1683 matches found
Mozilla: Use-after-poison for incorrectly redeclared JavaScript variables during GC
The Mozilla Foundation Security Advisory describes this flaw as: Performing garbage collection on re-declared JavaScript variables resulted in a user-after-poison, and a potentially exploitable crash...
Mozilla Firefox < 85.0
The version of Firefox installed on the remote Windows host is prior to 85.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2021-03 advisory. - Mozilla developers Sebastian Hengst, Christian Holler, Tyson Smith reported memory safety bugs present in Firefox 84...
Mozilla Firefox 安全漏洞
Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A security vulnerability previously existed in Mozilla Firefox version 85.0. The vulnerability stems from the fact that performing garbage collection on a redeclared JavaScript variable can lead to...
UBUNTU-CVE-2021-23960
Performing garbage collection on re-declared JavaScript variables resulted in a user-after-poison, and a potentially exploitable crash. This vulnerability affects Firefox 85, Thunderbird 78.7, and Firefox ESR 78.7...
xnio: file descriptor leak caused by growing amounts of NIO Selector file handles may lead to DoS
A flaw was found in xnio. A file descriptor leak caused by growing amounts of NIO Selector file, handled between garbage collection cycles, may allow the attacker to cause a denial of service. The highest threat from this vulnerability is to system availability...
Basecamp: Information Disclosure of Garbage Collection Cycle 'Again'
A diagnostic subdomain was still available publicly after being reported https://hackerone.com/reports/981796 and remediation. Subsequently a researcher was able to access the subdomain. Disclosure has been limited as the report contains low sensitive information, but sensitive none the less...
xnio: file descriptor leak caused by growing amounts of NIO Selector file handles may lead to DoS
A flaw was found in xnio. A file descriptor leak caused by growing amounts of NIO Selector file, handled between garbage collection cycles, may allow the attacker to cause a denial of service. The highest threat from this vulnerability is to system availability...
Fedora 32 : prosody (2020-a48bf86c27)
Prosody 0.11.7 ============== This is a security release for the 0.11.x stable branch. It is strongly recommended that all users upgrade to this release, especially those whose deployments have enabled modwebsocket. As well as upgrading, we recommend all public deployments to review and configure...
PYSEC-2020-220
A flaw was found in Ansible Base when using the awsssm connection plugin as garbage collector is not happening after playbook run is completed. Files would remain in the bucket exposing the data. This issue affects directly data confidentiality...
PYSEC-2020-220
A flaw was found in Ansible Base when using the awsssm connection plugin as garbage collector is not happening after playbook run is completed. Files would remain in the bucket exposing the data. This issue affects directly data confidentiality...
UBUNTU-CVE-2020-25635
A flaw was found in Ansible Base when using the awsssm connection plugin as garbage collector is not happening after playbook run is completed. Files would remain in the bucket exposing the data. This issue affects directly data confidentiality...
[SECURITY] Fedora 33 Update: lua-5.4.0-7.fc33
Lua is a powerful light-weight programming language designed for extending applications. Lua is also frequently used as a general-purpose, stand-alone language. Lua is free software. Lua combines simple procedural syntax with powerful data description constructs based on associative arrays and...
Lua through 5.4.0 mishandles the interaction between stack resizes and garbage collection leading to a heap-based buffer overflow heap-based buffer over-read or use-after-free.
...
[SECURITY] Fedora 32 Update: lua-5.3.5-8.fc32
Lua is a powerful light-weight programming language designed for extending applications. Lua is also frequently used as a general-purpose, stand-alone language. Lua is free software. Lua combines simple procedural syntax with powerful data description constructs based on associative arrays and...
PT-2020-15713 · Lua +1 · Lua +1
Name of the Vulnerable Software and Affected Versions: Lua version 5.4.0 Description: The issue is related to the interaction between barriers and the sweep phase in the lgc.c component of Lua, leading to a memory access violation involving collectgarbage. Recommendations: For Lua version 5.4.0, ...
DEBIAN-CVE-2020-15888
Lua through 5.4.0 mishandles the interaction between stack resizes and garbage collection, leading to a heap-based buffer overflow, heap-based buffer over-read, or use-after-free...
CVE-2020-15888
Lua through 5.4.0 mishandles the interaction between stack resizes and garbage collection, leading to a heap-based buffer overflow, heap-based buffer over-read, or use-after-free...
AZL-6670 CVE-2020-15888 affecting package lua for versions less than 5.3.5-11
Lua through 5.4.0 mishandles the interaction between stack resizes and garbage collection, leading to a heap-based buffer overflow, heap-based buffer over-read, or use-after-free...
CVE-2020-15888
Lua through 5.4.0 mishandles the interaction between stack resizes and garbage collection, leading to a heap-based buffer overflow, heap-based buffer over-read, or use-after-free...
Heap overflow
Lua through 5.4.0 mishandles the interaction between stack resizes and garbage collection, leading to a heap-based buffer overflow, heap-based buffer over-read, or use-after-free...