CVE-2020-15888

Lua through 5.4.0 mishandles the interaction between stack resizes and garbage collection, leading to a heap-based buffer overflow, heap-based buffer over-read, or use-after-free...

CVE-2020-15888

Lua through 5.4.0 mishandles the interaction between stack resizes and garbage collection, leading to a heap-based buffer overflow, heap-based buffer over-read, or use-after-free...

PT-2020-14689 · Lua · Lua

Name of the Vulnerable Software and Affected Versions: Lua versions prior to 5.4.0 Description: The issue is related to how Lua handles the interaction between stack resizes and garbage collection, leading to potential heap-based buffer overflow, heap-based buffer over-read, or use-after-free...

CVE-2020-14163

An issue was discovered in ecma/operations/ecma-container-object.c in JerryScript 2.2.0. Operations with key/value pairs did not consider the case where garbage collection is triggered after the key operation but before the value operation, as demonstrated by improper read access to memory in...

Input validation

An issue was discovered in ecma/operations/ecma-container-object.c in JerryScript 2.2.0. Operations with key/value pairs did not consider the case where garbage collection is triggered after the key operation but before the value operation, as demonstrated by improper read access to memory in...

CVE-2020-14163

An issue was discovered in ecma/operations/ecma-container-object.c in JerryScript 2.2.0. Operations with key/value pairs did not consider the case where garbage collection is triggered after the key operation but before the value operation, as demonstrated by improper read access to memory in...

CVE-2020-14163

Removed by vendor...

Microsoft Internet Explorer JScript Garbage Collection Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

EulerOS Virtualization for ARM 64 3.0.2.0 : libvirt (EulerOS-SA-2020-1572)

According to the version of the libvirt packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability : - phpzip.c in the zip extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 improperly interacts with...

Denial Of Service (DoS)

kernel is vulnerable to denial of service DoS. The vulnerability exists as the sendmsg function in the Linux kernel did not block during UNIX socket garbage collection. This could, potentially, lead to a local denial of service...

File to tape job significantly slows down due to garbage collection operations

Challenge A file to tape job significantly slows down after some time of processing. The source disks and the Veeam database are under a low load, CPU is not overloaded either. Available RAM on the Veeam server is around 10% or lower. Cause When available RAM on the Veeam server reaches a certain...

JDK: Unrestricted access to diagnostic operations

From Eclipse OpenJ9 0.15 to 0.16, access to diagnostic operations such as causing a GC or creating a diagnostic file are permitted without any privilege checks...

JDK: Unrestricted access to diagnostic operations

From Eclipse OpenJ9 0.15 to 0.16, access to diagnostic operations such as causing a GC or creating a diagnostic file are permitted without any privilege checks...

BSA-2019-888

Security Advisory ID : BSA-2019-888 Component : Eclipse OpenJ9 Revision : 1.0: Final From Eclipse OpenJ9 0.15 to 0.16, access to diagnostic operations such as causing a GC or creating a diagnostic file are permitted without any privilege checks...

Denial Of Service (DoS)

tidb is vulnerable to denial of service. The vulnerability exists in tidbResultSet function in drivertidb.go because it fails to perform garbage collection until next execution which allow to attack to leading to an application crash...

PHP 7.3 disable_functions Bypass

= 0; $j-- $address = 8; return $out; function write&$str, $p, $v, $n = 8 $i = 0; for$i = 0; $i = 8; function leak$addr, $p = 0, $s = 8 global $abc, $helper; write$abc, 0x68, $addr + $p - 0x10; $leak = strlen$helper-a; if$s != 8 $leak %= 2 $s 8 - 1; return $leak; function parseelf$base $etype =...

Atlassian Jira Cross-Site Request Forgery Vulnerability (CNVD-2019-30070)

Jira is a tool developed by Australian company Atlassian for defect tracking, issue tracking and project management. A cross-site request forgery vulnerability exists in the doGarbageCollection method of the ViewSystemInfo class in Jira. A remote attacker could exploit this vulnerability to trigg...

CVE-2019-11588

The ViewSystemInfo class doGarbageCollection method in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version 8.3.2 allows remote attackers to trigger garbage collection via a Cross-site request forgery CSRF vulnerability...

CVE-2019-11588

The ViewSystemInfo class doGarbageCollection method in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version 8.3.2 allows remote attackers to trigger garbage collection via a Cross-site request forgery CSRF vulnerability...

Cross site request forgery (csrf)

The ViewSystemInfo class doGarbageCollection method in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version 8.3.2 allows remote attackers to trigger garbage collection via a Cross-site request forgery CSRF vulnerability...