GHSA-CRVJ-3GJ9-GM2P High severity vulnerability that affects qs

Withdrawn, accidental duplicate publish. The qs module before 1.0.0 in Node.js does not call the compact function for array data, which allows remote attackers to cause a denial of service memory consumption by using a large index value to create a sparse array...

July 31, 2017—KB4032188 (OS Build 15063.502)

July 31, 2017—KB4032188 OS Build 15063.502 Improvements and fixes This update includes quality improvements. No new operating system features are being introduced in this update. Key changes include: Addressed issue that causes a Microsoft Installer MSI application to fail for standard non-admin...

January 17, 2018—KB4057401 (Preview of Monthly Rollup)

January 17, 2018—KB4057401 Preview of Monthly Rollup Improvements and fixes This non-security update includes improvements and fixes that were a part of KB4056895 released January 8, 2018 and also includes these new quality improvements as a preview of the next Monthly Rollup update: Addresses...

Race condition

In the KGSL driver in all Android releases from CAF Android for MSM, Firefox OS for MSM, QRD Android using the Linux Kernel, a Use After Free condition can occur when printing information about sparse memory allocations...

CVE-2018-3571

In the KGSL driver in all Android releases from CAF Android for MSM, Firefox OS for MSM, QRD Android using the Linux Kernel, a Use After Free condition can occur when printing information about sparse memory allocations...

CVE-2018-3571

In the KGSL driver in all Android releases from CAF Android for MSM, Firefox OS for MSM, QRD Android using the Linux Kernel, a Use After Free condition can occur when printing information about sparse memory allocations...

The Ugly Duckling in factoring aka the filtering steps part I

People that knows me well are well aware that prime numbers have been my obsession since my childhood and they are source of continue interest for me. Actually thanks to cryptography they are a relevant part of my everyday life. One of the most important problem in cryptography since the discover...

CVE-2017-11079

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing sparse image, uninitialized heap memory can potentially be flashed due to the lack of validation of sparse image block header size...

CVE-2017-11080

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing a user supplied sparse image, a buffer overflow vulnerability could occur if the sparse header block size is equal to 4294967296...

Buffer overflow

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing a user supplied sparse image, a buffer overflow vulnerability could occur if the sparse header block size is equal to 4294967296...

Design/Logic Flaw

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing sparse image, uninitialized heap memory can potentially be flashed due to the lack of validation of sparse image block header size...

CVE-2017-11079

Technical details for CVE-2017-11079 are not publicly available in the provided documents. Monitor for updates from authoritative sources.

CVE-2017-11079

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing sparse image, uninitialized heap memory can potentially be flashed due to the lack of validation of sparse image block header size...

MsMpEng: UIF decoder will spin forever processing sparse blocks

The UIF Universal Image Format is a proprietary file format used by the old shareware utility MagicISO. Microsoft have a dedicated unpacker for UIF that runs as SYSTEM on all filesystem activity !?!. The UIF format has an index structure at a fixed offset from the end of the file, with a pointer ...

CVE-2015-8888

CVE-2015-8888 affects the Qualcomm component in Android on Nexus 5. An integer overflow in the file app/aboot/aboot.c can be triggered by crafted block count and block size in a sparse header, allowing bypass of access restrictions. This is tied to Android prior to 2016-07-05 (Android bug 2882246...

nodejs-qs: Denial-of-Service Memory Exhaustion

The nodejs-qs module has the ability to create sparse arrays during parsing. By specifying a high index in a querystring parameter it is possible to create a large array that will eventually take up all the allocated memory of the running process, resulting in a crash...

[SECURITY] Fedora 21 Update: MUMPS-5.0.1-4.fc21

MUMPS implements a direct solver for large sparse linear systems, with a particular focus on symmetric positive definite matrices. It can operate on distributed matrices e.g. over a cluster. It has Fortran and C interfaces, and can interface with ordering tools such as Scotch...

[SECURITY] Fedora 23 Update: MUMPS-5.0.1-4.fc23

MUMPS implements a direct solver for large sparse linear systems, with a particular focus on symmetric positive definite matrices. It can operate on distributed matrices e.g. over a cluster. It has Fortran and C interfaces, and can interface with ordering tools such as Scotch...

[SECURITY] Fedora 21 Update: metis-5.1.0-7.fc21

METIS is a set of serial programs for partitioning graphs, partitioning finite element meshes, and producing fill reducing orderings for sparse matrices. The algorithms implemented in METIS are based on the multilevel recursive-bisection, multilevel k-way, and multi-constraint partitioning scheme...

[SECURITY] Fedora 23 Update: metis-5.1.0-7.fc23

METIS is a set of serial programs for partitioning graphs, partitioning finite element meshes, and producing fill reducing orderings for sparse matrices. The algorithms implemented in METIS are based on the multilevel recursive-bisection, multilevel k-way, and multi-constraint partitioning scheme...