6239 matches found
Memory corruption
The Snappy frame decoder function doesn't restrict the chunk length which may lead to excessive memory usage. Beside this it also may buffer reserved skippable chunks until the whole chunk was received which may lead to excessive memory usage as well. This vulnerability can be triggered by...
UBUNTU-CVE-2021-37137
The Snappy frame decoder function doesn't restrict the chunk length which may lead to excessive memory usage. Beside this it also may buffer reserved skippable chunks until the whole chunk was received which may lead to excessive memory usage as well. This vulnerability can be triggered by...
CVE-2021-37136
CVE-2021-37136 : The Bzip2 decompression decoder can set no limit on the decompressed output size, affecting all Bzip2Decoder users. This under- or over-allocates memory during decompression and can trigger an OutOfMemoryError, enabling DoS. Connected IBM/ASTRA entries reiterate the same descript...
Netty 资源管理错误漏洞
Netty is a non-blocking I/O client-server framework from the Netty community that is primarily used to develop Java web applications such as protocol servers and clients. Netty suffers from a Resource Management Error vulnerability that stems from the Snappy frame decoder function not limiting th...
CVE-2021-37137
The Snappy frame decoder function doesn't restrict the chunk length which may lead to excessive memory usage. Beside this it also may buffer reserved skippable chunks until the whole chunk was received which may lead to excessive memory usage as well. This vulnerability can be triggered by...
CVE-2021-37137
CVE-2021-37137 involves Netty’s Snappy frame decoding where the SnappyFrameDecoder does not restrict the chunk length, enabling potential excessive memory usage. The issue can be triggered by crafted input that decompresses to a very large size (via network streams or files) or by sending a very ...
openvswitch: use-after-free in decode_NXAST_RAW_ENCAP during the decoding of a RAW_ENCAP action
Open vSwitch aka openvswitch has a use-after-free in decodeNXASTRAWENCAP called from ofpactdecode and ofpactsdecode during the decoding of a RAWENCAP action...
CVE-2021-41331
Windows Media Audio Decoder Remote Code Execution Vulnerability...
CVE-2021-41331
Windows Media Audio Decoder Remote Code Execution Vulnerability...
Remote code execution
Windows Media Audio Decoder Remote Code Execution Vulnerability...
CVE-2021-41331 Windows Media Audio Decoder Remote Code Execution Vulnerability
...
CVE-2021-41331
CVE-2021-41331 corresponds to a Windows Media Audio Decoder Remote Code Execution Vulnerability. Public documents (NVD/NVD-derived entries) describe impact as remote code execution with high-severity ratings: CVSS 3.1 base score 7.8 (LOCAL ATTACK VECTOR, PRIVILEGES NONE, UI REQUIRED; CONF/I/H = H...
Microsoft Windows Multiple Vulnerabilities (KB5006743)
This host is missing a critical security update according to Microsoft KB5006743 SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Windows Media Audio Decoder Remote Code Execution Vulnerability
...
KLA12309 Multiple vulnerabilities in Microsoft Products (ESU)
Multiple vulnerabilities were found in Microsoft Products Extended Security Update. Malicious users can exploit these vulnerabilities to spoof user interface, bypass security restrictions, obtain sensitive information, gain privileges, execute arbitrary code, cause denial of service. Below is a...
PT-2021-4440 · Microsoft · Windows Media Audio Decoder +1
Name of the Vulnerable Software and Affected Versions: Windows Media Audio Decoder affected versions not specified Description: The issue is related to errors in code generation management in the Windows Media Audio Decoder. It allows remote attackers to execute arbitrary code and affect the...
CVE-2021-3510
Zephyr JSON decoder incorrectly decodes array of array. Zephyr versions = 1.14.0, = 2.5.0 contain Attempt to Access Child of a Non-structure Pointer CWE-588. For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-289f-7mw3-2qf4...
CVE-2021-3510
Zephyr JSON decoder incorrectly decodes array of array. Zephyr versions = 1.14.0, = 2.5.0 contain Attempt to Access Child of a Non-structure Pointer CWE-588. For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-289f-7mw3-2qf4...
Hardcoded credentials
Zephyr JSON decoder incorrectly decodes array of array. Zephyr versions = 1.14.0, = 2.5.0 contain Attempt to Access Child of a Non-structure Pointer CWE-588. For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-289f-7mw3-2qf4...
CVE-2021-3510
CVE-2021-3510 affects Zephyr RTOS with the JSON decoder incorrectly decoding arrays, leading to an Attempt to Access Child of a Non-structure Pointer (CWE-588). The vulnerability is evidenced by multiple sources (NVD entry and related advisories) noting the Zephyr JSON decoder mishandling arrays ...