6911 matches found
Stack overflow
There is a stack buffer overflow vulnerability, which could lead to arbitrary code execution in UEFI DXE driver on some Acer products. An attack could exploit this vulnerability to escalate privilege from ring 3 to ring 0, and hijack control flow during UEFI DXE execution. This affects Altos T110...
OSV-2022-932 Stack-buffer-overflow in ntlm_phase_3
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=51653 Crash type: Stack-buffer-overflow WRITE 1 Crash state: ntlmphase3 establishhttpproxypassthru fuzzproxy.c...
EulerOS Virtualization 2.9.0 : libtiff (EulerOS-SA-2022-2388)
According to the versions of the libtiff package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A heap buffer overflow flaw was found in Libtiffs' tiffinfo.c in TIFFReadRawDataStriped function. This flaw allows an attacker to...
EulerOS Virtualization 2.9.1 : libtiff (EulerOS-SA-2022-2352)
According to the versions of the libtiff package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A heap buffer overflow flaw was found in Libtiffs' tiffinfo.c in TIFFReadRawDataStriped function. This flaw allows an attacker to...
CVE-2022-30426
CVE-2022-30426 describes a stack buffer overflow in the UEFI DXE driver affecting a wide range of Acer products (Altos T110 F3, AP130 F2, Aspire series, Veriton, etc.). Root cause: overflow in the DXE driver enabling arbitrary code execution and privilege escalation from ring 3 to ring 0 during U...
Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with Asset and Service Management (CVE-2015-4947)
Summary IBM WebSphere Application Server is shipped as a component of Maximo Asset Management, Maximo Asset Management Essentials, Maximo Industry Solutions including Maximo for Aviation, Maximo for Energy Optimization, Maximo for Government, Maximo for Nuclear Power, Maximo for Transportation,...
PT-2022-7298 · Acer · Acer Veriton E430 +18
Name of the Vulnerable Software and Affected Versions: Acer Altos T110 F3 firmware version = P13 Acer AP130 F2 firmware version = P04 Acer Aspire 1600X firmware version = P11.A3L Acer Aspire 1602M firmware version = P11.A3L Acer Aspire 7600U firmware version = P11.A4 Acer Aspire MC605 firmware...
多款Acer产品缓冲区错误漏洞
Acer Aspire Series is a line of servers from Acer China. The security vulnerability in Acer products stems from the presence of a stack buffer overflow vulnerability, which could lead to the execution of arbitrary code in the UEFI DXE driver on certain Acer products. An attacker could elevate...
dbus-broker security update
28-5.1 - Fix a stack buffer over-read in the c-shquote library - Fix null pointer reference when supplying a malformed XML config file - Add gating.yaml Resolves: CVE-2022-31212 Resolves: CVE-2022-31213...
CVE-2022-26873 The stack buffer overflow vulnerability in PlatformInitAdvancedPreMem leads to arbitrary code execution during PEI phase.
A potential attacker can execute an arbitrary code at the time of the PEI phase and influence the subsequent boot stages. This can lead to the mitigations bypassing, physical memory contents disclosure, discovery of any secrets from any Virtual Machines VMs and bypassing memory isolation and...
CVE-2022-26873 The stack buffer overflow vulnerability in PlatformInitAdvancedPreMem leads to arbitrary code execution during PEI phase.
A potential attacker can execute an arbitrary code at the time of the PEI phase and influence the subsequent boot stages. This can lead to the mitigations bypassing, physical memory contents disclosure, discovery of any secrets from any Virtual Machines VMs and bypassing memory isolation and...
RLSA-2022:6608 Moderate: dbus-broker security update
dbus-broker is an implementation of a message bus as defined by the D-Bus specification. Its aim is to provide high performance and reliability, while keeping compatibility to the D-Bus reference implementation. It is exclusively written for Linux systems, and makes use of many modern features...
KLA19256 Multiple vulnerabilities in Mozilla Firefox
Multiple vulnerabilities were found in Mozilla Firefox. Malicious users can exploit these vulnerabilities to execute arbitrary code, bypass security restrictions, cause denial of service. Below is a complete list of vulnerabilities: 1. Memory safety vulnerability can be exploited to execute...
Mozilla Firefox < 105.0
The version of Firefox installed on the remote Windows host is prior to 105.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2022-40 advisory. - Mozilla developers Nika Layzell, Timothy Nikkel, Sebastian Hengst, Andreas Pehrson, and the Mozilla Fuzzing Team...
Mozilla Firefox < 105.0
The version of Firefox installed on the remote macOS or Mac OS X host is prior to 105.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2022-40 advisory. - Mozilla developers Nika Layzell, Timothy Nikkel, Sebastian Hengst, Andreas Pehrson, and the Mozilla Fuzzing...
RHEL 9 : dbus-broker (RHSA-2022:6608)
The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2022:6608 advisory. dbus-broker is an implementation of a message bus as defined by the D-Bus specification. Its aim is to provide high performance and...
CVE-2022-40152 Stack Buffer Overflow in Woodstox
Those using Woodstox to parse XML data may be vulnerable to Denial of Service attacks DOS if DTD support is enabled. If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack...
CVE-2022-40151 Stack Buffer Overflow in xstream
Those using Xstream to seralize XML data may be vulnerable to Denial of Service attacks DOS. If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack...
CVE-2022-40151 Stack Buffer Overflow in xstream
Those using Xstream to seralize XML data may be vulnerable to Denial of Service attacks DOS. If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack...
CVE-2022-40150 Stack Buffer Overflow in Jettison
Those using Jettison to parse untrusted XML or JSON data may be vulnerable to Denial of Service attacks DOS. If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by Out of memory. This effect may support a denial of service attack...