37 matches found
Dassault Systèmes eDrawings IPT File Parsing Uninitialized Variable Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Dassault Syst��mes eDrawings. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
Dassault Systèmes eDrawings IPT File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Dassault Syst��mes eDrawings. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
CVE-2024-1847
Heap-based Buffer Overflow, Memory Corruption, Out-Of-Bounds Read, Out-Of-Bounds Write, Stack-based Buffer Overflow, Type Confusion, Uninitialized Variable, Use-After-Free vulnerabilities exist in the file reading procedure in eDrawings from Release SOLIDWORKS 2023 through Release SOLIDWORKS 2024...
Heap overflow
Heap-based Buffer Overflow, Memory Corruption, Out-Of-Bounds Read, Out-Of-Bounds Write, Stack-based Buffer Overflow, Type Confusion, Uninitialized Variable, Use-After-Free vulnerabilities exist in the file reading procedure in eDrawings from Release SOLIDWORKS 2023 through Release SOLIDWORKS 2024...
CVE-2024-1847 Multiple vulnerabilities exist in file reading procedure in eDrawings from Release SOLIDWORKS 2023 through Release SOLIDWORKS 2024
Heap-based Buffer Overflow, Memory Corruption, Out-Of-Bounds Read, Out-Of-Bounds Write, Stack-based Buffer Overflow, Type Confusion, Uninitialized Variable, Use-After-Free vulnerabilities exist in the file reading procedure in eDrawings from Release SOLIDWORKS 2023 through Release SOLIDWORKS 2024...
Improper Input Validation
In certain situations it is possible for an unmanaged rule to exist on the target system that has the same comment as the rule specified in the manifest. This could allow for unmanaged rules to exist on the target system and leave the system in an unsafe state. A flaw was found in the Puppet...
CVE-2022-0675
A flaw was found in the Puppet Firewall module. In certain situations, an unmanaged rule can exist on the target system that has the same comment as a rule specified in the manifest. When this condition is true, Puppet will ignore the unmanaged rule and continue to apply the rule in the manifest...
SUSE: Security Advisory (SUSE-SU-2016:2018-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2017-1118
IBM WebSphere MQ Internet Pass-Thru (MQIPT) versions 2.0 and 2.1 are affected by CVE-2017-1118 due to an incorrectly configured security policy that can cause MQIPT to stop responding. The IBM bulletin notes that this denial-of-service condition arises when IP addresses not configured in the MQIP...
kernel: netfilter: missing bounds check in ipt_entry structure
A security flaw was found in the Linux kernel in the marksourcechains function in "net/ipv4/netfilter/iptables.c". It is possible for a user-supplied "iptentry" structure to have a large "nextoffset" field. This field is not bounds checked prior to writing to a counter value at the supplied offse...
kernel: netfilter: missing bounds check in ipt_entry structure
A security flaw was found in the Linux kernel in the marksourcechains function in "net/ipv4/netfilter/iptables.c". It is possible for a user-supplied "iptentry" structure to have a large "nextoffset" field. This field is not bounds checked prior to writing to a counter value at the supplied offse...
kernel: out of bounds reads when processing IPT_SO_SET_REPLACE setsockopt
An out-of-bounds heap memory access leading to a Denial of Service, heap disclosure, or further impact was found in setsockopt. The function call is normally restricted to root, however some processes with capsysadmin may also be able to trigger this flaw in privileged container environments...
CVE-2015-0173
IBM WebSphere MQ Internet Pass-Thru (MQIPT) HTTP connection management is affected: MQIPT Session IDs are predictable in versions 2.1.0.1 and earlier when HTTPS is disabled, enabling potential bypass of data restrictions. Affected: MQIPT HTTP sessions; root cause is predictable session IDs. Remed...
security flaw
The iptrecent kernel module iptrecent.c in Linux kernel 2.6.12 and earlier does not properly perform certain time tests when the jiffies value is greater than LONGMAX, which can cause iptrecent netfilter rules to block too early, a different vulnerability than CVE-2005-2872...
security flaw
Race condition in the doaddcounters function in netfilter for Linux kernel 2.6.16 allows local users with CAPNETADMIN capabilities to read kernel memory by triggering the race condition in a way that produces a size value that is inconsistent with allocated memory, which leads to a buffer over-re...
MDKSA-2005:220 - Updated kernel packages fix numerous vulnerabilities
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDKSA-2005:220 http://www.mandriva.com/security/ Package : kernel Date : November 30, 2005 Affected: 10.2 Problem Description: Multiple vulnerabilities in the Linux 2.6 kernel have been discovered and corrected in this...
security flaw
The iptrecent kernel module iptrecent.c in Linux kernel before 2.6.12, when running on 64-bit processors such as AMD64, allows remote attackers to cause a denial of service kernel panic via certain attacks such as SSH brute force, which leads to memset calls using a length based on the uint32t...