The vulnerability of the njs_string_offset function (src/njs_string.c) in the njs interpreter of the nginx server allows a hacker to increase their privileges.

The vulnerability of the njsstringoffset function in the njsstring.c file of the nginx njs interpreter involves an uncontrolled resource consumption. Exploiting this vulnerability could allow a remote attacker to increase their privileges...

CVE-2022-35173

An issue was discovered in Nginx NJS v0.7.5. The JUMP offset for a break instruction was not set to a correct offset during code generation, leading to a segmentation violation...

CVE-2022-35173

An issue was discovered in Nginx NJS v0.7.5. The JUMP offset for a break instruction was not set to a correct offset during code generation, leading to a segmentation violation...

Nginx 代码问题漏洞

Nginx is a lightweight web server/reverse proxy server and email IMAP/POP3 proxy server from the US-based Nginx Corporation. A security vulnerability exists in Nginx NJS version v0.7.5 that stems from a segmentation violation where the JUMP offset of the interrupt directive is not set to the...

CVE-2022-35476

OTFCC v0.10.4 was discovered to contain a segmentation violation via /release-x64/otfccdump+0x4fbc0b...

DEBIAN-CVE-2022-35459

OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /release-x64/otfccdump+0x6e412a...

A flaw was found in KVM. When updating a guest's page table entry vm_pgoff was improperly used as the offset to get the page's pfn. As vaddr and vm_pgoff are controllable by user-mode processes this flaw allows unprivileged local users on the host to write outside the userspace region and potentially corrupt the kernel resulting in a denial of service condition.

...

OTFCC 缓冲区错误漏洞

OTFCC is a C library and utility program from Caryll Open Source. It is used to parse and write OpenType font files. A security vulnerability exists in OTFCC version 0.10.4, which stems from a heap buffer overflow in the /release-x64/otfccdump+0x6b03b5 file...

CVE-2022-35624

In Nordic nRF5 SDK for Mesh 5.0, a heap overflow vulnerability can be triggered by sending a series of segmented packets with SegO SegN...

CVE-2022-35624

In Nordic nRF5 SDK for Mesh 5.0, a heap overflow vulnerability can be triggered by sending a series of segmented packets with SegO SegN...

Nordic Semiconductor nRF5 SDK 缓冲区错误漏洞

The Nordic Semiconductor nRF5 SDK is a software development kit from Nordic Semiconductor, Norway. It provides a rich development environment for the nRF51 and nRF52 family of SoCs. A security vulnerability exists in Nordic Semiconductor nRF5 SDK version 5.0, which is caused by a heap overflow...

OESA-2022-1833 openssl security update

OpenSSL is a robust, commercial-grade, and full-featured toolkit for the Transport Layer Security TLS and Secure Sockets Layer SSL protocols. Security Fixes: AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under so...

CLSA-2022-1660238929 Fixed CVE-2022-2097 in openssl

CVE-2022-2097: Fix AES OCB encrypt/decrypt for x86 AES-NI...

openssl: AES OCB fails to encrypt some bytes

AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimized implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special case of "in place" encryption...

Huawei EulerOS: Security Advisory for vim (EulerOS-SA-2022-2193)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

GSD-2022-1004502 drm/i915/reset: Fix error_state_read ptr + offset use

drm/i915/reset: Fix errorstateread ptr + offset use This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.49 by commit...

GSD-2022-1004307 drm/i915/reset: Fix error_state_read ptr + offset use

drm/i915/reset: Fix errorstateread ptr + offset use This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.18.6 by commit...

EulerOS Virtualization 2.9.0 : vim (EulerOS-SA-2022-2212)

According to the versions of the vim packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Out-of-bounds Read in vim/vim prior to 8.2. CVE-2022-0319 - Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to...

EulerOS Virtualization 2.9.1 : vim (EulerOS-SA-2022-2193)

According to the versions of the vim packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Out-of-bounds Read in vim/vim prior to 8.2. CVE-2022-0319 - Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to...

AES OCB fails to encrypt some bytes

...