560 matches found
Code injection
SAP SQL Anywhere - version 17.0, allows an authenticated attacker to prevent legitimate users from accessing a SQL Anywhere database server by crashing the server with some queries that use an ARRAY constructor...
CVE-2022-3616 OctoRPKI crash when maximum iterations number is reached
Attackers can create long chains of CAs that would lead to OctoRPKI exceeding its max iterations parameter. In consequence it would cause the program to crash, preventing it from finishing the validation and leading to a denial of service. Credits to Donika Mirdita and Haya Shulman - Fraunhofer...
Bentley Systems MicroStation Connect
1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Bentley Systems Equipment: MicroStation Connect Vulnerabilities: Stack-based Buffer Overflow, Out-of-bounds Read 2. RISK EVALUATION Successful exploitation of these vulnerabilities may crash the device being accessed or...
Oracle MySQL Denial of Service Vulnerability (CNVD-2022-91134)
Oracle MySQL is a relational database from Oracle Corporation. A denial of service vulnerability exists in the Server: Optimizer component of Oracle MySQL. An attacker can exploit this vulnerability to compromise MySQL Server by accessing the network over multiple protocols and cause it to hang o...
CVE-2022-38178
A flaw was found in the Bind package, where the DNSSEC verification code for the EdDSA algorithm leaks memory when there is a signature length mismatch. By spoofing the target resolver with responses that have a malformed EdDSA signature, an attacker can trigger a small memory leak, resulting in...
CVE-2022-38178
By spoofing the target resolver with responses that have a malformed EdDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources...
Slackware Linux 15.0 / current bind Multiple Vulnerabilities (SSA:2022-264-01)
The version of bind installed on the remote host is prior to 9.16.33 / 9.18.7. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2022-264-01 advisory. - By flooding the target resolver with queries exploiting this flaw an attacker can significantly impair the...
CVE-2022-39028
A flaw was found in MIT krb5-appl, where it has a NULL pointer dereference via 0xff 0xf7 or 0xff 0xf8. The telnetd application would crash in a typical installation, but the telnet service would remain available through inetd. However, if the telnetd application has many crashes within a short ti...
Oracle Linux 8 : istio (ELSA-2022-9773)
The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2022-9773 advisory. - Upgrade Istio from 1.13.5 to 1.13.7 to resolve the CVE-2022-31045 - Adress Istio CVE-2022-31045, CVE-2022-29225,...
Oracle Linux 7 : istio (ELSA-2022-9774)
The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2022-9774 advisory. - Upgrade Istio from 1.13.5 to 1.13.7 to resolve the CVE-2022-31045 - Adress Istio CVE-2022-31045, CVE-2022-29225,...
PT-2022-37245 · Jxl · Jxl
Name of the Vulnerable Software and Affected Versions: jxl affected versions not specified Description: A heap buffer overflow read issue has been identified. The crash occurs in the jxl::N AVX2::BlendingStage::ProcessPaddingRow function, which is part of the...
CVE-2022-2238
CVE-2022-2238 affects Red Hat Advanced Cluster Management for Kubernetes, specifically the search-api container. The vulnerability arises when a backend parses a search filter query, allowing crafted strings with special characters to crash the pod and impact availability. Public docs in RHSA adv...
CVE-2022-2238
A vulnerability was found in the search-api container in Red Hat Advanced Cluster Management for Kubernetes when a query in the search filter gets parsed by the backend. This flaw allows an attacker to craft specific strings containing special characters that lead to crashing the pod and affects...
CVE-2022-39028
telnetd in GNU Inetutils through 2.3, MIT krb5-appl through 1.0.3, and derivative works has a NULL pointer dereference via 0xff 0xf7 or 0xff 0xf8. In a typical installation, the telnetd application would crash but the telnet service would remain available through inetd. However, if the telnetd...
Denial Of Service (DoS)
libtirpc.so is vulnerable to denial of service DoS. The vulnerability exists in svcrun because does not properly handle idle TCP connections which allows an attacker to crash the application by providing malicious input...
Hyper-V Crashing or Rebooting During Backup Due to Anti-Virus
Challenge During the backup of a Hyper-V VM, the Hyper-V host may crash BSOD with a bug check 34 or 0x22. Solution Veeam Support has seen similar cases to this from time to time, they are generally considered rare, and when they do occur, the underlying cause requires extensive investigation. It ...
Memory corruption
A potential memory corruption issue was found in Capsule Workspace Android app running on GrapheneOS. This could result in application crashing but could not be used to gather any sensitive information...
CVE-2022-23745
A potential memory corruption issue was found in Capsule Workspace Android app running on GrapheneOS. This could result in application crashing but could not be used to gather any sensitive information...
Siemens SCALANCE X Switches Buffer Overflow Vulnerability
Siemens SCALANCE X Switches, an industrial Ethernet switch product from Siemens, Germany, is vulnerable to a buffer overflow vulnerability that could be exploited by an unauthenticated attacker to crash the affected device...
CVE-2022-31045
A flaw was found in Istio. Memory access violation of ill-formed headers sent to Envoy in certain configurations can lead to unexpected memory access, resulting in undefined behavior or crashing...