CVE-2023-1437

Advantech WebAccess/SCADA (all versions prior to 9.1.4) is affected by CVE-2023-1437 due to untrusted pointer handling in RPC arguments, enabling a remote attacker to access the remote file system and potentially execute commands or overwrite files. The root cause is untrusted pointers dereferenc...

Advantech WebAccess/SCADA Buffer Error Vulnerability

Advantech WebAccess/SCADA is a set of SCADA software based on browser architecture from Advantech, China. The software supports dynamic graphical display and real-time data control, and provides remote control and management of automation devices. A buffer error vulnerability exists in Advantech...

Unsoundness in `intern` methods on `intaglio` symbol interners

Affected versions of this crate have a stacked borrows violation when creating references to interned contents. All interner types are affected. The flaw was corrected in version 1.9.0 by reordering move and borrowing operations and storing interned contents by raw pointer instead of as a Box...

Heap overflow

All versions of GE Digital CIMPLICITY that are not adhering to SDG guidance and accepting documents from untrusted sources are vulnerable to memory corruption issues due to insufficient input validation, including issues such as out-of-bounds reads and writes, use-after-free, stack-based buffer...

CVE-2023-3463 GE Digital CIMPLICITY Heap-based Buffer Overflow

All versions of GE Digital CIMPLICITY that are not adhering to SDG guidance and accepting documents from untrusted sources are vulnerable to memory corruption issues due to insufficient input validation, including issues such as out-of-bounds reads and writes, use-after-free, stack-based buffer...

PT-2023-4939 · Advantech · Webaccess/Scada

Name of the Vulnerable Software and Affected Versions: Advantech WebAccess/SCADA versions prior to 9.1.4 Description: The issue is related to the use of untrusted pointers in the software. Specifically, the RPC arguments sent by the client could contain raw memory pointers that the server uses...

Zephyr 资源管理错误漏洞

Zephyr is an extensible real-time operating system RTOS open-sourced by the Zephyr Project. A resource management error vulnerability exists in Zephyr 3.3 and earlier versions that stems from not clearing global references to state pointers after processing connection events, which could allow a...

EulerOS 2.0 SP11 : shim (EulerOS-SA-2023-2277)

According to the versions of the shim packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an...

impl `FromMdbValue` for bool is unsound

The implementation of FromMdbValue have several unsoundness issues. First of all, it allows to reinterpret arbitrary bytes as a bool and could make undefined behavior happen with safe function. Secondly, it allows transmuting pointer without taking memory layout into consideration. The details of...

EulerOS Virtualization 2.9.0 : shim (EulerOS-SA-2023-2025)

According to the versions of the shim package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parse...

CVE-2023-34312

In Tencent QQ through 9.7.8.29039 and TIM through 3.4.7.22084, QQProtect.exe and QQProtectEngine.dll do not validate pointers from inter-process communication, which leads to a write-what-where condition...

CVE-2023-34312

In Tencent QQ through 9.7.8.29039 and TIM through 3.4.7.22084, QQProtect.exe and QQProtectEngine.dll do not validate pointers from inter-process communication, which leads to a write-what-where condition...

CVE-2023-34312

In Tencent QQ through 9.7.8.29039 and TIM through 3.4.7.22084, QQProtect.exe and QQProtectEngine.dll do not validate pointers from inter-process communication, which leads to a write-what-where condition...

EulerOS 2.0 SP10 : shim (EulerOS-SA-2023-1984)

According to the versions of the shim package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an...

kernel: RDMA/rxe: Fix "kernel NULL pointer dereference" error

A NULL pointer dereference vulnerability was found in the RXE Soft-RoCE RDMA driver in the Linux kernel. When rxequeueinit fails during queue pair initialization in rxeqpinitreq, the task function and argument pointers qp-req.task.func and qp-req.task.arg remain uninitialized. The cleanup functio...

Autodesk 3ds Max 缓冲区错误漏洞

Autodesk 3ds Max is a full-featured, three-dimensional computer graphics software from the American company Autodesk. A security vulnerability exists in Autodesk 3ds Max USD version 0.4, which originates from the possibility that an attacker could trick a user into opening a malicious USD file,...

Huawei EulerOS: Security Advisory for shim (EulerOS-SA-2023-1853)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

kernel: RDMA/srpt: Fix a use-after-free

In the Linux kernel, the following vulnerability has been resolved: RDMA/srpt: Fix a use-after-free Change the LIO port members inside struct srptport from regular members into pointers. Allocate the LIO port data structures from inside srptmaketport and free these from inside srptmaketport. Keep...

kernel: net/mlx5: LAG, fix logic over MLX5_LAG_FLAG_NDEVS_READY

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: LAG, fix logic over MLX5LAGFLAGNDEVSREADY Only set MLX5LAGFLAGNDEVSREADY if both netdevices are registered. Doing so guarantees that both ldev-pfMLX5LAGP0.dev and ldev-pfMLX5LAGP1.dev have valid pointers when...

kernel: bpf: Fix combination of jit blinding and pointers to bpf subprogs.

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix combination of jit blinding and pointers to bpf subprogs. The combination of jit blinding and pointers to bpf subprogs causes: 36.989548 BUG: unable to handle page fault for address: 0000000100000001 36.990342 PF:...