CVE-2020-25637

A double free memory issue was found to occur in the libvirt API, in versions before 6.8.0, responsible for requesting information about network interfaces of a running QEMU domain. This flaw affects the polkit access control driver. Specifically, clients connecting to the read-write socket with...

CVE-2020-25637

A double free memory issue was found to occur in the libvirt API, in versions before 6.8.0, responsible for requesting information about network interfaces of a running QEMU domain. This flaw affects the polkit access control driver. Specifically, clients connecting to the read-write socket with...

Double free

A double free memory issue was found to occur in the libvirt API, in versions before 6.8.0, responsible for requesting information about network interfaces of a running QEMU domain. This flaw affects the polkit access control driver. Specifically, clients connecting to the read-write socket with...

CVE-2020-25637

CVE-2020-25637 affects libvirt API used to fetch network interfaces for running QEMU domains. A double-free in the polkit-enabled read-write socket handling can crash the libvirt daemon, causing denial of service and potential privilege escalation. The vulnerability affects versions before 6.8.0;...

PT-2022-8872 · Upx +2 · Upx +2

Name of the Vulnerable Software and Affected Versions: UPX version 4.0.0 Description: A memory-related issue was found in the adjABS function within the p lx elf.cpp file of UPX, which can be triggered by a specially crafted Mach-O file. Recommendations: For UPX version 4.0.0, at the moment, ther...

webkitgtk: Memory consumption issue leading to arbitrary code execution

A memory consumption issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. A remote attacker may be able to cause arbitrary code...

Design/Logic Flaw

In BIG-IP versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, and 14.1.0-14.1.2.6, a BIG-IP virtual server with a Session Initiation Protocol SIP ALG profile, parsing SIP messages that contain a multi-part MIME payload with certain boundary strings can cause TMM to free memory to the wrong cache...

USN-4456-1 dovecot vulnerabilities

It was discovered that Dovecot incorrectly handled deeply nested MIME parts. A remote attacker could possibly use this issue to cause Dovecot to consume resources, resulting in a denial of service. CVE-2020-12100 It was discovered that Dovecot incorrectly handled memory when using NTLM. A remote...

The vulnerability of the Linux operating system’s kernel, related to the use of memory after it is freed, allows a hacker to cause a service failure.

The vulnerability in the drivers/net/slip/slip.c and drivers/net/can/slcan.c files of the Linux operating system relates to the use of memory after it is freed. Exploiting this vulnerability can allow an attacker to cause a service failure...

USN-4450-1 whoopsie vulnerabilities

Seong-Joong Kim discovered that Whoopsie incorrectly handled memory. A local attacker could use this issue to cause Whoopsie to consume memory, resulting in a denial of service. CVE-2020-11937 Seong-Joong Kim discovered that Whoopsie incorrectly handled parsing files. A local attacker could use...

OpenJDK: Excessive memory usage in ImageIO TIFF plugin (ImageIO, 8233239)

Vulnerability in the Java SE product of Oracle Java SE component: ImageIO. Supported versions that are affected are Java SE: 11.0.7 and 14.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of...

OpenJDK: Excessive memory usage in ImageIO TIFF plugin (ImageIO, 8233239)

Vulnerability in the Java SE product of Oracle Java SE component: ImageIO. Supported versions that are affected are Java SE: 11.0.7 and 14.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of...

OpenJDK: Excessive memory usage in ImageIO TIFF plugin (ImageIO, 8233239)

Vulnerability in the Java SE product of Oracle Java SE component: ImageIO. Supported versions that are affected are Java SE: 11.0.7 and 14.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of...

Code injection

In Synergy before version 1.12.0, a Synergy server can be crashed by receiving a kMsgHelloBack packet with a client name length set to 0xffffffff 4294967295 if the servers memory is less than 4 GB. It was verified that this issue does not cause a crash through the exception handler if the availab...

CVE-2020-9859

A memory consumption issue was addressed with improved memory handling. This issue is fixed in iOS 13.5.1 and iPadOS 13.5.1, macOS Catalina 10.15.5 Supplemental Update, tvOS 13.4.6, watchOS 6.2.6. An application may be able to execute arbitrary code with kernel privileges...

SUSE-SU-2020:1546-1 Security update for php72

This update for php72 fixes the following issues: - CVE-2020-7064: Fixed a one byte read of uninitialized memory in exifreaddata bsc1168326. - CVE-2020-7066: Fixed URL truncation getheaders if the URL contains zero \0 character bsc1168352. - CVE-2019-11048: Improved the handling of overly long...

Huawei Data Communication: Memory Leak Vulnerability in Several Huawei Products (huawei-sa-20171213-04-xml)

There is a memory leak vulnerability in several Huawei products. Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free...

Fedora 31 : perl-Email-MIME / perl-Email-MIME-ContentType (2020-39d40d9ae9)

This update limits the number of nested MIME parts to 10 by default, to avoid a possible memory exhaustion issue with lots of tiny MIME parts. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to...

pcapplusplus:FuzzTarget: Use-of-uninitialized-value in pcpp::GtpV1Layer::getHeaderLen

Project: https://github.com/seladb/PcapPlusPlus.git Detailed Report: https://oss-fuzz.com/testcase?key=5204104585674752 Project: pcapplusplus Fuzzing Engine: libFuzzer Fuzz Target: FuzzTarget Job Type: libfuzzermsanpcapplusplus Platform Id: linux Crash Type: Use-of-uninitialized-value Crash...

CVE-2020-11039

Summary (CVE-2020-11039) In FreeRDP, versions up to and including 2.0.0 with USB redirection enabled can suffer an integer-overflow in length checks that allows (nearly) arbitrary memory read/write when interacting with a manipulated server. This was fixed in version 2.1.0. Public advisories and ...