SUSE CVE-2019-20005

An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxmldecode, while parsing a crafted XML file, performs incorrect memory handling, leading to a heap-based buffer over-read while running strchr starting with a pointer after a '\0' character where the processing of a string was...

SUSE CVE-2021-31806

An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to a memory-management bug, it is vulnerable to a Denial of Service attack against all clients using the proxy via HTTP Range request processing...

SUSE CVE-2022-3373

Out of bounds write in V8 in Google Chrome prior to 106.0.5249.91 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. Chromium security severity: High...

PYSEC-2023-290

An issue was discovered with assimp 5.1.4, a use after free occurred in function ColladaParser::ExtractDataObjectFromChannel in file /code/AssetLib/Collada/ColladaParser.cpp...

PT-2023-34259 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.15.86 Description: The issue is related to a use-after-free in btf dump name dups. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux Kernel versions prior to...

Google Chrome 资源管理错误漏洞

Google Chrome is a web browser from Google, an American company. A memory misreference vulnerability exists in versions of Google Chrome prior to 106.0.5249.62, which stems from a confusion in the instruction responsible for freeing memory in Import. An attacker could exploit the vulnerability to...

iana-time-zone vulnerable to use after free in MacOS / iOS implementation

In iana-time-zone v0.1.43 a use-after-free bug in the MacOS / iOS implementation was introduced. The copied system time zone was released before its name was copied. If the system time zone was changed between the call of CFRelease and str::toowned, random memory would be copied...

PT-2022-3260 · Argo Cd · Argo Cd

Name of the Vulnerable Software and Affected Versions: Argo CD versions 0.7.0 and later Argo CD versions prior to 2.1.16 Argo CD versions prior to 2.2.10 Argo CD versions prior to 2.3.5 Argo CD versions prior to 2.4.1 Description: The issue is related to an uncontrolled memory consumption bug in...

Intel Memory Bug Poses Risk for Hundreds of Products

Chipmaker Intel is reporting a memory bug impacting microprocessor firmware used in “hundreds” of products. According to an advisory issued by the company on Tuesday, the bug is firmware-based and rated as “high” risk with a Common Vulnerability Scoring System CVSS score of 7. The vulnerability...

USN-5357-1 linux, linux-aws, linux-azure-4.15, linux-dell300x, linux-hwe, linux-kvm, linux-snapdragon vulnerability

It was discovered that the IPsec implementation in the Linux kernel did not properly allocate enough memory when performing ESP transformations, leading to a heap-based buffer overflow. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code...

PT-2022-4803 · Uriparser +4 · Uriparser +4

Name of the Vulnerable Software and Affected Versions: uriparser versions prior to 0.9.6 Description: The issue is related to the use of memory after it has been freed, which can be exploited by a remote attacker to cause a denial of service. It performs invalid free operations in uriFreeUriMembe...

DEBIAN-CVE-2021-0929

In iondmabufendcpuaccess and related functions of ion.c, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

UBUNTU-CVE-2021-43534

Mozilla developers and community members reported memory safety bugs present in Firefox 93 and Firefox ESR 91.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects...

Adobe Premiere Pro 缓冲区错误漏洞

Adobe Premiere Pro is a timeline-based video editing software from Adobe. Adobe Premiere Pro 15.4.1 and earlier versions are vulnerable to a memory buffer out-of-bounds access vulnerability. An attacker can exploit this vulnerability to execute arbitrary code...

CVE-2021-1875

A double free issue was addressed with improved memory management. This issue is fixed in Security Update 2021-002 Catalina, Security Update 2021-003 Mojave, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. Processing a maliciously crafted file may lead to heap corruption...

UBUNTU-CVE-2021-31806

An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to a memory-management bug, it is vulnerable to a Denial of Service attack against all clients using the proxy via HTTP Range request processing...

ALPINE-CVE-2020-36226

A flaw was discovered in OpenLDAP before 2.4.57 leading to a memch-bvlen miscalculation and slapd crash in the saslAuthzTo processing, resulting in denial of service...

Firefox Patches Critical Mystery Bug, Also Impacting Google Chrome

A Mozilla Foundation update to the Firefox web browser, released Tuesday, tackles one critical vulnerability and a handful of high-severity bugs. The update, released as Firefox version 84, is also billed by Mozilla as boosting the browser’s performance and adding native support for macOS hardwar...

UBUNTU-CVE-2020-35113

Mozilla developers reported memory safety bugs present in Firefox 83 and Firefox ESR 78.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox 84, Thunderbi...

USN-4642-1 pdfresurrect vulnerability

It was discovered that PDFResurrect incorrectly handled certain memory operations during PDF summary generation. An attacker could use this to cause out-of-bounds writes, resulting in a denial of service system crash or arbitrary code execution...