CVE-2022-28301

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.02.34. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...

SUSE-SU-2023:1688-1 Security update for zstd

This update for zstd fixes the following issues: - CVE-2022-4899: Fixed buffer overrun in util.c bsc1209533...

Rocky Linux 9 : openssl (RLSA-2023:0946)

The remote Rocky Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:0946 advisory. - A read buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after...

Fedora 36 : mingw-zstd (2023-af177441a9)

The remote Fedora 36 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-af177441a9 advisory. Update to zstd-1.5.4, fixes CVE-2022.4899. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus...

CBL Mariner 2.0 Security Update: rsyslog (CVE-2022-24903)

The version of rsyslog installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-24903 advisory. - Rsyslog is a rocket-fast system for log processing. Modules for TCP syslog reception have a potential heap...

The vulnerability of the GPU Video component in the Google Chrome browser allows a hacker to gain unauthorized access to protected information.

The vulnerability of the GPU Video component in the Google Chrome browser is related to the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain unauthorized access to protected information through a...

The vulnerability of the fdctrl_transfer_handler() function in the hw/block/fdc.c component of the QEMU hardware emulation software allows a attacker to access confidential data and also trigger a service failure.

The vulnerability of the fdctrltransferhandler function in the hw/block/fdc.c component of the QEMU hardware emulation software is related to the issue of operations going beyond the buffer boundaries in memory. Exploiting this vulnerability could allow an attacker to access confidential data and...

The vulnerability of the read_samples function in the hcom.c component of the SoX sound processing software allows a hacker to cause a service failure.

The vulnerability of the readsamples function in the SoX sound processing component’s hcom.c file relates to reading data from within acceptable buffer limits. Exploiting this vulnerability could allow a malicious actor to cause service interruptions using a specially created hcom file...

The vulnerability of the `put_epel_hv_fallback` function in the `fallback-motion.cc` component of the h.265 Libde265 codec implementation allows a perpetrator to trigger a service failure.

The vulnerability of the putepelhvfallback function in the fallback-motion.cc component of the h.265 Libde265 codec implementation is related to writing beyond the buffer boundaries. Exploiting this vulnerability could allow a remote attacker to cause service failures...

The vulnerability of the extract_name function in the fuzz_util.c component of the DNS server Dnsmasq allows a hacker to access confidential data, compromise its integrity, and cause service failures.

The vulnerability of the extractname function in the fuzzutil.c component of the DNS server Dnsmasq is related to writing beyond the buffer boundaries. Exploiting this vulnerability can allow a remote attacker to access confidential data, compromise its integrity, and cause service failures...

The vulnerability in the vector graphic editor Inkscape, related to writing outside the buffer boundaries, allows a hacker to access confidential data, compromise its integrity, and cause service failures.

The vulnerability of the vector graphic editor Inkscape is related to writing outside the buffer boundaries. Exploiting this vulnerability can allow a remote attacker to access confidential data, compromise its integrity, and even cause service interruptions...

The vulnerability of the Pillow library for working with raster graphics lies in the reading of data beyond the allowed buffer limit. This allows attackers to compromise the integrity of the data and cause service failures.

The vulnerability of the Pillow library for working with raster graphics is related to improper handling of gaps in path names. Exploiting this vulnerability can allow a remote attacker to compromise data integrity and cause service failures...

GHSA-838X-PCVX-6P5W Snappier vulnerable to buffer overrun due to improper restriction of operations within the bounds of a memory buffer

Impact This is a buffer overrun vulnerability that can affect any user of Snappier 1.1.0. In this release, much of the code was rewritten to use byte references rather than pointers to pinned buffers. This change generally improves performance and reduces workload on the garbage collector. Howeve...

Snappier vulnerable to buffer overrun due to improper restriction of operations within the bounds of a memory buffer

Impact This is a buffer overrun vulnerability that can affect any user of Snappier 1.1.0. In this release, much of the code was rewritten to use byte references rather than pointers to pinned buffers. This change generally improves performance and reduces workload on the garbage collector. Howeve...

CVE-2023-28638

Snappier is a high performance C implementation of the Snappy compression algorithm. This is a buffer overrun vulnerability that can affect any user of Snappier 1.1.0. In this release, much of the code was rewritten to use byte references rather than pointers to pinned buffers. This change...

Buffer overflow

Snappier is a high performance C implementation of the Snappy compression algorithm. This is a buffer overrun vulnerability that can affect any user of Snappier 1.1.0. In this release, much of the code was rewritten to use byte references rather than pointers to pinned buffers. This change...

CVE-2023-28638 Stack references to locations outside buffers may become invalid if they exist during a GC compaction in Snappier

Snappier is a high performance C implementation of the Snappy compression algorithm. This is a buffer overrun vulnerability that can affect any user of Snappier 1.1.0. In this release, much of the code was rewritten to use byte references rather than pointers to pinned buffers. This change...

CVE-2023-28638 Stack references to locations outside buffers may become invalid if they exist during a GC compaction in Snappier

Snappier is a high performance C implementation of the Snappy compression algorithm. This is a buffer overrun vulnerability that can affect any user of Snappier 1.1.0. In this release, much of the code was rewritten to use byte references rather than pointers to pinned buffers. This change...

CVE-2023-28638

CVE-2023-28638 affects Snappier 1.1.0, a C# port of Google’s Snappy. The issue is a buffer overrun stemming from byte references briefly pointing outside buffer bounds during .NET GC compaction, which can invalidate buffer range checks and lead to a denial of service through a potential memory ac...

CVE-2023-28638 Stack references to locations outside buffers may become invalid if they exist during a GC compaction in Snappier

Snappier is a high performance C implementation of the Snappy compression algorithm. This is a buffer overrun vulnerability that can affect any user of Snappier 1.1.0. In this release, much of the code was rewritten to use byte references rather than pointers to pinned buffers. This change...