5093 matches found
Mozilla: Use-after-free while running the nsDocShell destructor
A flaw was found in Mozilla Firefox. A race condition can occur while running the nsDocShell destructor causing a use-after-free memory issue. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...
CVE-2020-8112
A heap-based buffer overflow flaw was found in the opjt1clbldecodeprocessor in openjpeg2. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...
CVE-2020-11113
A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. The interaction between serialization gadgets and typing is mishandled. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Mitigation The following conditions a...
CVE-2020-11111
A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. The interaction between serialization gadgets and typing is mishandled. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Mitigation The following conditions a...
CVE-2020-6820
A flaw was found in Mozilla's Firefox. A race condition can occur when handling a ReadableStream causing a use-after-free memory issue. The highest threat from this vulnerability are to data confidentiality and integrity as well as system availability...
CVE-2020-6819
A flaw was found in Mozilla Firefox. A race condition can occur while running the nsDocShell destructor causing a use-after-free memory issue. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...
CVE-2019-15118
A flaw was found in the sound mixer handling of the Linux kernel. An attacker with physical access able to insert a specially crafted USB device can cause a recursive loop which continues to consume the reserved stack space leading to a system panic. The highest threat from this vulnerability is ...
CVE-2019-1003024
A flaw was found in the Jenkins script security sandbox. The previously implemented script security sandbox protections prohibiting the use of unsafe AST transforming annotations such as @Grab could be circumvented through use of various Groovy language features including the use of...
nimbus-jose-jwt: Uncaught exceptions while parsing a JWT
A flaw was found in Connect2id Nimbus JOSE+JWT prior to version 7.9. While processing JSON web tokens JWT, nimbus-jose-jwt can throw various uncaught exceptions resulting in an application crash, information disclosure, or authentication bypass. The highest threat from this vulnerability is to da...
CVE-2018-20834
A flaw was found in nodejs-tar in versions prior to 4.4.2. An arbitrary file overwrite can occur when extracting tarballs containing a hard-link to a file that already exists in the system. Further, a file that matches the hard-link may overwrite the system's files with the contents of the...
kernel: buffer-overflow hardening in WiFi beacon validation code.
A flaw in the Linux kernel's WiFi beacon validation code was discovered. The code does not check the length of the variable length elements in the beacon head potentially leading to a buffer overflow. System availability, as well as data confidentiality and integrity, can be impacted by this...
CVE-2019-9454
An out-of-bounds write flaw was found in the i2c driver in the Linux kernel. This flaw allows an attacker to escalate privileges with system execution privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Mitigation...
CVE-2019-10746
A flaw was found in Nodejs's mixin-deep prior to versions 1.3.2 and 2.0.0. The mixin-deep function could be used to add or modify properties of the Object.prototype. The highest threat from this vulnerability is to system availability...
CVE-2019-19082
A memory leak flaw was found in the Linux kernel. A system crash occurs under very specific, hard to obtain conditions, when the AMD GPU Display Engine configuration initialization handles resource cleaning when a failure occurs. The highest threat from this vulnerability is system availability...
freeCMS v1.5 Arbitrary File Deletion Vulnerability
FreeCMS is a free CMS system. An arbitrary file deletion vulnerability exists in FreeCMS v1.5, which can be exploited by an attacker to cause an impact on the availability of the system...
Huawei Desktop Cloud Windows Virtual Desktop Proxy Service hdpCommunication application suffers from a malicious lock screen vulnerability
Founded in 1987, Huawei Technologies Co. Ltd. is a global provider of ICT information and communications infrastructure and smart terminals. A malicious lock screen vulnerability exists in the Huawei Desktop Cloud Windows Virtual Desktop Agent Service hdpCommunication application, which can be...
HTTP/2: flood using PRIORITY frames results in excessive resource consumption
A flaw was found in HTTP/2. An attacker, using PRIORITY frames to flood the system, could cause excessive CPU usage and starvation of other clients. The largest threat from this vulnerability is to system availability...
CVE-2020-10931
A buffer overflow flaw was found in memcached 1.6.0, due to not having a mechanism to verify the length of “extlen” when calling the memcpy function if a large value is assigned to the “extlen” variable. This flaw causes a denial of service and presents a significant risk to system availability...
CVE-2020-6582
A flaw was found in nrpe. A heap-based buffer overflow is possible due to the interpretation of a small negative number as a large positive number during a bzero call. The highest threat from this vulnerability is to system availability. Mitigation There is no known mitigation for this issue, the...
CVE-2020-6581
A flaw was found in nrpe. A command injection is possible due to insufficient filtering. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Mitigation Disable nastymetachars and dontblamenrpe option inside the NRPE configuration fil...