Security
Headlines
HeadlinesLatestCVEs

Tag

#buffer_overflow

CVE-2022-28480: ALLMediaServer 1.6 Remote Buffer Overflow ≈ Packet Storm

ALLMediaServer 1.6 is vulnerable to Buffer Overflow via MediaServer.exe.

CVE
Open in Source
#vulnerability#windows#buffer_overflow
CVE-2021-4206: QEMU QXL Integer overflow leads to Heap Overflow

A flaw was found in the QXL display device emulation in QEMU. An integer overflow in the cursor_alloc() function can lead to the allocation of a small cursor object followed by a subsequent heap-based buffer overflow. This flaw allows a malicious privileged guest user to crash the QEMU process on the host or potentially execute arbitrary code within the context of the QEMU process.

CVE-2021-4207: QEMU QXL Integer overflow leads to Heap Overflow

A flaw was found in the QXL display device emulation in QEMU. A double fetch of guest controlled values `cursor->header.width` and `cursor->header.height` can lead to the allocation of a small cursor object followed by a subsequent heap-based buffer overflow. A malicious privileged guest user could use this flaw to crash the QEMU process on the host or potentially execute arbitrary code within the context of the QEMU process.

CVE-2022-28994: Small HTTP Server 3.06 Remote Buffer Overflow ≈ Packet Storm

Small HTTP Server version 3.06 suffers from a remote buffer overflow vulnerability via long GET request.

CVE-2022-1533: Buffer Over-read in libmobi

Buffer Over-read in GitHub repository bfabiszewski/libmobi prior to 0.11. This vulnerability is capable of arbitrary code execution.

CVE-2022-1484: Chromium: CVE-2022-1484 Heap buffer overflow in Web UI Settings

**What is the version information for this release?** Microsoft Edge Version Date Released Based on Chromium Version 101.0.1210.32 4/28/2022 101.0.4951.41

CVE-2022-1483: Chromium: CVE-2022-1483 Heap buffer overflow in WebGPU

**What is the version information for this release?** Microsoft Edge Version Date Released Based on Chromium Version 101.0.1210.32 4/28/2022 101.0.4951.41

CVE-2022-29869: mount.cifs: two bug fixes by ddiss · Pull Request #7 · piastry/cifs-utils

cifs-utils through 6.14, with verbose logging, can cause an information leak when a file contains = (equal sign) characters but is not a valid credentials file.

CVE-2022-28197: Security Bulletin: NVIDIA Jetson AGX Xavier Series, Jetson Xavier NX, Jetson TX1, Jetson TX2 Series (including Jetson TX2 NX) - April 2022

NVIDIA Jetson Linux Driver Package contains a vulnerability in the Cboot ext4_mount function, where Insufficient validation of untrusted data may allow a highly privileged local attacker to cause an integer overflow. This difficult-to-exploit vulnerability may lead to code execution, escalation of privileges, limited denial of service, and some impact to confidentiality and integrity. The scope of impact can extend to other components.

CVE-2022-28193: Security Bulletin: NVIDIA Jetson AGX Xavier Series, Jetson Xavier NX, Jetson TX1, Jetson TX2 Series (including Jetson TX2 NX) - April 2022

NVIDIA Jetson Linux Driver Package contains a vulnerability in the Cboot module tegrabl_cbo.c, where insufficient validation of untrusted data may allow a local attacker to cause a memory buffer overflow, which may lead to code execution, loss of integrity, limited denial of service, and some impact to confidentiality.