CVE-2023-21492

CVE-2023-21492 is a Samsung Mobile devices vulnerability where kernel pointers are printed to the log file, enabling a privileged, local attacker to bypass ASLR. Affected software relates to Samsung Mobile devices with the SMR May-2023 Release 1 context. The root cause is the insertion of sensiti...

Updated dcmtk packages fix security vulnerability

Jinsheng Ba discovered that DCMTK incorrectly handled certain requests. If a user or an automated system were tricked into opening a certain specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. CVE-2021-41687, CVE-2021-41688, CVE-2021-41689,...

USN-5882-1: DCMTK vulnerabilities

Gjoko Krstic discovered that DCMTK incorrectly handled buffers. If a user or an automated system were tricked into opening a certain specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 LTS. CVE-2015-8979...

K05535399: Linux kernel vulnerability CVE-2017-17855

Security Advisory Description kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service memory corruption or possibly have unspecified other impact by leveraging improper use of pointers in place of scalars. CVE-2017-17855 Impact There is no impact; ...

HUAWEI EMUI information leakage vulnerability

HUAWEI EMUI is an Android-based mobile operating system developed by China's Huawei HUAWEI. version 12.0.0 of HUAWEI EMUI has an information disclosure vulnerability that stems from the improper use of pointers during data transfer in the video framework, which is used by attackers to affect devi...

CVE-2021-40012

Vulnerability of pointers being incorrectly used during data transmission in the video framework. Successful exploitation of this vulnerability may affect confidentiality...

Design/Logic Flaw

Vulnerability of pointers being incorrectly used during data transmission in the video framework. Successful exploitation of this vulnerability may affect confidentiality...

CVE-2021-40012

CVE-2021-40012 affects Huawei EMUI (notably EMUI 12.x) via the video framework where pointers are improperly used during data transmission, exposing confidentiality. Root cause: incorrect handling of pointers in the data transfer path within the video framework. Impact: information disclosure pot...

CVE-2021-40012

Vulnerability of pointers being incorrectly used during data transmission in the video framework. Successful exploitation of this vulnerability may affect confidentiality...

abomonation transmutes &T to and from &[u8] without sufficient constraints

This transmute is at the core of the abomonation crates. It's so easy to use it to violate alignment requirements that no test in the crate's test suite passes under miri. The use of this transmute in serialization/deserialization also incorrectly assumes that the layout of a reprRust type is...

CVE-2022-31625

In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when using Postgres database extension, supplying invalid parameters to the parametrized query may lead to PHP attempting to free memory using uninitialized data as pointers. This could lead to RCE vulnerability or...

SUSE SLES12 Security Update : kernel (Live Patch 41 for SLE 12 SP3) (SUSE-SU-2021:4052-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:4052-1 advisory. - In ip6xmit of ip6output.c, there is a possible out of bounds write due to a use after free. This could lead to local escalation o...

abomonation transmutes &T to and from &[u8] without sufficient constraints

This transmute is at the core of the abomonation crates. It's so easy to use it to violate alignment requirements that no test in the crate's test suite passes under miri. The use of this transmute in serialization/deserialization also incorrectly assumes that the layout of a reprRust type is...

RUSTSEC-2021-0120 abomonation transmutes &T to and from &[u8] without sufficient constraints

This transmute is at the core of the abomonation crates. It's so easy to use it to violate alignment requirements that no test in the crate's test suite passes under miri. The use of this transmute in serialization/deserialization also incorrectly assumes that the layout of a reprRust type is...

Assumed memory layout of std::net::SocketAddr

The socket2 crate has assumed std::net::SocketAddrV4 and std::net::SocketAddrV6 have the same memory layout as the system C representation sockaddr. It has simply casted the pointers to convert the socket addresses to the system representation. The standard library does not say anything about the...

CVE-2021-1891

A possible use-after-free occurrence in audio driver can happen when pointers are not properly handled in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon...

CVE-2021-28688

The fix for XSA-365 includes initialization of pointers such that subsequent cleanup code wouldn't use uninitialized or stale values. This initialization went too far and may under certain conditions also overwrite pointers which are in need of cleaning up. The lack of cleanup would result in...

Design/Logic Flaw

The fix for XSA-365 includes initialization of pointers such that subsequent cleanup code wouldn't use uninitialized or stale values. This initialization went too far and may under certain conditions also overwrite pointers which are in need of cleaning up. The lack of cleanup would result in...

Denial Of Service (DoS)

firefox is vulnerable to denial of service DoS. The vulnerability exists when the Compact method was called on an nsTArray, allowing the array to be reallocated without updating other pointers...

CVE-2019-10984

Red Lion Controls Crimson, version 3.0 and prior and version 3.1 prior to release 3112.00, allow multiple vulnerabilities to be exploited when a valid user opens a specially crafted, malicious input file that causes the program to mishandle pointers...