CVE-2023-28448 Versionize is lacking bound checks, potentially leading to out of bounds memory access

Versionize is a framework for version tolerant serializion/deserialization of Rust data structures, designed for usecases that need fast deserialization times and minimal size overhead. An issue was discovered in the ‘Versionize::deserialize’ implementation provided by the ‘versionize’ crate for...

Versionize 缓冲区错误漏洞

Versionize is a framework for version-tolerant serialization/deserialization of Rust data structures, designed for use cases that require fast deserialization times and minimal size overhead. Versionize suffers from a buffer error vulnerability that stems from an out-of-bounds memory access issue...

CVE-2022-42332

x86 shadow plus log-dirty mode use-after-free In environments where host assisted address translation is necessary but Hardware Assisted Paging HAP is unavailable, Xen will run guests in so called shadow mode. Shadow mode maintains a pool of memory used for both shadow page tables as well as...

[SECURITY] Fedora 36 Update: redis-6.2.11-1.fc36

Redis is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing se...

CVE-2023-0622 CVE-2023-0622

Cscape Envision RV version 4.60 is vulnerable to an out-of-bounds write vulnerability when parsing project i.e. HMI files. The product lacks proper validation of user-supplied data, which could result in writes past the end of allocated data structures. An attacker could leverage these...

K15504: OpenSSH vulnerability CVE-2014-1692

Security Advisory Description The hashbuffer function in schnorr.c in OpenSSH through 6.4, when Makefile.inc is modified to enable the J-PAKE protocol, does not initialize certain data structures, which might allow remote attackers to cause a denial of service memory corruption or have unspecifie...

The vulnerability of the PHP framework Yii, related to the restoration of unreliable data structures in memory, allows attackers to execute arbitrary code.

The vulnerability of the PHP framework Yii is related to the restoration of unreliable data structures in memory. Exploiting this vulnerability allows an attacker operating remotely to execute arbitrary code...

SUSE CVE-2006-5757

Race condition in the findgetblockslow function in the ISO9660 filesystem in Linux 2.6.18 and possibly other versions allows local users to cause a denial of service infinite loop by mounting a crafted ISO9660 filesystem containing malformed data structures...

SUSE CVE-2014-1692

The hashbuffer function in schnorr.c in OpenSSH through 6.4, when Makefile.inc is modified to enable the J-PAKE protocol, does not initialize certain data structures, which might allow remote attackers to cause a denial of service memory corruption or have unspecified other impact via vectors tha...

SUSE CVE-2014-7934

Use-after-free vulnerability in the DOM implementation in Blink, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to unexpected absence of document data structures...

SUSE CVE-2015-4556

The string-translate procedure in the data-structures unit in CHICKEN before 4.10.0 allows remote attackers to cause a denial of service crash...

[SECURITY] Fedora 37 Update: redis-7.0.8-1.fc37

Redis is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing se...

GHSA-6RX9-889Q-VV2R Helm vulnerable to denial of service through string value parsing

Fuzz testing, by Ada Logics and sponsored by the CNCF, identified input to functions in the strvals package that can cause a stack overflow. In Go, a stack overflow cannot be recovered from. Applications that use functions from the strvals package in the Helm SDK can have a Denial of Service atta...

[SECURITY] Fedora 36 Update: efl-1.26.3-1.fc36

EFL is a collection of libraries for handling many common tasks a developer may have such as data structures, communication, rendering, widgets and more...

[SECURITY] Fedora 37 Update: efl-1.26.3-1.fc37

EFL is a collection of libraries for handling many common tasks a developer may have such as data structures, communication, rendering, widgets and more...

Security Bulletin: Multiple Denial of Service vulnerabilities with Expat may affect IBM HTTP Server

Summary There are several vulnerabilities that may affect IBM HTTP Server that is used by WebSphere Application Server. Vulnerability Details CVEID: CVE-2012-0876 DESCRIPTION: Expat is vulnerable to a denial of service, caused by insufficient randomization of hash data structures. By sending...

Denial of service through string value parsing

Fuzz testing, by Ada Logics and sponsored by the CNCF, identified input to functions in the strvals package that can cause an out of memory panic. Out of memory panics cannot be recovered from. Applications that use functions from the strvals package in the Helm SDK can have a Denial of Service...

mariadb: MariaDB through 10.5.9 allows an application crash via certain long SELECT DISTINCT statements

MariaDB through 10.5.9 allows an application crash via certain long SELECT DISTINCT statements that improperly interact with storage-engine resource limitations for temporary data structures...

[SECURITY] Fedora 36 Update: golang-github-ledisdb-0.6-6.20210112gitd35789e.fc36

Ledisdb is a high-performance NoSQL database library and server written in Go. It's similar to Redis but store data in disk. It supports many data structures including kv, list, hash, zset, set. LedisDB now supports multiple different databases as backends...

mariadb: MariaDB through 10.5.9 allows an application crash via certain long SELECT DISTINCT statements

MariaDB through 10.5.9 allows an application crash via certain long SELECT DISTINCT statements that improperly interact with storage-engine resource limitations for temporary data structures...