Exploit for Type Confusion in Google Chrome

CVE-2024-5274 authors: @mistymntncop, @buptsb Shoutout to @bup...

CVE-2024-42236

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: configfs: Prevent OOB read/write in usbstringcopy Userspace provided string 's' could trivially have the length zero. Left unchecked this will firstly result in an OOB read in the form if str0 - 1 == '\n' followed...

CVE-2024-42236

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: configfs: Prevent OOB read/write in usbstringcopy Userspace provided string 's' could trivially have the length zero. Left unchecked this will firstly result in an OOB read in the form if str0 - 1 == '\n' followed...

CVE-2024-42236

CVE-2024-42236 affects the Linux kernel in the usb gadget configfs string handling. The vulnerability arises from not validating userspace-provided strings that can be empty, enabling an out-of-bounds (OOB) read at str[0-1] and a subsequent OOB write to str[0-1] = '\0'. The issue is fixed by addi...

BIT-TENSORFLOW-2022-23574 Out of bounds read and write in Tensorflow

Tensorflow is an Open Source Machine Learning Framework. There is a typo in TensorFlow's SpecializeType which results in heap OOB read/write. Due to a typo, arg is initialized to the ith mutable argument in a loop where the loop index is j. Hence it is possible to assign to arg from outside the...

CVE-2023-21367

In Scudo, there is a possible way to exploit certain heap OOB read/write issues due to an insecure implementation/design. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

Integer overflow in TFLite

Impact An attacker can craft a TFLite model that would cause an integer overflow in embedding lookup operations: cc int embeddingsize = 1; int lookupsize = 1; for int i = 0; i data.i32i; lookupsize = dim; outputshape-datak = dim; for int i = 1; i datak = dim; Both embeddingsize and lookupsize are...

CVE-2022-23559

Tensorflow is an Open Source Machine Learning Framework. An attacker can craft a TFLite model that would cause an integer overflow in embedding lookup operations. Both embeddingsize and lookupsize are products of values provided by the user. Hence, a malicious user could trigger overflows in the...

Integer overflow

Tensorflow is an Open Source Machine Learning Framework. An attacker can craft a TFLite model that would cause an integer overflow in embedding lookup operations. Both embeddingsize and lookupsize are products of values provided by the user. Hence, a malicious user could trigger overflows in the...

PYSEC-2022-83

Tensorflow is an Open Source Machine Learning Framework. There is a typo in TensorFlow's SpecializeType which results in heap OOB read/write. Due to a typo, arg is initialized to the ith mutable argument in a loop where the loop index is j. Hence it is possible to assign to arg from outside the...

CVE-2022-23559 Integer overflow in TFLite

Tensorflow is an Open Source Machine Learning Framework. An attacker can craft a TFLite model that would cause an integer overflow in embedding lookup operations. Both embeddingsize and lookupsize are products of values provided by the user. Hence, a malicious user could trigger overflows in the...

SUSE: Security Advisory (SUSE-SU-2013:1175-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE-SU-2021:14706-1 Security update for kvm

This update for kvm fixes the following issues: - Fix OOB read and write due to integer overflow in sm5012doperation in hw/display/sm501.c CVE-2020-12829, bsc1172385 - Fix OOB access possibility in MegaRAID SAS 8708EM2 emulation CVE-2020-13362 bsc1172383 - Fix use-after-free in usb xhci packet...

ReadyTalk Avian JVM FileOutputStream.write() Integer Overflow

Vulnerability title: Avian JVM FileOutputStream.write Integer Overflow Author: Pietro Oliva Vendor: ReadyTalk Product: Avian JVM Affected version: 1.2.0 before 27th October 2020 Fixed Version: 1.2.0 since 27th October 2020 Description: The issue is located in the FileOutputStream.write method...

Chrome Mojo DataPipe*Dispatcher Deserialization Lacking Validation Exploit

Chrome has missing validation in the deserialization routines for both DataPipeConsumerDispatcher and DataPipeProducerDispatcher, which take from the incoming message a readoffset/writeoffset respectively into shared memory. Providing an offset outside the bounds of the allocated memory will then...

SUSE SLES12 Security Update : openssl (SUSE-SU-2016:2387-1)

This update for openssl fixes the following issues: OpenSSL Security Advisory 22 Sep 2016 bsc999665 Severity: High - OCSP Status Request extension unbounded memory growth CVE-2016-6304 bsc999666 Severity: Low - Pointer arithmetic undefined behaviour CVE-2016-2177 bsc982575 - Constant time flag no...

qemu: multiple issues

CVE-2015-8558 denial of service An infinite-loop issue was found in the QEMU emulator built with USB EHCI emulation support. The flaw occurred during communication between the host controller interfaceEHCI and a respective device driver. These two communicate using an isochronous transfer...

RHEL 6 : mesa (RHSA-2013:0897)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2013:0897 advisory. - Mesa: Memory corruption OOB read/write on intel drivers CVE-2013-1872 - Mesa: Multiple integer overflows leading to heap-based bufer...