CVE-2022-38668

CVE-2022-38668 affects HTTP applications based on Crow through 1.0+4, where serving a static file smaller than 16 KB may disclose potentially sensitive data from stack memory. The Red Hat and CVE aggregations mirror this description; no concrete exploit details or affected product versions beyond...

PT-2022-4664 · Crow · Crow

Name of the Vulnerable Software and Affected Versions: Crow versions through 1.0+4 Description: The issue is related to HTTP applications based on Crow, which may reveal potentially sensitive uninitialized data from stack memory when fulfilling a request for a static file smaller than 16 KB. This...

CVE-2022-2652

Depending on the way the format strings in the card label are crafted it's possible to leak kernel stack memory. There is also the possibility for DoS due to the v4l2loopback kernel module crashing when providing the card label on request reproduce e.g. with many %s modifiers in a row...

Format string

Depending on the way the format strings in the card label are crafted it's possible to leak kernel stack memory. There is also the possibility for DoS due to the v4l2loopback kernel module crashing when providing the card label on request reproduce e.g. with many %s modifiers in a row...

Design/Logic Flaw

Trilogy is a client library for MySQL. When authenticating, a malicious server could return a specially crafted authentication packet, causing the client to read and return up to 12 bytes of data from an uninitialized variable in stack memory. Users of the trilogy gem should upgrade to version...

Use of Uninitialized Variable in trilogy

Impact When authenticating, a malicious server could return a specially crafted authentication packet, causing the client to read and return up to 12 bytes of data from an uninitialized variable in stack memory. Patches Users of the trilogy gem should upgrade to version 2.1.1 Workarounds This iss...

GHSA-5G4R-2QHX-VQFM Use of Uninitialized Variable in trilogy

Impact When authenticating, a malicious server could return a specially crafted authentication packet, causing the client to read and return up to 12 bytes of data from an uninitialized variable in stack memory. Patches Users of the trilogy gem should upgrade to version 2.1.1 Workarounds This iss...

CVE-2022-31026 Use of Uninitialized Variable in trilogy

Trilogy is a client library for MySQL. When authenticating, a malicious server could return a specially crafted authentication packet, causing the client to read and return up to 12 bytes of data from an uninitialized variable in stack memory. Users of the trilogy gem should upgrade to version...

Use of Uninitialized Variable in trilogy

Impact When authenticating, a malicious server could return a specially crafted authentication packet, causing the client to read and return up to 12 bytes of data from an uninitialized variable in stack memory. Patches Users of the trilogy gem should upgrade to version 2.1.1 Workarounds This iss...

CVE-2019-9578

In devs.c in Yubico libu2f-host before 1.1.8, the response to init is misparsed, leaking uninitialized stack memory back to the device...

ESXi 5.5 < Build 5230635 Multiple Vulnerabilities (VMSA-2017-0006) (remote check) (PCI-DSS check)

The version of the remote VMware ESXi 5.5 host is prior to build 5230635. It is, therefore, affected by multiple vulnerabilities: - VMware ESXi 5.5 without patch ESXi550-201703401-SG has a Heap Buffer Overflow in SVGA. This issue may allow a guest to execute code on the host. CVE-2017-4902 - VMwa...

CVE-2022-25819

OOB read vulnerability in hdcp2 device node prior to SMR Mar-2022 Release 1 allow an attacker to view Kernel stack memory...

CVE-2022-25819

OOB read vulnerability in hdcp2 device node prior to SMR Mar-2022 Release 1 allow an attacker to view Kernel stack memory...

Stack overflow

OOB read vulnerability in hdcp2 device node prior to SMR Mar-2022 Release 1 allow an attacker to view Kernel stack memory...

Samsung hdcp2缓冲区错误漏洞

Samsung hdcp2 is a system from Samsung South Korea that protects output DVD content from copying via HDMI. A security vulnerability exists in Samsung hdcp2 that allows an attacker to view kernel stack memory...

CVE-2022-25819

CVE-2022-25819 is an OOB read vulnerability in the hdcp2 device node prior to Samsung SMR Mar-2022 Release 1, allowing an attacker to view kernel stack memory. Affected component: hdcp2 device node; root cause: out-of-bounds read. Impact: potential kernel memory exposure. Remediation: Samsung pro...

CVE-2022-25819

OOB read vulnerability in hdcp2 device node prior to SMR Mar-2022 Release 1 allow an attacker to view Kernel stack memory...

CVE-2021-43619

Trusted Firmware M 1.4.x through 1.4.1 has a buffer overflow issue in the Firmware Update partition. In the IPC model, a psafwuwrite caller from SPE or NSPE can overwrite stack memory locations...

Buffer overflow

Trusted Firmware M 1.4.x through 1.4.1 has a buffer overflow issue in the Firmware Update partition. In the IPC model, a psafwuwrite caller from SPE or NSPE can overwrite stack memory locations...

CVE-2021-43619

Trusted Firmware M 1.4.x through 1.4.1 has a buffer overflow issue in the Firmware Update partition. In the IPC model, a psafwuwrite caller from SPE or NSPE can overwrite stack memory locations...