The vulnerability of Adobe Illustrator, related to reading data beyond the buffer in memory, allows a hacker to execute arbitrary code.

The vulnerability of the Adobe Illustrator graphic editor is related to reading data beyond the buffer boundaries in memory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code in the context of the current user, as well as to increase their privileges...

Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Linux Linux_Kernel

CVE-2021-4204 Chinese writeup: https://tr3e.ee/posts/cve-2021...

ROS-20220207-01

Vulnerability in the implementation of the tipccryptokeyrcv function of the protocol for intra-cluster communication Transparent Inter-Process Communication TIPC of Linux kernel is related to insufficient input data verification when processing MSGCRYPTO messages. input data validation when...

OSV-2022-165 Stack-buffer-overflow in fmt::v8::basic_memory_buffer<unsigned int, 32ul, std::__1::allocator<unsigned in

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=44763 Crash type: Stack-buffer-overflow READ 4 Crash state: fmt::v8::basicmemorybufferunsigned int, 32ul, std::1::allocatorunsigned in fmt::v8::detail::bigint::square fmt::v8::detail::bigint::assignpow10...

The vulnerability of the PDFium PDF-content processor in Google Chrome and Microsoft Edge browsers allows a hacker to execute arbitrary code.

The vulnerability of the PDFium PDF-content processor in Google Chrome and Microsoft Edge is related to overflow buffer errors in dynamic memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

The vulnerability of emulation on CD-ROM-based hypervisors of VMware ESXi, VMware Workstation, and VMware Fusion allows a hacker to execute arbitrary code.

The vulnerability of CD-ROM emulation devices in VMware ESXi, VMware Workstation, and VMware Fusion lies in the writing beyond the buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to execute arbitrary code...

CVE-2022-23639 Improper Restriction of Operations within the Bounds of a Memory Buffer and Race Condition in crossbeam-utils

crossbeam-utils provides atomics, synchronization primitives, scoped threads, and other utilities for concurrent programming in Rust. crossbeam-utils prior to version 0.8.7 incorrectly assumed that the alignment of i,u64 was always the same as AtomicI,U64. However, the alignment of i,u64 on a...

CVE-2022-23639 Improper Restriction of Operations within the Bounds of a Memory Buffer and Race Condition in crossbeam-utils

crossbeam-utils provides atomics, synchronization primitives, scoped threads, and other utilities for concurrent programming in Rust. crossbeam-utils prior to version 0.8.7 incorrectly assumed that the alignment of i,u64 was always the same as AtomicI,U64. However, the alignment of i,u64 on a...

ffjpeg Denial of Service Vulnerability (CNVD-2022-12798)

ffjpeg is a JPEG encoder/decoder by the individual developer Kai Chen in China. A rejection vulnerability exists in ffjpeg, which originates when the size information in the metadata of a bmp is out of range, it returns without allocating a memory buffer to pb-pdata and without exiting the progra...

CVE-2021-45385

A Null Pointer Dereference vulnerability exits in ffjpeg d5cfd49 2021-12-06 in bmpload. When the size information in metadata of the bmp is out of range, it returns without assign memory buffer to pb-pdata and did not exit the program. So the program crashes when it tries to access the pb-data, i...

CVE-2021-45385

A Null Pointer Dereference vulnerability exits in ffjpeg d5cfd49 2021-12-06 in bmpload. When the size information in metadata of the bmp is out of range, it returns without assign memory buffer to pb-pdata and did not exit the program. So the program crashes when it tries to access the pb-data, i...

Siemens Solid Edge, JT2Go, and Teamcenter Visualization

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Siemens Equipment: Solid Edge, JT2Go, and Teamcenter Visualization Vulnerabilities: Improper Restriction of Operations within the Bounds of a Memory Buffer, Out-of-bounds Write, Heap-based Buffer Overflow, Out-of-bounds Rea...

Siemens Solid Edge, JT2Go, and Teamcenter Visualization

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Siemens Equipment: Solid Edge, JT2Go, and Teamcenter Visualization Vulnerabilities: Improper Restriction of Operations within the Bounds of a Memory Buffer, Out-of-bounds Write, Heap-based Buffer Overflow, Out-of-bounds Rea...

CVE-2022-22532

In SAP NetWeaver Application Server Java - versions KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC, 7.22, 7.22EXT, 7.49, 7.53, KERNEL 7.22, 7.49, 7.53, an unauthenticated attacker could submit a crafted HTTP server request which triggers improper shared memory buffer handling. This could allow the...

CVE-2022-22532

In SAP NetWeaver Application Server Java - versions KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC, 7.22, 7.22EXT, 7.49, 7.53, KERNEL 7.22, 7.49, 7.53, an unauthenticated attacker could submit a crafted HTTP server request which triggers improper shared memory buffer handling. This could allow the...

CVE-2022-22533

Due to improper error handling in SAP NetWeaver Application Server Java - versions KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC, 7.22, 7.22EXT, 7.49, 7.53, KERNEL 7.22, 7.49, 7.53, an attacker could submit multiple HTTP server requests resulting in errors, such that it consumes the memory buffer. This...

Input validation

Due to improper error handling in SAP NetWeaver Application Server Java - versions KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC, 7.22, 7.22EXT, 7.49, 7.53, KERNEL 7.22, 7.49, 7.53, an attacker could submit multiple HTTP server requests resulting in errors, such that it consumes the memory buffer. This...

CVE-2022-22533

Due to improper error handling in SAP NetWeaver Application Server Java - versions KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC, 7.22, 7.22EXT, 7.49, 7.53, KERNEL 7.22, 7.49, 7.53, an attacker could submit multiple HTTP server requests resulting in errors, such that it consumes the memory buffer. This...

SAP NetWeaver AS Java Multiple Vulnerabilities (ICMAD)

SAP NetWeaver Application Server Java is vulnerable to HTTP request smuggling. - An unauthenticated attacker could submit a crafted HTTP server request which triggers improper shared memory buffer handling. This could allow the malicious payload to be executed and hence execute functions that cou...

PT-2022-15503 · Sap · Sap Netweaver Application Server Java

Name of the Vulnerable Software and Affected Versions: SAP NetWeaver Application Server Java versions 7.22 through 7.53 Description: The issue arises from improper error handling, allowing an attacker to submit multiple HTTP server requests that result in errors, consuming the memory buffer and...