A vulnerability was found in NASM Netwide Assember 2.17rc0. This affects the function macho_no_dead_strip of the file outmacho.c. The manipulation leads to heap-based buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used.
In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: WCNCR00441507; Issue ID: MSV-4112.
A flaw has been found in appneta tcpreplay up to 4.5.1. The affected element is the function fix_ipv6_checksums of the file edit_packet.c of the component tcprewrite. This manipulation causes use after free. The attack is restricted to local execution. The exploit has been published and may be used. Upgrading to version 4.5.2-beta3 is sufficient to fix this issue. It is advisable to upgrade the affected component.
A vulnerability, which was classified as critical, has been found in GNU cflow up to 1.8. Affected by this issue is the function yylex of the file c.c of the component Lexer. The manipulation leads to buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used.
In the Linux kernel, the following vulnerability has been resolved: tipc: improve size validations for received domain records The function tipc_mon_rcv() allows a node to receive and process domain_record structs from peer nodes to track their views of the network topology. This patch verifies that the number of members in a received domain record does not exceed the limit defined by MAX_MON_DOMAIN, something that may otherwise lead to a stack overflow. tipc_mon_rcv() is called from the function tipc_link_proto_rcv(), where we are reading a 32 bit message data length field into a uint16. To avert any risk of bit overflow, we add an extra sanity check for this in that function. We cannot see that happen with the current code, but future designers being unaware of this risk, may introduce it by allowing delivery of very large (> 64k) sk buffers from the bearer layer. This potential problem was identified by Eric Dumazet. This fixes CVE-2022-0435
A security vulnerability has been detected in Open Asset Import Library Assimp up to 6.0.2. Affected by this vulnerability is the function Assimp::LWOImporter::FindUVChannels of the file /src/assimp/code/AssetLib/LWO/LWOMaterial.cpp. Such manipulation leads to use after free. The attack needs to be performed locally. The exploit has been disclosed publicly and may be used. This and similar defects are tracked and handled via issue #6128.
A vulnerability was determined in raysan5 raylib up to 909f040. Affected by this vulnerability is the function GenImageFontAtlas of the file src/rtext.c. Executing a manipulation can lead to heap-based buffer overflow. The attack can only be executed locally. The exploit has been publicly disclosed and may be utilized. This patch is called 5a3391fdce046bc5473e52afbd835dd2dc127146. Applying a patch is advised to resolve this issue.
A vulnerability was found in rizinorg rizin up to 0.7.4. It has been rated as critical. This issue affects the function msf_stream_directory_free in the library /librz/bin/pdb/pdb.c. The manipulation of the argument -P leads to buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. Upgrading to version 0.8.0 is able to address this issue. It is recommended to upgrade the affected component.
A vulnerability was found in MicroDicom DICOM Viewer 2025.1 Build 3321. It has been classified as critical. Affected is an unknown function of the file mDicom.exe. The manipulation leads to memory corruption. The attack needs to be approached locally. It is recommended to upgrade the affected component. The vendor quickly confirmed the existence of the vulnerability and fixed it in the latest beta.
A vulnerability has been found in appneta tcpreplay up to 4.5.1. The impacted element is the function get_l2len_protocol of the file get.c of the component tcprewrite. Such manipulation leads to use after free. The attack must be carried out locally. The exploit has been disclosed to the public and may be used. Upgrading to version 4.5.2-beta3 is sufficient to resolve this issue. You should upgrade the affected component.
A weakness has been identified in BYVoid OpenCC up to 1.1.9. This vulnerability affects the function opencc::MaxMatchSegmentation of the file src/MaxMatchSegmentation.cpp. This manipulation causes heap-based buffer overflow. The attack is restricted to local execution. The exploit has been made available to the public and could be used for attacks. Patch name: 345c9a50ab07018f1b4439776bad78a0d40778ec. To fix this issue, it is recommended to deploy a patch.
A vulnerability was found in SourceCodester Telecom Billing Management System 1.0. It has been rated as critical. This issue affects the function addrecords of the file main.cpp of the component Add New Record. The manipulation of the argument name/phonenumber leads to buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.
A vulnerability was determined in appneta tcpreplay up to 4.5.2-beta2. The impacted element is the function untrunc_packet of the file src/tcpedit/edit_packet.c of the component tcprewrite. Executing manipulation can lead to use after free. It is possible to launch the attack on the local host. The exploit has been publicly disclosed and may be utilized. This patch is called 73008f261f1cdf7a1087dc8759115242696d35da. Applying a patch is advised to resolve this issue.
A vulnerability was identified in JasPer up to 4.2.5. This affects the function jpc_dec_dump of the file src/libjasper/jpc/jpc_dec.c of the component JPEG2000 File Handler. The manipulation leads to use after free. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The patch is named 8308060d3fbc1da10353ac8a95c8ea60eba9c25a. It is recommended to apply a patch to fix this issue.
