15 matches found
DEBIAN-CVE-2025-64333
Suricata is a network IDS, IPS and NSM engine developed by the OISF Open Information Security Foundation and the Suricata community. Prior to versions 7.0.13 and 8.0.2, a large HTTP content type, when logged can cause a stack overflow crashing Suricata. This issue has been patched in versions...
CVE-2025-64333 Suricata is vulnerable to a stack overflow from big content-type
Suricata is a network IDS, IPS and NSM engine developed by the OISF Open Information Security Foundation and the Suricata community. Prior to versions 7.0.13 and 8.0.2, a large HTTP content type, when logged can cause a stack overflow crashing Suricata. This issue has been patched in versions...
EUVD-2014-3509
Malware in sbrugna...
How to Enable Special Pool Tagging for a Driver
If the stack of a process is overrun by another process, analysis of the dump is not possible because the crash occurs when the original process writes to the kernel space which is already occupied by the other, misbehaving component. Enabling Special Pool Tagging causes the driver to crash as so...
K15571: OpenSSL vulnerability CVE-2014-3508
Security Advisory Description Description The OBJobj2txt function in crypto/objects/objdat.c in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i, when pretty printing is used, does not ensure the presence of '\0' characters, which allows context-dependent attackers to...
CVE-2022-1669
A buffer overflow vulnerability has been detected in the firewall function of the device management web portal. The device runs a CGI binary index.cgi to offer a management web application. Once authenticated with valid credentials in this web portal, a potential attacker could submit any "Addres...
CVE-2018-17901
LAquis SCADA Versions 4.1.0.3870 and prior, when processing project files the application fails to sanitize user input prior to performing write operations on a stack object, which may allow an attacker to execute code under the current process...
Important kernel security update: CVE-2017-1000364; new kernel 2.6.18-028stab122.3 for Virtuozzo Containers for Linux 4.6
This update provides a new Virtuozzo Containers for Linux 4.6 kernel 2.6.18-028stab122.3 based on the Red Hat Enterprise Linux 5 kernel 2.6.18-419.el5. The new kernel introduces a security fix. Vulnerability id: CVE-2017-1000364 A flaw was found in the way memory was being allocated on the stack...
CentOS Update for kernel CESA-2017:1484 centos7
Check the version of kernel SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.882738";...
Ubuntu 14.04 LTS : Linux kernel vulnerability (USN-3335-1)
The remote Ubuntu 14.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-3335-1 advisory. It was discovered that the stack guard page for processes in the Linux kernel was not sufficiently large enough to prevent overlapping with the heap. An attacker...
Information Disclosure
OpenSSL is vulnerable to information disclosure. When pretty printing through the OBJobj2txt function in crypto/objects/objdat.c is it possible for attackers to read from the process stack memory. This is caused because OpenSSL does not ensure the presence of \0 characters...
shopify-scripts: Certain inputs cause tight C-level recursion leading to process stack overflow
Introduction ============ Certain legal Ruby programs can cause a tight recursion on the C-level without using eval while spending very little of the Ruby-level stack. This precludes triggering a Ruby stack overflow exception and eventually leads to a process stack overflow and a segfault. Both...
CVE-2014-3508
The OBJobj2txt function in crypto/objects/objdat.c in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i, when pretty printing is used, does not ensure the presence of '\0' characters, which allows context-dependent attackers to obtain sensitive information from process...
CVE-2014-3508
The OBJobj2txt function in crypto/objects/objdat.c in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i, when pretty printing is used, does not ensure the presence of '\0' characters, which allows context-dependent attackers to obtain sensitive information from process...
OpenSSL 1.0.0 < 1.0.0n Multiple Vulnerabilities
The version of OpenSSL installed on the remote host is prior to 1.0.0n. It is, therefore, affected by multiple vulnerabilities as referenced in the 1.0.0n advisory. - The ssl3sendclientkeyexchange function in s3clnt.c in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i...