Astra Linux – Vulnerability in libfcgi

FastCGI fcgid2 also known as fcgi versions 2.x through 2.4.4 have a integer overflow vulnerability resulting in a heap-based buffer overflow due to crafted values for nameLen or valueLen in the data sent to the IPC socket. This issue occurs in the ReadParams function in fcgiapp.c...

The vulnerability in the ReadParams function of the fcgiapp.c file, part of the FastCGI protocol implementation for the fcgii2 library (fcgi), allows a hacker to execute arbitrary code.

The vulnerability of the ReadParams function in the fcgiapp.c file of the FastCGI protocol implementation, within the fcgii2 fcgi library, is related to a numerical overflow vulnerability. Exploiting this vulnerability allows an attacker to execute arbitrary code by sending requests containing...

The vulnerability of the ReadParams function in the implementation of the FastCGI protocol, provided by the fcgii2 library (fcgi), allows a hacker to execute arbitrary code.

The vulnerability of the ReadParams function in the FastCGI protocol implementation of the fcgii2 fcgi library is related to integer overflow. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by sending requests containing specially crafted values for parameters...

python-pillow: buffer overflow in _imagingcms.c

A flaw was found in Pillow. The cmstransformnew function in src/imagingcms.c does not validate the length of its parameters before copying them into fixed-size buffers, leading to a buffer overflow, resulting in a denial of service...

python-pillow: buffer overflow in _imagingcms.c

A flaw was found in Pillow. The cmstransformnew function in src/imagingcms.c does not validate the length of its parameters before copying them into fixed-size buffers, leading to a buffer overflow, resulting in a denial of service...

CVE-2023-48429

A vulnerability has been identified in SINEC INS All versions V1.0 SP2 Update 2. The Web UI of affected devices does not check the length of parameters in certain conditions. This allows a malicious admin to crash the server by sending a crafted request to the server. The server will automaticall...

PT-2023-30849 · Siemens · Sinec Ins

Name of the Vulnerable Software and Affected Versions: SINEC INS versions prior to V1.0 SP2 Update 2 Description: A vulnerability has been identified in the REST API of affected devices, where it does not check the length of parameters in certain conditions. This allows a malicious admin to crash...

USN-4966-2: libx11 vulnerability

USN-4966-1 fixed a vulnerability in libx11. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: It was discovered that libx11 incorrectly validated certain parameter lengths. A remote attacker could possibly use this issue to trick...

USN-4966-1 libx11 vulnerability

It was discovered that libx11 incorrectly validated certain parameter lengths. A remote attacker could possibly use this issue to trick libx11 into emitting extra X protocol requests...

USN-4966-1: libx11 vulnerability

It was discovered that libx11 incorrectly validated certain parameter lengths. A remote attacker could possibly use this issue to trick libx11 into emitting extra X protocol requests...

CVE-2020-12485

The frame touch module does not make validity judgments on parameter lengths when processing specific parameters,which caused out of the boundary when memory access.The vulnerability eventually leads to a local DOS on the device...

CVE-2020-12485

The frame touch module does not make validity judgments on parameter lengths when processing specific parameters,which caused out of the boundary when memory access.The vulnerability eventually leads to a local DOS on the device...

The vulnerability of Eltex switchboard servers allows a hacker to trigger a service failure.

The vulnerability of Eltex switch web servers exists due to the lack of checks for the length of the parameters “restoreUrl”, “errorCollector”, “userName$query”, and “password$query” in the requests sent during authentication. Exploiting this vulnerability allows a malicious actor to cause a...