A weakness has been identified in WebAssembly wabt up to 1.0.39. This vulnerability affects the function wabt::AST::InsertNode of the file /src/repro/wabt/bin/wasm-decompile of the component wasm-decompile. This manipulation causes memory corruption. It is possible to launch the attack on the local host. The exploit has been made available to the public and could be used for attacks. Unfortunately, the project has no active maintainer at the moment. In a reply to the issue report somebody recommended to the researcher to provide a PR himself.
A vulnerability was found in PX4 PX4-Autopilot up to 1.16.0. Affected by this issue is the function MavlinkLogHandler::state_listing/MavlinkLogHandler::log_entry_from_id of the file src/modules/mavlink/mavlink_log_handler.cpp. The manipulation results in stack-based buffer overflow. The attack is only possible with local access. The patch is identified as 338595edd1d235efd885fd5e9f45e7f9dcf4013d. It is best practice to apply a patch to resolve this issue.
A vulnerability was identified in floooh sokol up to 5d11344150973f15e16d3ec4ee7550a73fb995e0. The impacted element is the function _sg_validate_pipeline_desc in the library sokol_gfx.h. Such manipulation leads to stack-based buffer overflow. The attack must be carried out locally. The exploit is publicly available and might be used. This product utilizes a rolling release system for continuous delivery, and as such, version information for affected or updated releases is not disclosed. The name of the patch is b95c5245ba357967220c9a860c7578a7487937b0. It is best practice to apply a patch to resolve this issue.
A vulnerability was detected in ggml-org whisper.cpp up to 1.8.2. Affected is the function read_audio_data of the file /whisper.cpp/examples/common-whisper.cpp. The manipulation results in use after free. The attack requires a local approach. The exploit is now public and may be used. The project was informed of the problem early through an issue report but has not responded yet.
A vulnerability was found in code-projects Hostel Management System 1.0. Affected by this vulnerability is an unknown functionality of the file hostel_manage.exe of the component Login Form. The manipulation of the argument uname leads to stack-based buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used.
A vulnerability has been found in NASM Netwide Assember 2.17rc0. Affected by this issue is the function do_directive of the file preproc.c. The manipulation leads to use after free. An attack has to be approached locally. The exploit has been disclosed to the public and may be used.
A vulnerability classified as problematic was found in GNU Binutils 2.45. Affected by this vulnerability is the function copy_section of the file binutils/objcopy.c. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The patch is named 08c3cbe5926e4d355b5cb70bbec2b1eeb40c2944. It is recommended to apply a patch to fix this issue.
A vulnerability was found in GNU elfutils 0.192. It has been declared as critical. Affected by this vulnerability is the function dump_data_section/print_string_section of the file readelf.c of the component eu-readelf. The manipulation of the argument z/x leads to buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The identifier of the patch is 73db9d2021cab9e23fd734b0a76a612d52a6f1db. It is recommended to apply a patch to fix this issue.
A vulnerability was found in LibTIFF up to 4.7.0. It has been rated as critical. This issue affects the function setrow of the file tools/thumbnail.c. The manipulation leads to buffer overflow. An attack has to be approached locally. The patch is named e8c9d6c616b19438695fd829e58ae4fde5bfbc22. It is recommended to apply a patch to fix this issue. This vulnerability only affects products that are no longer supported by the maintainer.
A vulnerability, which was classified as critical, has been found in libav up to 12.3. Affected by this issue is the function main of the file /avtools/avconv.c of the component DSS File Demuxer. The manipulation leads to double free. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The bug was initially reported by the researcher to the wrong project. This vulnerability only affects products that are no longer supported by the maintainer.
A vulnerability was found in LibTIFF up to 4.7.0. It has been declared as critical. This vulnerability affects the function get_histogram of the file tools/tiffmedian.c. The manipulation leads to use after free. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The patch is identified as fe10872e53efba9cc36c66ac4ab3b41a839d5172. It is recommended to apply a patch to fix this issue.
A vulnerability, which was classified as problematic, has been found in GNU Binutils 2.45. Affected by this issue is the function bfd_elf_set_group_contents of the file bfd/elf.c. The manipulation leads to out-of-bounds write. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The name of the patch is 41461010eb7c79fee7a9d5f6209accdaac66cc6b. It is recommended to apply a patch to fix this issue.
An out of bounds write vulnerability in the AMD Radeon™ user mode driver for DirectX® 11 could allow an attacker with access to a malformed shader to potentially achieve arbitrary code execution.
A vulnerability was found in appneta tcpreplay up to 4.4.4. It has been classified as problematic. This affects the function get_layer4_v6 of the file /tcpreplay/src/common/get.c. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The identifier VDB-258333 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
A vulnerability has been found in HDF5 up to 1.14.6 and classified as critical. This vulnerability affects the function H5F_addr_decode_len of the file /hdf5/src/H5Fint.c. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used.
