PT-2021-5273 · Apache +10 · Apache Http Server +10

Name of the Vulnerable Software and Affected Versions: Apache HTTP Server versions 2.4.30 through 2.4.48 Description: A carefully crafted request uri-path can cause mod proxy uwsgi to read above the allocated memory and crash, resulting in a denial of service DoS. The issue is related to the mod...

Huawei EulerOS: Security Advisory for libvirt (EulerOS-SA-2021-1666)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

UBUNTU-CVE-2021-21180

Use after free in tab search in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

Huawei EulerOS: Security Advisory for libvirt (EulerOS-SA-2021-1526)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

BIG-IP APM 资源管理错误漏洞

F5 BIG-IP is an application delivery platform from F5 USA that integrates network traffic management, application security management, load balancing and other functions. A resource management error vulnerability exists in the BIG-IP APM, which arises from mismanagement of system resources e.g.,...

[ASA-202101-42] libvirt: arbitrary code execution

Arch Linux Security Advisory ASA-202101-42 ========================================== Severity: Critical Date : 2021-01-29 CVE-ID : CVE-2020-25637 Package : libvirt Type : arbitrary code execution Remote : No Link : https://security.archlinux.org/AVG-1240 Summary ======= The package libvirt befor...

OPENSUSE-SU-2021:0082-1 Security update for nodejs10

This update for nodejs10 fixes the following issues: - New upstream LTS version 10.23.1: CVE-2020-8265: use-after-free in TLSWrap High bug in TLS implementation. When writing to a TLS enabled socket, node::StreamBase::Write calls node::TLSWrap::DoWrite with a freshly allocated WriteWrap object as...

Security update for libzypp, zypper (moderate)

openSUSE Security Update: Security update for libzypp, zypper Announcement ID: openSUSE-SU-2021:0059-1 Rating: moderate References: 1050625 1174016 1177238 1177275 1177427 1177583 1178910 1178966 1179083 1179222 1179415 1179909 Cross-References: CVE-2017-9271 Affected Products: openSUSE Leap 15.2...

The vulnerability of Firefox browsers, Firefox ESR, and the Thunderbird email client, related to the use of memory after release, allows a hacker to trigger a service failure.

The vulnerabilities of Firefox, Firefox ESR, and the email client Thunderbird are related to the use of memory after deallocation. Exploiting these vulnerabilities can allow a remote attacker to cause service interruptions...

The vulnerability of Firefox, Firefox ESR, and the Thunderbird email client relates to the use of memory after element manipulation in the DOM. This allows an attacker to trigger a service failure.

The vulnerability of Firefox, Firefox ESR, and the Thunderbird email client relates to the use of memory after element manipulation in the DOM is released. Exploiting this vulnerability can allow a remote attacker to cause service interruptions...

CVE-2020-35888

An issue was discovered in the arr crate through 2020-08-25 for Rust. Uninitialized memory is dropped by Array::newfromtemplate...

Xen Security Vulnerabilities

Xen is an open source virtual machine monitor product from the University of Cambridge, UK. The product enables different and incompatible operating systems to run on the same computer and supports migration at runtime to ensure uptime and avoid downtime. A security vulnerability exists in Xen 4....

Medium: libvirt

Issue Overview: A double free memory issue was found to occur in the libvirt API responsible for requesting information about network interfaces of a running QEMU domain. This flaw affects the polkit access control driver. Specifically, clients connecting to the read-write socket with limited ACL...

PT-2020-5237 · Microsoft · Office Excel

Name of the Vulnerable Software and Affected Versions: Microsoft Excel affected versions not specified Description: The issue is related to a buffer overflow in memory, which can be exploited to gain access to protected information, execute arbitrary code, or cause a denial of service...

CVE-2020-29368

An issue was discovered in splithugepmd in mm/hugememory.c in the Linux kernel before 5.7.5. The copy-on-write implementation can grant unintended write access because of a race condition in a THP mapcount check, aka CID-c444eb564fb1...

webkitgtk: Memory consumption issue leading to arbitrary code execution

A memory consumption issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. A remote attacker may be able to cause arbitrary code...

CVE-2019-8767

A memory consumption issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, macOS Catalina 10.15. Processing a maliciously crafted string may lead to heap corruption...

CVE-2018-4448

A memory initialization issue was addressed with improved memory handling. This issue is fixed in macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra, iOS 12.1.1, watchOS 5.1.2, macOS Mojave 10.14.2, Security Update 2018-003 High Sierra, Security Update...

DEBIAN-CVE-2020-9951

A use after free issue was addressed with improved memory management. This issue is fixed in Safari 14.0. Processing maliciously crafted web content may lead to arbitrary code execution...

PT-2020-4371 · Microsoft · Text Services Framework +1

Name of the Vulnerable Software and Affected Versions: Text Services Framework affected versions not specified Description: An information disclosure issue exists due to improper handling of objects in memory. This could allow an attacker to read data not intended for disclosure. To exploit this,...