1716 matches found
CVE-2018-13869
An issue was discovered in the HDF HDF5 1.8.20 library. There is a memcpy parameter overlap in the function H5Olinkdecode in H5Olink.c...
openSUSE Security Update : glibc (openSUSE-2018-600)
This update for glibc fixes the following issues : This security issue was fixed : - Fixed an buffer overwrite issue in memcpy for Knights Landing CPUs boo1092877, CVE-2018-11237 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were...
Security update for glibc (moderate)
This update for glibc fixes the following issues: This security issue was fixed: - Fixed an buffer overwrite issue in memcpy for Knights Landing CPUs boo1092877, CVE-2018-11237...
Linux ext4: out-of-bounds memcpy via non-inline system.data xattr(CVE-2018-11412)
ext4 can store data for small regular files as "inline data", meaning that the data is stored inside the corresponding inode instead of in separate blocks. Inline data is stored in two places: The first 60 bytes go in the iblock field in the inode which normally contains a list of blocks instead,...
Linux Kernel 4.16.11 - ext4_read_inline_data() Memory Corruption
Linux Kernel 4.16.11 - ext4readinlinedata Memory Corruption ext4 can store data for small regular files as "inline data", meaning that the data is stored inside the corresponding inode instead of in separate blocks. Inline data is stored in two places: The first 60 bytes go in the iblock field in...
Linux Kernel ext4_read_inline_data() Memory Corruption
ext4 can store data for small regular files as "inline data", meaning that the data is stored inside the corresponding inode instead of in separate blocks. Inline data is stored in two places: The first 60 bytes go in the iblock field in the inode which normally contains a list of blocks instead,...
Linux Kernel < 4.16.11 - 'ext4_read_inline_data()' Memory Corruption
ext4 can store data for small regular files as "inline data", meaning that the data is stored inside the corresponding inode instead of in separate blocks. Inline data is stored in two places: The first 60 bytes go in the iblock field in the inode which normally contains a list of blocks instead,...
Linux kernel memory corruption vulnerability (CNVD-2018-10582)
Linux kernel is the kernel used by Linux, the open source operating system released by the Linux Foundation in the United States. A security vulnerability exists in Linux kernel versions 4.13 through 4.16.11, which stems from the 'ext4readinlinedata' function in the fs/ext4/inline.c file using an...
Remote code execution
In Lizard v1.0 and LZ5 v2.0 the prior release, before the product was renamed, there is an unchecked buffer size during a memcpy in the LizarddecompressLIZv1 function lib/lizarddecompressliz.h. Remote attackers can leverage this vulnerability to cause a denial of service via a crafted input file,...
CVE-2018-11498
In Lizard v1.0 and LZ5 v2.0 the prior release, before the product was renamed, there is an unchecked buffer size during a memcpy in the LizarddecompressLIZv1 function lib/lizarddecompressliz.h. Remote attackers can leverage this vulnerability to cause a denial of service via a crafted input file,...
CVE-2018-11412
The fs/ext4/inline.c:ext4readinlinedata function in the Linux kernel performs a memcpy with an untrusted length value in certain circumstances involving a crafted filesystem that stores the system.data extended attribute value in a dedicated inode. The unbound copy can cause memory corruption or...
CVE-2018-11412
In the Linux kernel 4.13 through 4.16.11, ext4readinlinedata in fs/ext4/inline.c performs a memcpy with an untrusted length value in certain circumstances involving a crafted filesystem that stores the system.data extended attribute value in a dedicated inode...
CVE-2018-11412
In the Linux kernel 4.13 through 4.16.11, ext4readinlinedata in fs/ext4/inline.c performs a memcpy with an untrusted length value in certain circumstances involving a crafted filesystem that stores the system.data extended attribute value in a dedicated inode...
CVE-2018-11412
In the Linux kernel 4.13 through 4.16.11, ext4readinlinedata in fs/ext4/inline.c performs a memcpy with an untrusted length value in certain circumstances involving a crafted filesystem that stores the system.data extended attribute value in a dedicated inode...
CVE-2018-11412
In the Linux kernel 4.13 through 4.16.11, ext4readinlinedata in fs/ext4/inline.c performs a memcpy with an untrusted length value in certain circumstances involving a crafted filesystem that stores the system.data extended attribute value in a dedicated inode...
CVE-2018-11412
In the Linux kernel 4.13 through 4.16.11, ext4readinlinedata in fs/ext4/inline.c performs a memcpy with an untrusted length value in certain circumstances involving a crafted filesystem that stores the system.data extended attribute value in a dedicated inode...
glibc security, bug fix, and enhancement update
2.17-222 - Restore internal GLIBCPRIVATE symbols for use during upgrades 1523119 2.17-221 - CVE-2018-1000001: Fix realpath buffer underflow 1534635 - i386: Fix unwinding for 32-bit C++ application 1529982 - Reduce thread and dynamic loader stack usage 1527904 - x86-64: Use XSAVE/XSAVEC more often...
CVE-2017-18127
In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile and Snapdragon Wear MSM8909W, SD 210/SD 212/SD 205, SD 430, SD 450, SD 625, SD 650/52, SD 820, SD 835, SD 845, while processing a SetParam command packet in the VR service, the extracted namelen and valuelen values ar...
Buffer overflow
In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile and Snapdragon Wear MSM8909W, SD 210/SD 212/SD 205, SD 430, SD 450, SD 625, SD 650/52, SD 820, SD 835, SD 845, while processing a SetParam command packet in the VR service, the extracted namelen and valuelen values ar...
CVE-2017-18127
CVE-2017-18127 affects Android on Qualcomm Snapdragon devices (before 2018-04-05 patch level) where, while processing a SetParam command packet in the VR service, the code does not validate the extracted name_len and value_len values, potentially leading to a buffer overflow in subsequent calls t...