Improper Restriction of Operations within the Bounds of a Memory Buffer

Overview Affected versions of this package are vulnerable to Improper Restriction of Operations within the Bounds of a Memory Buffer via the wasmloaderpreparebytecode function in core/iwasm/interpreter/wasmloader.c. An attacker can cause a denial of service by exploiting this vulnerability...

The vulnerability of the RedisGraph graph database, related to the execution of operations outside the buffer boundaries in memory, allows a attacker to execute arbitrary code.

The vulnerability of the RedisGraph graph database is related to the execution of operations outside the buffer boundaries in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

CVE-2023-47580

Multiple improper restriction of operations within the bounds of a memory buffer issues exist in TELLUS V4.0.17.0 and earlier and TELLUS Lite V4.0.17.0 and earlier. If a user opens a specially crafted file X1, V8, or V9 file, information may be disclosed and/or arbitrary code may be executed...

Out-of-bounds

Multiple improper restriction of operations within the bounds of a memory buffer issues exist in TELLUS V4.0.17.0 and earlier and TELLUS Lite V4.0.17.0 and earlier. If a user opens a specially crafted file X1, V8, or V9 file, information may be disclosed and/or arbitrary code may be executed...

CVE-2023-47580

Multiple improper restriction of operations within the bounds of a memory buffer issues exist in TELLUS V4.0.17.0 and earlier and TELLUS Lite V4.0.17.0 and earlier. If a user opens a specially crafted file X1, V8, or V9 file, information may be disclosed and/or arbitrary code may be executed...

CVE-2023-47580

Multiple improper restriction of operations within the bounds of a memory buffer issues exist in TELLUS V4.0.17.0 and earlier and TELLUS Lite V4.0.17.0 and earlier. If a user opens a specially crafted file X1, V8, or V9 file, information may be disclosed and/or arbitrary code may be executed...

CVE-2023-47580

CVE-2023-47580 affects Fuji Electric TELLUS and TELLUS Lite up to version 4.0.17.0 (and earlier). The vulnerability is due to improper restriction of operations within memory buffers, enabling information disclosure and/or arbitrary code execution when a user opens specially crafted files (X1, V8...

ROS-20231114-02

Vulnerability of XIChangeDeviceProperty Xi/xiproperty.c and RRChangeOutputProperty functions randr/rrrproperty.c of X Window System Xorg-server is related to the possibility of writing outside the boundaries of the buffer in memory. Exploitation of the vulnerability could allow an attacker to cau...

PT-2023-26516 · Intel · Intel Unison

Name of the Vulnerable Software and Affected Versions: Intel Unison affected versions not specified Description: The issue allows an authenticated user to potentially enable escalation of privilege via local access due to access of memory location after end of buffer. Recommendations: At the...

PT-2023-8272 · Amd +1 · Amd Processor Firmware +1

Name of the Vulnerable Software and Affected Versions: AMD affected versions not specified Description: The issue is related to the implementation of System Management Mode SMM in AMD processor firmware, specifically due to insufficient input validation. This could allow a remote attacker to...

OpenVPN Security Vulnerabilities

OpenVPN is a software package for creating encrypted tunnels for Virtual Private Networks VPNs from US-based OpenVPN, which uses the OpenSSL library to encrypt data and control information, and allows created VPNs to be authenticated using a public key, an electronic certificate, or a...

The vulnerability of the tif_jbig.c component of the JBIG1 data compression standard, which is used for working with JBIG images in the JBIG-KIT framework, allows a hacker to cause a service failure.

The vulnerability of the tifjbig.c component of the JBIG1 data compression standard, which is used for processing JBIG images, in the JBIG-KIT framework, relates to the execution of operations outside the buffer boundaries in memory. Exploiting this vulnerability could allow a malicious actor to...

The vulnerability of the OpenImageIO image processing library, related to the occurrence of operations outside the buffer in memory, allows attackers to access confidential data, compromise its integrity, and cause service failures.

The vulnerability of the OpenImageIO image processing library lies in the escape of operations beyond the buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to gain access to confidential data, compromise its integrity, and even cause service failures through the use...

PT-2023-6869 · Tellus +1 · Tellus +1

Name of the Vulnerable Software and Affected Versions: TELLUS versions 4.0.17.0 and earlier TELLUS Lite versions 4.0.17.0 and earlier Description: The issue is related to improper restriction of operations within the bounds of a memory buffer. If a user opens a specially crafted file, such as X1,...

kernel: udmabuf: Set ubuf->sg = NULL if the creation of sg table fails

A flaw was found in the Linux kernel’s udmabuf subsystem where the scatter-gather sg pointer was not properly set to NULL if creation of the sg table failed. If userspace attempts to map a dmabuf and the sg table allocation fails e.g., due to memory exhaustion, the kernel later attempts to free a...

kernel: drm/edid: fix info leak when failing to get panel id

In the Linux kernel, the following vulnerability has been resolved: drm/edid: fix info leak when failing to get panel id Make sure to clear the transfer buffer before fetching the EDID to avoid leaking slab data to the logs on errors that leave the buffer unchanged...

shadow-utils: possible password leak during passwd(1) change

A flaw was found in shadow-utils. When asking for a new password, shadow-utils asks the password twice. If the password fails on the second attempt, shadow-utils fails in cleaning the buffer used to store the first entry. This may allow an attacker with enough access to retrieve the password from...

CVE-2023-28545 Improper Restriction of Operations within the Bounds of a Memory Buffer in TZ Secure OS

Memory corruption in TZ Secure OS while loading an app ELF...

The vulnerability of Siemens Solid Edge’s design and simulation tools relates to data writing beyond the buffer in memory, allowing an attacker to execute arbitrary code.

The vulnerability of Siemens Solid Edge’s design and simulation tools relates to the writing of data beyond the buffer in memory. Exploiting this vulnerability can allow an attacker to execute arbitrary code using specially created PAR files...

The vulnerability of the chkResetVeriRegister() function in TP-LINK’s TL-WR886N router software allows a attacker to compromise the integrity, accessibility, and confidentiality of the protected information.

The vulnerability of the chkResetVeriRegister function in TP-LINK’s TL-WR886N router software lies in the fact that the operation is performed outside of the buffer in memory. Exploiting this vulnerability allows an attacker to influence the integrity, availability, and confidentiality of the...