UBUNTU-CVE-2021-43314

A heap-based buffer overflows was discovered in upx, during the generic pointer 'p' points to an inaccessible address in func getle32. The problem is essentially caused in PackLinuxElf32::elflookup at plxelf.cpp:5368...

Security Bulletin: IBM b-type SAN switches and directors affected by Open Source OpenSSL Vulnerabilities (CVE-2016-2177, CVE-2016-2178).

Summary IBM b-type SAN switches and directors addressing Open Source OpenSSL Vulnerabilities CVE-2016-2177, CVE-2016-2178. Vulnerability Details Relevant CVE Information: CVEID: CVE-2016-2177 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by the incorrect use of pointer...

K43030517: Linux kernel BPF vulnerability CVE-2019-7308

Security Advisory Description kernel/bpf/verifier.c in the Linux kernel before 4.20.6 performs undesirable out-of-bounds speculation on pointer arithmetic in various cases, including cases of different branches with different state or limits to sanitize, leading to side-channel attacks...

K70992015: Linux kernel vulnerabilty CVE-2021-33200

Security Advisory Description kernel/bpf/verifier.c in the Linux kernel through 5.12.7 enforces incorrect limits for pointer arithmetic operations, aka CID-bb01a1bba579. This can be abused to perform out-of-bounds reads and writes in kernel memory, leading to local privilege escalation to root. I...

SUSE CVE-2008-1685

gcc 4.2.0 through 4.3.0 in GNU Compiler Collection, when casts are not used, considers the sum of a pointer and an int to be greater than or equal to the pointer, which might lead to removal of length testing code that was intended as a protection mechanism against integer overflow and buffer...

SUSE CVE-2008-5187

The load function in the XPM loader for imlib2 1.4.2, and possibly other versions, allows attackers to cause a denial of service crash and possibly execute arbitrary code via a crafted XPM file that triggers a "pointer arithmetic error" and a heap-based buffer overflow, a different vulnerability...

SUSE CVE-2009-0847

The asn1bufimbed function in the ASN.1 decoder in MIT Kerberos 5 aka krb5 1.6.3, when PK-INIT is used, allows remote attackers to cause a denial of service application crash via a crafted length value that triggers an erroneous malloc call, related to incorrect calculations with pointer arithmeti...

SUSE CVE-2016-9841

inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic...

SUSE CVE-2016-9840

inftrees.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic...

SUSE CVE-2017-7895

The NFSv2 and NFSv3 server implementations in the Linux kernel through 4.10.13 lack certain checks for the end of a buffer, which allows remote attackers to trigger pointer-arithmetic errors or possibly have unspecified other impact via crafted requests, related to fs/nfsd/nfs3xdr.c and...

SUSE CVE-2021-29155

An issue was discovered in the Linux kernel through 5.11.x. kernel/bpf/verifier.c performs undesirable out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory. Specifically, for sequences ...

SUSE CVE-2021-33200

kernel/bpf/verifier.c in the Linux kernel through 5.12.7 enforces incorrect limits for pointer arithmetic operations, aka CID-bb01a1bba579. This can be abused to perform out-of-bounds reads and writes in kernel memory, leading to local privilege escalation to root. In particular, there is a corne...

SUSE CVE-2022-23222

kernel/bpf/verifier.c in the Linux kernel through 5.15.14 allows local users to gain privileges because of the availability of pointer arithmetic via certain ORNULL pointer types...

Huawei EulerOS: Security Advisory for mariadb-connector-c (EulerOS-SA-2023-1227)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS Virtualization 2.9.1 : deltarpm (EulerOS-SA-2023-1187)

According to the versions of the deltarpm package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - inftrees.h in zlib 1.2.2 allows remote attackers to cause a denial of service application crash via an invalid file that causes ...

EulerOS 2.0 SP10 : deltarpm (EulerOS-SA-2022-2816)

According to the versions of the deltarpm packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - inftrees.h in zlib 1.2.2 allows remote attackers to cause a denial of service application crash via an invalid file that causes a large dynami...

EulerOS 2.0 SP10 : deltarpm (EulerOS-SA-2022-2841)

According to the versions of the deltarpm packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - inftrees.h in zlib 1.2.2 allows remote attackers to cause a denial of service application crash via an invalid file that causes a large dynami...

EulerOS 2.0 SP9 : deltarpm (EulerOS-SA-2022-2723)

According to the versions of the deltarpm package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - inftrees.h in zlib 1.2.2 allows remote attackers to cause a denial of service application crash via an invalid file that causes a large dynamic...

Huawei EulerOS: Security Advisory for mariadb-connector-c (EulerOS-SA-2022-2736)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP9 : mariadb-connector-c (EulerOS-SA-2022-2771)

According to the versions of the mariadb-connector-c package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - inftrees.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmeti...