Filtered by CWE-562
Total 6 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2023-52482 1 Redhat 1 Enterprise Linux 2024-11-04 6.7 Medium
In the Linux kernel, the following vulnerability has been resolved: x86/srso: Add SRSO mitigation for Hygon processors Add mitigation for the speculative return stack overflow vulnerability which exists on Hygon processors too.
CVE-2020-21686 1 Nasm 1 Netwide Assembler 2024-10-07 5.5 Medium
A stack-use-after-scope issue discovered in expand_mmac_params function in preproc.c in nasm before 2.15.04 allows remote attackers to cause a denial of service via crafted asm file.
CVE-2022-41837 2 Debian, Openimageio 2 Debian Linux, Openimageio 2024-09-17 9.8 Critical
An out-of-bounds write vulnerability exists in the OpenImageIO::add_exif_item_to_spec functionality of OpenImageIO Project OpenImageIO v2.4.4.2. Specially-crafted exif metadata can lead to stack-based memory corruption. An attacker can provide a malicious file to trigger this vulnerability.
CVE-2021-23555 2 Redhat, Vm2 Project 2 Acm, Vm2 2024-09-16 9.8 Critical
The package vm2 before 3.9.6 are vulnerable to Sandbox Bypass via direct access to host error objects generated by node internals during generation of a stacktraces, which can lead to execution of arbitrary code on the host machine.
CVE-2024-33045 1 Qualcomm 385 Ar8035, Ar8035 Firmware, Csra6620 and 382 more 2024-09-05 8.4 High
Memory corruption when BTFM client sends new messages over Slimbus to ADSP.
CVE-2021-21798 1 Gonitro 1 Nitro Pro 2024-08-03 7.8 High
An exploitable return of stack variable address vulnerability exists in the JavaScript implementation of Nitro Pro PDF. A specially crafted document can cause a stack variable to go out of scope, resulting in the application dereferencing a stale pointer. This can lead to code execution under the context of the application. An attacker can convince a user to open a document to trigger the vulnerability.