Security Bulletin: A MongoDB zlib protocol flaw lets unauthenticated clients read uninitialized heap memory in multiple versions prior to patched releases.

Summary Mismatched length fields in Zlib compressed protocol headers may allow a read of uninitialized heap memory by an unauthenticated client. This issue affects all MongoDB Server v7.0 prior to 7.0.28 versions, MongoDB Server v8.0 versions prior to 8.0.17, MongoDB Server v8.2 versions prior to...

Use After Free

chromium is vulnerable to Use After Free.The vulnerability is due to improper handling of memory objects, potentially leading to heap corruption when processing a crafted HTML page...

ASB-A-294609150

In multiple functions of ashmem-dev.cpp, there is a possible missing seal due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

curl: Use-after-free triggered by an HTTP proxy deny response

A vulnerability was found in curl. In this issue, curl can be asked to tunnel all protocols virtually it supports through an HTTP proxy. HTTP proxies can deny these tunnel operations using an appropriate HTTP error response code. When getting denied to tunnel the specific SMB or TELNET protocols,...

ROS-20231115-01

A vulnerability in the Squid proxy server related to the execution of a "buffer overflow" attack, writing up to 2MB of of arbitrary data to the memory heap when Squid is configured to accept HTTP Digest Authentication. Exploitation of the vulnerability could allow an attacker acting remotely to...

Denial Of Service (DOS)

The net.sf.sojo.sojo library is vulnerable to Denial Of Service Attack DOS . The vulnerability is due to not restricting user supplied JSON and CSV to a maximum length causing Stack Overflow Error/Out Of Memory -Heap Error when the input is parsed leading to Denial Of Service DOS attack...

curl 资源管理错误漏洞

curl is a tool for transferring data from or to a server. A resource management error vulnerability exists in curl versions 7.57.0 through 7.83.1, which stems from the lack of a limit on the number of links in the chained HTTP compression algorithm supported by curl. An attacker exploiting this...

CVE-2020-35512

A use-after-free flaw was found in D-Bus Development branch = 1.13.16, dbus-1.12.x stable branch = 1.12.18, and dbus-1.10.x and older branches = 1.10.30 when a system has multiple usernames sharing the same UID. When a set of policy rules references these usernames, D-Bus may free some memory in...

CVE-2020-35512

A use-after-free flaw was found in D-Bus Development branch = 1.13.16, dbus-1.12.x stable branch = 1.12.18, and dbus-1.10.x and older branches = 1.10.30 when a system has multiple usernames sharing the same UID. When a set of policy rules references these usernames, D-Bus may free some memory in...

CVE-2020-35512

A use-after-free flaw was found in D-Bus when a system has multiple usernames sharing the same UID. When a set of policy rules references these usernames, D-Bus may free some memory in the heap, which is still used by data structures necessary for the other usernames sharing the UID, possibly...

CVE-2020-3982

VMware ESXi 7.0 before ESXi7.0.1-0.0.16850804, 6.7 before ESXi670-202008101-SG, 6.5 before ESXi650-202007101-SG, Workstation 15.x, Fusion 11.x before 11.5.6 contain an out-of-bounds write vulnerability due to a time-of-check time-of-use issue in ACPI device. A malicious actor with administrative...

CVE-2020-3982

VMware ESXi 7.0 before ESXi7.0.1-0.0.16850804, 6.7 before ESXi670-202008101-SG, 6.5 before ESXi650-202007101-SG, Workstation 15.x, Fusion 11.x before 11.5.6 contain an out-of-bounds write vulnerability due to a time-of-check time-of-use issue in ACPI device. A malicious actor with administrative...

Clario: Multiple Information Disclosure with Go PPROF on api-ne.mackeeper.com

Summary Multiple Information Disclosure with Go PPROF on api-ne.mackeeper.com. Steps To Reproduce Go to: https://api-ne.mackeeper.com/debug/pprof/ You will see these links: - allocs: A sampling of all past memory allocations - block: Stack traces that led to blocking on synchronization primitives...

Abyss Web Server < 2.11.6 - Heap Memory Corruption

Exploit for windows platform in category dos / poc + Credits: John Page aka HyP3rlinX + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/ABYSS-WEB-SERVER-MEMORY-HEAP-CORRUPTION.txt + ISR: ApparitionSec Vendor: ========== aprelium.com Product: =========== Abys...

Abyss Web Server Memory Heap Corruption

Credits: John Page aka HyP3rlinX + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/ABYSS-WEB-SERVER-MEMORY-HEAP-CORRUPTION.txt + ISR: ApparitionSec Vendor: ========== aprelium.com Product: =========== Abyss Web Server v2.11.6 Vulnerability Type:...

Abyss Web Server &lt; 2.11.6 - Heap Memory Corruption

Credits: John Page aka HyP3rlinX + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/ABYSS-WEB-SERVER-MEMORY-HEAP-CORRUPTION.txt + ISR: ApparitionSec Vendor: ========== aprelium.com Product: =========== Abyss Web Server v2.11.6 Vulnerability Type:...

CVE-2016-0846

libs/binder/IMemory.cpp in the IMemory Native Interface in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not properly consider the heap size, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining...

Avast - Authenticode Parsing Memory Corruption

Exploit for windows platform in category dos / poc Source: https://code.google.com/p/google-security-research/issues/detail?id=668 The attached PE file causes memory corruption in Avast, it looks related to authenticode parsing. 474.c0c: Access violation - code c0000005 first chance First chance...

Huawei Mate7 memory Safety vulnerabilities, the versions affected-vulnerability warning-the black bar safety net

! Background description: The vulnerability by qimingxing e active Defense labADLABthe piece wise and smell the concept of rows found, and in 2 0 1 5 year 1 1 July 4, the convening of the CSS China's Internet Security Leaders Summit on disclosure. In the vulnerability information before the publi...

Huawei Mate7 HIFI Driver Memory Heap Overflow Vulnerability

The Huawei Mate7 is a smartphone product from the Chinese company Huawei Huawei. A memory heap overflow vulnerability exists in the HIFI driver of the Huawei Mate7. An attacker can exploit this vulnerability by tricking the user into installing a malicious application to read and modify memory...