OSV-2021-870 Stack-use-after-return in v9fs_co_lgetxattr

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=35290 Crash type: Stack-use-after-return READ 8 Crash state: v9fscolgetxattr v9fsxattrwalk coroutinetrampoline...

SUSE: Security Advisory (SUSE-SU-2017:2792-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Siemens Nucleus Products IPv6 Stack Denial of Service Vulnerability

The Nucleus NET module includes a range of standards-compliant networking and communications protocols, drivers and utilities to provide full-featured networking support in any embedded device.Nucleus RTOS provides a highly scalable microkernel-based real-time operating system designed for...

CVE-2021-1729

Windows Update Stack Setup Elevation of Privilege Vulnerability...

Xpdf 缓冲区错误漏洞

Xpdf is a free PDF viewer and toolkit that includes a text extractor, image converter, HTML converter and more. A stack consumption vulnerability exists in the FoFiType1C::getOp function in Xpdf 4.02. The vulnerability stems from a failure to correctly reference a subroutine in a Type 1C font...

Contiki Denial of Service and Remote Code Execution Vulnerabilities

Contiki is an open source, highly portable, networked multitasking operating system for memory-constrained systems. A denial of service and remote code execution vulnerability exists in the IPv6 stack in Contiki 3.0 and earlier versions. The vulnerability stems from inconsistent checking of the...

CVE-2020-13987

An issue was discovered in Contiki through 3.0. An Out-of-Bounds Read vulnerability exists in the uIP TCP/IP Stack component when calculating the checksums for IP packets in upperlayerchksum in net/ipv4/uip.c...

Contiki-NG 输入验证错误漏洞

Contiki is an open source, highly portable, networked multitasking operating system for memory-constrained systems. An infinite loop vulnerability exists in the processing of IPv6 extended headers in exthdroptionsprocess in net/ipv6/uip6.c in the uIP TCP/IP stack component in Contiki 3.0 and...

Treck TCP/IP Stack Input Validation Error Vulnerability

Treck TCP/IP is a suite of TCP Transmission Control Protocol/IP Internet Interconnection Protocol from Treck, Inc. dedicated to embedded systems. An input validation error vulnerability exists in the Treck TCP/IP stack. The vulnerability originates from a network system or product that does not...

DEBIAN-CVE-2019-15691

TigerVNC version prior to 1.10.1 is vulnerable to stack use-after-return, which occurs due to incorrect usage of stack memory in ZRLEDecoder. If decoding routine would throw an exception, ZRLEDecoder may try to access stack variable, which has been already freed during the process of stack...

CVE-2019-10269

BWA aka Burrow-Wheeler Aligner before 2019-01-23 has a stack-based buffer overflow in the bnsrestore function in bntseq.c via a long sequence name in a .alt file...

CVE-2018-20679

An issue was discovered in BusyBox before 1.30.0. An out of bounds read in udhcp components consumed by the DHCP server, client, and relay allows a remote attacker to leak sensitive information from the stack by sending a crafted DHCP message. This is related to verification in udhcpgetoption in...

CVE-2018-6922

creationtimestamp| type| source ---|---|--- 2018-12-31 08:32:57+00:00| seen| https://www.kyberturvallisuuskeskus.fi/fi/tcp-pinojen-haavoittuvuus...

CVE-2018-19974

In YARA 3.8.1, bytecode in a specially crafted compiled rule can read uninitialized data from VM scratch memory in libyara/exec.c. This can allow attackers to discover addresses in the real stack not the YARA virtual stack...

DEBIAN-CVE-2018-18700

An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. There is a stack consumption vulnerability resulting from infinite recursion in the functions dname, dencoding, and dlocalname in cp-demangle.c. Remote attackers could leverage this vulnerability to...

DEBIAN-CVE-2018-17281

There is a stack consumption vulnerability in the reshttpwebsocket.so module of Asterisk through 13.23.0, 14.7.x through 14.7.7, and 15.x through 15.6.0 and Certified Asterisk through 13.21-cert2. It allows an attacker to crash Asterisk via a specially crafted HTTP request to upgrade the connecti...

UBUNTU-CVE-2018-17281

There is a stack consumption vulnerability in the reshttpwebsocket.so module of Asterisk through 13.23.0, 14.7.x through 14.7.7, and 15.x through 15.6.0 and Certified Asterisk through 13.21-cert2. It allows an attacker to crash Asterisk via a specially crafted HTTP request to upgrade the connecti...

oniguruma: Out-of-bounds stack read in match_at() during regular expression searching

An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds read occurs in matchat during regular expression searching. A logical error involving order of validation and access in matchat could result in an...

SUSE-SU-2017:2780-1 Security update for Linux Kernel Live Patch 21 for SLE 12

This update for the Linux Kernel 3.12.61-5272 fixes one issue. The following security bugs were fixed: - CVE-2017-15274: security/keys/keyctl.c in the Linux kernel did not consider the case of a NULL payload in conjunction with a nonzero length value, which allowed local users to cause a denial o...

SUSE-SU-2017:2769-1 Security update for Linux Kernel Live Patch 20 for SLE 12

This update for the Linux Kernel 3.12.61-5269 fixes one issue. The following security bugs were fixed: - CVE-2017-15274: security/keys/keyctl.c in the Linux kernel did not consider the case of a NULL payload in conjunction with a nonzero length value, which allowed local users to cause a denial o...