CVE-2020-6113

An exploitable vulnerability exists in the object stream parsing functionality of Nitro Software, Inc.’s Nitro Pro 13.13.2.242 when updating its cross-reference table. When processing an object stream from a PDF document, the application will perform a calculation in order to allocate memory for...

Solana BBP: Buffer can be readable through Debug on metrics.solana.com

Summary: Buffer memory can be readable due to debug mode enable in one of the sub-domains. t Steps To Reproduce: 1.Open https://metrics.solana.com:8086/debug/pprof/goroutine?debug=1 2. Here you can also brute force the endpoint. Supporting Material/References: F955888 Impact Buffer over-reads can...

rust-protobuf out-of-memory vulnerability

rust-protobuf is a Rust implementation of the Google protocol buffer. An out-of-memory vulnerability exists in rust-protobuf versions prior to 2.6.0. An attacker can exploit this vulnerability to exhaust all memory via the Vec::reserve call...

FreeBSD-SA-19:23.midi

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-19:23.midi Security Advisory The FreeBSD Project Topic: kernel memory disclosure from /dev/midistat Category: core Module: sound Announced: 2019-08-20 Credits:...

CVE-2019-5669

NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer handler for DxgkDdiEscape in which the software uses a sequential operation to read from or write to a buffer, but it uses an incorrect length value that causes it to access memory that is outside of the bounds of...

Security update for nodejs4 (moderate)

This update for nodejs4 fixes the following issues: Security issues fixed: - CVE-2018-12115: Fixed an out-of-bounds memory write in Buffer that could be used to write to memory outside of a Buffer's memory space buffer bsc1105019 - Upgrade to OpenSSL 1.0.2p, which fixed: - CVE-2018-0732: Client...

Ubuntu 14.04 LTS / 16.04 LTS : OpenSSH vulnerabilities (USN-3538-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3538-1 advisory. Jann Horn discovered that OpenSSH incorrectly loaded PKCS11 modules from untrusted directories. A remote attacker could possibly use this iss...

USN-3538-1: OpenSSH vulnerabilities

Jann Horn discovered that OpenSSH incorrectly loaded PKCS11 modules from untrusted directories. A remote attacker could possibly use this issue to execute arbitrary PKCS11 modules. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. CVE-2016-10009 Jann Horn discovered that OpenSSH...

Apple QuickTime STSD JPEG Atom Heap Corruption - Ver2 (CVE-2009-0007)

Apple's QuickTime is a multimedia player that supports a wide range of media formats. The software supports parsing and displaying picture files as well as numerous audio/video formats. There exists a heap buffer memory corruption vulnerability in Apple QuickTime. The vulnerability is due to lack...

Apple QuickTime VR Track Header Atom Heap Corruption (CVE-2009-0002)

QuickTime is a media player application developed by Apple. It is capable of playing back numerous multimedia file formats from local file system or remote servers. There exists a heap buffer memory corruption vulnerability in Apple QuickTime. The vulnerability is due to a logic error while...

SuSE 10 Security Update : OpenSSL (ZYPP Patch Number 6267)

Three remote DoS vulnerabilities have been fixed in OpenSSL: a DTLS epoch record buffer memory DoS CVE-2009-1377, a DTLS fragment handling memory DoS CVE-2009-1378 and a DTLS fragment read after a free DoS. CVE-2009-1379 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of...

openSUSE Security Update : libopenssl-devel (libopenssl-devel-907)

Three remote DoS vulnerabilities have been fixed in OpenSSL: a DTLS epoch record buffer memory DoS CVE-2009-1377, a DTLS fragment handling memory DoS CVE-2009-1378 and a DTLS fragment read after a free DoS CVE-2009-1379. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text an...

openSUSE 10 Security Update : libopenssl-devel (libopenssl-devel-6268)

Three remote DoS vulnerabilities have been fixed in OpenSSL: a DTLS epoch record buffer memory DoS CVE-2009-1377, a DTLS fragment handling memory DoS CVE-2009-1378 and a DTLS fragment read after a free DoS CVE-2009-1379. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text an...

CVE-2026-5761

virtio-blk: zone report buffer out-of-memory...