CVE-2019-2238

CVE-2019-2238 affects Qualcomm Snapdragon platforms (wide range of Snapdragon Auto/Compute/Connectivity/IOT/Industrial IOT and related SoCs) where a missing data-type check can cause a loop to evaluate true with a potentially negative index, leading to a buffer underflow. CVSS metrics in NVD indi...

Arbitrary Code Execution

glibc is vulnerable to arbitrary code execution. A local authenticated attacker could write before the destination buffer leading to a buffer underflow and potential code execution due to a confusion in the usage of getcwd by realpath. Affected is the function realpath in the library...

Microsoft Windows JET Database Engine Buffer Underflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the JET databa...

Denial Of Service (DoS)

mozilla firefox is vulnerable to stack-based buffer underflow vulnerability. Remote attackers can execute arbitrary code via crafted two-dimensional graphics data that is mishandled during clipping-region calculations...

Remote Code Execution (RCE)

php is vulnerable to remote code execution. An integer signedness issue, leading to a heap-based buffer underflow, was found in the PHP scandir function. If a remote attacker could upload an excessively large number of files to a directory the scandir function runs on, it could cause the PHP...

Arbitrary Code Execution

BusyBox provides a single binary that includes versions of a large number of system commands, including a shell. This can be very useful for recovering from certain types of system failures, particularly those involving broken shared libraries. A buffer underflow flaw was found in the way the...

CVE-2019-9729

In Shanda MapleStory Online V160, the SdoKeyCrypt.sys driver allows privilege escalation to NT AUTHORITY\SYSTEM because of not validating the IOCtl 0x8000c01c input value, leading to an integer signedness error and a heap-based buffer underflow...

CVE-2019-9729

In Shanda MapleStory Online V160, the SdoKeyCrypt.sys driver allows privilege escalation to NT AUTHORITY\SYSTEM because of not validating the IOCtl 0x8000c01c input value, leading to an integer signedness error and a heap-based buffer underflow...

CVE-2018-15361

UltraVNC revision 1198 has a buffer underflow vulnerability in VNC client code, which can potentially result in code execution. This attack appears to be exploitable via network connectivity. This vulnerability has been fixed in revision 1199...

Buffer overflow

UltraVNC revision 1198 has a buffer underflow vulnerability in VNC client code, which can potentially result in code execution. This attack appears to be exploitable via network connectivity. This vulnerability has been fixed in revision 1199...

CVE-2018-15361

UltraVNC revision 1198 has a buffer underflow vulnerability in VNC client code, which can potentially result in code execution. This attack appears to be exploitable via network connectivity. This vulnerability has been fixed in revision 1199...

CVE-2018-15361

UltraVNC revision 1198 contains a buffer underflow in the VNC client code that could potentially allow code execution. The vulnerability is exploitable over network connectivity, and Siemens/CISA context confirms the fix is to upgrade to revision 1199. No further technical details are provided in...

CVE-2018-15361

UltraVNC revision 1198 has a buffer underflow vulnerability in VNC client code, which can potentially result in code execution. This attack appears to be exploitable via network connectivity. This vulnerability has been fixed in revision 1199...

Security Bulletin: Vulnerability in OpenSSL affects IBM Flex System FC5022 16Gb SAN Scalable Switch and IBM Flex System EN4023 10Gb Scalable Switch (CVE-2016-2108)

Summary OpenSSL vulnerabilities were disclosed on May 3, 2016 by the OpenSSL Project. OpenSSL is used by IBM Flex System FC5022 16Gb SAN Scalable Switch and IBM Flex System EN4023 10Gb Scalable Switch. IBM Flex System FC5022 16Gb SAN Scalable Switch and IBM Flex System EN4023 10Gb Scalable Switch...

Security Bulletin: Vulnerability in openssl affects IBM System Networking Switch products (CVE-2016-2108)

Summary IBM System Networking Switch products have addressed the following vulnerability in openssl. Vulnerability Details Summary IBM System Networking Switch products have addressed the following vulnerability in openssl. Vulnerability Details CVE-ID: CVE-2016-2108 Description: OpenSSL could...

Security Bulletin: Public disclosed GNU glibc vulnerabilities used by IBM OS Images for RedHat Linux in IBM PureApplication Systems (CVE-2017-16997 CVE-2018-1000001)

Summary There are public disclosed vulnerabilities from GNU glibc that are used by the OS Images for IBM PureApplication System. To address the vulnerabilities in response to CVE-2017-16997 and CVE-2018-1000001, IBM has released Version 2.2.5.3 for IBM PureApplication System, which includes IBM O...

Denial Of Service (DoS) Through Stack Buffer Underflow

libarchive.so is vulnerable to denial of service DoS. The vulnerability exists due to a possible stack buffer underflow issue when parsing the ar header...

Remote Code Execution (RCE)

busybox is vulnerable to remote code execution RCE attacks. The vulnerability exists in the decompress function in compress42.c in 1 ncompress 4.2.4 and 2 liblzw allows remote attackers to cause a denial of service crash, and possibly execute arbitrary code, via crafted data that leads to a buffe...

Remote Code Execution (RCE)

libxml2 is vulnerable to remote code execution RCE attacks. The vulnerability exists through a heap-based buffer underflow in the xmlParseAttValueComplex function in parser.c in libxml2 2.9.0 and earlier, as used in Google Chrome before 23.0.1271.91 and other products, allows remote attackers to...

Fedora 28 : strongswan (2018-3731a89e20)

Resolves rhbz1581868 CVE-2018-5388 strongswan: buffer underflow in strokesocket.c Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without...