CVE-2021-1057

CVE-2021-1057 affects NVIDIA’s vGPU software. The vulnerability exists in the vGPU manager’s vGPU plugin, where a guest can allocate resources it is not authorized to access, potentially leading to integrity and confidentiality loss, denial of service, or information disclosure. Affected are vGPU...

SUSE SLED15 / SLES15 Security Update : go1.15 (SUSE-SU-2020:2776-1)

go1.15 released 2020-08-11 Go 1.15 is a major release of Go. go1.15.x minor releases will be provided through August 2021. https://github.com/golang/go/wiki/Go-Release-Cycle Most changes are in the implementation of the toolchain, runtime, and libraries. As always, the release maintains the Go 1...

Apache 2 HTTP2 Module Concurrent Pool Usage Vulnerability

apache2: concurrent pool usage in http2 module h2mplx.c contains a number of calls to aplogcerror using m-c the master connection as an argument. These calls can trigger allocations using the m-c-pool. One example is coregeneratelogid. As some of the code in h2mplx.c is executed on a worker threa...

CVE-2018-21270

Versions less than 0.0.6 of the Node.js stringstream module are vulnerable to an out-of-bounds read because of allocation of uninitialized buffers when a number is passed in the input stream when using Node.js 4.x...

CVE-2018-21270

Versions less than 0.0.6 of the Node.js stringstream module are vulnerable to an out-of-bounds read because of allocation of uninitialized buffers when a number is passed in the input stream when using Node.js 4.x...

CVE-2018-21270

Versions less than 0.0.6 of the Node.js stringstream module are vulnerable to an out-of-bounds read because of allocation of uninitialized buffers when a number is passed in the input stream when using Node.js 4.x...

There's an issue with grub2 in all versions before 2.06 when handling squashfs filesystems containing a symbolic link with name length of UINT32 bytes in size. The name size leads to an arithmetic overflow leading to a zero-size allocation further causing a heap-based buffer overflow with attacker controlled data.

...

AZL-6459 CVE-2020-14311 affecting package grub2 for versions less than 2.06~rc1-7

There is an issue with grub2 before version 2.06 while handling symlink on ext filesystems. A filesystem containing a symbolic link with an inode size of UINT32MAX causes an arithmetic overflow leading to a zero-sized memory allocation with subsequent heap-based buffer overflow...

xorg-server -- Pixel Data Uninitialized Memory Information Disclosure

The X.org project reports: Allocation for pixmap data in AllocatePixmap does not initialize the memory in xserver, it leads to leak uninitialize heap memory to clients. When the X server runs with elevated privileges. This flaw can lead to ASLR bypass, which when combined with other flaws...

Scientific Linux Security Update : kernel on SL7.x x86_64 (20200317)

Security Fixes : - kernel: Count overflow in FUSE request leading to use-after-free issues. CVE-2019-11487 - kernel: rtlp2pnoaie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel lacks a certain upper-bound check, leading to a buffer overflow CVE-2019-17666 - Kernel: KVM: export...

CVE-2019-15034

hw/display/bochs-display.c in QEMU 4.0.0 does not ensure a sufficient PCI config space allocation, leading to a buffer overflow involving the PCIe extended config space...

CVE-2019-15034

hw/display/bochs-display.c in QEMU 4.0.0 does not ensure a sufficient PCI config space allocation, leading to a buffer overflow involving the PCIe extended config space...

CVE-2019-14046

Out of bound access while allocating memory for an array in camera due to improper validation of elements parameters in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Musi...

Memory corruption

In tzdata there is possible memory corruption due to a mismatch between allocation and deallocation functions. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions:...

CVE-2019-9290

CVE-2019-9290 affects the tzdata component in Android 10, where a mismatch between allocation and deallocation can cause memory corruption. This could enable local privilege escalation without user interaction. The Android 10 security release notes indicate this issue is addressed by patches in t...

CVE-2019-15543

An issue was discovered in the slice-deque crate before 0.2.0 for Rust. There is memory corruption in certain allocation cases...

Integer overflow

An Integer overflow in the getElfSections function in pvmlinx.cpp in UPX 3.95 allows remote attackers to cause a denial of service crash via a skewed offset larger than the size of the PE section in a UPX packed executable, which triggers an allocation of excessive memory...

Uninitialized Buffer Allocation

websocker-driver is vulnerable to uninitialized buffer allocation attacks. The library contains an uninitialized memory allocation when handling a large number, which can allow a malicious user to gain access to sensitive information or crash the application...

Chrome NewFixedDoubleArray Integer Overflow

Chrome: Integer overflow in NewFixedDoubleArray VULNERABILITY DETAILS https://cs.chromium.org/chromium/src/v8/src/heap/factory.cc?rcl=dd689541d3815d64b4b39f6a41603248c71aa00e&l=496 Handle Factory::NewFixedDoubleArrayint length, PretenureFlag pretenure DCHECKLE0, length; if length == 0 return...

libssh2 -- multiple issues

libssh2 developers report: Defend against possible integer overflows in compmethodzlibdecomp. Defend against writing beyond the end of the payload in libssh2transportread. Sanitize paddinglength - libssh2transportread. This prevents an underflow resulting in a potential out-of-bounds read if a...