33 matches found
CVE-2021-3578
A flaw was found in mbsync before v1.3.6 and v1.4.2, where an unchecked pointer cast allows a malicious or compromised server to write an arbitrary integer value past the end of a heap-allocated structure by issuing an unexpected APPENDUID response. This could be plausibly exploited for remote co...
Remote code execution
A flaw was found in mbsync before v1.3.6 and v1.4.2, where an unchecked pointer cast allows a malicious or compromised server to write an arbitrary integer value past the end of a heap-allocated structure by issuing an unexpected APPENDUID response. This could be plausibly exploited for remote co...
CVE-2021-3578
CVE-2021-3578 affects isync/mbsync before versions 1.3.6 and 1.4.2. The root cause is an unchecked pointer cast that lets a malicious or compromised IMAP server write an arbitrary integer past the end of a heap-allocated structure via an unexpected APPENDUID response, potentially enabling remote ...
CVE-2021-3578
A flaw was found in mbsync before v1.3.6 and v1.4.2, where an unchecked pointer cast allows a malicious or compromised server to write an arbitrary integer value past the end of a heap-allocated structure by issuing an unexpected APPENDUID response. This could be plausibly exploited for remote co...
PT-2021-21062 · Mbsync +2 · Mbsync +2
Name of the Vulnerable Software and Affected Versions: mbsync versions prior to 1.3.6 mbsync versions prior to 1.4.2 Description: A flaw was found in mbsync where an unchecked pointer cast allows a malicious or compromised server to write an arbitrary integer value past the end of a heap-allocate...
Design/Logic Flaw
A CWE-119:Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists in Interactive Graphical SCADA System IGSS Definition Def.exe V15.0.0.21041 and prior, which could result in arbitrary read or write conditions when malicious CGF Configuration Group File file i...
The vulnerability of Intel Graphics Driver drivers lies in the lack of checking for the value of the pointer before its assignment, which allows a malicious actor to trigger a service failure.
The vulnerability of Intel Graphics Driver drivers is related to the lack of checking for the value of the pointer before it is reassigned. Exploiting this vulnerability can allow an attacker to cause a service failure...
Google Asylo Buffer Error Vulnerability
Google Asylo is a framework for developing trusted applications from Google Inc. in the United States. The software supports the creation of a trusted execution environment, including software isolation and hardware isolation. A security vulnerability exists in Asylo up to 0.6.0, which allows an...
The numerous vulnerabilities of the Webvrpcs software, a remote monitoring solution from Advantech, allow a intruder to execute arbitrary code.
The multiple vulnerabilities of the Webvrpcs software for remote monitoring from Advantech WebAccess are related to the lack of checking for the value of the pointer before it is assigned. Exploiting these vulnerabilities could allow a malicious actor to execute arbitrary code remotely...
PT-2019-1108 · Linux +3 · Linux Kernel +3
Name of the Vulnerable Software and Affected Versions: Linux kernel versions through 4.19.13 Description: A local attacker can exploit an issue in the i915 gem execbuffer2 ioctl function where a provided address with access ok is not checked, allowing for a malicious IOCTL function call to...
Null pointer dereference
Unchecked NULL pointer usage in LookupModMask in xkbcomp/expr.c in xkbcommon before 0.8.2 could be used by local attackers to crash NULL pointer dereference the xkbcommon parser by supplying a crafted keymap file with invalid virtual modifiers...
Oracle OIT ContentAccess libvs_mwkd VwStreamReadRecord Memory Corruption Vulnerability(CVE-2016-3591)
Description Partially controlled memory write vulnerability exists in Mac Works Database file format parsing code of Oracle Outside In Technology Content Access SDK. An unchecked pointer arithmetic causes an out of bounds memory write which can lead to denial of service or possibly code execution...
gaim -- MSN remote DoS vulnerability
The GAIM team reports: Potential remote denial of service bug resulting from not checking a pointer for non-NULL before passing it to strncmp, which results in a crash. This can be triggered by a remote client sending an SLP message with an empty body...