CVE-2020-11254

CVE-2020-11254 describes memory corruption during buffer allocation caused by dereferencing an unvalidated session ctx pointer in Qualcomm Snapdragon components (Auto/Compute/Connectivity/Mobile). The issue affects multiple Snapdragon subsystems and has an availability impact per CVSS. Public ref...

CVE-2020-11254

Memory corruption during buffer allocation due to dereferencing session ctx pointer without checking if pointer is valid in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Mobile...

Qualcomm 组件代码问题漏洞

The Qualcomm Component is a component of Qualcomm Incorporated USA. The intrinsic parts that provide the functionality of Qualcomm devices. A code issue vulnerability exists in the Qualcomm Component that arises from a memory corruption during buffer allocation due to dereferencing the session ct...

CVE-2021-31426

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.2-49151. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the...

CVE-2021-27259

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.0.1-48919. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within...

Integer overflow

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.0.1-48919. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within...

CVE-2021-27243

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.0.1-48919. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within...

Parallels Desktop Toolgate Integer Overflow Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the Toolgate...

Denial Of Service (DoS)

jackson-dataformat-cbor is vulnerable to denial of service DoS. The vulnerability exists through the eager allocation of byte buffer that causes an out of memory error when a large len value is processed in finishBytes...

DEBIAN-CVE-2020-28491

This affects the package com.fasterxml.jackson.dataformat:jackson-dataformat-cbor from 0 and before 2.11.4, from 2.12.0-rc1 and before 2.12.1. Unchecked allocation of byte buffer can cause a java.lang.OutOfMemoryError exception...

libuv: buffer overflow in realpath

A flaw has been found in libuv. The realpath implementation performs an incorrect calculation when allocating a buffer, leading to a potential buffer overflow. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

Denial of service

Denial of Service vulnerability in Rostelecom CS-C2SHW 5.0.082.1. AgentGreen service has a bug in parsing broadcast discovery UDP packet. Sending a packet of too small size will lead to an attempt of allocating buffer of negative size. As the result service AgentGreen will be terminated and start...

netty: compression/decompression codecs don't enforce limits on buffer allocation sizes

A flaw was found in Netty in the way it handles the amount of data it compresses and decompresses. The Compression/Decompression codecs should enforce memory allocation size limits to avoid an Out of Memory Error OOME or exhaustion of the memory pool...

libbabl 0.1.62 - Broken Double Free Detection (PoC)

Exploit Title: libbabl 0.1.62 - Broken Double Free Detection PoC Date: December 14, 2020 Exploit Author: Carter Yagemann Vendor Homepage: https://www.gegl.org Software Link: https://www.gegl.org/babl/ Version: libbabl 0.1.62 and newer Tested on: Debian Buster Linux 4.19.0-9-amd64 Compile: gcc...

netty: compression/decompression codecs don't enforce limits on buffer allocation sizes

A flaw was found in Netty in the way it handles the amount of data it compresses and decompresses. The Compression/Decompression codecs should enforce memory allocation size limits to avoid an Out of Memory Error OOME or exhaustion of the memory pool...

PT-2021-18764 · Upx +2 · Upx +2

Name of the Vulnerable Software and Affected Versions: UPX version 4.0.0 Description: An assertion abort was found in the MemBuffer::alloc function in mem.cpp, allowing attackers to cause a denial of service abort via a crafted file. Recommendations: For UPX version 4.0.0, consider avoiding the u...

Microsoft Visual Studio DDS File Parsing Integer Overflow Remote Code Execution Multiple Vulnerabilities

These vulnerabilities allow remote attackers to execute arbitrary code on affected installations of Microsoft Visual Studio. User interaction is required to exploit these vulnerabilities in that the target must visit a malicious page or open a malicious file. The specific flaws exist within the...

Moderate: Red Hat Security Advisory: Red Hat Data Grid 8.1.0 Security Update

An update for Red Hat Data Grid is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the...

CVE-2020-17396

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 15.1.4. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the...

Integer overflow

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 15.1.4. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the...