37 matches found
Design/Logic Flaw
While investigating UBSAN errors in https://github.com/apache/arrow/pull/5365 it was discovered Apache Arrow versions 0.12.0 to 0.14.1, left memory Array data uninitialized when reading RLE null data from parquet. This affected the C++, Python, Ruby and R implementations. The uninitialized memory...
High severity vulnerability that affects qs
Withdrawn, accidental duplicate publish. The qs module before 1.0.0 in Node.js does not call the compact function for array data, which allows remote attackers to cause a denial of service memory consumption by using a large index value to create a sparse array...
Array data injection vulnerability in activerecord
SQL injection vulnerability in activerecord/lib/activerecord/connectionadapters/postgresql/cast.rb in Active Record in Ruby on Rails 4.0.x before 4.0.3, and 4.1.0.beta1, when PostgreSQL is used, allows remote attackers to execute "add data" SQL commands via vectors involving \ backslash character...
[SECURITY] Fedora 25 Update: gtatool-2.2.0-6.fc25
Gtatool is a command line tool to manipulate GTAs. It provides a set of commands that manipulate GTAs on various levels: array element components, array dimensions, whole arrays, and streams of ar rays. For example, you can add components to array elements, merge separate arrays into combined...
PHP 7.0.x < 7.0.19 Multiple Vulnerabilities
According to its banner, the version of PHP running on the remote web server is 7.0.x prior to 7.0.19. It is, therefore, affected by the following vulnerabilities : - A memory allocation issue exists in the zendstringextend function in file Zend/zendstring.h when concatenating strings due to a...
Design/Logic Flaw
The izvalptrdtor function in Zend/zendvariables.h in PHP 7.1.5 allows attackers to cause a denial of service memory consumption and application crash or possibly have unspecified other impact by triggering crafted operations on array data structures...
UBUNTU-CVE-2017-9119
The izvalptrdtor function in Zend/zendvariables.h in PHP 7.1.5 allows attackers to cause a denial of service memory consumption and application crash or possibly have unspecified other impact by triggering crafted operations on array data structures...
CVE-2017-9119
The izvalptrdtor function in Zend/zendvariables.h in PHP 7.1.5 allows attackers to cause a denial of service memory consumption and application crash or possibly have unspecified other impact by triggering crafted operations on array data structures...
CVE-2017-9119
The izvalptrdtor function in Zend/zendvariables.h in PHP 7.1.5 allows attackers to cause a denial of service memory consumption and application crash or possibly have unspecified other impact by triggering crafted operations on array data structures...
CVE-2017-9119
The izvalptrdtor function in Zend/zendvariables.h in PHP 7.1.5 allows attackers to cause a denial of service memory consumption and application crash or possibly have unspecified other impact by triggering crafted operations on array data structures...
CVE-2017-9119
Removed by vendor...
CVE-2017-9119
The izvalptrdtor function in Zend/zendvariables.h in PHP 7.1.5 allows attackers to cause a denial of service memory consumption and application crash or possibly have unspecified other impact by triggering crafted operations on array data structures...
Out-of-bounds
The assocarrayinsertintoterminalnode function in lib/assocarray.c in the Linux kernel before 4.5.3 does not check whether a slot is a leaf, which allows local users to obtain sensitive information from kernel memory or cause a denial of service invalid pointer dereference and out-of-bounds read v...
CVE-2016-7914
The assocarrayinsertintoterminalnode function in lib/assocarray.c in the Linux kernel before 4.5.3 does not check whether a slot is a leaf, which allows local users to obtain sensitive information from kernel memory or cause a denial of service invalid pointer dereference and out-of-bounds read v...
CVE-2016-7914
The assocarrayinsertintoterminalnode function in lib/assocarray.c in the Linux kernel before 4.5.3 does not check whether a slot is a leaf, which allows local users to obtain sensitive information from kernel memory or cause a denial of service invalid pointer dereference and out-of-bounds read v...
CVE-2014-7191
The qs module before 1.0.0 in Node.js does not call the compact function for array data, which allows remote attackers to cause a denial of service memory consumption by using a large index value to create a sparse array...
Web Worker Array Handling Heap Corruption Vulnerability — Mozilla
Security researcher Orlando Barrera II of SecTheory reported, via TippingPoint's Zero Day Initiative, that Mozilla's implementation of Web Workers contained an error in its handling of array data types when processing posted messages. This error could be used by an attacker to corrupt heap memory...