SUSE: Security Advisory (SUSE-SU-2022:2292-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE-SU-2022:2292-1 Security update for php7

This update for php7 fixes the following issues: - CVE-2021-21707: Fixed a special character breaks path in xml parsing. bsc1193041 - CVE-2022-31625: Fixed uninitialized pointers free in Postgres extension. bsc1200645 - CVE-2022-31626: Fixed buffer overflow via user-supplied password when using...

SUSE: Security Advisory (SUSE-SU-2022:2275-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE-SU-2022:2275-1 Security update for php7

This update for php7 fixes the following issues: - CVE-2022-31625: Fixed uninitialized pointers free in Postgres extension. bsc1200645 - CVE-2022-31626: Fixed buffer overflow via user-supplied password when using pdomysql extension with mysqlnd driver. bsc1200628...

network backend may cause Linux netfront to use freed SKBs

ISSUE DESCRIPTION While adding logic to support XDP eXpress Data Path, a code label was moved in a way allowing for SKBs having references pointers retained for further processing to nevertheless be freed. IMPACT A misbehaving or malicious backend may cause a Denial of Service DoS in the guest...

CODESYS 缓冲区错误漏洞

CODESYS is a controller development system from 3S-Smart Software Solutions, Germany. A security vulnerability exists in several CODESYS products, which can be exploited by a low-privileged remote attacker to craft a request that results in read access to uninitialized pointers, leading to a deni...

SUSE: Security Advisory (SUSE-SU-2022:2161-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE-SU-2022:2161-1 Security update for php74

This update for php74 fixes the following issues: - CVE-2022-31625: Fixed uninitialized pointers free in Postgres extension. bsc1200645 - CVE-2022-31626: Fixed buffer overflow via user-supplied password when using pdomysql extension with mysqlnd driver. bsc1200628...

abomonation transmutes &T to and from &[u8] without sufficient constraints

This transmute is at the core of the abomonation crates. It's so easy to use it to violate alignment requirements that no test in the crate's test suite passes under miri. The use of this transmute in serialization/deserialization also incorrectly assumes that the layout of a reprRust type is...

CVE-2022-31759

AppLink has a vulnerability of accessing uninitialized pointers. Successful exploitation of this vulnerability may affect system availability...

CVE-2022-31759

AppLink has a vulnerability of accessing uninitialized pointers. Successful exploitation of this vulnerability may affect system availability...

CVE-2022-31759

AppLink has a vulnerability of accessing uninitialized pointers. Successful exploitation of this vulnerability may affect system availability...

Design/Logic Flaw

AppLink has a vulnerability of accessing uninitialized pointers. Successful exploitation of this vulnerability may affect system availability...

CVE-2022-31759

CVE-2022-31759 concerns AppLink with a vulnerability in which an access to uninitialized pointers can be exploited, potentially impacting system availability. The available sources repeatedly cite this as a vulnerability in AppLink, with impact described as reduced availability. The CVSS details ...

CVE-2022-31759

AppLink has a vulnerability of accessing uninitialized pointers. Successful exploitation of this vulnerability may affect system availability...

CVE-2022-31625

In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when using Postgres database extension, supplying invalid parameters to the parametrized query may lead to PHP attempting to free memory using uninitialized data as pointers. This could lead to RCE vulnerability or...

Unicorn Engine Denial of Service Vulnerability

Unicorn Engine is an application. A lightweight, multi-platform, multi-architecture CPU simulator framework based on QEMU. Unicorn Engine v2.0.0-rc7 and earlier versions have a denial of service vulnerability that stems from qemuramfree dereferencing null pointers. An attacker could exploit this...

CVE-2022-31625

In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when using Postgres database extension, supplying invalid parameters to the parametrized query may lead to PHP attempting to free memory using uninitialized data as pointers. This could lead to RCE vulnerability or...

XML External Entity (XXE)

xmlbeans is vulnerable to XML External Entity attacks. The vulnerability exists due to the lack of sanitization of XML input containing a reference to an external entity which is processed by a weakly configured XML parser allowing an attacker to exhaust the system resource via recursive external...

FIS GT.M Denial of Service Vulnerability (CNVD-2022-32800)

FIS GT.M is a database platform. A security vulnerability exists in FIS GT.M versions prior to V7.0-000, which stems from a lack of parameter validation when calling memcpy in strtok in srunix/ztimeoutroutines.c. The vulnerability can be exploited to attempt to read a null pointer. An attacker ca...