sqlite: out-of-bounds access due to the use of 32-bit memory allocator interfaces

Integer overflow in SQLite via WebSQL in Google Chrome prior to 74.0.3729.131 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

[SECURITY] Fedora 30 Update: stdx-allocator-2.77.2-7.fc30

High-level interface for allocators for D, extracted from Phobos...

openSUSE Security Update : ceph (openSUSE-2019-306)

This update for ceph fixes the following issues : Security issues fixed : - CVE-2018-14662: mon: limit caps allowed to access the config store bsc1111177 - CVE-2018-16846: rgw: enforce bounds on max-keys/max-uploads/max-parts bsc1114710 - CVE-2018-16889: rgw: sanitize customer encryption keys fro...

UBUNTU-CVE-2019-1999

In binderallocfreepage of binderalloc.c, there is a possible double free due to improper locking. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android...

SUSE-SU-2019:0499-1 Security update for ceph

This update for ceph fixes the following issues: Security issues fixed: - CVE-2018-14662: mon: limit caps allowed to access the config store bsc1111177 - CVE-2018-16846: rgw: enforce bounds on max-keys/max-uploads/max-parts bsc1114710 - CVE-2018-16889: rgw: sanitize customer encryption keys from...

DEBIAN-CVE-2018-19876

cairo 1.16.0, in cairoftapplyvariations in cairo-ft-font.c, would free memory using a free function incompatible with WebKit's fastMalloc, leading to an application crash with a "free: invalid pointer" error...

Elastic Cloud Enterprise (ECE) Incorrect Authentication Vulnerability

Elastic Cloud Enterprise ECE is a suite of software packages for managing, monitoring, and configuring Elasticsearch, Kibana, and X-Pack from Elasticsearch Netherlands. Elastic Cloud Enterprise ECE suffers from an incorrect authentication vulnerability that can be exploited by an attacker to add ...

CVE-2018-3829

In Elastic Cloud Enterprise ECE versions prior to 1.1.4 it was discovered that a user could scale out allocators on new hosts with an invalid roles token. An attacker with access to the previous runner ID and IP address of the coordinator-host could add a allocator to an existing ECE install to...

CVE-2018-3828

Elastic Cloud Enterprise ECE versions prior to 1.1.4 contain an information exposure vulnerability. It was discovered that certain exception conditions would result in encryption keys, passwords, and other security sensitive headers being leaked to the allocator logs. An attacker with access to t...

CVE-2018-3828

Elastic Cloud Enterprise ECE versions prior to 1.1.4 contain an information exposure vulnerability. It was discovered that certain exception conditions would result in encryption keys, passwords, and other security sensitive headers being leaked to the allocator logs. An attacker with access to t...

CVE-2018-3828

Elastic Cloud Enterprise ECE versions prior to 1.1.4 contain an information exposure vulnerability. It was discovered that certain exception conditions would result in encryption keys, passwords, and other security sensitive headers being leaked to the allocator logs. An attacker with access to t...

PT-2018-16223 · Elastic · Cloud Enterprise

Name of the Vulnerable Software and Affected Versions: Elastic Cloud Enterprise ECE versions prior to 1.1.4 Description: A security issue was found in Elastic Cloud Enterprise where a user could scale out allocators on new hosts using an invalid roles token. An attacker with access to the previou...

CVE-2018-16770

In WAVM through 2018-07-26, a crafted file sent to the WebAssembly Virtual Machine may cause a denial of service application crash or possibly have unspecified other impact because a certain newallocator allocate call fails...

Code injection

In WAVM through 2018-07-26, a crafted file sent to the WebAssembly Virtual Machine may cause a denial of service application crash or possibly have unspecified other impact because a certain newallocator allocate call fails...

WAVM Denial of Service Vulnerability (CNVD-2019-09772)

WAVM is the WebAssembly Virtual Machine. A denial-of-service vulnerability exists in WAVM 2018-07-26 and earlier versions, which stems from a failure of a certain newallocator allocation call and can be exploited by an attacker to cause a denial of service application crash by sending a specially...

procps: incorrect integer size in proc/alloc.* leading to truncation / integer overflow issues

A flaw was found where procps-ng provides wrappers for standard C allocators that took unsigned int instead of sizet parameters. On platforms where these differ such as x8664, this could cause integer truncation, leading to undersized regions being returned to callers that could then be overflowe...

libsixel memory leak vulnerability (CNVD-2018-17508)

libsixel is a package that provides encoding/decoding implementations for DEC SIXEL graphics and other converter programs. A memory disclosure vulnerability exists in the 'sixelallocatornew' function of the allocator.c file in libsixel version 1.8.1. A remote attacker can exploit this vulnerabili...

CVE-2018-14073

libsixel 1.8.1 has a memory leak in sixelallocatornew in allocator.c...

CVE-2018-14073

libsixel 1.8.1 has a memory leak in sixelallocatornew in allocator.c...

Unspecified vulnerability in Linux kernel (CNVD-2018-16689)

Linux kernel is the kernel used by Linux, the open source operating system released by the Linux Foundation in the United States. A security vulnerability exists in Linux kernel versions 4.17.2 and earlier, which stems from the page allocator not providing CPU resources to the oomlock mutex lock...