30 matches found
GHSA-CJW4-2W9R-R8MV Missing Initialization of Resource in Apache Arrow
While investigating UBSAN errors in https://github.com/apache/arrow/pull/5365 it was discovered Apache Arrow versions 0.12.0 to 0.14.1, left memory Array data uninitialized when reading RLE null data from parquet. This affected the C++, Python, Ruby and R implementations. The uninitialized memory...
Missing Initialization of Resource in Apache Arrow
While investigating UBSAN errors in https://github.com/apache/arrow/pull/5365 it was discovered Apache Arrow versions 0.12.0 to 0.14.1, left memory Array data uninitialized when reading RLE null data from parquet. This affected the C++, Python, Ruby and R implementations. The uninitialized memory...
cordova-plugin-fingerprint-aio 安全漏洞
Cordova-Plugin-Fingerprint-Aio is a Cordova plugin from the German individual developer Niklas Merz. It is used for fingerprint sensors and FaceId. A security vulnerability exists in cordova-plugin-fingerprint-aio, which stems from the plugin's exported activity...
CVE-2019-3405
In the 3.1.3.64296 and lower version of 360F5, the third party can trigger the device to send a deauth frame by constructing and sending a specific illegal 802.11 Null Data Frame, which will cause other wireless terminals connected to disconnect from the wireless, so as to attack the router...
CVE-2019-12410
While investigating UBSAN errors in https://github.com/apache/arrow/pull/5365 it was discovered Apache Arrow versions 0.12.0 to 0.14.1, left memory Array data uninitialized when reading RLE null data from parquet. This affected the C++, Python, Ruby and R implementations. The uninitialized memory...
Denial of Service Vulnerability in Android Client of JCG-AC836 Jetix Router
Ltd. is a professional manufacturer and operator of network and communication equipment, and is a leader in the field of manufacturing and marketing of client-side equipment for wireless local area networks in China. A denial-of-service vulnerability exists in the Android client of the JCG-AC836...
Apple Quicktime dref Atom Null Data Reference Entry Denial of Service Vulnerability
Talos Vulnerability Report TALOS-2016-0023 Apple Quicktime dref Atom Null Data Reference Entry Denial of Service Vulnerability January 8, 2016 CVE Number CVE-2015-7090 Description There is a denial of service vulnerability in Apple Quicktime. An attacker who can control the size and type of a dat...
CVE-2015-1792
The dofreeupto function in crypto/cms/cmssmime.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service infinite loop via vectors that trigger a NULL value of a BIO data structure, as demonstrated by an...
EUVD-2015-1918
The dofreeupto function in crypto/cms/cmssmime.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service infinite loop via vectors that trigger a NULL value of a BIO data structure, as demonstrated by an...
oops in compat_sys_mount() when data pointer is NULL
The compatsysmount function in fs/compat.c in Linux kernel 2.6.20 and earlier allows local users to cause a denial of service NULL pointer dereference and oops by mounting a smbfs file system in compatibility mode "mount -t smbfs"...