OpenJDK: Excessive memory usage in OID processing in X.509 certificate parsing (Libraries, 8234037)

Vulnerability in the Java SE product of Oracle Java SE component: Libraries. Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE...

PT-2020-2007 · Qemu +9 · Qemu +9

Name of the Vulnerable Software and Affected Versions: QEMU versions 4.2.0 libslirp version 4.1.0 Description: The issue is related to a memory management error in the tcp emu function of the QEMU software, which can be exploited by a remote attacker to access confidential data, compromise data...

php:php-fuzz-exif: Use-of-uninitialized-value in exif_process_TIFF_in_JPEG

Detailed Report: https://oss-fuzz.com/testcase?key=5631203063627776 Project: php Fuzzing Engine: libFuzzer Fuzz Target: php-fuzz-exif Job Type: libfuzzermsanphp Platform Id: linux Crash Type: Use-of-uninitialized-value Crash Address: Crash State: exifprocessTIFFinJPEG exifscanJPEGheader...

Google Chrome Blink Resource Management Error Vulnerability (CNVD-2019-44527)

Google Chrome is a Web browser from Google, a U.S. company. Blink is a browser layout engine rendering engine jointly developed by Google and Norway's OperaSoftware. A resource management error vulnerability exists in the 'WebCore::CSSSelector' function of Blink in Google Chrome prior to version...

Zomato: Zomato Map server going out of memory while resizing map image

Go to https://maps.zomato.com/php/staticmap?center=0,0&size=240x150&maptype=zomato&markers=180,180,pinres32&sensor=false&scale=%&zoom=eval2147483647+1&language=en a map will be displayed Now increase the map size by 10x...

EulerOS 2.0 SP8 : bind (EulerOS-SA-2019-2275)

According to the version of the bind packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A failure to free memory can occur when processing messages having a specific combination of EDNS options. Versions affected are: BIND 9.10.7 -...

imagemagick:encoder_heic_fuzzer: Use-of-uninitialized-value in decode_CABAC_FL_bypass

Detailed Report: https://oss-fuzz.com/testcase?key=5655430986727424 Project: imagemagick Fuzzing Engine: libFuzzer Fuzz Target: encoderheicfuzzer Job Type: libfuzzermsanimagemagick Platform Id: linux Crash Type: Use-of-uninitialized-value Crash Address: Crash State: decodeCABACFLbypass...

DEBIAN-CVE-2019-17069

PuTTY before 0.73 might allow remote SSH-1 servers to cause a denial of service by accessing freed memory locations via an SSH1MSGDISCONNECT message...

CVE-2019-16144

An issue was discovered in the generator crate before 0.6.18 for Rust. Uninitialized memory is used by Scope, done, and yield during API calls...

MGASA-2019-0217 Updated kernel packages fix security vulnerability

This kernel update is based on the upstream 5.1.20 and fixes at least the following security issue: With Xen, virtual device backends and device models running in domain 0, or other backend driver domains, need to be able to map guest memory either via grant mappings, or via the foreign mapping...

CVE-2019-13960

In libjpeg-turbo 2.0.2, a large amount of memory can be used during processing of an invalid progressive JPEG image containing incorrect width and height values in the image header. NOTE: the vendor's expectation, for use cases in which this memory usage would be a denial of service, is that the...

CVE-2019-2263

Access to freed memory can happen while reading from diag driver due to use after free issue in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in IPQ4019, IPQ8064...

Design/Logic Flaw

Access to freed memory can happen while reading from diag driver due to use after free issue in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in IPQ4019, IPQ8064...

DEBIAN-CVE-2019-5786

Object lifetime issue in Blink in Google Chrome prior to 72.0.3626.121 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page...

SUSE-SU-2019:1712-1 Security update for ImageMagick

This update for ImageMagick fixes the following issues: Security issues fixed: - CVE-2019-11597: Fixed a heap-based buffer over-read in the WriteTIFFImage bsc1138464. - Fixed a file content disclosure via SVG and WMF decoding bsc1138425.- CVE-2019-11472: Fixed a denial of service in ReadXWDImage...

SUSE-SU-2019:1203-1 Security update for samba

This update for samba fixes the following issues: Security issue fixed: - CVE-2019-3880: Fixed a path/symlink traversal vulnerability, which allowed an unprivileged user to save registry files outside a share bsc1131060. Non-security issues fixed: - Fixed an issue where the first login failed and...

CVE-2019-11640

An issue was discovered in GNU recutils 1.8. There is a heap-based buffer overflow in the function recfexparsestrsimple at rec-fex.c in librec.a...

DEBIAN-CVE-2018-4361

A memory consumption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12, tvOS 12, watchOS 5, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7...

DEBIAN-CVE-2018-4306

A use after free issue was addressed with improved memory management. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7...

DEBIAN-CVE-2019-5762

Inappropriate memory management when caching in PDFium in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file...