246 matches found
DEBIAN-CVE-2020-14314
A memory out-of-bounds read flaw was found in the Linux kernel before 5.9-rc2 with the ext3/ext4 file system, in the way it accesses a directory with broken indexing. This flaw allows a local user to crash the system if the directory exists. The highest threat from this vulnerability is to system...
ndpi:fuzz_process_packet: Use-of-uninitialized-value in ndpi_check_dga_name
Project: https://github.com/ntop/nDPI.git Detailed Report: https://oss-fuzz.com/testcase?key=5641543770439680 Project: ndpi Fuzzing Engine: libFuzzer Fuzz Target: fuzzprocesspacket Job Type: libfuzzermsanndpi Platform Id: linux Crash Type: Use-of-uninitialized-value Crash Address: Crash State:...
Microsoft Windows CNG Key Isolation Service Elevation of Privilege Vulnerability
Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation.Microsoft Windows is an operating system for personal devices.Microsoft Windows Server is a server operating system. A security vulnerability exists in the Microsoft Windows CNG Key Isolation Service, which...
CVE-2020-12426
Mozilla developers and community members reported memory safety bugs present in Firefox 77. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox 78...
The vulnerability of the component libvncserver/hextile.c in the cross-platform library LibVNCServer allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the libvncserver/hextile.c component of the cross-platform library LibVNCServer arises from an operation that occurs outside the buffer boundaries in memory. Exploiting this vulnerability allows a malicious actor to compromise the confidentiality, integrity, and accessibility...
Microsoft Windows ActiveX Installer Service Privilege Vulnerability
Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation.Microsoft Windows is an operating system for personal devices.Microsoft Windows Server is a server operating system. ActiveX Installer Service is one of the ActiveX installer services. A privilege extraction...
ALPINE-CVE-2019-19344
There is a use-after-free issue in all samba 4.9.x versions before 4.9.18, all samba 4.10.x versions before 4.10.12 and all samba 4.11.x versions before 4.11.5, essentially due to a call to realloc while other local variables still point at the original buffer...
keystone:fuzz_asm_mipsbe: Use-of-uninitialized-value in MipsAsmParser::isPicAndNotNxxAbi
Detailed Report: https://oss-fuzz.com/testcase?key=5086719271763968 Project: keystone Fuzzing Engine: libFuzzer Fuzz Target: fuzzasmmipsbe Job Type: libfuzzermsankeystone Platform Id: linux Crash Type: Use-of-uninitialized-value Crash Address: Crash State: MipsAsmParser::isPicAndNotNxxAbi...
libhtp:fuzz_htp: Crash in htp_connp_res_buffer
Project: https://github.com/OISF/libhtp.git Detailed Report: https://oss-fuzz.com/testcase?key=5746994274631680 Project: libhtp Fuzzing Engine: libFuzzer Fuzz Target: fuzzhtp Job Type: libfuzzermsanlibhtp Platform Id: linux Crash Type: UNKNOWN WRITE Crash Address: 0x701000010000 Crash State:...
UBUNTU-CVE-2019-13688
Use after free in Blink in Google Chrome prior to 77.0.3865.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...
CVE-2019-12408
It was discovered that the C++ implementation which underlies the R, Python and Ruby implementations of Apache Arrow 0.14.0 to 0.14.1 had a uninitialized memory bug when building arrays with null values in some cases. This can lead to uninitialized memory being unintentionally shared if Arrow...
CVE-2019-12408
It was discovered that the C++ implementation which underlies the R, Python and Ruby implementations of Apache Arrow 0.14.0 to 0.14.1 had a uninitialized memory bug when building arrays with null values in some cases. This can lead to uninitialized memory being unintentionally shared if Arrow...
CVE-2019-12408
CVE-2019-12408 affects the C++ implementation of Apache Arrow (used by R, Python, and Ruby bindings) in versions 0.14.0–0.14.1. A memory bug occurs when building arrays with null values, causing uninitialized memory to potentially be shared when Arrow Arrays are transmitted (e.g., via Flight) or ...
imagemagick/crop_fuzzer: Use-of-uninitialized-value in LibRaw::copy_bayer
Detailed report: https://oss-fuzz.com/testcase?key=5715945613426688 Project: imagemagick Fuzzer: libFuzzerimagemagickcropfuzzer Fuzz target binary: cropfuzzer Job Type: libfuzzermsanimagemagick Platform Id: linux Crash Type: Use-of-uninitialized-value Crash Address: Crash State: LibRaw::copybayer...
lzma/7z_fuzzer: Use-of-uninitialized-value in CrcUpdateT8
Detailed report: https://oss-fuzz.com/testcase?key=5695345578737664 Project: lzma Fuzzer: libFuzzerlzma7zfuzzer Fuzz target binary: 7zfuzzer Job Type: libfuzzermsanlzma Platform Id: linux Crash Type: Use-of-uninitialized-value Crash Address: Crash State: CrcUpdateT8 CrcCalc SzArExExtract Sanitize...
imagemagick/encoder_heic_fuzzer: Use-of-uninitialized-value in residual_coding
Project: https://github.com/imagemagick/imagemagick.git Detailed report: https://oss-fuzz.com/testcase?key=5666807308877824 Project: imagemagick Fuzzer: libFuzzerimagemagickencoderheicfuzzer Fuzz target binary: encoderheicfuzzer Job Type: libfuzzermsanimagemagick Platform Id: linux Crash Type:...
CVE-2018-9557
In reallyinstallpackage of install.cpp, there is a possible free of arbitrary memory due to uninitialized data. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0...
chromium-browser: Out of bounds memory access in V8
Incorrect array position calculations in V8 in Google Chrome prior to 70.0.3538.102 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page...
dav1d/dav1d_fuzzer_mt: Use-of-uninitialized-value in apply_to_row_y
Detailed report: https://oss-fuzz.com/testcase?key=5652400153559040 Project: dav1d Fuzzer: libFuzzerdav1dfuzzermt Fuzz target binary: dav1dfuzzermt Job Type: libfuzzermsandav1d Platform Id: linux Crash Type: Use-of-uninitialized-value Crash Address: Crash State: applytorowy dav1dapplygrain8bpc...
Security Bulletin: Mozilla Firefox vulnerability issues in IBM Storwize V7000 Unified (CVE-2014-1562, CVE-2014-1567)
Summary There are security vulnerabilities in versions of Mozilla Firefox that are shipped with versions 1.3.0.0 to 1.4.3.4 and 1.5.0.0 to 1.5.0.2 of IBM Storwize V7000 Unified Vulnerability Details IBM Storwize V7000 Unified is shipped with Mozilla Firefox, although Firefox is not used during...