OSV-2020-1153 Heap-buffer-overflow in ih264d_cavlc_4x4res_block_totalcoeff_11to16

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16514 Crash type: Heap-buffer-overflow READ 4 Crash state: ih264dcavlc4x4resblocktotalcoeff11to16 ih264dcavlcparse4x4coeffn0to7 ih264dcavlcparse8x8blockbothavailable...

OSV-2020-825 Index-out-of-bounds in tcg_liveness_analysis_arm

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=23971 Crash type: Index-out-of-bounds Crash state: tcglivenessanalysisarm tcggencodearm cpuarmgencodearm...

OSV-2020-467 UNKNOWN READ in ot::MessageQueue::GetTail

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=13345 Crash type: UNKNOWN READ Crash state: ot::MessageQueue::GetTail ot::Message::GetNext ot::MeshForwarder::GetDirectTransmission...

SUSE-SU-2020:1749-1 Security update for tigervnc

This update for tigervnc fixes the following issues: - CVE-2019-15691: Fixed a use-after-return due to incorrect usage of stack memory in ZRLEDecoder bsc1159856. - CVE-2019-15692: Fixed a heap-based buffer overflow in CopyRectDecode bsc1160250. - CVE-2019-15693: Fixed a heap-based buffer overflow...

OSV-2020-150 Segv on unknown address in std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<ch

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20457 Crash type: Segv on unknown address Crash state: std::1::basicstring, std::1::allocator, std::1::allocatorch wabt::BinaryReaderIR::OnDataSymbol...

CVE-2017-9105

An issue was discovered in adns before 1.5.2. It corrupts a pointer when a nameserver speaks first because of a wrong number of pointer dereferences. This bug may well be exploitable as a remote code execution...

DEBIAN-CVE-2020-13898

An issue was discovered in janus-gateway aka Janus WebRTC Server through 0.10.0. janussdpprocess in sdp.c has a NULL pointer dereference...

unicorn:fuzz_emu_arm_armbe: Crash in cpu_arm_exec_armeb

Detailed Report: https://oss-fuzz.com/testcase?key=5637903001845760 Project: unicorn Fuzzing Engine: libFuzzer Fuzz Target: fuzzemuarmarmbe Job Type: libfuzzerasanunicorn Platform Id: linux Crash Type: UNKNOWN READ Crash Address: 0x000096ee7119 Crash State: cpuarmexecarmeb tcgcpuexecarmeb...

ghostscript:gstoraster_fuzzer: Crash in mem_mapped4_fill_rectangle

Detailed Report: https://oss-fuzz.com/testcase?key=5702235993669632 Project: ghostscript Fuzzing Engine: libFuzzer Fuzz Target: gstorasterfuzzer Job Type: libfuzzerasanghostscript Platform Id: linux Crash Type: UNKNOWN READ Crash Address: 0x00000526dcdc Crash State: memmapped4fillrectangle...

CVE-2017-18695

An issue was discovered on Samsung mobile devices with KK4.4, L5.0/5.1, M6.0, and N7.0 software. Attackers who control a certain subdomain can discover a user's credentials, during an email account login, via an EAS autodiscover packet. The Samsung ID is SVE-2016-7654 January 2017...

binutils:fuzz_disassemble: Use-of-uninitialized-value in bfd_h8_disassemble

Detailed Report: https://oss-fuzz.com/testcase?key=5715811911335936 Project: binutils Fuzzing Engine: libFuzzer Fuzz Target: fuzzdisassemble Job Type: libfuzzermsanbinutils Platform Id: linux Crash Type: Use-of-uninitialized-value Crash Address: Crash State: bfdh8disassemble fuzzdisassemble.c...

binutils:fuzz_disassemble: Use-of-uninitialized-value in find_format

Detailed Report: https://oss-fuzz.com/testcase?key=5114884783341568 Project: binutils Fuzzing Engine: libFuzzer Fuzz Target: fuzzdisassemble Job Type: libfuzzermsanbinutils Platform Id: linux Crash Type: Use-of-uninitialized-value Crash Address: Crash State: findformat printinsnarc...

binutils:fuzz_disassemble: Use-of-uninitialized-value in loop_prim_n_bytes

Detailed Report: https://oss-fuzz.com/testcase?key=5652986874560512 Project: binutils Fuzzing Engine: libFuzzer Fuzz Target: fuzzdisassemble Job Type: libfuzzermsanbinutils Platform Id: linux Crash Type: Use-of-uninitialized-value Crash Address: Crash State: loopprimnbytes decodes12z printinsns12...

llvm:clang-fuzzer: Segv on unknown address in clang::FunctionProtoType::FunctionProtoType

Detailed Report: https://oss-fuzz.com/testcase?key=5650857535471616 Project: llvm Fuzzing Engine: libFuzzer Fuzz Target: clang-fuzzer Job Type: libfuzzermsanllvm Platform Id: linux Crash Type: Segv on unknown address Crash Address: Crash State: clang::FunctionProtoType::FunctionProtoType...

CVE-2013-4090

Varnish HTTP cache before 3.0.4: ACL bug...

CVE-2019-15615

A wrong check for the system time in the Android App 3.9.0 causes a bypass of the lock protection when changing the time of the system to the past...

Denial Of Service (DoS)

Folly is vulnerable to denial of service DoS attack. It is possible because it causes an out-of-bounds read in AsyncSSLSocket due to mishandling of closenotify alerts...

CVE-2019-19308

In texttoglyphs in sushi-font-widget.c in gnome-font-viewer 3.34.0, there is a NULL pointer dereference while parsing a TTF font file that lacks a name section due to a gstrconcat call that returns NULL...

user/group information can be corrupted across storing in fsimage and reading back from fsimage

In Apache Hadoop 3.1.0 to 3.1.1, 3.0.0-alpha1 to 3.0.3, 2.9.0 to 2.9.1, and 2.0.0-alpha to 2.8.4, the user/group information can be corrupted across storing in fsimage and reading back from fsimage...

cryptofuzz:cryptofuzz-openssl-noasm: Heap-buffer-overflow in load_u32_be

Project: https://github.com/guidovranken/cryptofuzz.git Detailed Report: https://oss-fuzz.com/testcase?key=5662852966252544 Project: cryptofuzz Fuzzing Engine: libFuzzer Fuzz Target: cryptofuzz-openssl-noasm Job Type: libfuzzerasancryptofuzz Platform Id: linux Crash Type: Heap-buffer-overflow REA...