CVE-2025-3379

CVE-2025-3379 affects PCMan FTP Server 2.0.7, involving the EPSV Command Handler. The vulnerability is a buffer overflow in an unknown EPSV feature, exploitable remotely and publicly disclosed. Connected sources corroborate a remote-access impact and a need for mitigation. A practical remediation...

CVE-2025-3374

A vulnerability was found in PCMan FTP Server 2.0.7 and classified as critical. Affected by this issue is some unknown functionality of the component CCC Command Handler. The manipulation leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public a...

CVE-2024-51138

CVE-2024-51138 affects DrayTek Vigor series (e.g., Vigor165/166, Vigor2620/LTE200, Vigor2860/2925, Vigor2862/2926, Vigor2133/2762/2832, Vigor2135/2765/2766, Vigor2865/2866/2927, Vigor2962, Vigor3912, Vigor3910). The vulnerability is a stack-based buffer overflow in the URL parsing of the TR069 ST...

EulerOS 2.0 SP12 : xorg-x11-server (EulerOS-SA-2025-1200)

According to the versions of the xorg-x11-server package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in the X.org server. Due to improperly tracked allocation size in XkbSetCompatMap, a local attacker may be able to trigge...

CVE-2025-24898

rust-openssl is a set of OpenSSL bindings for the Rust programming language. In affected versions ssl::selectnextproto can return a slice pointing into the server argument's buffer but with a lifetime bound to the client argument. In situations where the sever buffer's lifetime is shorter than th...

CVE-2025-24898

rust-openssl is a set of OpenSSL bindings for the Rust programming language. In affected versions ssl::selectnextproto can return a slice pointing into the server argument's buffer but with a lifetime bound to the client argument. In situations where the sever buffer's lifetime is shorter than th...

CVE-2025-24898

CVE-2025-24898 affects rust-openssl: ssl::select_next_proto can return a slice tied to the server buffer with a lifetime bound to the client, enabling a use-after-free if the server buffer’s lifetime is shorter. The Debian LTS advisory notes a fix in rust-openssl 0.10.29-1+deb11u1, addressing the...

rust-openssl ssl::select_next_proto use after free

Impact ssl::selectnextproto can return a slice pointing into the server argument's buffer but with a lifetime bound to the client argument. In situations where the server buffer's lifetime is shorter than the client buffer's, this can cause a use after free. This could cause the server to crash o...

GHSA-RPMJ-RPGJ-QMPM rust-openssl ssl::select_next_proto use after free

Impact ssl::selectnextproto can return a slice pointing into the server argument's buffer but with a lifetime bound to the client argument. In situations where the server buffer's lifetime is shorter than the client buffer's, this can cause a use after free. This could cause the server to crash o...

ssl::select_next_proto use after free

In openssl versions before 0.10.70, ssl::selectnextproto can return a slice pointing into the server argument's buffer but with a lifetime bound to the client argument. In situations where the server buffer's lifetime is shorter than the client buffer's, this can cause a use after free. This coul...

PT-2025-5595

Name of the Vulnerable Software and Affected Versions rust-openssl versions prior to 0.10.70 Description The issue arises when ssl::select next proto returns a slice pointing into the server argument's buffer but with a lifetime bound to the client argument. If the server buffer's lifetime is...

CVE-2024-9632 Xorg-x11-server: tigervnc: heap-based buffer overflow privilege escalation vulnerability

A flaw was found in the X.org server. Due to improperly tracked allocation size in XkbSetCompatMap, a local attacker may be able to trigger a buffer overflow condition via a specially crafted payload, leading to denial of service or local privilege escalation in distributions where the X.org serv...

PT-2023-6429 · Unknown +10 · Xorg-X11-Server +10

Name of the Vulnerable Software and Affected Versions: xorg-x11-server affected versions not specified Description: A flaw was found in the xorg-x11-server due to an incorrect calculation of a buffer offset when copying data stored in the heap. This issue affects the XIChangeDeviceProperty functi...

Debian dla-3438 : kamailio - security update

The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3438 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3438-1 [email protected] https://www.debian.org/lts/security/...

K31501591: QEMU vulnerability CVE-2017-15118

Security Advisory Description A stack-based buffer overflow vulnerability was found in NBD server implementation in qemu before 2.11 allowing a client to request an export name of size up to 4096 bytes, which in fact should be limited to 256 bytes, causing an out-of-bounds stack write in the qemu...

CVE-2022-47908

Stack-based buffer overflow vulnerability in V-Server v4.0.12.0 and earlier allows a local attacker to obtain the information and/or execute arbitrary code by having a user to open a specially crafted project file...

SUSE: Security Advisory (SUSE-SU-2022:1677-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2021-42980

NoMachine Cloud Server is affected by Buffer Overflow. IOCTL Handler 0x22001B in the NoMachine Cloud Server above 4.0.346 and below 7.7.4 allow local attackers to execute arbitrary code in kernel mode or cause a denial of service memory corruption and OS crash via specially crafted I/O Request...

CVE-2021-33535

In Weidmueller Industrial WLAN devices in multiple versions an exploitable format string vulnerability exists in the iwconsole coniowritestr functionality. A specially crafted time server entry can cause an overflow of the time server buffer, resulting in remote code execution. An attacker can se...

CVE-2021-33535 WEIDMUELLER: WLAN devices affected by exploitable format string vulnerability

In Weidmueller Industrial WLAN devices in multiple versions an exploitable format string vulnerability exists in the iwconsole coniowritestr functionality. A specially crafted time server entry can cause an overflow of the time server buffer, resulting in remote code execution. An attacker can se...