Nginx 安全漏洞

Nginx is a lightweight web server/reverse proxy server and email IMAP/POP3 proxy server from Nginx, Inc. in the United States. njs is one of the scripting language components that supports extended NGINX functionality. A security vulnerability exists in Nginx NJS v.0feca92. An attacker can exploi...

PT-2023-19993 · Gnu · Gnu Libredwg

Name of the Vulnerable Software and Affected Versions: GNU LibreDWG version 0.12.5 Description: A heap-based buffer overflow issue exists via the bit read RC function at bits.c. Recommendations: For GNU LibreDWG version 0.12.5, consider disabling the bit read RC function as a temporary workaround...

SUSE CVE-2012-2110

The asn1d2ireadbio function in crypto/asn1/ad2ifp.c in OpenSSL before 0.9.8v, 1.0.0 before 1.0.0i, and 1.0.1 before 1.0.1a does not properly interpret integer data, which allows remote attackers to conduct buffer overflow attacks, and cause a denial of service memory corruption or possibly have...

SUSE CVE-2014-1593

Stack-based buffer overflow in the mozilla::FileBlockCache::Read function in Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before 31.3, and SeaMonkey before 2.31 allows remote attackers to execute arbitrary code via crafted media content...

SUSE CVE-2015-8789

Use-after-free vulnerability in the EbmlMaster::Read function in libEBML before 1.3.3 allows context-dependent attackers to have unspecified impact via a "deeply nested element with infinite size" followed by another element of an upper level in an EBML document...

SUSE CVE-2018-13876

An issue was discovered in the HDF HDF5 1.8.20 library. There is a stack-based buffer overflow in the function H5FDsec2read in H5FDsec2.c, related to HDread...

SUSE CVE-2019-9036

An issue was discovered in libmatio.a in matio aka MAT File I/O Library 1.5.13. There is a heap-based buffer overflow in the function ReadNextFunctionHandle in mat5.c...

SUSE CVE-2019-12217

An issue was discovered in libSDL2.a in Simple DirectMedia Layer SDL 2.0.9 when used in conjunction with libSDL2image.a in SDL2image 2.0.4. There is a NULL pointer dereference in the SDL stdioread function in file/SDLrwops.c...

SUSE CVE-2020-36476

An issue was discovered in Mbed TLS before 2.24.0 and before 2.16.8 LTS and before 2.7.17 LTS. There is missing zeroization of plaintext buffers in mbedtlssslread to erase unused application data from memory...

SUSE CVE-2022-4450

The function PEMreadbioex reads a PEM file from a BIO and parses and decodes the "name" e.g. "CERTIFICATE", any header data and the payload data. If the function succeeds then the "nameout", "header" and "data" arguments are populated with pointers to buffers containing the relevant decoded data...

CVE-2022-39040

aEnrich a+HRD log read function has a path traversal vulnerability. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and download arbitrary system files...

PT-2022-7536 · Hdf5 +2 · Hdf5 +2

Name of the Vulnerable Software and Affected Versions: HDF5 versions 1.13.3 and earlier HDF5 versions 1.14.2 and earlier Description: The issue is related to a buffer overflow in the H5HG cache heap deserialize function of the HDF5 library, which can lead to a denial of service or potential code...

UBUNTU-CVE-2021-33646

The thread function doesn’t free a variable t-thbuf.gnulongname after allocating memory, which may cause a memory leak...

PT-2022-10279 · Alt Linux +7 · Alt Linux +7

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue is related to the th read function, which does not free the variable t-th buf.gnu longname after allocating memory. This may cause a memory...

PT-2022-10278 · Alt Linux +7 · Alt Linux +7

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue is related to the th read function, which does not free a variable t-th buf.gnu longlink after allocating memory. This may cause a memory leak...

UBUNTU-CVE-2022-30634

Infinite loop in Read in crypto/rand before Go 1.17.11 and Go 1.18.3 on Windows allows attacker to cause an indefinite hang by passing a buffer larger than 1 32 - 1 bytes...

GDAL 缓冲区错误漏洞

GDAL is an open source geospatial data abstraction library. A buffer error vulnerability exists in GDAL that stems from the product's PCIDSK::CPCIDSKSegment::ReadFromFile and PCIDSK::CPCIDSKBinarySegment::CPCIDSKBinarySegment functions failing to correctly determine memory boundaries when calling...

DEBIAN-CVE-2021-45292

The gfisomhintrtpread function in GPAC 1.0.1 allows attackers to cause a denial of service Invalid memory address dereference via a crafted file in the MP4Box command...

PT-2021-24226 · Gpac · Gpac

Name of the Vulnerable Software and Affected Versions: GPAC version 1.0.1 Description: The issue allows attackers to cause a denial of service due to an invalid memory address dereference. This can be achieved via a crafted file in the MP4Box command, specifically exploiting the gf isom hint rtp...

Information Disclosure

hdf5 is vulnerable to information disclosure. The vulnerability exists due to a heap-based buffer over-read in the function H5Olinkdecode in H5Olink.c...