USN-4710-1: Linux kernel vulnerability

Kiyin 尹亮 discovered that the perf subsystem in the Linux kernel did not properly deallocate memory in some situations. A privileged attacker could use this to cause a denial of service kernel memory exhaustion...

Ubuntu 16.04 LTS / 18.04 LTS : Linux kernel vulnerabilities (USN-4711-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-4711-1 advisory. It was discovered that the LIO SCSI target implementation in the Linux kernel performed insufficient identifier checking in certain XCOPY...

The vulnerability in the implementation of the AES-GCM mode of the WebCrypto API interface of Mozilla Firefox allows a perpetrator to gain unauthorized access to protected information.

The vulnerability in the implementation of the AES-GCM mode of the WebCrypto API interface in Mozilla Firefox’s browser relates to the use of memory after deallocation. Exploiting this vulnerability could allow an attacker operating remotely to gain unauthorized access to protected information...

The vulnerability of the Firefox, Firefox ESR, and Thunderbird email client’s frame loader allows a hacker to induce a service failure.

The vulnerability of the Firefox, Firefox ESR, and Thunderbird email client’s frame downloaders is related to the use of memory after deallocation. Exploiting this vulnerability can allow a remote attacker to cause service interruptions...

The vulnerability of Firefox browsers, Firefox ESR, and the Thunderbird email client, related to the use of memory after release, allows a hacker to trigger a service failure.

The vulnerabilities of Firefox, Firefox ESR, and the email client Thunderbird are related to the use of memory after deallocation. Exploiting these vulnerabilities can allow a remote attacker to cause service interruptions...

Ubuntu 18.04 LTS / 20.04 LTS : Linux kernel vulnerabilities (USN-4679-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-4679-1 advisory. It was discovered that the console keyboard driver in the Linux kernel contained a race condition. A local attacker could use this to expose...

CVE-2020-35885

An issue was discovered in the alpm-rs crate through 2020-08-20 for Rust. StrcCtx performs improper memory deallocation...

CVE-2020-35885

An issue was discovered in the alpm-rs crate through 2020-08-20 for Rust. StrcCtx performs improper memory deallocation...

Memory corruption

An issue was discovered in the alpm-rs crate through 2020-08-20 for Rust. StrcCtx performs improper memory deallocation...

CVE-2020-35885

The CVE-2020-35885 issue affects the Rust alpm-rs crate, where StrcCtx deallocates a memory region it does not own. This memory-safety flaw can lead to double-free or use-after-free conditions, as documented by associated advisories (e.g., RUSTSEC-2020-0032 and GHSA entries) and related OSV/NVD r...

CVE-2020-35885

An issue was discovered in the alpm-rs crate through 2020-08-20 for Rust. StrcCtx performs improper memory deallocation...

The vulnerability of SMIL animation functions in browsers Firefox, Firefox ESR, and the email client Thunderbird allows a perpetrator to trigger a service failure.

The vulnerability of SMIL animation functions in browsers Firefox, Firefox ESR, and the email client Thunderbird relates to the use of memory after deallocation. Exploiting this vulnerability can allow an attacker to cause service interruptions remotely...

The vulnerability of Firefox browsers, Firefox ESR, and the Thunderbird email client, related to the use of memory after release, allows a hacker to trigger a service failure.

The vulnerabilities of the Firefox browser, Firefox ESR, and the Thunderbird email client are related to the use of memory after deallocation. Exploiting these vulnerabilities can allow a remote attacker to cause service interruptions...

Xen Security Vulnerabilities

Xen is a product of the University of Cambridge UK.Xen is an open source virtual machine monitor product.Service is a computer monitoring and classroom management software for Windows and Linux.effect is a product of the University of Cambridge UK.effect is a software package for adding image...

The vulnerability of the openslp hypervisor packages in VMware ESXi, VMware Workstation, and VMware Fusion allows a malicious actor to execute arbitrary code, cause system failures, or gain unauthorized access to protected information.

The vulnerability of the openslp hypervisor packages in VMware ESXi, VMware Workstation, and VMware Fusion relates to the use of memory after deallocation. Exploiting this vulnerability can allow an attacker to execute arbitrary code, cause system failures, or gain unauthorized access to protecte...

CVE-2020-15254

Crossbeam is a set of tools for concurrent programming. In crossbeam-channel before version 0.4.4, the bounded channel incorrectly assumes that Vec::fromiter has allocated capacity that same as the number of iterator elements. Vec::fromiter does not actually guarantee that and may allocate extra...

UBUNTU-CVE-2020-15254

Crossbeam is a set of tools for concurrent programming. In crossbeam-channel before version 0.4.4, the bounded channel incorrectly assumes that Vec::fromiter has allocated capacity that same as the number of iterator elements. Vec::fromiter does not actually guarantee that and may allocate extra...

CVE-2020-15254

Crossbeam is a set of tools for concurrent programming. In crossbeam-channel before version 0.4.4, the bounded channel incorrectly assumes that Vec::fromiter has allocated capacity that same as the number of iterator elements. Vec::fromiter does not actually guarantee that and may allocate extra...

Null pointer dereference

Crossbeam is a set of tools for concurrent programming. In crossbeam-channel before version 0.4.4, the bounded channel incorrectly assumes that Vec::fromiter has allocated capacity that same as the number of iterator elements. Vec::fromiter does not actually guarantee that and may allocate extra...

CVE-2020-15254

CVE-2020-15254 concerns Crossbeam-channel’s bounded channel in versions before 0.4.4. The root cause is an unsound assumption: Vec::from_iter may not allocate capacity equal to the number of iterator elements, causing the bounded channel’s destructor to reconstruct a Vec with an incorrect capacit...