CVE-2018-20102

An out-of-bounds read in dnsvalidatednsresponse in dns.c was discovered in HAProxy through 1.8.14. Due to a missing check when validating DNS responses, remote attackers might be able read the 16 bytes corresponding to an AAAA record from the non-initialized part of the buffer, possibly accessing...

Apple macOS sysctl_procargsx Uninitialized Buffer Information Disclosure Vulnerability

This vulnerability allows local attackers to disclose sensitive information on vulnerable installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handlin...

Apple Safari Array Concat Uninitialized Buffer Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handlin...

Uninitialized Buffer Allocation

njwt is vulnerable to uninitialized buffer allocation attacks. The library contains an uninitialized memory allocation when handling a large number, which can allow a malicious user to gain access to sensitive information or crash the application...

Denial Of Service (DoS) Via Out-of-Bounds Read

atob is vulnerable to Denial of Service DoS via out-of-bounds read. The application contains a uninitialized buffer in the return statement, allowing a malicious user access to sensitive information stored in the uninitialized memory. A malicious user can also pass a large number to the applicati...

Out-of-bounds

In SvoxSsmlParser and startElement of svoxssmlparser.cpp, there is a possible out of bounds write due to an uninitialized buffer. This could lead to remote code execution in an unprivileged process with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2017-13285

In SvoxSsmlParser and startElement of svoxssmlparser.cpp, there is a possible out of bounds write due to an uninitialized buffer. This could lead to remote code execution in an unprivileged process with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2017-13285

In SvoxSsmlParser and startElement of svoxssmlparser.cpp, there is a possible out of bounds write due to an uninitialized buffer. This could lead to remote code execution in an unprivileged process with no additional execution privileges needed. User interaction is not needed for exploitation...

Node.js third-party modules: `utile` allocates uninitialized Buffers when number is passed in input

I would like to report an uninitialized Buffer allocation issue in utile. It allows to extract sensitive data from uninitialized memory or to cause a DoS by passing in a large number, in setups where typed user input can be passed e.g. from JSON. Module module name: utile version: 0.3.0 npm page:...

Node.js third-party modules: `base64url` allocates uninitialized Buffers when number is passed in input on Node.js 4.x and below

I would like to report an uninitialized Buffer allocation issue in base64url. It allows to extract sensitive data from uninitialized memory or to cause a DoS by passing in a large number, in setups where typed user input can be passed e.g. from JSON, on Node.js 4.x and lower. Module module name:...

Node.js third-party modules: `concat-with-sourcemaps` allocates uninitialized Buffers when number is passed as a separator

I would like to report an uninitialized Buffer allocation issue in concat-with-sourcemaps. It allows to extract sensitive data from uninitialized memory or to cause a DoS by passing in a large number, in unlikely setups where separator is attacker-controlled. Module module name:...

FreeBSD : node.js -- Data Confidentiality/Integrity Vulnerability, December 2017 (bea84a7a-e0c9-11e7-b4f3-11baa0c2df21)

"Node.js reports : Data Confidentiality/Integrity Vulnerability - CVE-2017-15896 Node.js was affected by OpenSSL vulnerability CVE-2017-3737 in regards to the use of SSLread due to TLS handshake failure. The result was that an active network attacker could send application data to Node.js using t...

Joyent Node.js Information Disclosure Vulnerability

Joyent Node.js is the United States Joyent company's set of web applications built on top of the Google V8 JavaScript engine platform. The platform is primarily used for building highly scalable applications and writing code that can handle tens of thousands of simultaneous connections to a singl...

Data Confidentiality/Integrity Vulnerability, December 2017

Data Confidentiality/Integrity Vulnerability, December 2017 Update 7-December-2017 Security releases available Summary Updates are now available for all active Node.js release lines. These include the fix for the vulnerability identified in the initial announcement. In addition the updates for 8....

CVE-2017-11051

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, information disclosure is possible in function wlanhddcfg80211testmode since buffer hbparams is not initialized to zero...

Wee Enhanced Environment for Chat logger plugin denial of service vulnerability

WeeChat Wee Enhanced Environment for Chat is an efficient lightweight IRC chat client. logger plugin is one of the logger plugins. A security vulnerability exists in the logger.c file of the logger plugin in versions of WeeChat prior to 1.9.1, which stems from the program failing to initialize a...

UBUNTU-CVE-2017-14727

logger.c in the logger plugin in WeeChat before 1.9.1 allows a crash via strftime date/time specifiers, because a buffer is not initialized...

ALPINE-CVE-2017-14727

logger.c in the logger plugin in WeeChat before 1.9.1 allows a crash via strftime date/time specifiers, because a buffer is not initialized...

DEBIAN-CVE-2017-14727

logger.c in the logger plugin in WeeChat before 1.9.1 allows a crash via strftime date/time specifiers, because a buffer is not initialized...

CVE-2017-14727

logger.c in the logger plugin in WeeChat before 1.9.1 allows a crash via strftime date/time specifiers, because a buffer is not initialized...