CVE-2023-50434

emdnsresolveraw in emdns.c in emdns through fbd1eef calls strlen with an input that may not be '\0' terminated, leading to a stack-based buffer over-read. This can be triggered by a remote adversary that can send DNS requests to the emdns server. The impact could vary depending on the system...

CVE-2023-50434

CVE-2023-50434 affects emdns: emdns_resolve_raw in emdns.c may call strlen on non-terminated input, causing a stack-based buffer over-read. Exploitation is possible over the network via DNS requests to the emdns server; impact varies by libraries, compiler, and architecture. Code before be565c3 i...

CVE-2023-6357

A low-privileged remote attacker could exploit the vulnerability and inject additional system commands via file system libraries which could give the attacker full control of the device...

CVE-2023-6357

CVE-2023-6357 is described as an OS command injection affecting multiple CODESYS Control products. Affected component is the SysFile/CAA-File system libraries; the root cause is command injection via these libraries. Reported impact is attacker gaining full control of the device; attack vector re...

CVE-2023-6357 OS Command Injection in multiple CODESYS products

A low-privileged remote attacker could exploit the vulnerability and inject additional system commands via file system libraries which could give the attacker full control of the device...

PT-2023-32625 · Codesys · Codesys Control For Beaglebone +19

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: A low-privileged remote attacker could exploit the issue and inject additional system commands via file system libraries, potentially giving the attacke...

Mozilla Firefox Elevation of Privilege Vulnerability (CNVD-2023-17318)

Mozilla Firefox is an open source Web browser from the Mozilla Foundation in the U.S. An elevation of privilege vulnerability exists in versions of Mozilla Firefox prior to 96.0. An attacker could exploit this vulnerability to elevate privileges by making the program search for system libraries i...

CVE-2022-22736

If Firefox was installed to a world-writable directory, a local privilege escalation could occur when Firefox searched the current directory for system libraries. However the install directory is not world-writable by default.This bug only affects Firefox for Windows in a non-default installation...

sudo -- Potential out-of-bounds write for small passwords

CVE.org reports: Sudo 1.8.0 through 1.9.12, with the crypt password backend, contains a plugins/sudoers/auth/passwd.c array-out-of-bounds error that can result in a heap-based buffer over-read. This can be triggered by arbitrary local users with access to sudo by entering a password of seven...

CVE-2022-43995

Sudo 1.8.0 through 1.9.12, with the crypt password backend, contains a plugins/sudoers/auth/passwd.c array-out-of-bounds error that can result in a heap-based buffer over-read. This can be triggered by arbitrary local users with access to Sudo by entering a password of seven characters or fewer...

Heap overflow

Sudo 1.8.0 through 1.9.12, with the crypt password backend, contains a plugins/sudoers/auth/passwd.c array-out-of-bounds error that can result in a heap-based buffer over-read. This can be triggered by arbitrary local users with access to Sudo by entering a password of seven characters or fewer...

CVE-2022-43995

Sudo 1.8.0 through 1.9.12, with the crypt password backend, contains a plugins/sudoers/auth/passwd.c array-out-of-bounds error that can result in a heap-based buffer over-read. This can be triggered by arbitrary local users with access to Sudo by entering a password of seven characters or fewer...

CVE-2022-43995

Sudo 1.8.0 through 1.9.12, with the crypt password backend, contains a plugins/sudoers/auth/passwd.c array-out-of-bounds error that can result in a heap-based buffer over-read. This can be triggered by arbitrary local users with access to Sudo by entering a password of seven characters or fewer...

ASB-A-220741611

In multiple functions of ioviter.c, there is a possible out of bounds write due to uninitialized data. This could lead to local escalation of privilege in system libraries with no additional execution privileges needed. User interaction is not needed for exploitation...

UBUNTU-CVE-2022-25634

Qt through 5.15.8 and 6.x through 6.2.3 can load system library files from an unintended working directory...

Qt 路径遍历漏洞

Qt is a cross-platform C application development framework from the Norwegian company Qt. It is widely used for developing GUI programs, in which case it is also known as the widget toolkit. It can also be used to develop non-GUI programs, such as console tools and servers.Qt versions prior to...

Mozilla Firefox 代码问题漏洞

Mozilla Firefox is an open source Web browser from the Mozilla Foundation in the U.S. An elevation of privilege vulnerability exists in versions of Mozilla Firefox prior to 96.0. An attacker could exploit this vulnerability to elevate privileges by making the program search for system libraries i...

CVE-2022-22822

addBinding in xmlparse.c in Expat aka libexpat before 2.4.3 has an integer overflow...

The vulnerability of the McAfee Agent antivirus software, related to deficiencies in the mechanism for calling system libraries, allows an attacker to execute a preliminary loading attack of DLLs.

The vulnerability of the McAfee Agent antivirus software is related to deficiencies in the mechanism for calling system libraries. Exploiting this vulnerability allows an attacker to execute a preloading attack involving DLLs...

Moderate: file security update

The file command is used to identify a particular file according to the type of data the file contains. It can identify many different file types, including Executable and Linkable Format ELF binary files, system libraries, RPM packages, and different graphics formats. Security Fixes: file:...