128 matches found
CVE-2022-4435
A buffer over-read vulnerability was reported in the ThinkPadX13s BIOS LenovoRemoteConfigUpdateDxe driver that could allow a local attacker with elevated privileges to cause information disclosure...
CVE-2022-4432
A buffer over-read vulnerability was reported in the ThinkPadX13s BIOS PersistenceConfigDxe driver that could allow a local attacker with elevated privileges to cause information disclosure...
EulerOS 2.0 SP3 : ruby (EulerOS-SA-2022-2634)
According to the versions of the ruby package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - There is a buffer over-read in Ruby before 2.6.10, 2.7.x before 2.7.6, 3.x before 3.0.4, and 3.1.x before 3.1.2. It occurs in String-to-Float...
PT-2022-5185
Name of the Vulnerable Software and Affected Versions NGINX Open Source versions 1.23.2 and 1.22.1 and earlier NGINX Open Source Subscription versions R2 P1 and R1 P1 and earlier NGINX Plus versions R27 P1 and R26 P1 and earlier Description The issue is related to a buffer-over-read vulnerability...
RLSA-2022:6775 Important: squid:4 security update
Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. Security Fixes: squid: buffer-over-read in SSPI and SMB authentication CVE-2022-41318 For more details about the security issues, including the impact, a CVSS score, acknowledgments, a...
CVE-2022-32166 ovs - buffer over-read
In ovs versions v0.90.0 through v2.5.0 are vulnerable to heap buffer over-read in flow.c. An unsafe comparison of “minimasks” function could lead access to an unmapped region of memory. This vulnerability is capable of crashing the software, memory modification, and possible remote execution...
MGASA-2022-0328 Updated zlib packages fix security vulnerability
zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call...
CVE-2020-26185
Dell BSAFE Micro Edition Suite, versions prior to 4.5.1, contain a Buffer Over-Read Vulnerability...
Ubuntu 18.04 LTS : bl vulnerability (USN-5098-1)
The remote Ubuntu 18.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-5098-1 advisory. It was discovered that bl didn't properly sanitize the inputs. An attacker could use this to leak sensitive information. Tenable has extracted the preceding...
OPENSUSE-SU-2021:2937-1 Security update for libesmtp
This update for libesmtp fixes the following issues: - CVE-2019-19977: Fixed stack-based buffer over-read in ntlm/ntlmstruct.c bsc1160462...
Debian DLA-2698-1 : node-bl - LTS security update
The remote Debian 9 host has a package installed that is affected by a vulnerability as referenced in the dla-2698 advisory. - A buffer over-read vulnerability exists in bl 4.0.3, 3.0.1, 2.2.1, and 1.2.3 which could allow an attacker to supply user input even typed that if it ends up in consume...
Huawei EulerOS: Security Advisory for libxml2 (EulerOS-SA-2021-1047)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
libslirp buffer overread vulnerability (CNVD-2021-44714)
libslirp is a general-purpose TCP-IP emulator for managing virtual network services in a hypervisor. A buffer over-read vulnerability exists in ncsi.c in libslirp 4.3.1 and earlier versions, which stems from ncsi.c attempting to read a certain amount of header data despite having exceeded the tot...
FreeBSD : libxml -- multiple vulnerabilities (f5abafc0-fcf6-11ea-8758-e0d55e2a8bf9)
CVE mitre reports : CVE-2019-20388 xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlSchemaValidateStream memory leak. CVE-2020-7595 xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation. CVE-2020-24977 GNOME project libxml2...
CVE-2020-24977
GNOME project libxml2 v2.9.10 has a global buffer over-read vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c. The issue has been fixed in commit 50f06b3e...
CVE-2020-24977
GNOME project libxml2 v2.9.10 has a global buffer over-read vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c. The issue has been fixed in commit 50f06b3e...
Remote Memory Exposure in bl
A buffer over-read vulnerability exists in bl 4.0.3, 3.0.1, 2.2.1, and 1.2.3 which could allow an attacker to supply user input even typed that if it ends up in consume argument and can become negative, the BufferList state can be corrupted, tricking it into exposing uninitialized memory via...
CVE-2020-8244
A buffer over-read vulnerability exists in bl 4.0.3, 3.0.1, 2.2.1, and 1.2.3 which could allow an attacker to supply user input even typed that if it ends up in consume argument and can become negative, the BufferList state can be corrupted, tricking it into exposing uninitialized memory via...
OPENSUSE-SU-2020:0522-1 Security update for mp3gain
This update for mp3gain fixes the following issues: Update to version 1.6.2. - CVE-2019-18359: Fixed a buffer over-read was discovered in ReadMP3APETag boo1154971...
OPENSUSE-SU-2020:0086-1 Security update for python3
This update for python3 to version 3.6.10 fixes the following issues: - CVE-2017-18207: Fixed a denial of service in Waveread.readfmtchunk bsc1083507. - CVE-2019-16056: Fixed an issue where email parsing could fail for multiple @ bsc1149955. - CVE-2019-15903: Fixed a heap-based buffer over-read i...