CVE-2022-31782

ftbench.c in FreeType Demo Programs through 2.12.1 has a heap-based buffer overflow...

UBUNTU-CVE-2022-31782

ftbench.c in FreeType Demo Programs through 2.12.1 has a heap-based buffer overflow...

FreeType 缓冲区错误漏洞

FreeType is an open source font rendering library written in the C language. A security vulnerability exists in ftbench.c in FreeType Demo Programs version 2.12.1 and earlier versions, which can be exploited by an attacker to cause a heap-based buffer overflow...

Remote code execution

A remote code execution vulnerability exists when MSDT is called using the URL protocol from a calling application such as Word. An attacker who successfully exploits this vulnerability can run arbitrary code with the privileges of the calling application. The attacker can then install programs,...

CVE-2022-30190

A remote code execution vulnerability exists when MSDT is called using the URL protocol from a calling application such as Word. An attacker who successfully exploits this vulnerability can run arbitrary code with the privileges of the calling application. The attacker can then install programs,...

CVE-2022-31782

ftbench.c in FreeType Demo Programs through 2.12.1 has a heap-based buffer overflow...

CVE-2022-31782

CVE-2022-31782 affects ftbench.c in FreeType Demo Programs up to version 2.12.1, causing a heap-based buffer overflow. The connected advisories enumerate this CVE in EulerOS/Astra Linux contexts, but no exploit details or patch/version information is provided in the documents.

CVE-2022-31782

ftbench.c in FreeType Demo Programs through 2.12.1 has a heap-based buffer overflow...

The Verizon 2022 DBIR

The Verizon 2022 Data Breach Investigations Report is out. We are proud to collaborate as a supporting contributor to this years data efforts once again and to have contributed for the past 8 years. The report provides interesting analysis of a full amount of global incident data. Several things...

GO-2022-0166 Denial of service due to unchecked parameters in crypto/dsa

The Verify function in crypto/dsa passed certain parameters unchecked to the underlying big integer library, possibly leading to extremely long-running computations, which in turn makes Go programs vulnerable to remote denial of service attacks. Programs using HTTPS client certificates or the Go...

PT-2022-4400 · Unknown +4 · Freetype Demo Programs +4

Name of the Vulnerable Software and Affected Versions: FreeType Demo Programs versions 2.12.1 and earlier Description: The issue is related to a heap-based buffer overflow in the ftbench.c file of FreeType Demo Programs. This overflow occurs during font processing and can be exploited to execute...

Get to Know Patrick Flynn

Meet Patrick Flynn Head of Advanced Programs Group at Trellix Threat Labs By Trellix · May 24, 2022 This blog was written by Michael Alicea At Trellix, we celebrate and champion our people. This week, I sat down with Pat Flynn, Head of Advanced Programs Group for Trellix Threat Labs. His job is a...

Utilizing the Adaptive Defense Model Against Information Stealers

Trellix Global Defenders: Utilizing the Adaptive Defense Model Against Information Stealers By Taylor Mullins · May 23, 2022 Trellix is continuing to observe the continued growth in usage and general availability of Information Stealers that have the functionality to collect passwords, cookies,...

Solana Rbpf 输入验证错误漏洞

Solana Rbpf is a Rust Virtual Machine and Jit compiler for Ebpf programs from the Solana Foundation in Switzerland. A security vulnerability exists in Solana Rbpf versions prior to 0.2.29, which stems from an integer overflow problem. An attacker can exploit this vulnerability to cause a program ...

Get to Know Steve Povolny

Meet Steve Povolny Head of Advanced Threat Research for Trellix Threat Labs By Michael Alicea · May 17, 2022 At Trellix, we celebrate and champion our people. This week, I sat down with Steve Povolny, Head of Advanced Threat Research for Trellix Threat Labs. As he is one of the leading...

B&R Automation Runtime 安全漏洞

B&R Automation Runtime is a major component of AS from B&R Automation, an Austrian company. A security vulnerability exists in B&R Automation Runtime versions prior to 4.91 that stems from improper buffer limits in the web server. Exploitation of the vulnerability by an unauthenticated attacker...

PT-2025-8485

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A bug in the Linux kernel has been identified, related to the combination of JIT blinding and pointers to BPF subprogs. This issue causes a page fault when the kernel attempts to access ...

Amazon Linux 2 : containerd (ALASNITRO-ENCLAVES-2022-016)

The version of containerd installed on the remote host is prior to 1.4.6-3. It is, therefore, affected by a vulnerability as referenced in the ALAS2NITRO-ENCLAVES-2022-016 advisory. containerd is an open source container runtime with an emphasis on simplicity, robustness and portability. A bug wa...

[SECURITY] Fedora 36 Update: golang-x-debug-0-0.13.20210123gitc934e1b.fc36

This repository holds utilities and libraries for debugging Go programs...

Yokogawa CENTUM and ProSafe-RS

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Yokogawa Equipment: CENTUM and ProSafe-RS Vulnerabilities: OS Command Injection, Improper Authentication, NULL Pointer Dereference, Improper Input Validation, Resource Management Errors 2. RISK...