849 matches found
CVE-2022-30788
A crafted NTFS image can cause a heap-based buffer overflow in ntfsmftrecalloc in NTFS-3G through 2021.8.22...
PT-2022-5910 · Linux +2 · Linux Kernel +2
Name of the Vulnerable Software and Affected Versions: Linux kernel versions through 5.16-rc6 Description: An issue in the Linux kernel is related to the function rtw init xmit priv in the drivers/staging/r8188eu/core/rtw xmit.c module, which lacks a check of the return value of rtw alloc hwxmits...
CVE-2021-27439
TencentOS-tiny version 3.1.0 is vulnerable to integer wrap-around in function 'tosmmheapalloc incorrect calculation of effective memory allocation size. This improper memory assignment can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code...
GSD-2022-1001466 media: staging: media: zoran: move videodev alloc
media: staging: media: zoran: move videodev alloc This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.16.19 by commit...
GSD-2022-1000663 IB/hfi1: Fix alloc failure with larger txqueuelen
IB/hfi1: Fix alloc failure with larger txqueuelen This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.16.8 by commit...
UBUNTU-CVE-2022-24683
HashiCorp Nomad and Nomad Enterprise 0.9.2 through 1.0.17, 1.1.11, and 1.2.5 allow operators with read-fs and alloc-exec or job-submit capabilities to read arbitrary files on the host filesystem as root...
PT-2022-2376 · Nginx · Nginx Njs
Name of the Vulnerable Software and Affected Versions: nginx njs version 0.7.2 Description: The issue is related to a Use-after-free in the njs function frame alloc function when it tries to invoke from a restored frame saved with njs function frame save. This can allow a remote attacker to impac...
DEBIAN-CVE-2021-46239
The binary MP4Box in GPAC v1.1.0 was discovered to contain an invalid free vulnerability via the function gffree at utils/alloc.c. This vulnerability can lead to a Denial of Service DoS...
nf_tables_newset in net/netfilter/nf_tables_api.c in the Linux kernel before 5.12.13 allows local users to cause a denial of service (NULL pointer dereference and general protection fault) because of the missing initialization for nft_set_elem_expr_alloc. A local user can set a netfilter table expression in their own namespace.
...
GPAC 资源管理错误漏洞
GPAC is an open source multimedia framework. GPAC in version v1.1.0 there is a denial of service vulnerability , the vulnerability stems from the function gffree in utils/alloc.c through the existence of an invalid release , an attacker can exploit the vulnerability to perform a denial of service...
kconfig-hardened-check-master
This is a tool for checking Linux kernel Kconfig option lists against security hardening preferences. The tool is called "kconfig-hardened-check" and is written in Python. It is designed to help users ensure that their Linux systems are properly secured by checking the kernel configuration agains...
PT-2025-37569
Name of the Vulnerable Software and Affected Versions: linux affected versions not specified Description: The Linux kernel contains a flaw in the mmc subsystem, specifically within the rtsx pci driver. A failure to properly check the return value of the mmc add host function can lead to a memory...
BlueZ Resource Management Error Vulnerability (CNVD-2021-92546)
BlueZ is a Bluetooth protocol stack written in C that is primarily used to provide support for the core Bluetooth layer and protocol. blueZ is vulnerable to a resource management error that stems from a vulnerability in the affected version of sdp's cstate alloc buf, which allocates memory that...
kernel: NULL pointer dereference in llsec_key_alloc() in net/mac802154/llsec.c
A NULL pointer dereference flaw was found in the Linux kernel’s IEEE 802.15.4 wireless networking subsystem in the way the user closes the LR-WPAN connection. This flaw allows a local user to crash the system. The highest threat from this vulnerability is to system availability...
CVE-2021-37646 Bad alloc in `StringNGrams` caused by integer conversion in TensorFlow
TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of tf.rawops.StringNGrams is vulnerable to an integer overflow issue caused by converting a signed integer value to an unsigned one and then allocating memory based on this value. The...
UVI-2021-1000300 KVM: x86/mmu: Alloc page for PDPTEs when shadowing 32-bit NPT with 64-bit
KVM: x86/mmu: Alloc page for PDPTEs when shadowing 32-bit NPT with 64-bit This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.12.4 by commit...
CVE-2021-30501
CVE-2021-30501 concerns UPX 4.0.0, where an assertion abort in MemBuffer::alloc() (mem.cpp) can be triggered by a crafted file, potentially causing a denial of service. Connected sources confirm the affected component and root cause. OpenSUSE/SUSE advisories (openSUSE-SU-2023:0088-1) and OSV entr...
CVE-2021-30501
An assertion abort was found in upx MemBuffer::alloc in mem.cpp, in version UPX 4.0.0. The flow allows attackers to cause a denial of service abort via a crafted file...
GHSA-3WCQ-X3MQ-6R9P Potential memory exposure in dns-packet
This affects the package dns-packet before versions 1.3.2 and 5.2.2. It creates buffers with allocUnsafe and does not always fill them before forming network packets. This can expose internal application memory over unencrypted network when querying crafted invalid domain names...
Remote Memory Exposure
Overview dns-packet is an An abstract-encoding compliant module for encoding / decoding DNS packets Affected versions of this package are vulnerable to Remote Memory Exposure. It creates buffers with allocUnsafe and does not always fill them before forming network packets. This can expose interna...