OpenJDK: Excessive memory allocation in HashMap and HashSet (Utility, 8266097)

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Utility. Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated...

The vulnerability of the Google Chrome web browser’s Extensions relates to the use of memory after it is released. This allows a malicious actor to gain access to confidential data, compromise its integrity, and cause service failures.

The vulnerability of Google Chrome’s browser Extensions relates to the use of memory after it is freed. Exploiting this vulnerability can allow an attacker to gain access to confidential data, compromise its integrity, and even cause service interruptions through a specially created HTML page...

OpenJDK: Excessive memory allocation in RTFReader (Swing, 8265580)

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Swing. Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated...

OpenJDK: Excessive memory allocation in HashMap and HashSet (Utility, 8266097)

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Utility. Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated...

CVE-2021-30837

A memory consumption issue was addressed with improved memory handling. This issue is fixed in iOS 15 and iPadOS 15, watchOS 8, tvOS 15. An application may be able to execute arbitrary code with kernel privileges...

Remote Code Execution (RCE)

firefox-esr is vulnerable to remote code execution. The vulnerability exists due to memory which may lead to an attacker executing arbitrary code...

OESA-2021-1357 cups security update

CUPS is the standards-based, open source printing system developed by Apple Inc. for UNIX®-like operating systems. CUPS uses the Internet Printing Protocol IPP to support printing to local and network printers.. Security Fixes: An input validation issue was addressed with improved memory handling...

CVE-2021-30742

A memory consumption issue was addressed with improved memory handling. This issue is fixed in iOS 14.5 and iPadOS 14.5. Processing a maliciously crafted audio file may lead to arbitrary code execution...

Code injection

A memory consumption issue was addressed with improved memory handling. This issue is fixed in iOS 14.5 and iPadOS 14.5. Processing a maliciously crafted audio file may lead to arbitrary code execution...

CVE-2021-3634

A flaw has been found in libssh. The SSH protocol keeps track of two shared secrets during the lifetime of the session. One of them is called secrethash and the other sessionid. Initially, both of them are the same, but after key re-exchange, previous sessionid is kept and used as an input to new...

GHSA-HPCX-3PW8-G3J2 Free of uninitialized memory in telemetry

An issue was discovered in the telemetry crate through 0.1.2 for Rust. There is a drop of uninitialized memory if a value.clone call panics within misc::vecwithsize...

OPENSUSE-SU-2021:2791-1 Security update for fetchmail

This update for fetchmail fixes the following issues: - CVE-2021-36386: Fixed a missing variable initialization that can cause read from bad memory locations. bsc1188875 - Change PASSWORDLEN from 64 to 256 bsc1188034...

Mozilla: Uninitialized memory in a canvas object could have led to memory corruption

Uninitialized memory in a canvas object could have caused an incorrect free leading to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird 78.13, Thunderbird 91, Firefox ESR 78.13, and Firefox 91...

Design/Logic Flaw

An issue was discovered in the array-tools crate before 0.3.2 for Rust. FixedCapacityDequeLike::clone has a drop of uninitialized memory...

CVE-2020-36452

The CVE-2020-36452 issue affects the Rust crate array-tools prior to 0.3.2. The vulnerability is in FixedCapacityDequeLike::clone(), which can drop uninitialized memory, causing memory corruption. CVSS info from NVD shows high to critical impact (base scores 7.5–9.8) with network attack vector an...

PT-2021-18840 · Apple · Ios +1

Name of the Vulnerable Software and Affected Versions: iOS versions prior to 14.5 iPadOS versions prior to 14.5 Description: A memory consumption issue was addressed with improved memory handling. Processing a maliciously crafted audio file may lead to arbitrary code execution. Recommendations: F...

SUSE-SU-2021:14757-1 Security update for OpenEXR

This update for OpenEXR fixes the following issues: - Fixed CVE-2021-3479 bsc1184354: Out-of-memory caused by allocation of a very large buffer - Fixed CVE-2021-3605 bsc1187395: Heap buffer overflow in the rleUncompress function...

SUSE: Security Advisory (SUSE-SU-2018:2630-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-4948-1 linux-oem-5.10 vulnerabilities

Ryota Shiga discovered that the eBPF implementation in the Linux kernel did not properly verify that a BPF program only reserved as much memory for a ring buffer as was allocated. A local attacker could use this to cause a denial of service system crash or execute arbitrary code. CVE-2021-3489...

OESA-2021-1167 OpenEXR security update

OpenEXR is a high dynamic-range HDR image file format originally developed by Industrial Light & Magic for use in computer imaging applications. Security Fixes: There's a flaw in OpenEXR in versions before 3.0.0-beta. A crafted input file that is processed by OpenEXR could cause a shift overflow ...