Fuji Electric Tellus Lite V-Simulator

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Fuji Electric Equipment: Tellus Lite V-Simulator Vulnerabilities: Out-of-bounds Write, Stack-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to execute...

Microsoft Office SKP File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Office. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SK...

CVE-2022-44755

CVE-2022-44755 describes a stack-based buffer overflow in lasr.dll within Micro Focus KeyView used by HCL Notes/Lotus Notes. Root cause: overflow in lasr.dll leading to potential remote code execution or crash when handling a crafted Lotus Ami Pro file. Affected software is Lotus Notes/Notes prev...

CVE-2022-44753

CVE-2022-44753 affects HCL Notes (Lotus Notes) and is tied to a stack-based buffer overflow in wp6sr.dll within Micro Focus KeyView. The vulnerability could allow a remote unauthenticated attacker to crash the application or execute arbitrary code via a crafted WordPerfect file. Public documents ...

Microsoft Excel SKP File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Excel. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SKP...

PT-2022-5855 · Microsoft · 365 Apps For Enterprise

Name of the Vulnerable Software and Affected Versions: Microsoft 365 Apps for Enterprise affected versions not specified Description: The issue is related to a stack-based buffer overflow in the Microsoft Office Graphics component. It can be exploited by an attacker using a specially crafted SKP...

Ubuntu 16.04 ESM : Vim vulnerabilities (USN-5775-1)

The remote Ubuntu 16.04 ESM host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5775-1 advisory. It was discovered that Vim uses freed memory in recurisve substitution of specially crafted patterns. An attacker could possbly use this to crash Vim and...

Huawei EulerOS: Security Advisory for vim (EulerOS-SA-2022-2810)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security Bulletin: jettison-json Jettison used by CICS Transaction Gateway is vulnerable to a denial of service

Summary jettison-json Jettison used by CICS Transaction Gateway is vulnerable to a denial of service, caused by a stack-based buffer overflow CVE-2022-40149 and an out of memory flaw CVE-2022-40150. CICS Transaction Gateway addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2022-40149...

EulerOS 2.0 SP8 : vim (EulerOS-SA-2022-2810)

According to the versions of the vim packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. CVE-2022-2125 - NULL Pointer Dereference in GitHub repository vim/vim prior t...

CVE-2022-43667

CX-Programmer vulnerability CVE-2022-43667 is a stack-based buffer overflow in Omron CX-Programmer (versions 9.77 and earlier). The issue can lead to information disclosure and/or arbitrary code execution when a user opens a specially crafted CXP file. Documented impact is confined to local attac...

Security Bulletin: IBM Content Navigator eFormPlugin is vulnerable to a denial of service attack (CVE-2022-40159, CVE-2022-40160)

Summary IBM Content Navigator eFormPlugin is vulnerable to a DoS attack. IBM Content Navigator has addressed the vulnerability as described below. CVE-2022-40159, CVE-2022-40160. Vulnerability Details CVEID: CVE-2022-40159 DESCRIPTION: JXPath is vulnerable to a denial of service, caused by a...

Medium: curl

Issue Overview: A vulnerability was found in curl. The issue occurs when doing HTTPS transfers, where curl might erroneously use the read callback CURLOPTREADFUNCTION to ask for data to send, even when the CURLOPTPOSTFIELDS option has been set if it previously used the same handle to issue a PUT...

CVE-2022-35260

curl can be told to parse a .netrc file for credentials. If that file endsin a line with 4095 consecutive non-white space letters and no newline, curlwould first read past the end of the stack-based buffer, and if the readworks, write a zero byte beyond its boundary.This will in most cases cause ...

CVE-2022-35260

curl can be told to parse a .netrc file for credentials. If that file endsin a line with 4095 consecutive non-white space letters and no newline, curlwould first read past the end of the stack-based buffer, and if the readworks, write a zero byte beyond its boundary.This will in most cases cause ...

Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use mapping assistance may be vulnerable to arbitrary code execution due to CVE-2022-25308

Summary GNU FriBidi is used by IBM App Connect Enterprise Certified Container for handling unicode. IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use mapping assistance may be vulnerable to arbitrary code execution and denial of service. This bulletin provides pat...

SUSE SLED15 / SLES15 Security Update : vim (SUSE-SU-2022:4282-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:4282-1 advisory. - vim is vulnerable to Use of Uninitialized Variable CVE-2021-3928 - NULL Pointer Dereference in GitHub...

Debian: Security Advisory (DLA-3205-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Oracle Linux 9 : fribidi (ELSA-2022-8011)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-8011 advisory. 1.0.10-6.el9.2 - Security fixes for CVE-2022-25308, CVE-2022-25309, CVE-2022-25310 Resolves: rhbz2050086, rhbz2050069, rhbz2050063 Tenable has extracte...

CVE-2022-34667

NVIDIA CUDA Toolkit SDK contains a stack-based buffer overflow vulnerability in cuobjdump, where an unprivileged remote attacker could exploit this buffer overflow condition by persuading a local user to download a specially crafted corrupted file and execute cuobjdump against it locally, which m...