CWE-823

On some hardware revisions where VP9 decoding is hardware-accelerated, the frame size is not programmed correctly into the decoder hardware which can lead to an invalid memory access by the decoder.

A denial-of-service vulnerability exists in the Ethernet/IP server functionality of Rockwell Automation RSLinx Classic 2.57.00.14 CPR 9 SR 3. A specially crafted network request can lead to a denial of service. An attacker can send a seque…

A vulnerability has been identified in APOGEE PXC Compact (BACnet) (All versions < V3.5.5), APOGEE PXC Compact (P2 Ethernet) (All versions < V2.8.20), APOGEE PXC Modular (BACnet) (All versions < V3.5.5), APOGEE PXC Modular (P2 Ethernet) (A…

An exploitable code execution vulnerability exists in the JPEG2000 Stripe Decoding functionality of Nitro Software, Inc.’s Nitro Pro 13.13.2.242 when decoding sub-samples. While initializing tiles with sub-sample data, the application ca…

An arbitrary memory overwrite vulnerability in the trusted memory of Asylo exists in versions prior to 0.6.0. As the ecall_restore function fails to validate the range of the output_len pointer, an attacker can manipulate the tmp_output_le…

A vulnerability in the DECnet Phase IV and DECnet/OSI protocol processing of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is d…

An attacker can modify the address to point to trusted memory to overwrite arbitrary trusted memory. It is recommended to update past 0.6.2 or git commit https://github.com/google/asylo/commit/53ed5d8fd8118ced1466e509606dd2f473707a5c

An attacker can modify the pointers in enclave memory to overwrite arbitrary memory addresses within the secure enclave. It is recommended to update past 0.6.3 or git commit https://github.com/google/asylo/commit/a47ef55db2337d29de19c50cd2…

A crafted request with invalid offsets may cause an out-of-bounds read or write access in CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56, resulting in a denial-of-service condition or local memory overwrite.

libmobi is vulnerable to Use of Out-of-range Pointer Offset

libmobi is vulnerable to Use of Out-of-range Pointer Offset

Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.

Use of Out-of-range Pointer Offset in Homebrew mruby prior to 3.2.

Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4418.

Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4440.

Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4774.

An out of bounds read vulnerability exists in the malware scan functionality of ESTsoft Alyac 2.5.7.7. A specially-crafted PE file can trigger this vulnerability to cause denial of service and termination of malware scan. An attacker can p…

Memory corruption in Modem due to usage of Out-of-range pointer offset in UIM

Memory corruption in modem due to use of out of range pointer offset while processing qmi msg

Multiple CODESYS Products are prone to a out-of bounds read or write access. A low privileged remote attacker may craft a request with invalid offset, which can cause an out-of-bounds read or write access, resulting in denial-of-service co…

Memory corruption in Audio due to use of out-of-range pointer offset while Initiating a voice call session from user space with invalid session id.

NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where an unprivileged regular user can cause the use of an out-of-range pointer offset, which may lead to data tampering, data loss, information disclos…

A denial of service vulnerability exists in the malware scan functionality of ESTsoft Alyac 2.5.8.645. A specially-crafted PE file can lead to killing target process. An attacker can provide a malicious file to trigger this vulnerability.

An out-of-bounds read vulnerability exists in the PORT command parameter extraction functionality of Weston Embedded uC-FTPs v 1.98.00. A specially-crafted set of network packets can lead to denial of service. An attacker can send packets …

An out-of-bounds read vulnerability exists in the PORT command parameter extraction functionality of Weston Embedded uC-FTPs v 1.98.00. A specially-crafted set of network packets can lead to denial of service. An attacker can send packets …

A vulnerability in the Multicast Leaf Recycle Elimination (mLRE) feature of Cisco IOS XE Software for Cisco ASR 1000 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to cause the affected device to reload…

Arbitrary memory overwrite when VM gets compromised in TX write leading to Memory Corruption.

Memory Corruption in Multi-mode Call Processor while processing bit mask API.

Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 9.0.1499.

Memory corruption in Modem while processing security related configuration before AS Security Exchange.

Memory corruption in WLAN HAL while passing command parameters through WMI interfaces.

The cam_get_device_priv function does not check the type of handle being returned (device/session/link). This would lead to invalid type usage if a wrong handle is passed to it.

Memory corruption in Audio during playback with speaker protection.

Memory corruption in Audio while processing RT proxy port register driver.

Memory corruption in Audio while calling START command on host voice PCM multiple times for the same RX or TX tap points.

Memory corruption in Audio while running invalid audio recording from ADSP.

Memory corruption while submitting a large list of sync points in an AUX command to the IOCTL_KGSL_GPU_AUX_COMMAND.

The session index variable in PCM host voice audio driver initialized before PCM open, accessed during event callback from ADSP and reset during PCM close may lead to race condition between event callback - PCM close and reset session inde…

Memory corruption while processing the event ring, the context read pointer is untrusted to HLOS and when it is passed with arbitrary values, may point to address in the middle of ring element.

Memory corruption when malformed message payload is received from firmware.

Memory corruption while validating the TID to Link Mapping action request frame, when a station connects to an access point.

Memory corruption while parsing beacon/probe response frame when AP sends more supported links in MLIE.

Squid is a caching proxy for the Web. Due to an Improper Validation of Specified Index bug, Squid versions 3.3.0.1 through 5.9 and 6.0 prior to 6.4 compiled using `--with-openssl` are vulnerable to a Denial of Service attack against SSL Ce…

An out-of-bounds memory access flaw was found in the io_uring SQ/CQ rings functionality in the Linux kernel. This issue could allow a local user to crash the system.

An out-of-bounds stack write flaw was found in unixODBC on 64-bit architectures where the caller has 4 bytes and callee writes 8 bytes. This issue may go unnoticed on little-endian architectures, while big-endian architectures can be broke…

Memory corruption when the payload received from firmware is not as per the expected protocol size.

Memory corruption while invoking IOCTL command from user-space, when a user modifies the original packet size of the command after system properties have been already sent to the EVA driver.

Memory corruption while parsing sensor packets in camera driver, user-space variable is used while allocating memory in kernel and parsing which can lead to huge allocation or invalid memory access.

Use of Out-of-range Pointer Offset vulnerability in Cesanta Mongoose Web Server v7.14 allows to write a NULL byte value beyond the memory space dedicated for the hostname field.

Use of Out-of-range Pointer Offset vulnerability in Cesanta Mongoose Web Server v7.14 allows an attacker to send an unexpected TLS packet and produce a segmentation fault on the application.