CVE-2012-2674

Multiple integer overflows in the 1 chkmalloc, 2 leakmalloc, and 3 leakmemalign functions in libc/bionic/mallocdebugleak.c in Bionic libc for Android, when libc.debug.malloc is set, make it easier for context-dependent attackers to perform memory-related attacks such as buffer overflows via a lar...

Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS : Synapse vulnerabilities (USN-7444-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-7444-1 advisory. It was discovered that Synapse network policies could be bypassed via specially crafted URLs. An attacker could possibly use this...

Amazon Linux 2 : php, --advisory ALAS2PHP8.1-2025-006 (ALASPHP8.1-2025-006)

The version of php installed on the remote host is prior to 8.1.31-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2PHP8.1-2025-006 advisory. The upstream advisory describes this issue as follows: A memory-related vulnerability in PHP's filter handling system,...

Amazon Linux 2 : php, --advisory ALAS2PHP8.2-2025-006 (ALASPHP8.2-2025-006)

The version of php installed on the remote host is prior to 8.2.27-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2PHP8.2-2025-006 advisory. The upstream advisory describes this issue as follows: A memory-related vulnerability in PHP's filter handling system,...

ROS-20241002-05

A vulnerability in the PWM PWM device driver of the Linux kernel operating system is related to reading memory outside of the allocated buffer. Exploitation of the vulnerability could allow An intruder can affect confidentiality, integrity and availability of protected information Vulnerability o...

CVE-2024-35994

A vulnerability was found in the Qualcomm firmware driver qcomqseecomuefisecapp in the Linux kernel. It arises from incorrect memory allocation for request and response buffers in the QSEECOM APPSEND command. The driver expects both buffers to be in a single memory region, but they are allocated...

CVE-2024-35994

In the Linux kernel, the following vulnerability has been resolved: firmware: qcom: uefisecapp: Fix memory related IO errors and crashes It turns out that while the QSEECOM APPSEND command has specific fields for request and response buffers, uefisecapp expects them both to be in a single memory...

CVE-2024-35994 firmware: qcom: uefisecapp: Fix memory related IO errors and crashes

In the Linux kernel, the following vulnerability has been resolved: firmware: qcom: uefisecapp: Fix memory related IO errors and crashes It turns out that while the QSEECOM APPSEND command has specific fields for request and response buffers, uefisecapp expects them both to be in a single memory...

CVE-2024-35994 firmware: qcom: uefisecapp: Fix memory related IO errors and crashes

In the Linux kernel, the following vulnerability has been resolved: firmware: qcom: uefisecapp: Fix memory related IO errors and crashes It turns out that while the QSEECOM APPSEND command has specific fields for request and response buffers, uefisecapp expects them both to be in a single memory...

Advisory ROSA-SA-2024-2325

Software: tigervnc 1.8.0 OS: rosa-server79 packageevrstring: tigervnc-1.8.0-28.res7 CVE-ID: CVE-2023-5367 BDU-ID: 2023-07145 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the X Window System Xorg-server XIChangeDeviceProperty Xi/xiproperty.c and RRChangeOutputProperty randr/rrrproperty.c functions...

Android is slowly mastering memory management vulnerabilities

Recently we wrote about why the NSA wants you to shift to memory safe programming languages. The short version is: If you ever read our posts describing security vulnerabilities, you will see a lot of phrases like "buffer overflow", "failure to release memory", "use after free", "memory...

ROS-20211223-07

BusyBox command line utility suite vulnerability is related to reading beyond memory boundaries. Exploitation The vulnerability could allow an attacker acting remotely to cause a read outside bounds error and read the contents of memory on the system or perform a denial of service DoS attack. A...

FreeBSD : jasper -- multiple vulnerabilities (3a469cbc-7a66-11eb-bd3f-08002728f74c)

JasPer Releases : - Fix memory-related bugs in the JPEG-2000 codec resulting from attempting to decode invalid code streams. 264, 265 This fix is associated with CVE-2021-26926 and CVE-2021-26927. - Fix wrong return value under some compilers 260 - Fix CVE-2021-3272 heap buffer overflow in...

jasper -- multiple vulnerabilities

JasPer Releases: - Fix memory-related bugs in the JPEG-2000 codec resulting from attempting to decode invalid code streams. 264, 265 This fix is associated with CVE-2021-26926 and CVE-2021-26927. - Fix wrong return value under some compilers 260 - Fix CVE-2021-3272 heap buffer overflow in jp2deco...

SUSE-SU-2020:2237-1 Security update for libvirt

This update for libvirt fixes the following issues: - CVE-2020-14339: Don't leak /dev/mapper/control into QEMU. Use ioctl's to obtain the dependency tree of disks and drop use of libdevmapper. - bsc1161883, bsc1174458 - qemu: Setup emulator thread and cpuset.mems before exec - bsc1171946 - libxl:...

CVE-2019-15924

A flaw was found in the way the fm10k driver in the Linux kernel reacted to memory-related errors during driver initialization. This flaw allows a local attacker to cause a denial of service and crash the system. Mitigation To mitigate this issue, prevent module fm10k from being loaded. Please se...

The vulnerability of the Internet Explorer web browser’s script handler allows a hacker to execute arbitrary code.

The vulnerability of the Internet Explorer web browser’s script handler is related to memory-related object handling flaws. Exploiting this vulnerability allows a remote attacker to execute arbitrary code through a specially created web page...

Detecting credential theft through memory access modelling with Microsoft Defender ATP

Stealing user credentials is a key step for attackers to move laterally across victim networks. In today’s attacks, we see a range of tools used to achieve credential theft, requiring protections that target the root behavior and not just individual known tools as is often done by traditional...

Denial Of Service (DoS)

boost is vulnerable to denial of service DoS attacks. The vulnerability exists through an integer overflow in the orderedmalloc function in boost/pool/pool.hpp in Boost Pool before 3.9 makes it easier for context-dependent attackers to perform memory-related attacks such as buffer overflows via a...

Adobe Patches 13 Code Execution Vulnerabilities in Flash

Adobe patched 13 code execution vulnerabilities in Flash Player today as part of its regular patch update cycle. All of the flaws were rated the highest severity for Windows, macOS and Chrome. Adobe said that Flash version 24.0.0.194 and earlier are vulnerable and that users should update...