353 matches found
CVE-2015-0287
The ASN1itemexd2i function in crypto/asn1/tasndec.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not reinitialize CHOICE and ADB data structures, which might allow attackers to cause a denial of service invalid write operation and memory...
CVE-2014-8738
CVE-2014-8738 affects GNU Binutils (libbfd/archive.c: _bfd_slurp_extended_name_table). A crafted extended name table in an archive can trigger an invalid write, leading to a denial of service (segmentation fault/crash). Public advisories across vendors cite binutils and libbfd as vulnerable, with...
CVE-2014-8738
The bfdslurpextendednametable function in bfd/archive.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service invalid write, segmentation fault, and crash via a crafted extended name table in an archive...
Code injection
The cairoxlibsurfaceaddglyph function in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code or cause a denial of service invalid write operation via unspecified vectors...
Memory corruption found using Address Sanitizer — Mozilla
Security researcher Abhishek Arya Inferno of the Google Chrome Security Team used the Address Sanitizer tool to discover a series of use-after-free, out of bounds read, and invalid write problems rated as moderate to critical as security issues in shipped software. Some of these issues are...
update for chromium, v8 (important)
Chromium update to 21.0.1145 Fixed several issues around audio not playing with videos Crash Fixes Improvements to trackpad on Cr-48 Security Fixes bnc762481 - CVE-2011-3083: Browser crash with video + FTP - CVE-2011-3084: Load links from internal pages in their own process. - CVE-2011-3085: UI...
CVE-2011-3092
The regex implementation in Google V8, as used in Google Chrome before 19.0.1084.46, allows remote attackers to cause a denial of service invalid write operation or possibly have unspecified other impact via unknown vectors...
Information disclosure
The regex implementation in Google V8, as used in Google Chrome before 19.0.1084.46, allows remote attackers to cause a denial of service invalid write operation or possibly have unspecified other impact via unknown vectors...
CVE-2011-3092
CVE-2011-3092 : The Google V8 regex implementation (as used by Google Chrome prior to 19.0.1084.46) contains an invalid write in the regex engine, enabling a remote attacker to cause a denial of service. The description notes possible unspecified additional impact; no exploit vectors are detailed...
Multiple WebGL crashes — Mozilla
Mozilla security researcher Christoph Diehl reported two crashes in WebGL code. One crash was the result of an out-of-bounds read and could be used to read data from other processes who had stored data in the GPU. The severity of this issue was determined to be high. The second crash was the resu...
Design/Logic Flaw
Multiple use-after-free vulnerabilities in OpenTTD 1.0.x before 1.0.5 allow 1 remote attackers to cause a denial of service invalid write and daemon crash by abruptly disconnecting during transmission of the map from the server, related to network/networkserver.cpp; 2 remote attackers to cause a...
CVE-2010-4168
Multiple use-after-free vulnerabilities in OpenTTD 1.0.x before 1.0.5 allow 1 remote attackers to cause a denial of service invalid write and daemon crash by abruptly disconnecting during transmission of the map from the server, related to network/networkserver.cpp; 2 remote attackers to cause a...
Fedora 12 : tar-1.22-12.fc12 (2010-4309)
CVE-2010-0624 tar, cpio: Heap-based buffer overflow by expanding a specially crafted archive 572149 - realloc within checkexclusiontags caused invalid write 570591 - not closing file descriptors for excluded files/dirs with exlude-tag... options could cause descriptor exhaustion 570591 - do not...