AZL-43906 CVE-2022-37434 affecting package ogdi 4.1.0-9

zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call...

AZL-10470 CVE-2022-37434 affecting package zlib for versions less than 1.2.12-2

zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call...

zlib 缓冲区错误漏洞

zlib is a general-purpose data compression library by Mark Adler, an individual developer in the United States. A buffer error vulnerability exists in zlib version 1.2.12 and earlier, which stems from having a heap-based buffer overread or buffer overflow in inflate via a large gzip header extra...

CVE-2022-33968

In BIG-IP Versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and all versions of 13.1.x, when an LTM monitor or APM SSO is configured on a virtual server, and NTLM challenge-response is in use, undisclosed traffic can cause a buffer over-read...

CVE-2022-33968

In BIG-IP Versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and all versions of 13.1.x, when an LTM monitor or APM SSO is configured on a virtual server, and NTLM challenge-response is in use, undisclosed traffic can cause a buffer over-read...

vim: buffer over-read in utf_ptr2char() in mbyte.c

A flaw was found in vim. The vulnerability occurs due to Illegal memory access and leads to a buffer over-read vulnerability in the utfptr2char function. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution...

F5 BIG-IP 缓冲区错误漏洞

F5 BIG-IP is an application delivery platform from F5 that integrates network traffic orchestration, load balancing, intelligent DNS, remote access policy management, etc. An out-of-bounds read vulnerability exists in F5 BIG-IP LTM and APM NTLM, when LTM health check probes or APM single sign-on...

The vulnerability of the CDRRip.dll library in the Corel PhotoPaint Standard graphic design and photo editing software arises from writing beyond the buffer boundaries in memory. This allows an attacker to execute arbitrary code.

The vulnerability of the CDRRip.dll library in the Corel PhotoPaint Standard graphic design and photo editing software is related to reading data outside the buffer in memory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code in the context of the current user, usin...

The vulnerability in the implementation of the recovery mode for the software development tools for engineering applications, such as the Drawing SDK, JT, JT2Go, and the Teamcenter Visualization lifecycle management system, allows a perpetrator to execute arbitrary code or cause service failures.

The vulnerability of the recovery mode implementation in the software development tools for engineering applications, such as Drawings SDK, JT, JT2Go, and the Teamcenter Visualization lifecycle management system, is related to reading beyond the buffer in memory during the processing of DWG files...

The vulnerability in the implementation of the recovery mode for the software development tools for engineering applications, such as the Drawing SDK, JT, JT2Go, and the Teamcenter Visualization lifecycle management system, allows a perpetrator to execute arbitrary code or cause service failures.

The vulnerability of the recovery mode implementation in the software development tools for engineering applications, such as Drawings SDK, JT, JT2Go, and Teamcenter Visualization’s product lifecycle management system, is related to reading data beyond the buffer in memory during the processing o...

The vulnerability of the implementation of the singlevar() function in the Lua interpreter allows a hacker to execute arbitrary code.

The vulnerability of the singlevar function implementation in Lua interpreters is related to a buffer out-of-bound read error in memory. Exploiting this vulnerability could allow an attacker to execute arbitrary code remotely...

The vulnerability of the CrlPlatform.dll library of the CorelDRAW Standard graphic editor lies in the reading of data beyond the buffer boundaries in memory. This allows an attacker to gain unauthorized access to protected information.

The vulnerability of the CrlPlatform.dll library of the CorelDRAW Standard graphic editor is related to reading data outside the buffer in memory. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information using a specially crafted CDR file...

Vulnerability of the njs_scope_value() function (njs_scope.h) in the njs interpreter of the nginx server, allowing a hacker to execute arbitrary code

The vulnerability of the njsscopevalue function njsscope.h in the njs interpreter of the nginx server is related to reading data beyond the buffer boundaries in memory. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code...

CVE-2022-28670

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader 11.2.1.53537. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...

CVE-2022-28670

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader 11.2.1.53537. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...

CVE-2022-34889

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 17.1.1 51537. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists withi...

CVE-2022-34889

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 17.1.1 51537. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists withi...

Denial Of Service (DoS)

mbedtls is vulnerable to denial of service. The vulnerability exists through a buffer overread when the dtls server with MBEDTLSSSLDTLSCLIENTPORTREUSE in use receives a ClientHello message with a cookie whose declared length exceeds the end of the allocated buffer which allows an attacker to caus...

The vulnerabilities of PDF viewer programs such as Adobe Reader and Document Cloud, as well as PDF editing programs like Adobe Acrobat Document Cloud and Adobe Acrobat, are related to reading data outside of the buffer in memory. This allows attackers to execute arbitrary code.

The vulnerabilities of PDF viewer programs such as Adobe Reader and Document Cloud, as well as PDF editing programs like Adobe Acrobat Document Cloud and Adobe Acrobat, are related to reading data outside the buffer in memory. Exploiting these vulnerabilities can allow attackers to execute...

The vulnerability of Adobe InDesign’s computer design automation tool, related to reading data outside the buffer in memory, allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of Adobe InDesign’s computer layout automation tool is related to reading data outside the buffer in memory. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information...