68 matches found
Ruby 资源管理错误漏洞
Ruby is a cross-platform, object-oriented, dynamically-typed programming language from the individual developer, Yukihiro Matsumoto. A resource management error vulnerability exists in Ruby. The vulnerability allows an attacker to write to unexpected memory locations using specially crafted regul...
SUSE-SU-2021:4120-1 Security update for xorg-x11-server
This update for xorg-x11-server fixes the following issues: - CVE-2021-4009: The handler for the CreatePointerBarrier request of the XFixes extension does not properly validate the request length leading to out of bounds memory write. bsc1190487 - CVE-2021-4011: The handlers for the...
freerdp: improper client input validation for gateway connections allows to overwrite memory
A flaw was found in the FreeRDP client when it fails to validate input data when using gateway connections. This flaw could allow a malicious gateway to send a specially crafted input to a client leading to an out of bounds write in client memory. The highest threat from this flaw is that it coul...
CVE-2021-41159
FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache license. All FreeRDP clients prior to version 2.4.1 using gateway connections /gt:rpc fail to validate input data. A malicious gateway might allow client memory to be written out of bounds. This issue h...
Huawei P30 Memory Write Overrun Vulnerability
Huawei P30 is a smartphone from Chinese company Huawei Huawei. Huawei P30 suffers from a memory write out-of-bounds vulnerability. The vulnerability is due to insufficient validation of incoming parameters, a write out-of-bounds occurs in one of the system's protocols when processing a request...
Security Advisory - Arbitrary Memory Write Vulnerability in Huawei Smart Phone
There is an arbitrary memory write vulnerability in Huawei smart phone when processing file parsing. Due to insufficient validation of the input files, successful exploit could cause certain service abnormal. Vulnerability ID: HWPSIRT-2020-04031 This vulnerability has been assigned a Common...
Remote code execution
An arbitrary memory write vulnerability exists in the dualonsrv.exe module in Honeywell Experion PKS R40x before R400.6, R41x before R410.6, and R43x before R430.2, that could lead to possible remote code execution or denial of service. Honeywell strongly encourages and recommends all customers...
CVE-2014-5435
An arbitrary memory write vulnerability exists in the dualonsrv.exe module in Honeywell Experion PKS R40x before R400.6, R41x before R410.6, and R43x before R430.2, that could lead to possible remote code execution or denial of service. Honeywell strongly encourages and recommends all customers...
EDK2 Memory Write Vulnerability
EDK2 is a set of cross-platform firmware development environment based on UEFI and PI specifications. A security vulnerability exists in EDK2's SMM service that stems from the program's failure to adequately perform memory write checks. A local attacker could exploit the vulnerability to elevate...
Cisco 807, 809, and 829 Industrial Integrated Services Router Arbitrary Memory Write Vulnerability
The Cisco 807, 809, and 829 Industrial Integrated Services Routers are router products from Cisco, Inc.IOS Software is a set of operating systems developed by Cisco for its network devices that run on them. An arbitrary memory write vulnerability exists in the test subsystem embedded in the IOS...
Cisco 807, 809, and 829 Industrial Integrated Services Router IOS Software Arbitrary Memory Write Vulnerability
The Cisco 807, 809, and 829 Industrial Integrated Services Router are all Cisco router products.IOS Software is the set of operating systems that run on them that Cisco has developed for its network devices. An arbitrary memory write vulnerability exists in the embedded test subsystem in the IOS...
CVE-2018-15375 Cisco IOS Software for Cisco 800 Series Industrial Integrated Services Routers Arbitrary Memory Write Vulnerabilities
A vulnerability in the embedded test subsystem of Cisco IOS Software for Cisco 800 Series Industrial Integrated Services Routers could allow an authenticated, local attacker to write arbitrary values to arbitrary locations in the memory space of an affected device. The vulnerability is due to the...
CVE-2018-10536
An issue was discovered in WavPack 5.1.0 and earlier. The WAV parser component contains a vulnerability that allows writing to memory because ParseRiffHeaderConfig in riff.c does not reject multiple format chunks...
SUSE-SU-2018:0863-1 Security update for clamav
This update for clamav fixes the following issues: Security issues fixed: - CVE-2012-6706: VMSFDELTA filter inside the unrar implementation allows an arbitrary memory write bsc1045315. - CVE-2017-6419: A heap-based buffer overflow that can lead to a denial of service in libmspack via a crafted CH...
[SECURITY] [DLA 1319-1] firefox-esr security update
Package : firefox-esr Version : 52.7.2esr-1deb7u1 CVE ID : CVE-2018-5146 CVE-2018-5147 Richard Zhu and Huzaifa Sidhpurwala discovered that an out-of-bounds memory write when playing Vorbis media files could result in the execution of arbitrary code. For Debian 7 "Wheezy", these problems have been...
NCR S1 Dispenser controller authentication vulnerability
CR S1 Dispenser controller is a dispenser control board product from NCR Corporation. A security vulnerability exists in the memory write mechanism in the NCR S1 Dispenser controller using firmware version 0x0108. An attacker can exploit this vulnerability to upgrade or downgrade the device...
NCR S2 Dispenser controller authentication vulnerability
NCR S2 Dispenser controller is a dispenser control board product from NCR Corporation. A security vulnerability exists in the memory write mechanism in the NCR S2 Dispenser controller using firmware version 0x0108. An attacker could exploit this vulnerability to upgrade or downgrade the device...
Debian DSA-4141-1 : libvorbisidec - security update
Huzaifa Sidhpurwala discovered that an out-of-bounds memory write in the codebook parsing code of the Libtremor multimedia library could result in the execution of arbitrary code if a malformed Vorbis file is opened. C Tenable Network Security, Inc. The descriptive text and package checks in this...
Multiple Adobe Products JavaScript API Out-of-Bounds Memory Write Vulnerability
Adobe Acrobat DC for Windows and Macintosh and so on are the United States of America Odobie Adobe company based on Windows and Macintosh platform products.Adobe Acrobat DC for Windows and Macintosh is a desktop version of the PDF solution; Acrobat Reader DC for Windows and Macintosh is a set of...
CVE-2018-0088
The CVE-2018-0088 issue affects Cisco Industrial Ethernet 4010 Series Switches running Cisco IOS Software. It stems from a diagnostic test CLI command that allows writing to device memory, enabling an authenticated local attacker (privilege level 15) to cause arbitrary code execution or a denial ...