The vulnerability of Blink’s web page display mechanism in the Google Chrome web browser allows attackers to compromise data integrity, gain unauthorized access to protected information, and cause service interruptions.

The vulnerability of Blink’s web page display mechanism in the Google Chrome browser is related to the use of pointers after memory release. Exploiting this vulnerability could allow an attacker to compromise data integrity, gain unauthorized access to protected information, and cause service...

CVE-2019-10984

Red Lion Controls Crimson, version 3.0 and prior and version 3.1 prior to release 3112.00, allow multiple vulnerabilities to be exploited when a valid user opens a specially crafted, malicious input file that causes the program to mishandle pointers...

CVE-2019-10984

Red Lion Controls Crimson, version 3.0 and prior and version 3.1 prior to release 3112.00, allow multiple vulnerabilities to be exploited when a valid user opens a specially crafted, malicious input file that causes the program to mishandle pointers...

CVE-2019-5067

An uninitialized memory access vulnerability exists in the way Aspose.PDF 19.2 for C++ handles invalid parent object pointers. A specially crafted PDF can cause a read and write from uninitialized memory, resulting in memory corruption and possibly arbitrary code execution. To trigger this...

PT-2019-12122 · Red Lion Controls · Crimson

Name of the Vulnerable Software and Affected Versions: Red Lion Controls Crimson versions 3.0 and prior Red Lion Controls Crimson version 3.1 prior to release 3112.00 Description: The issue allows multiple vulnerabilities to be exploited when a valid user opens a specially crafted, malicious inpu...

RUSTSEC-2019-0023 Cloned interners may read already dropped strings

Affected versions of this crate did not clone contained strings when an interner is cloned. Interners have raw pointers to the contained strings, and they keep pointing the strings which the old interner owns, after the interner is cloned. If a new cloned interner is alive and the old original...

Cloned interners may read already dropped strings

Affected versions of this crate did not clone contained strings when an interner is cloned. Interners have raw pointers to the contained strings, and they keep pointing the strings which the old interner owns, after the interner is cloned. If a new cloned interner is alive and the old original...

Reverse-CTF, Snort rule challenge and more — What to expect from Talos at Defcon

Want to get up close and personal with Talos researchers? Then be sure to stick around for the second half of “Hacker Summercamp:” Defcon. After our series of talks at Blackhat, we’re headed elsewhere on the strip for Defcon. Specifically, we’ll have a huge presence at this year’s Blue Team...

haproxy: Infinite recursion via crafted packet allows stack exhaustion and denial of service

An issue was discovered in dns.c in HAProxy through 1.8.14. In the case of a compressed pointer, a crafted packet can trigger infinite recursion by making the pointer point to itself, or create a long chain of valid pointers resulting in stack exhaustion...

Memory Out-of-Bounds Access Vulnerability in CAJ Reading Tool

CAJviewer and CAJ Cloud Reader are specialized full-text format readers for China Journal Network. A memory out-of-bounds access vulnerability exists in the CAJ Reader tool when parsing malformed CAJ documents. The vulnerability is due to the program using wild pointers for memory reads when...

CVE-2019-2052

In VisitPointers of heap.cc, there is a possible out-of-bounds read due to type confusion. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1...

RUSTSEC-2019-0002 Bug in SliceDeque::move_head_unchecked corrupts its memory

Affected versions of this crate entered a corrupted state if mem::sizeof:: % allocationgranularity != 0 and a specific allocation pattern was used: sufficiently shifting the deque elements over the mirrored page boundary. This allows an attacker that controls controls both element insertion and...

Bug in SliceDeque::move_head_unchecked corrupts its memory

Affected versions of this crate entered a corrupted state if mem::sizeof:: % allocationgranularity != 0 and a specific allocation pattern was used: sufficiently shifting the deque elements over the mirrored page boundary. This allows an attacker that controls controls both element insertion and...

Google Android System heap.cc file buffer overflow vulnerability

Android is a Linux-based open source operating system from Google and the Open Handheld Alliance OHA. A buffer overflow vulnerability exists in the VisitPointers of the heap.cc file in Android. The vulnerability stems from a networked system or product performing operations in memory without...

Buffer Overflow

The X11 Xorg libraries provide library routines that are used within all X Window applications. Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in the way various X11 client libraries handled certain protocol data. An attacker able to submit invalid protocol da...

HAProxy Compressed Name Denial of Service (CVE-2018-20103)

A denial-of-service vulnerability has been reported in HAProxy. The vulnerability is due to incorrect handling of compressed pointers. Successful exploitation of this vulnerability could lead to a denial of service condition...

CVE-2018-6269

NVIDIA Jetson TX2 contains a vulnerability in the kernel driver where input/output control IOCTL handling for user mode requests could create a non-trusted pointer dereference, which may lead to information disclosure, denial of service, escalation of privileges, or code execution. The updates...

Linux kernel pointer dereference vulnerability

Linux kernel is the kernel used by Linux, the open source operating system released by the Linux Foundation in the United States. A security vulnerability exists in the expanddownwards of the mm/mmap.c file in versions of Linux kernel prior to 4.20.14. An attacker can exploit this vulnerability t...

DEBIAN-CVE-2019-9208

In Wireshark 2.4.0 to 2.4.12 and 2.6.0 to 2.6.6, the TCAP dissector could crash. This was addressed in epan/dissectors/asn1/tcap/tcap.cnf by avoiding NULL pointer dereferences...

haproxy: Infinite recursion via crafted packet allows stack exhaustion and denial of service

An issue was discovered in dns.c in HAProxy through 1.8.14. In the case of a compressed pointer, a crafted packet can trigger infinite recursion by making the pointer point to itself, or create a long chain of valid pointers resulting in stack exhaustion...