38 matches found
CVE-2023-1901
The bluetooth HCI host layer logic not clearing a global reference to a semaphore after synchronously sending HCI commands may allow a malicious HCI Controller to cause the use of a dangling reference in the host layer, leading to a crash DoS or potential RCE on the Host layer...
Null pointer dereference
The bluetooth HCI host layer logic not clearing a global reference to a state pointer after handling connection events may allow a malicious HCI Controller to cause the use of a dangling reference in the host layer, leading to a crash DoS or potential RCE on the Host layer...
CVE-2023-1901
The CVE concerns Zephyr's Bluetooth HCI host layer. The issue arises from not clearing a global reference to a semaphore after synchronously sending HCI commands, which may allow a malicious HCI Controller to reuse a dangling reference in the host layer. Reported impacts include DoS via a crash a...
CVE-2023-1902 HCI Connection Creation Dangling State Reference Re-use
The bluetooth HCI host layer logic not clearing a global reference to a state pointer after handling connection events may allow a malicious HCI Controller to cause the use of a dangling reference in the host layer, leading to a crash DoS or potential RCE on the Host layer...
PT-2023-4151 · Zephyr · Zephyr
Name of the Vulnerable Software and Affected Versions: Zephyr affected versions not specified Description: The issue is related to a Bluetooth protocol implementation flaw in the Zephyr real-time operating system, involving the use of memory after it has been freed. This could allow a remote...
PT-2023-4150 · Zephyr · Zephyr
Name of the Vulnerable Software and Affected Versions: Zephyr affected versions not specified Description: The issue is related to the Bluetooth protocol implementation, specifically with the bluetooth HCI host layer logic not clearing a global reference to a semaphore after synchronously sending...
SUSE CVE-2005-3784
The auto-reap of child processes in Linux kernel 2.6 before 2.6.15 includes processes with ptrace attached, which leads to a dangling ptrace reference and allows local users to cause a denial of service crash and gain root privileges...
GHSA-C9H5-HF8R-M97X Dangling reference in flatbuffers
An issue was discovered in the flatbuffers crate through 2020-04-11 for Rust. readscalar and readscalarat can transmute values without unsafe blocks...
Dangling reference in flatbuffers
An issue was discovered in the flatbuffers crate through 2020-04-11 for Rust. readscalar and readscalarat can transmute values without unsafe blocks...
RUSTSEC-2020-0091 Dangling reference in `access::Map` with Constant
Using the arcswap::access::Map with the Constant test helper or with user-provided implementation of the Access trait could sometimes lead to the map returning dangling references. Replaced by implementation without unsafe, at the cost of added Clone bound on the closure and small penalty on...
`read_scalar` and `read_scalar_at` allow transmuting values without `unsafe` blocks
The readscalar and readscalarat functions are unsound because they allow transmuting values without unsafe blocks. The following example shows how to create a dangling reference: fn main deriveCopy, Clone, PartialEq, Debug struct S&'static str; impl flatbuffers::EndianScalar for S fn...
RUSTSEC-2020-0009 `read_scalar` and `read_scalar_at` allow transmuting values without `unsafe` blocks
The readscalar and readscalarat functions are unsound because they allow transmuting values without unsafe blocks. The following example shows how to create a dangling reference: fn main deriveCopy, Clone, PartialEq, Debug struct S&'static str; impl flatbuffers::EndianScalar for S fn...
CVE-2018-8174
A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka “Windows VBScript Engine Remote Code Execution Vulnerability.” This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1,...
Adobe Flash Player Memory Corruption (APSB16-25: CVE-2016-4232)
A memory leak vulnerability exists in Adobe Flash Player. The vulnerability is due to a dangling reference error in Adobe Flash Player while handling a specially crafted SWF file. A remote attacker can exploit this vulnerability by enticing a target user to open a specially crafted SWF file with ...
VULNERABLE (3rd party) components in Adobe Reader 11.0.03, and dangling reference to Acrobat.exe
Hi @ll, the current Adobe Reader 11.0.03 installs the following VULNERABLE 3rd party components: 1. Adobe Flash Player Plugin 11.5.502.110 | X:filever.exe /S "ProgramFilesAdobenpswf.dll" | x:program filesadobereader 11.0readernpswf.dll | --a-- W32i DLL ENU 11.5.502.110 shp 14,588,632 05-11-2013...
Mozilla Firefox SVGPathSegList.replaceItem Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the code...
Apple Safari Webkit Runin Box Promotion Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari's Webkit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way th...
security flaw
The auto-reap of child processes in Linux kernel 2.6 before 2.6.15 includes processes with ptrace attached, which leads to a dangling ptrace reference and allows local users to cause a denial of service crash and gain root privileges...