72 matches found
SUSE CVE-2009-1571
Use-after-free vulnerability in the HTML parser in Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, Thunderbird before 3.0.2, and SeaMonkey before 2.0.3 allows remote attackers to execute arbitrary code via unspecified method calls that attempt to access freed objects in low-memory...
expat: use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate
A use-after-free flaw was found in the Expat package, caused by destruction of a shared DTD in XMLExternalEntityParserCreate in out-of-memory situations. This may lead to availability disruptions...
CVE-2022-45406
If an out-of-memory condition occurred when creating a JavaScript global, a JavaScript realm may be deleted while references to it lived on in a BaseShape. This could lead to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox ESR 102.5, Thunderbird 102.5,...
Oracle Linux 8 : thunderbird (ELSA-2022-8547)
The remote Oracle Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2022-8547 advisory. 102.5.0-2.0.1 - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js 102.5.0-2 - Update to 102.5.0 build2 102.5.0-1 -...
Mozilla: Use-after-free of a JavaScript Realm
The Mozilla Foundation Security Advisory describes this flaw as: If an out-of-memory condition occurred when creating a JavaScript global, a JavaScript realm may be deleted while references to it lived on in a BaseShape. This could lead to a use-after-free causing a potentially exploitable crash...
CVE-2022-45406
If an out-of-memory condition occurred when creating a JavaScript global, a JavaScript realm may be deleted while references to it lived on in a BaseShape. This could lead to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox ESR 102.5, Thunderbird 102.5,...
PT-2022-11229
Name of the Vulnerable Software and Affected Versions AMQ Broker affected versions not specified Description A flaw in AMQ Broker can cause a partial interruption to its availability via an Out of memory OOM condition. This issue allows an attacker to partially disrupt the broker's availability...
CVE-2022-26417 Rockwell Automation Studio 5000 Logix Designer Use After Free
Omron CX-Position versions 2.5.3 and prior is vulnerable to a use after free memory condition while processing a specific project file, which may allow an attacker to execute arbitrary code...
Design/Logic Flaw
An issue was discovered in Softing OPC UA C++ SDK before 5.70. An invalid XML element in the type dictionary makes the OPC/UA client crash due to an out-of-memory condition...
CVE-2021-0257
On Juniper Networks MX Series and EX9200 Series platforms with Trio-based MPCs Modular Port Concentrators where Integrated Routing and Bridging IRB interfaces are configured and mapped to a VPLS instance or a Bridge-Domain, certain Layer 2 network events at Customer Edge CE devices may cause memo...
CVE-2020-5933
On versions 15.1.0-15.1.0.5, 14.1.0-14.1.2.3, 13.1.0-13.1.3.4, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, when a BIG-IP system that has a virtual server configured with an HTTP compression profile processes compressed HTTP message payloads that require deflation, a Slowloris-style attack can trigger a...
Memory corruption
An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1. A high rate of transit traffic may cause a low-memory condition and a denial of service...
CVE-2019-9097
An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1. A high rate of transit traffic may cause a low-memory condition and a denial of service...
CVE-2019-10125
A flaw was found in the Linux kernel's aiopoll function. Due to incorrect logic, this flaw can create a use-after-free memory condition where an attacker could submit malicious input to possibly execute arbitrary code resulting in privilege escalation...
Memory corruption
An exploitable memory corruption vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader, version 9.4.1.16828. A specially crafted PDF document can trigger an out-of-memory condition which isn't handled properly, resulting in arbitrary code execution. An attacker needs ...
CVE-2019-15215
A use-after-free vulnerability was found in the Linux kernel's cpia2usb driver. An attacker must have physical access to the system to utilize a malicious USB device to trigger the disconnect functionality which is required to trigger this flaw. A local account is also required to take advantage ...
Microsoft Windows JScript Array concat Uninitialized Pointer Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows JScript. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
CVE-2014-9972
In all Qualcomm products with Android releases from CAF using the Linux kernel, disabling asserts can potentially cause a NULL pointer dereference during an out-of-memory condition...
xen-tools -- libxl leak of pv kernel and initrd on error
The Xen Project reports: When constructing a guest which is configured to use a PV bootloader which runs as a userspace process in the toolstack domain e.g. pygrub libxl creates a mapping of the files to be used as kernel and initial ramdisk when building the guest domain. However if building the...
CentOS 5 : xen (CESA-2012:1130)
Updated xen packages that fix one security issue are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is availab...