Delta Electronics CNCSoft-G2

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.4 ATTENTION : low attack complexity Vendor : Delta Electronics Equipment : CNCSoft-G2 Vulnerabilities : Stack-based Buffer Overflow, Out-of-bounds Write, Heap-Based Buffer Overflow, Out-of-bounds Read, Use of Uninitialized Variable 2. RISK EVALUATION...

Use Of Uninitialized Variable

github.com/golang-fips/openssl is vulnerable to Use of Uninitialized Variable. The vulnerability is due to improper handling of uninitialized buffer lengths in FIPS mode, which can result in zeroed buffers being returned. This flaw allows an attacker to force false positive hash matches, send...

RHEL 9 : vim (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 9 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - vim: buffer overflow CVE-2020-20703 - vim: Heap based buffer overflow in findfile.c CVE-2021-3973 - vim i...

CVE-2024-21502

Versions of the package fastecdsa before 2.3.2 are vulnerable to Use of Uninitialized Variable on the stack, via the curvemathmul function in src/curveMath.c, due to being used and interpreted as user-defined type. Depending on the variable's actual value it could be arbitrary free, arbitrary...

Null pointer dereference

Versions of the package fastecdsa before 2.3.2 are vulnerable to Use of Uninitialized Variable on the stack, via the curvemathmul function in src/curveMath.c, due to being used and interpreted as user-defined type. Depending on the variable's actual value it could be arbitrary free, arbitrary...

CVE-2024-21502

Versions of the package fastecdsa before 2.3.2 are vulnerable to Use of Uninitialized Variable on the stack, via the curvemathmul function in src/curveMath.c, due to being used and interpreted as user-defined type. Depending on the variable's actual value it could be arbitrary free, arbitrary...

CVE-2024-21502

CVE-2024-21502 affects the fastecdsa library prior to 2.3.2. The root cause is a Use of Uninitialized Variable on the stack in the curvemath_mul function (src/curveMath.c), where a value is interpreted as a user-defined type. Depending on the value, an attacker-controlled stack can cause arbitrar...

Rocky Linux 8 : wavpack (RLSA-2020:1581)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2020:1581 advisory. - The function WavpackPackInit in packutils.c in libwavpack.a in WavPack through 5.1.0 allows attackers to cause a denial-of-service resource exhaustion...

Amazon Linux 2023 : vim-common, vim-data, vim-default-editor (ALAS2023-2023-098)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-098 advisory. 2024-02-15: CVE-2022-3591 was added to this advisory. 2024-02-15: CVE-2022-3520 was added to this advisory. A flaw was found in vim. A possible heap-based buffer overflow could allow an attacke...

EulerOS Virtualization 3.0.2.2 : vim (EulerOS-SA-2023-1303)

According to the versions of the vim packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - vim is vulnerable to Heap-based Buffer Overflow CVE-2021-3778, CVE-2021-3872, CVE-2021-3927, CVE-2021-3984, CVE-2021-4019,...

EulerOS Virtualization 3.0.2.6 : vim (EulerOS-SA-2023-1053)

According to the versions of the vim packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - vim is vulnerable to Heap-based Buffer Overflow CVE-2021-3778, CVE-2021-3872, CVE-2021-3927, CVE-2021-3984, CVE-2021-4019,...

SUSE SLED15 / SLES15 Security Update : vim (SUSE-SU-2022:4282-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:4282-1 advisory. - vim is vulnerable to Use of Uninitialized Variable CVE-2021-3928 - NULL Pointer Dereference in GitHub...

Debian dla-3182 : vim - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3182 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3182-1 [email protected]...

EulerOS Virtualization 3.0.2.0 : vim (EulerOS-SA-2022-1699)

According to the versions of the vim packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - vim is vulnerable to Heap-based Buffer Overflow CVE-2021-3872, CVE-2021-3927, CVE-2021-3984, CVE-2021-4019, CVE-2022-0213 - vim is...

CVE-2022-28488

The function wavformatwrite in libwav.c in libwav through 2017-04-20 has an Use of Uninitialized Variable vulnerability...

EulerOS Virtualization 2.10.1 : vim (EulerOS-SA-2022-1389)

According to the versions of the vim packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - vim is vulnerable to Heap-based Buffer Overflow CVE-2021-3778, CVE-2021-3872, CVE-2021-3875, CVE-2021-3903, CVE-2021-3927,...

EulerOS Virtualization 2.10.0 : vim (EulerOS-SA-2022-1415)

According to the versions of the vim packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - vim is vulnerable to Heap-based Buffer Overflow CVE-2021-3778, CVE-2021-3872, CVE-2021-3875, CVE-2021-3903, CVE-2021-3927,...

Debian DLA-2947-1 : vim - LTS security update

The remote Debian 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-2947 advisory. Multiple security vulnerabilities have been discovered in vim, an enhanced vi editor. Buffer overflows, out-of-bounds reads and Null pointer dereferences may lead ...

openSUSE 15 Security Update : vim (openSUSE-SU-2022:0736-1)

The remote openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2022:0736-1 advisory. - CVE-2022-0318: Fixed heap-based buffer overflow bsc1195004. - CVE-2021-3796: Fixed use-after-free in nvreplace in normal.c bsc1190570. -...

SUSE SLED15 / SLES15 Security Update : vim (SUSE-SU-2022:0736-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:0736-1 advisory. - CVE-2022-0318: Fixed heap-based buffer overflow bsc1195004. - CVE-2021-3796: Fixed use-after-free in nvrepla...