Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in HYPR Workforce Access on Windows allows Overflow Buffers.This issue affects Workforce Access: before 8.7.
In the Linux kernel, the following vulnerability has been resolved: PM / devfreq: Fix buffer overflow in trans_stat_show Fix buffer overflow in trans_stat_show(). Convert simple snprintf to the more secure scnprintf with size of PAGE_SIZE. Add condition checking if we are exceeding PAGE_SIZE and exit early from loop. Also add at the end a warning that we exceeded PAGE_SIZE and that stats is disabled. Return -EFBIG in the case where we don't have enough space to write the full transition table. Also document in the ABI that this function can return -EFBIG error.
In the Linux kernel, the following vulnerability has been resolved: crypto: scomp - fix req->dst buffer overflow The req->dst buffer size should be checked before copying from the scomp_scratch->dst to avoid req->dst buffer overflow problem.
Potential buffer overflow vulnerability at the following location in the Zephyr STM32 Crypto driver
The POSIX component of Microsoft Windows NT and Windows 2000 allows local users to execute arbitrary code via certain parameters, possibly by modifying message length values and causing a buffer overflow.
FFmpeg v.n6.1-3-g466799d4f5 allows a buffer over-read at ff_gradfun_blur_line_movdqa_sse2, as demonstrated by a call to the set_encoder_id function in /fftools/ffmpeg_enc.c component.
FFmpeg v.n6.1-3-g466799d4f5 allows memory consumption when using the colorcorrect filter, in the av_malloc function in libavutil/mem.c:105:9 component.
Memory corruption when the bandpass filter order received from AHAL is not within the expected range.
Memory corruption while processing the IOCTL FM HCI WRITE request.
Memory corruption while querying module parameters from Listen Sound model client in kernel from user space.
Memory corruption in TZ Secure OS while Tunnel Invoke Manager initialization.
Memory corruption while copying a keyblob`s material when the key material`s size is not accurately checked.
A buffer overflow vulnerability in Astrolog v7.70 allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via an overly long environment variable passed to FileOpen function.
Memory corruption in graphics due to buffer overflow while validating the user address in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
A buffer over flow in Xiongmai DVR devices NBD80X16S-KL, NBD80X09S-KL, NBD80X08S-KL, NBD80X09RA-KL, AHB80X04R-MH, AHB80X04R-MH-V2, AHB80X04-R-MH-V3, AHB80N16T-GS, AHB80N32F4-LME, and NBD90S0VT-QW allows attackers to cause a Denial of Service (DoS) via a crafted RSTP request.
Memory corruption in kernel due to missing checks when updating the access rights of a memextent mapping.
st21nfca_connectivity_event_received in drivers/nfc/st21nfca/se.c in the Linux kernel through 5.16.12 has EVT_TRANSACTION buffer overflows because of untrusted length parameters.
Memory corruption in multimedia due to buffer overflow while processing count variable from client in Snapdragon Auto
Memory corruption in WLAN HAL while arbitrary value is passed in WMI UTF command payload.
Memory corruption in camera due to buffer copy without checking size of input in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Mobile, Snapdragon Wearables
Buffer Overflow vulnerability in RaidenFTPD 2.4.4005 allows a local attacker to execute arbitrary code via the Server name field of the Step by step setup wizard.
Memory corruption while processing packet data with exceedingly large packet.
An issue was discovered in WinAPRS 2.9.0. A buffer overflow in national.txt processing allows a local attacker to cause a denial of service or possibly achieve code execution. NOTE: This vulnerability only affects products that are no longer supported by the maintainer
Memory corruption while processing manipulated payload in video firmware.
An improper boundary check in eden_runtime hal service prior to SMR Feb-2022 Release 1 allows arbitrary memory write and code execution.
Memory corruption while processing data packets in diag received from Unix clients.
Possible buffer overflow in voice service due to lack of input validation of parameters in QMI Voice API in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
A buffer overflow vulnerability in the SonicWall SSL-VPN NetExtender Windows Client (32 and 64 bit) in 10.2.322 and earlier versions, allows an attacker to potentially execute arbitrary code in the host windows operating system.
Buffer Overflow vulnerability in mtrojnar osslsigncode v.2.3 and before allows a local attacker to execute arbitrary code via a crafted .exe, .sys, and .dll files.
Memory corruption while processing message content in eAVB.
Memory corruption when passing parameters to the Trusted Virtual Machine during the handshake.
u'Possible buffer overflow in WIFI hal process due to usage of memcpy without checking length of destination buffer' in Snapdragon Auto, Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile in QCM4290, QCS4290, QM215, QSM8350, SA6145P, SA6155, SA6155P, SA8155, SA8155P, SC8180X, SC8180XP, SDX55, SDX55M, SM4250, SM4250P, SM6115, SM6115P, SM6125, SM6250, SM6350, SM7125, SM7225, SM7250, SM7250P, SM8150, SM8150P, SM8250, SM8350, SM8350P, SXR2130, SXR2130P
Memory Corruption in Audio while invoking callback function in driver from ADSP.
Memory corruption in Audio while processing IIR config data from AFE calibration block.
Memory corruption when resource manager sends the host kernel a reply message with multiple fragments.
Memory corruption in Boot while running a ListVars test in UEFI Menu during boot.
Memory corruption while invoking callback function of AFE from ADSP.
Memory corruption in HLOS while converting from authorization token to HIDL vector.
Memory corruption in wearables while processing data from AON.
Memory corruption while sending SMS from AP firmware.
Memory corruption in Audio while processing the calibration data returned from ACDB loader.
Memory corruption while processing finish_sign command to pass a rsp buffer.
Memory corruption while processing pin reply in Bluetooth, when pin code received from APP layer is greater than expected size.
A vulnerability was found in SourceCodester Telecom Billing Management System 1.0. It has been rated as critical. This issue affects the function addrecords of the file main.cpp of the component Add New Record. The manipulation of the argument name/phonenumber leads to buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.
Memory corruption in Automotive Audio while copying data from ADSP shared buffer to the VOC packet data buffer.
Memory corruption in Core while processing RX intent request.
Memory corruption in Core while processing control functions.
Memory corruption in HLOS while running playready use-case.
In the Linux kernel, the following vulnerability has been resolved: cifs: Fix buffer overflow when parsing NFS reparse points ReparseDataLength is sum of the InodeType size and DataBuffer size. So to get DataBuffer size it is needed to subtract InodeType's size from ReparseDataLength. Function cifs_strndup_from_utf16() is currentlly accessing buf->DataBuffer at position after the end of the buffer because it does not subtract InodeType size from the length. Fix this problem and correctly subtract variable len. Member InodeType is present only when reparse buffer is large enough. Check for ReparseDataLength before accessing InodeType to prevent another invalid memory access. Major and minor rdev values are present also only when reparse buffer is large enough. Check for reparse buffer size before calling reparse_mkdev().
Catdoc v0.95 was discovered to contain a global buffer overflow via the function process_file at /src/reader.c.