this vulnerability could allow an attacker to execute arbitrary code on the target system...

The vulnerability of the FvDesigner software for creating operator panels, related to the execution of operations outside the buffer boundaries in memory, allows a hacker to execute arbitrary code on the target system.

The vulnerability of the FvDesigner software for creating operator panels is related to the execution of operations outside the buffer boundaries in memory. Exploiting this vulnerability could allow an attacker to execute arbitrary code on the target system...

The vulnerability of the CGI microprogramming interface of Zyxel NR7101 allows a hacker to induce a service failure.

The vulnerability of the CGI microprogramming interface of Zyxel NR7101 routers lies in the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability can allow a malicious actor to cause service failures...

The vulnerability of the gena.cgi component of D-Link DIR-600 B5 router software allows for an increase in privileges and the execution of arbitrary commands.

The vulnerability of the gena.cgi component of D-Link DIR-600 B5 router microprogramming software is related to the execution of operations outside the buffer in memory. Exploiting this vulnerability allows a remote attacker to enhance their privileges and execute arbitrary commands...

The vulnerability of the Mozilla Firefox browser, related to the execution of operations beyond the buffer in memory, allows an attacker to execute arbitrary code.

The vulnerability of the Mozilla Firefox browser is related to the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

EulerOS Virtualization 3.0.6.6 : tpm2-tss (EulerOS-SA-2023-2441)

According to the versions of the tpm2-tss package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - tpm2-tss is an open source software implementation of the Trusted Computing Group TCG Trusted Platform Module TPM 2 Software Sta...

Huawei EulerOS: Security Advisory for tpm2-tss (EulerOS-SA-2023-2441)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...