1025 matches found
GitHub Security Lab: ihsinme: CPP Add query for CWE-14 compiler removal of code to clear buffers.
This bug was reported directly to GitHub Security Lab...
CVE-2017-14451
An exploitable out-of-bounds read vulnerability exists in libevm Ethereum Virtual Machine of CPP-Ethereum. A specially crafted smart contract code can cause an out-of-bounds read which can subsequently trigger an out-of-bounds write resulting in remote code execution. An attacker can create/send...
CVE-2017-14451
An exploitable out-of-bounds read vulnerability exists in libevm Ethereum Virtual Machine of CPP-Ethereum. A specially crafted smart contract code can cause an out-of-bounds read which can subsequently trigger an out-of-bounds write resulting in remote code execution. An attacker can create/send...
CVE-2017-14451
CVE-2017-14451 is an exploitable out-of-bounds read in libevm (CPP‑Ethereum). The root cause, per TALOS/Red Hat/NVD details, is the pow2N function returning exp[_n] without bounds checks, with exp defined as size 6. The _type parameter (0–255) can drive laneCount/laneWidth to values beyond the ar...
CVE-2020-0409
In create of FileMap.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-8.0 Android-8...
CVE-2020-0421
In appendFormatV of String8.cpp, there is a possible out of bounds write due to incorrect error handling. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-...
CVE-2020-0408
In remove of String16.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.0...
Integer overflow
In remove of String16.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.0...
Out-of-bounds
In appendFormatV of String8.cpp, there is a possible out of bounds write due to incorrect error handling. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-...
CVE-2020-0421
In appendFormatV of String8.cpp, there is a possible out of bounds write due to incorrect error handling. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-...
CVE-2020-0421
CVE-2020-0421 is an Elevation of Privilege vulnerability in the Android Framework (affecting Android 8.0–11) that could allow a locally malicious app to bypass user interaction requirements and gain additional permissions. The root cause is described as an out-of-bounds write in String8.cpp (appe...
ASB-A-156999009
In remove of String16.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
The SingleDocParser::HandleFlowSequence function in yaml-cpp (aka LibYaml-C++) 0.6.2 allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted YAML file.
...
An issue was discovered in singledocparser.cpp in yaml-cpp (aka LibYaml-C++) 0.6.2. Stack Exhaustion occurs in YAML::SingleDocParser and there is a stack consumption problem caused by recursive stack frames: HandleCompactMap HandleMap HandleFlowSequence HandleSequence HandleNode. Remote attackers could leverage this vulnerability to cause a denial-of-service via a cpp file.
...
The SingleDocParser::HandleFlowMap function in yaml-cpp (aka LibYaml-C++) 0.6.2 allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted YAML file.
...
The Scanner::EnsureTokensInQueue function in yaml-cpp (aka LibYaml-C++) 0.6.2 allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted YAML file.
...
CVE-2019-6292 affecting package yaml-cpp 0.6.2-6
CVE-2019-6292 affecting package yaml-cpp 0.6.2-6. A patched version of the package is available...
CVE-2018-20574 affecting package yaml-cpp 0.6.2-6
CVE-2018-20574 affecting package yaml-cpp 0.6.2-6. A patched version of the package is available...
CVE-2019-6285 affecting package yaml-cpp 0.6.2-6
CVE-2019-6285 affecting package yaml-cpp 0.6.2-6. A patched version of the package is available...
CVE-2018-20573 affecting package yaml-cpp 0.6.2-6
CVE-2018-20573 affecting package yaml-cpp 0.6.2-6. A patched version of the package is available...