19 matches found
Astra Linux - уязвимость в glib2.0
An issue was discovered in GNOME GLib before 2.66.7 and 2.67.x before 2.67.4. If gbytearraynewtake was called with a buffer of 4GB or more on a 64-bit platform, the length would be truncated modulo 232, causing unintended length truncation...
Heap-based Buffer Overflow
Overview Magick.NET-Q8-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...
curl: A logic error in detect_proxy caused truncation of environment variable names for long protocol schemes.
In lib/url.c, the detectproxy function uses a fixed-size buffer, proxyenv20, to construct proxy environment variable names e.g., httpproxy. However, the curl URL parser lib/urlapi.c allows protocol schemes up to 40 characters MAXSCHEMELEN. When a protocol scheme longer than 12 characters is used,...
CVE-2025-40291 io_uring: fix regbuf vector size truncation
In the Linux kernel, the following vulnerability has been resolved: iouring: fix regbuf vector size truncation There is a report of ioestimatebvecsize truncating the calculated number of segments that leads to corruption issues. Check it doesn't overflow "int"s used later. Rough but simple, can b...
JLSEC-2025-156 An issue was discovered in GNOME GLib before 2.66.7 and 2.67.x before 2.67.4
An issue was discovered in GNOME GLib before 2.66.7 and 2.67.x before 2.67.4. If gbytearraynewtake was called with a buffer of 4GB or more on a 64-bit platform, the length would be truncated modulo 232, causing unintended length truncation...
EUVD-2007-3780
Malware in sbrugna...
DEBIAN-CVE-2022-49771
In the Linux kernel, the following vulnerability has been resolved: dm ioctl: fix misbehavior if listversions races with module loading listversions will first estimate the required space using the "dmtargetiteratelistversiongetneeded, &needed" call and then will fill the space using the...
SUSE CVE-2016-8645
The TCP stack in the Linux kernel before 4.8.10 mishandles skb truncation, which allows local users to cause a denial of service system crash via a crafted application that makes sendto system calls, related to net/ipv4/tcpipv4.c and net/ipv6/tcpipv6.c...
EulerOS 2.0 SP2 : glib2 (EulerOS-SA-2021-2373)
According to the versions of the glib2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - GNOME GLib before 2.65.3 has an integer overflow, that might lead to an out-of-bounds write, in goptiongroupaddentries. NOTE: the vendor's positi...
EulerOS Virtualization for ARM 64 3.0.2.0 : glib2 (EulerOS-SA-2021-2117)
According to the versions of the glib2 packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - An issue was discovered in GNOME GLib before 2.66.6 and 2.67.x before 2.67.3. The function gbytesnew has an integer...
EulerOS Virtualization 3.0.6.6 : glib2 (EulerOS-SA-2021-2030)
According to the versions of the glib2 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - An issue was discovered in GNOME GLib before 2.66.6 and 2.67.x before 2.67.3. The function gbytesnew has an integer overflow on...
opensmtpd: multiple issues
an oversight in the portable version of fgetln that allows attackers to read and write out-of-bounds memory - multiple denial-of-service vulnerabilities that allow local users to kill or hang OpenSMTPD - a stack-based buffer overflow that allows local users to crash OpenSMTPD, or execute...
FreeBSD : OpenSMTPD -- multiple vulnerabilities (42852f72-6bd3-11e5-9909-002590263bf5)
OpenSMTPD developers report : fix an mda buffer truncation bug which allows a user to create forward files that pass session checks but fail delivery later down the chain, within the user mda fix remote buffer overflow in unprivileged pony process reworked offline enqueue to better protect agains...
MiniUPnPd Information Disclosure (CVE-2013-2600)
Hi list, I am writing to inform you of an information disclosure vulnerability I noticed in MiniUPnPd a few months back. Specifically, MiniUPnPd versions 1.8 and earlier are prone to an information disclosure vulnerability due to improper use of snprintf while preparing SSDP responses. An attacke...
[Full-disclosure] [Sec-1 Ltd] Advisory: MailMarshal Spam Quarantine Password Retrieval Vulnerability
SEC-1 LTD. www.sec-1.com Security Advisory Advisory Name: MailMarshal Spam Quarantine Password Retrieval Vulnerability Release Date: 17-06-2007 Application: MailMarshal SMTP 6.2.0.x Platform: Microsoft Windows Severity: Password Retrieval Author: Gary O'leary-Steele Reported: See time line sectio...
CVE-2007-3796
The password reset feature in the Spam Quarantine HTTP interface for MailMarshal SMTP 6.2.0.x before 6.2.1 allows remote attackers to modify arbitrary account information via a UserId variable with a large amount of trailing whitespace followed by a malicious value, which triggers SQL buffer...
CVE-2007-3796
CVE-2007-3796 affects MailMarshal SMTP’s Spam Quarantine HTTP interface. The vulnerability stems from the password reset feature, where a UserId value with excessive trailing whitespace followed by a malicious value can trigger SQL buffer truncation due to length inconsistencies, potentially allo...
PT-2007-5034 · Marshalsec · Mailmarshal Smtp
Name of the Vulnerable Software and Affected Versions: MailMarshal SMTP versions 6.2.0.x through 6.2.0.x Description: The password reset feature in the Spam Quarantine HTTP interface has an issue that allows remote attackers to modify arbitrary account information. This is achieved by exploiting...
Alert: IIS ism.dll exposes file contents
Cerberus Information Security Advisory CISADV000327 http://www.cerberus-infosec.co.uk/advisories.html Released : 27th March 2000 Name : IIS ISM.DLL buffer truncation exposes files Affected Systems : Windows NT running IIS Issue : Remote attackers can gain access to files' contents they should not...