128 matches found
CVE-2023-25518
NVIDIA Jetson contains a vulnerability in CBoot, where the PCIe controller is initialized without IOMMU, which may allow an attacker with physical access to the target device to read and write to arbitrary memory. A successful exploit of this vulnerability may lead to code execution, denial of...
CVE-2023-34341
AMI BMC contains a vulnerability in the SPX REST API, where an attacker with the required privileges can read and write to arbitrary locations within the memory context of the IPMI server process, which may lead to code execution, denial of service, information disclosure, or data tampering...
EulerOS Virtualization 2.11.0 : httpd (EulerOS-SA-2023-2123)
According to the versions of the httpd packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A carefully crafted If: request header can cause a memory read, or write of a single zero byte, in a pool heap memory location...
httpd: mod_dav: out-of-bounds read/write of zero byte
A flaw was found in the moddav module of httpd. A specially crafted "If:" request header can cause a memory read or write of a single zero byte due to a missing error check, resulting in a Denial of Service...
SUSE CVE-2006-20001
A carefully crafted If: request header can cause a memory read, or write of a single zero byte, in a pool heap memory location beyond the header value sent. This could cause the process to crash. This issue affects Apache HTTP Server 2.4.54 and earlier...
SUSE CVE-2020-11039
In FreeRDP less than or equal to 2.0.0, when using a manipulated server with USB redirection enabled nearly arbitrary memory can be read and written due to integer overflows in length checks. This has been patched in 2.1.0...
SUSE CVE-2021-20307
Format string vulnerability in panoFileOutputNamesCreate in libpano13 2.9.20rc2+dfsg-3 and earlier can lead to read and write arbitrary memory values...
Lenovo Diagnostics Driver IOCTL memmove
Incorrect access control for the Lenovo Diagnostics Driver allows a low-privileged user the ability to issue device IOCTLs to perform arbitrary physical/virtual memory read/write. Module Options msf use exploit/windows/local/cve20223699lenovodiagnosticsdriver msf...
Lenovo Diagnostics Driver Memory Access Exploit
This Metasploit module demonstrates how an incorrect access control for the Lenovo Diagnostics Driver allows a low-privileged user the ability to issue device IOCTLs to perform arbitrary physical/virtual memory reads and writes. This module requires Metasploit: https://metasploit.com/download...
UBUNTU-CVE-2006-20001
A carefully crafted If: request header can cause a memory read, or write of a single zero byte, in a pool heap memory location beyond the header value sent. This could cause the process to crash. This issue affects Apache HTTP Server 2.4.54 and earlier...
CVE-2023-22357
Active debug code exists in OMRON CP1L-EL20DR-D all versions, which may lead to a command that is not specified in FINS protocol being executed without authentication. A remote unauthenticated attacker may read/write in arbitrary area of the device memory, which may lead to overwriting the...
CVE-2022-42278
NVIDIA BMC contains a vulnerability in SPX REST API, where an authorized attacker can read and write to arbitrary locations within the memory context of the IPMI server process, which may lead to code execution, denial of service, information disclosure and data tampering...
CVE-2021-3839
A flaw was found in the vhost library in DPDK. Function vhostusersetinflightfd does not validate msg-payload.inflight.numqueues, possibly causing out-of-bounds memory read/write. Any software using DPDK vhost library may crash as a result of this vulnerability...
USN-5463-2 ntfs-3g vulnerabilities
USN-5463-1 fixed vulnerabilities in NTFS-3G. This update provides the corresponding updates for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: Roman Fiedler discovered that NTFS-3G incorrectly handled certain return codes. A local attacker could possibly use this issue to...
Adobe Illustrator 缓冲区错误漏洞
Adobe Illustrator is a set of vector-based image creation software from the American company Audobee Adobe. Adobe Illustrator suffers from a buffer overflow vulnerability that originates when a networked system or product performs an operation in memory without properly validating data boundaries...
Adobe Illustrator 缓冲区错误漏洞
Adobe Illustrator is a suite of vector-based image creation software from the American company Audobee Adobe. A buffer error vulnerability exists in Adobe Illustrator. The vulnerability originates when a networked system or product performs an operation in memory without properly validating data...
CVE-2021-46814
The video framework has an out-of-bounds memory read/write vulnerability. Successful exploitation of this vulnerability may affect system availability...
CVE-2021-46814
The video framework has an out-of-bounds memory read/write vulnerability. Successful exploitation of this vulnerability may affect system availability...
USN-5463-1 ntfs-3g vulnerabilities
It was discovered that NTFS-3G incorrectly handled the ntfsck tool. If a user or automated system were tricked into using ntfsck on a specially crafted disk image, a remote attacker could possibly use this issue to execute arbitrary code. CVE-2021-46790 Roman Fiedler discovered that NTFS-3G...
AZL-9848 CVE-2022-30785 affecting package ntfs-3g for versions less than 2022.5.17-1
A file handle created in fuselibopendir, and later used in fuselibreaddir, enables arbitrary memory read and write operations in NTFS-3G through 2021.8.22 when using libfuse-lite...