298 matches found
Heap overflow
Incorrect handling of input data in loudness function in the libmysofa library 0.5 - 1.1 will lead to heap buffer overflow and access to unallocated memory block...
CVE-2020-36149
Incorrect handling of input data in changeAttribute function in the libmysofa library 0.5 - 1.1 will lead to NULL pointer dereference and segmentation fault error in case of restrictive memory protection or near NULL pointer overwrite in case of no memory restrictions e.g. in embedded environment...
CVE-2020-36151
Incorrect handling of input data in mysofaresamplerresetmem function in the libmysofa library 0.5 - 1.1 will lead to heap buffer overflow and overwriting large memory block...
Default credentials
A vulnerability has been identified in Solid Edge SE2020 All Versions SE2020MP12, Solid Edge SE2021 All Versions SE2021MP2. Affected applications lack proper validation of user-supplied data when parsing PAR files. This could result in an out of bounds write into uninitialized memory. An attacker...
CVE-2021-1065
NVIDIA vGPU manager contains a vulnerability in the vGPU plugin, in which input data is not validated, which may lead to tampering of data or denial of service. This affects vGPU version 8.x prior to 8.6 and version 11.0 prior to 11.3...
CVE-2021-1066
NVIDIA vGPU manager contains a vulnerability in the vGPU plugin, in which input data is not validated, which may lead to unexpected consumption of resources, which in turn may lead to denial of service. This affects vGPU version 8.x prior to 8.6 and version 11.0 prior to 11.3...
CVE-2021-1065
CVE-2021-1065 affects NVIDIA vGPU manager (part of vGPU software): a vulnerability in the vGPU plugin where input data is not validated, potentially enabling data tampering or denial of service. Affected are vGPU versions 8.x (before 8.6) and 11.0 (before 11.3). NVIDIA’s security guidance indicat...
CVE-2021-1065
NVIDIA vGPU manager contains a vulnerability in the vGPU plugin, in which input data is not validated, which may lead to tampering of data or denial of service. This affects vGPU version 8.x prior to 8.6 and version 11.0 prior to 11.3...
CVE-2021-1062
NVIDIA vGPU manager contains a vulnerability in the vGPU plugin, in which an input data length is not validated, which may lead to tampering of data or denial of service. This affects vGPU version 8.x prior to 8.6 and version 11.0 prior to 11.3...
CVE-2021-1058
NVIDIA vGPU software contains a vulnerability in the guest kernel mode driver and vGPU plugin, in which an input data size is not validated, which may lead to tampering of data or denial of service. This affects vGPU version 8.x prior to 8.6 and version 11.0 prior to 11.3...
CVE-2020-27174
In Amazon AWS Firecracker before 0.21.3, and 0.22.x before 0.22.1, the serial console buffer can grow its memory usage without limit when data is sent to the standard input. This can result in a memory leak on the microVM emulation thread, possibly occupying more memory than intended on the host...
CVE-2020-27173
In vm-superio before 0.1.1, the serial console FIFO can grow to unlimited memory usage when data is sent to the input source i.e., standard input. This behavior cannot be reproduced from the guest side. When no rate limiting is in place, the host can be subject to memory pressure, impacting all...
CVE-2020-5986
NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin, in which an input data size is not validated, which may lead to tampering or denial of service. This affects vGPU version 8.x prior to 8.5, version 10.x prior to 10.4 and version 11.0...
CVE-2020-5986
The CVE-2020-5986 entry concerns NVIDIA Virtual GPU Manager. The vulnerability is due to the vGPU plugin not validating input data size, which may allow tampering or a denial of service. Affected are vGPU versions 8.x (before 8.5), 10.x (before 10.4), and 11.0. Connected sources (NVD, Red Hat, NV...
CVE-2020-5985
CVE-2020-5985 affects NVIDIA Virtual GPU Manager (vGPU plugin). The root cause is input data length not being validated in the vGPU plugin, which may lead to tampering or denial of service. Affected are vGPU 8.x (before 8.5), 10.x (before 10.4), and 11.0. NVIDIA’s security bulletin and accompanyi...
Vulnerability of the MySQL Server component: The UDF component of the MySQL database management system, which allows a hacker to cause a service failure.
Vulnerability of the MySQL Server component: The UDF component of the MySQL database management system is vulnerable due to insufficient validation of input data. Exploitation of this vulnerability can allow an attacker to cause service interruptions...
Ubuntu 18.04 LTS / 20.04 LTS : OpenJDK vulnerabilities (USN-4433-1)
The remote Ubuntu 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4433-1 advisory. Johannes Kuhn discovered that OpenJDK incorrectly handled access control contexts. An attacker could possibly use this issue to execute...
thrift: Endless loop when feed with specific input data
In Apache Thrift all versions up to and including 0.12.0, a server or client may run into an endless loop when feed with specific input data. Because the issue had already been partially fixed in version 0.11.0, depending on the installed version it affects only certain language bindings...
The vulnerability of the network programming environments Envoy and Istio lies in their susceptibility to entering an infinite loop when processing certain input data. This allows attackers to cause service failures.
The vulnerability of the network programming environments Envoy and Istio is related to the entry into an infinite loop when certain input data is provided. Exploiting this vulnerability can allow a attacker to cause service failures...
The vulnerability of the Istio network software lies in its ability to enter an infinite loop when certain input data is provided. This allows a malicious actor to cause a service failure.
The vulnerability of the Istio network software is related to entering an infinite loop when certain input data is provided. Exploiting this vulnerability can allow a attacker to cause service failures...