Versionize 缓冲区错误漏洞

Versionize is a framework for version-tolerant serialization/deserialization of Rust data structures, designed for use cases that require fast deserialization times and minimal size overhead. Versionize suffers from a buffer error vulnerability that stems from an out-of-bounds memory access issue...

PortexAnalyzerGUI - Graphical Interface For PortEx, A Portable Executable And Malware Analysis Library

Graphical interface for PortEx, a Portable Executable and Malware Analysis Library Download Releases page Features Header information from: MSDOS Header, Rich Header, COFF File Header, Optional Header, Section Table PE Structures: Import Section, Resource Section, Export Section, Debug Section...

CVE-2022-42332

x86 shadow plus log-dirty mode use-after-free In environments where host assisted address translation is necessary but Hardware Assisted Paging HAP is unavailable, Xen will run guests in so called shadow mode. Shadow mode maintains a pool of memory used for both shadow page tables as well as...

[SECURITY] Fedora 36 Update: redis-6.2.11-1.fc36

Redis is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing se...

CVE-2023-0622 CVE-2023-0622

Cscape Envision RV version 4.60 is vulnerable to an out-of-bounds write vulnerability when parsing project i.e. HMI files. The product lacks proper validation of user-supplied data, which could result in writes past the end of allocated data structures. An attacker could leverage these...

K15504: OpenSSH vulnerability CVE-2014-1692

Security Advisory Description The hashbuffer function in schnorr.c in OpenSSH through 6.4, when Makefile.inc is modified to enable the J-PAKE protocol, does not initialize certain data structures, which might allow remote attackers to cause a denial of service memory corruption or have unspecifie...

The vulnerability of the PHP framework Yii, related to the restoration of unreliable data structures in memory, allows attackers to execute arbitrary code.

The vulnerability of the PHP framework Yii is related to the restoration of unreliable data structures in memory. Exploiting this vulnerability allows an attacker operating remotely to execute arbitrary code...

SUSE CVE-2006-5757

Race condition in the findgetblockslow function in the ISO9660 filesystem in Linux 2.6.18 and possibly other versions allows local users to cause a denial of service infinite loop by mounting a crafted ISO9660 filesystem containing malformed data structures...

SUSE CVE-2010-0969

Unbound before 1.4.3 does not properly align structures on 64-bit platforms, which allows remote attackers to cause a denial of service daemon crash via unspecified vectors...

SUSE CVE-2010-2942

The actions implementation in the network queueing functionality in the Linux kernel before 2.6.36-rc2 does not properly initialize certain structure members when performing dump operations, which allows local users to obtain potentially sensitive information from kernel memory via vectors relate...

SUSE CVE-2010-3848

Stack-based buffer overflow in the econetsendmsg function in net/econet/afeconet.c in the Linux kernel before 2.6.36.2, when an econet address is configured, allows local users to gain privileges by providing a large number of iovec structures...

SUSE CVE-2010-3876

net/packet/afpacket.c in the Linux kernel before 2.6.37-rc2 does not properly initialize certain structure members, which allows local users to obtain potentially sensitive information from kernel stack memory by leveraging the CAPNETRAW capability to read copies of the applicable structures...

SUSE CVE-2011-1082

fs/eventpoll.c in the Linux kernel before 2.6.38 places epoll file descriptors within other epoll data structures without properly checking for 1 closed loops or 2 deep chains, which allows local users to cause a denial of service deadlock or stack memory consumption via a crafted application tha...

SUSE CVE-2012-6546

The ATM implementation in the Linux kernel before 3.6 does not initialize certain structures, which allows local users to obtain sensitive information from kernel stack memory via a crafted application...

SUSE CVE-2013-2634

net/dcb/dcbnl.c in the Linux kernel before 3.8.4 does not initialize certain structures, which allows local users to obtain sensitive information from kernel stack memory via a crafted application...

SUSE CVE-2013-2636

net/bridge/brmdb.c in the Linux kernel before 3.8.4 does not initialize certain structures, which allows local users to obtain sensitive information from kernel memory via a crafted application...

SUSE CVE-2014-1692

The hashbuffer function in schnorr.c in OpenSSH through 6.4, when Makefile.inc is modified to enable the J-PAKE protocol, does not initialize certain data structures, which might allow remote attackers to cause a denial of service memory corruption or have unspecified other impact via vectors tha...

SUSE CVE-2014-7934

Use-after-free vulnerability in the DOM implementation in Blink, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to unexpected absence of document data structures...

SUSE CVE-2015-0287

The ASN1itemexd2i function in crypto/asn1/tasndec.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not reinitialize CHOICE and ADB data structures, which might allow attackers to cause a denial of service invalid write operation and memory...

SUSE CVE-2015-4556

The string-translate procedure in the data-structures unit in CHICKEN before 4.10.0 allows remote attackers to cause a denial of service crash...