A vulnerability was found in ouch-org ouch up to 0.3.1. It has been classified as critical. This affects the function ouch::archive::zip::convert_zip_date_time of the file zip.rs. The manipulation of the argument month leads to memory corruption. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 0.4.0 is able to address this issue. It is recommended to upgrade the affected component.
A vulnerability, which was classified as critical, was found in SourceCodester Phone Contact Manager System 1.0. Affected is the function UserInterface::MenuDisplayStart of the component User Menu. The manipulation leads to buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used.
A vulnerability was found in code-projects Hotel Management System 1.0 and classified as problematic. This issue affects some unknown processing of the file hotelnew.c of the component Available Room Handler. The manipulation of the argument admin_entry leads to stack-based buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used.
A vulnerability has been found in code-projects Hotel Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the component Administrator Login Password Handler. The manipulation of the argument Str2 leads to stack-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used.
A vulnerability was found in Any-Capture Any Sound Recorder 2.93. It has been declared as problematic. This vulnerability affects unknown code of the component Registration Handler. The manipulation of the argument User Name/Key Code leads to memory corruption. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. VDB-251674 is the identifier assigned to this vulnerability.
A vulnerability has been found in Nsasoft Product Key Explorer 4.0.9 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Registration Handler. The manipulation of the argument Name/Key leads to memory corruption. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-251671. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
A vulnerability was found in Nsasoft ShareAlarmPro 2.1.4 and classified as problematic. Affected by this issue is some unknown functionality of the component Registration Handler. The manipulation of the argument Name/Key leads to memory corruption. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-251672. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where an out-of-bounds array access may lead to denial of service, information disclosure, or data tampering.
A vulnerability classified as critical has been found in GNU Binutils up to 2.44. This affects the function debug_type_samep of the file /binutils/debug.c of the component objdump. The manipulation leads to memory corruption. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue.
A vulnerability, which was classified as critical, has been found in SourceCodester Computer Store System 1.0. This issue affects the function Add of the file main.c. The manipulation of the argument laptopcompany/RAM/Processor leads to stack-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used.
A vulnerability classified as critical has been found in code-projects Simple Bus Reservation System 1.0. Affected is the function a::install of the component Install Bus. The manipulation of the argument bus leads to stack-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used.
A vulnerability classified as critical was found in code-projects Simple Hospital Management System 1.0. Affected by this vulnerability is the function Add of the component Add Information. The manipulation of the argument x[i].name/x[i].disease leads to stack-based buffer overflow. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used.
A vulnerability classified as critical was found in code-projects School Billing System 1.0. This vulnerability affects the function searchrec. The manipulation of the argument Name leads to stack-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used.
A vulnerability has been found in code-projects Theater Seat Booking System 1.0 and classified as critical. Affected by this vulnerability is the function cancel. The manipulation of the argument cancelcustomername leads to stack-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used.
A vulnerability, which was classified as critical, was found in code-projects Clothing Store Management System up to 1.0. Affected is the function add_item. The manipulation of the argument st.productname leads to stack-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used.
A vulnerability, which was classified as critical, has been found in code-projects Product Management System 1.0. Affected by this issue is the function add_item. The manipulation of the argument st.productname leads to stack-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used.
A vulnerability classified as critical was found in SourceCodester Simple Hotel Booking System 1.0. This vulnerability affects the function Login. The manipulation of the argument uname leads to buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used.
A security vulnerability has been detected in Mapnik up to 4.2.0. This issue affects the function mapnik::dbf_file::string_value of the file plugins/input/shape/dbfile.cpp. Such manipulation leads to heap-based buffer overflow. The attack must be carried out locally. The exploit has been disclosed publicly and may be used. The project was informed of the problem early through an issue report but has not responded yet.
A security flaw has been discovered in floooh sokol up to 33e2271c431bf21de001e972f72da17a984da932. This vulnerability affects the function _sg_pipeline_common_init in the library sokol_gfx.h. Performing manipulation results in heap-based buffer overflow. The attack needs to be approached locally. The exploit has been released to the public and may be exploited. This product uses a rolling release model to deliver continuous updates. As a result, specific version information for affected or updated releases is not available. The patch is named 33e2271c431bf21de001e972f72da17a984da932. It is suggested to install a patch to address this issue.
A security vulnerability has been detected in WebAssembly wabt up to 1.0.39. This issue affects the function wabt::Decompiler::VarName of the file /src/repro/wabt/bin/wasm-decompile of the component wasm-decompile. Such manipulation leads to out-of-bounds read. Local access is required to approach this attack. The exploit has been disclosed publicly and may be used. Unfortunately, the project has no active maintainer at the moment. In a reply to the issue report somebody recommended to the researcher to provide a PR himself.
A vulnerability was detected in wasm3 up to 0.5.0. Impacted is the function op_SetSlot_i32/op_CallIndirect of the file m3_exec.h. Performing a manipulation results in memory corruption. The attack needs to be approached locally. The exploit is now public and may be used. Unfortunately, the project has no active maintainer at the moment.