Code injection

A vulnerability in SonicOS SSLVPN service allows a remote unauthenticated attacker to cause Denial of Service DoS due to the release of Invalid pointer and leads to a firewall crash. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3,...

kernel: sg_write function lacks an sg_remove_request call in a certain failure case

A vulnerability was found in sgwrite in drivers/scsi/sg.c in the SCSI generic sg driver subsystem. This flaw allows an attacker with local access and special user or root privileges to cause a denial of service if the allocated list is not cleaned with an invalid Sgfd sfp pointer at the time of...

CVE-2020-8715

Invalid pointer for some IntelR Server Boards, Server Systems and Compute Modules before version 1.59 may allow an unauthenticated user to potentially enable denial of service via local access...

CVE-2020-8715

Invalid pointer for some IntelR Server Boards, Server Systems and Compute Modules before version 1.59 may allow an unauthenticated user to potentially enable denial of service via local access...

CVE-2020-13432

rejetto HFS aka HTTP File Server v2.3m Build 300, when virtual files or folders are used, allows remote attackers to trigger an invalid-pointer write access violation via concurrent HTTP requests with a long URI or long HTTP headers...

CVE-2020-13432

rejetto HFS aka HTTP File Server v2.3m Build 300, when virtual files or folders are used, allows remote attackers to trigger an invalid-pointer write access violation via concurrent HTTP requests with a long URI or long HTTP headers...

Design/Logic Flaw

rejetto HFS aka HTTP File Server v2.3m Build 300, when virtual files or folders are used, allows remote attackers to trigger an invalid-pointer write access violation via concurrent HTTP requests with a long URI or long HTTP headers...

CVE-2020-13432

rejetto HFS aka HTTP File Server v2.3m Build 300, when virtual files or folders are used, allows remote attackers to trigger an invalid-pointer write access violation via concurrent HTTP requests with a long URI or long HTTP headers...

CVE-2020-13432

The CVE-2020-13432 entry concerns rejetto HFS (HTTP File Server) v2.3m Build 300. The connected docs confirm a remote buffer overflow that, under concurrent HTTP requests with long URIs or long headers, can trigger an invalid-pointer write access violation in hfs.exe, effectively enabling remote ...

HFS Http File Server 2.3m Build 300 Buffer Overflow

Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/HFS-HTTP-FILE-SERVER-v2.3-REMOTE-BUFFER-OVERFLOW-DoS.txt + twitter.com/hyp3rlinx + ISR: ApparitionSec Vendor www.rejetto.com Product HFS Http File Server v2.3m Build 300...

CVE-2020-9098

Huawei OceanStor 5310 product with version of V500R007C60SPC100 has an invalid pointer access vulnerability. The software system access an invalid pointer when attacker malformed packet. Due to the insufficient validation of some parameter, successful exploit could cause device reboot...

Design/Logic Flaw

Huawei OceanStor 5310 product with version of V500R007C60SPC100 has an invalid pointer access vulnerability. The software system access an invalid pointer when attacker malformed packet. Due to the insufficient validation of some parameter, successful exploit could cause device reboot...

CVE-2020-9098

The CVE-2020-9098 issue affects Huawei OceanStor 5310 with V500R007C60SPC100, where an invalid pointer access occurs due to insufficient validation of certain parameters. The vulnerability can be triggered by malformed network packets and, if exploited, may cause the device to reboot. Huawei’s se...

CVE-2020-9098

Huawei OceanStor 5310 product with version of V500R007C60SPC100 has an invalid pointer access vulnerability. The software system access an invalid pointer when attacker malformed packet. Due to the insufficient validation of some parameter, successful exploit could cause device reboot...

Security Advisory - Invalid Pointer Access Vulnerability in Huawei OceanStor Product

There is an invalid pointer access vulnerability in Huawei OceanStor 5310 product. The software system access an invalid pointer when attacker malformed packet. Due to the insufficient validation of some parameter, successful exploit could cause device reboot. Vulnerability ID: HWPSIRT-2020-02002...

Denial Of Service (DoS)

boost is vulnerable to denial of service. Invalid pointer dereference flaws were found in the way the Boost regular expression library processed certain, invalid expressions. An attacker able to make an application using the Boost library process a specially-crafted regular expression could cause...

Security Bulletin: A vulnerability in SQLite affects IBM Cloud Application Performance Management Response Time Monitoring Agent (CVE-2019-19925, CVE-2019-19645, CVE-2019-19924, CVE-2019-19923, CVE-2019-19880, CVE-2019-19646, CVE-2019-19926)

Summary SQLite is vulnerable to a denial of service. Vulnerability Details CVEID: CVE-2019-19925 DESCRIPTION: SQLite is vulnerable to a denial of service, caused by the mishandling of a NULL pathname in the zipfileUpdate function in ext/misc/zipfile.c. By sending a specially-crafted request, a...

Release of Invalid Pointer or Reference

An issue was discovered in USC iLab cereal. It employs caching of std::sharedptr values, using the raw pointer address as a unique identifier. This becomes problematic if a std::sharedptr variable goes out of scope and is freed, and a new std::sharedptr is allocated at the same address...

GPAC Invalid Pointer Dereference Vulnerability (CNVD-2020-19877)

GPAC is a multimedia framework for rich media and distributed under the LGPL license. An invalid pointer dereference vulnerability exists in gflistcount in utils/list.c in libgpac.a in versions of GPAC prior to 0.8.0. An attacker can exploit this vulnerability to cause a denial of service via a...

CVE-2019-20632

An issue was discovered in libgpac.a in GPAC before 0.8.0, as demonstrated by MP4Box. It contains an invalid pointer dereference in gfodfdeletedescriptor in odf/descprivate.c that can cause a denial of service via a crafted MP4 file...