The vulnerability of the 3D model texturing software Adobe Substance 3D Painter, related to reading beyond the allowed buffer data limits, allows attackers to access confidential data.

The vulnerability of the 3D model texturing software Adobe Substance 3D Painter lies in the reading of data beyond the allowed buffer size. Exploiting this vulnerability can allow an attacker to access confidential data...

lua: heap buffer overread

A heap buffer-overflow vulnerability was found in Lua. The flaw occurs due to vulnerable code present in the lparser.c function of Lua that allows the execution of untrusted Lua code into a system, resulting in malicious activity...

Low: Red Hat Security Advisory: lua security update

An update for lua is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE lin...

Low: lua security update

The lua packages provide support for Lua, a powerful light-weight programming language designed for extending applications. Lua is also frequently used as a general-purpose, stand-alone language. Security Fixes: lua: heap buffer overread CVE-2022-28805 For more details about the security issues,...

ALSA-2023:2582 Low: lua security update

The lua packages provide support for Lua, a powerful light-weight programming language designed for extending applications. Lua is also frequently used as a general-purpose, stand-alone language. Security Fixes: lua: heap buffer overread CVE-2022-28805 For more details about the security issues,...

Qualcomm 芯片缓冲区错误漏洞

A Qualcomm chip is a chip from Qualcomm Incorporated USA. A way to miniaturize circuits mainly semiconductor devices, but also passive components, etc. and are often manufactured on the surface of semiconductor wafers. The Qualcomm chip suffers from a security vulnerability that stems from a buff...

Qualcomm 芯片缓冲区错误漏洞

A Qualcomm chip is a chip from Qualcomm Incorporated USA. A way of miniaturizing circuits mainly semiconductor devices, but also passive components, etc., and are often manufactured on the surface of semiconductor wafers. A security vulnerability exists in the Qualcomm chip that stems from a buff...

PT-2023-13797 · Modem · Modem

Name of the Vulnerable Software and Affected Versions: Modem affected versions not specified Description: The issue is related to information disclosure due to a buffer over-read in the Modem while parsing DNS hostname. Recommendations: At the moment, there is no information about a newer version...

PT-2023-13279 · Unknown · Trusted Execution Environment

Name of the Vulnerable Software and Affected Versions: Trusted Execution Environment affected versions not specified Description: The issue is related to information disclosure due to a buffer over-read in the Trusted Execution Environment, specifically during QRKS report generation...

SUSE CVE-2023-1255

Issue summary: The AES-XTS cipher decryption implementation for 64 bit ARM platform contains a bug that could cause it to read past the input buffer, leading to a crash. Impact summary: Applications that use the AES-XTS algorithm on the 64 bit ARM platform can crash in rare circumstances. The...

NVIDIA DGX-1 缓冲区错误漏洞

NVIDIA DGX-1 is a personal computing device for deep learning applications from NVIDIA Corporation. A security vulnerability exists in NVIDIA DGX-1 Servers, which stems from a preconditioned heap that can allow a user with elevated privileges to cause access beyond the end of the buffer, which...

PT-2023-16079 · Nvidia · Nvidia Dgx-2

Name of the Vulnerable Software and Affected Versions: NVIDIA DGX-2 affected versions not specified Description: The issue is related to a vulnerability in OFBD where a user with high privileges and a pre-conditioned heap can cause an access beyond a buffer's end. This may lead to code execution,...

OESA-2023-1241 lua security update

Lua is a powerful, efficient, lightweight, embeddable scripting language. It supports procedural programming, object-oriented programming, functional programming, data-driven programming, and data description. Security Fixes: In Lua 5.4.3, an erroneous finalizer called during a tail call leads to...

CVE-2023-27353

This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Sonos One Speaker 70.3-35220. Authentication is not required to exploit this vulnerability. The specific flaw exists within the msprox endpoint. The issue results from the lack of...

CVE-2023-22321

Datakit CrossCadWarex64.dll contains an out-of-bounds read past the end of an allocated buffer while parsing a specially crafted SLDPRT file. This vulnerability could allow an attacker to disclose sensitive information...

DEBIAN-CVE-2023-1255

Issue summary: The AES-XTS cipher decryption implementation for 64 bit ARM platform contains a bug that could cause it to read past the input buffer, leading to a crash. Impact summary: Applications that use the AES-XTS algorithm on the 64 bit ARM platform can crash in rare circumstances. The...

CVE-2023-1255

Issue summary: The AES-XTS cipher decryption implementation for 64 bit ARM platform contains a bug that could cause it to read past the input buffer, leading to a crash. Impact summary: Applications that use the AES-XTS algorithm on the 64 bit ARM platform can crash in rare circumstances. The...

UBUNTU-CVE-2023-1255

Issue summary: The AES-XTS cipher decryption implementation for 64 bit ARM platform contains a bug that could cause it to read past the input buffer, leading to a crash. Impact summary: Applications that use the AES-XTS algorithm on the 64 bit ARM platform can crash in rare circumstances. The...

Security Bulletin: Vulnerabilities in libxml2 affect IBM Integrated Management Module (IMM) for System x & BladeCenter

Summary IBM Integrated Management Module IMM for System x & BladeCenter has addressed the following vulnerabilities in libxml2. Vulnerability Details Summary IBM Integrated Management Module IMM for System x & BladeCenter has addressed the following vulnerabilities in libxml2. Vulnerability...

PT-2023-21075 · Sonos · Sonos One Speaker

Name of the Vulnerable Software and Affected Versions: Sonos One Speaker version 70.3-35220 Description: This issue allows network-adjacent attackers to disclose sensitive information on affected installations. Authentication is not required to exploit this issue. The specific flaw exists within...