160 matches found
Tecnomatix Plant Simulation 缓冲区错误漏洞
Siemens Tecnomatix Plant Simulation is an object-oriented, graphical, and integrated modeling and simulation tool. An out-of-bounds write vulnerability exists in Siemens Tecnomatix Plant Simulation due to an affected application parsing specially crafted SPP files that contain out-of-bounds write...
Apache-Commons-BCEL: arbitrary bytecode produced via out-of-bounds writing
An out-of-bounds OOB write flaw was found in Apache Commons BCEL API. This flaw can be used to produce arbitrary bytecode and may abuse applications that pass attacker-controlled data to those APIs, giving the attacker more control over the resulting bytecode than otherwise expected...
Security Bulletin: Code injection vulnerability affect IBM Business Automation Workflow (CVE-2022-42920)
Summary IBM Business Automation Workflow packages Apache Commons BCEL. A code injection vulnerability affecting BCEL was reported. CVE-2022-42920 Vulnerability Details CVEID:CVE-2022-42920 DESCRIPTION: Apache Commons BCEL could allow a remote attacker to bypass security restrictions, caused by an...
Fuji Electric V-Server 缓冲区错误漏洞
Fuji Electric V-Server is a software package for collecting and managing real-time field data. An out-of-bounds write vulnerability exists in Fuji Electric V-Server, which can be exploited by an attacker to obtain information and execute arbitrary code by allowing a user to open a specially craft...
CVE-2022-31610
NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer nvlddmkm.sys, where a local user with basic capabilities can cause an out-of-bounds write, which may lead to code execution, denial of service, escalation of privileges, information disclosure, or data tamperi...
e2fsprogs: out-of-bounds read/write via crafted filesystem
An out-of-bounds read/write vulnerability was found in e2fsprogs. This issue leads to a segmentation fault and possibly arbitrary code execution via a specially crafted filesystem...
Design/Logic Flaw
Delta Electronics InfraSuite Device Master versions 00.00.01a and prior allow unauthenticated users to trigger the WriteConfiguration method, which could allow an attacker to provide new values for user configuration files such as UserListInfo.xml. This could lead to the changing of administrativ...
CVE-2022-3577
CVE-2022-3577 is an out-of-bounds memory write flaw in the Linux kernel HID driver for Kid-friendly Wired Controller (bigben) in bigben_probe (drivers/hid/hid-bigbenff.c). A malicious or defunct bigben device could trigger an out-of-bounds write, potentially crashing the system or allowing local ...
CVE-2022-0934
A single-byte, non-arbitrary write/use-after-free flaw was found in dnsmasq. This flaw allows an attacker who sends a crafted packet processed by dnsmasq, potentially causing a denial of service...
AZL-37012 CVE-2022-32742 affecting package samba for versions less than 4.18.3-1
A flaw was found in Samba. Some SMB1 write requests were not correctly range-checked to ensure the client had sent enough data to fulfill the write, allowing server memory contents to be written into the file or printer instead of client-supplied data. The client cannot control the area of the...
Oracle Linux 7 / 8 : Unbreakable Enterprise kernel (ELSA-2022-9479)
The remote Oracle Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-9479 advisory. - perf: Fix sysperfeventopen race against self Peter Zijlstra Orabug: 34211086 CVE-2022-1729 - debug: Lock down kgdb Stephen Brennan Orabug: 342110...
CVE-2022-1943
A flaw out of bounds memory write in the Linux kernel UDF file system functionality was found in the way user triggers some file operation which triggers udfwritefi. A local user could use this flaw to crash the system or potentially...
kernel: joydev: zero size passed to joydev_handle_JSIOCSBTNMAP()
An out-of-bounds memory write flaw was found in the Linux kernel’s joystick devices subsystem, in the way the user calls ioctl JSIOCSBTNMAP. This flaw allows a local user to crash the system or possibly escalate their privileges on the system. The highest threat from this vulnerability is to...
PT-2022-2627 · Adobe · Indesign
Name of the Vulnerable Software and Affected Versions: Adobe InDesign versions 17.1 and earlier Adobe InDesign versions 16.4.1 and earlier Description: The issue is related to an out-of-bounds write vulnerability in Adobe InDesign that could result in arbitrary code execution in the context of th...
An out of memory bounds write flaw (1 or 2 bytes of memory) in the Linux kernel NFS subsystem was found in the way users use mirroring (replication of files with NFS). A user having access to the NFS mount could potentially use this flaw to crash the system or escalate privileges on the system.
...
Design/Logic Flaw
An out-of-bounds OOB memory write flaw was found in the Linux kernel’s watchqueue event notification subsystem. This flaw can overwrite parts of the kernel state, potentially allowing a local user to gain privileged access or cause a denial of service on the system...
CVE-2022-0995
An out-of-bounds OOB memory write flaw was found in the Linux kernel’s watchqueue event notification subsystem. This flaw can overwrite parts of the kernel state, potentially allowing a local user to gain privileged access or cause a denial of service on the system...
CVE-2021-4197
An unprivileged write to the file handler flaw in the Linux kernel's control groups and namespaces subsystem was found in the way users have access to some less privileged process that are controlled by cgroups and have higher privileged parent process. It is actually both for cgroup2 and cgroup1...
CVE-2022-0516
A vulnerability was found in kvms390guestsidaop in the arch/s390/kvm/kvm-s390.c function in KVM for s390 in the Linux kernel. This flaw allows a local attacker with a normal user privilege to obtain unauthorized memory write access. This flaw affects Linux kernel versions prior to 5.17-rc4...
Important: kernel
Issue Overview: AMD recommends using a software mitigation for this issue, which the kernel is enabling by default. The Linux kernel will use the generic retpoline software mitigation, instead of the specialized AMD one, on AMD instances 5a. This is done by default, and no administrator action is...