4525 matches found
Design/Logic Flaw
The graphics acceleration service has a vulnerability in multi-thread access to the database.Successful exploitation of this vulnerability may cause service exceptions...
CVE-2022-29790
The graphics acceleration service has a vulnerability in multi-thread access to the database.Successful exploitation of this vulnerability may cause service exceptions...
CVE-2022-29790
Huawei HarmonyOS exposes a vulnerability in the graphics acceleration service where multi-threaded access to the graphics database can lead to service exceptions. The issue is described across multiple feeds (including Red Hat and CNVD entries) as a multi-thread access flaw in the graphics compon...
Apache Traffic Control vulnerable to Slowloris-style Denial of Service attack
The Traffic Router component of the incubating Apache Traffic Control project is vulnerable to a Slowloris style Denial of Service attack. TCP connections made on the configured DNS port will remain in the ESTABLISHED state until the client explicitly closes the connection or Traffic Router is...
GHSA-F2WR-C4C4-XJG7 Apache Traffic Control vulnerable to Slowloris-style Denial of Service attack
The Traffic Router component of the incubating Apache Traffic Control project is vulnerable to a Slowloris style Denial of Service attack. TCP connections made on the configured DNS port will remain in the ESTABLISHED state until the client explicitly closes the connection or Traffic Router is...
NewStart CGSL MAIN 6.02 : libwebp Multiple Vulnerabilities (NS-SA-2022-0065)
The remote NewStart CGSL host, running version MAIN 6.02, has libwebp packages installed that are affected by multiple vulnerabilities: - A flaw was found in libwebp in versions before 1.0.1. A heap-based buffer overflow was found in PutLE16. The highest threat from this vulnerability is to data...
squirrel 缓冲区错误漏洞
squirrel is the stable version of the programming language SQUIRREL 3.2. A security vulnerability exists in squirrel version 3.2, which stems from the lack of a specific sqreservestack call to threadcall in sqbaselib.cpp. No detailed vulnerability details are currently available...
PT-2022-20051 · Squirrel +1 · Squirrel +1
Name of the Vulnerable Software and Affected Versions: SQUIRREL version 3.2 Description: The issue is a heap-based buffer overflow in sqbaselib.cpp due to the lack of a certain sq reservestack call. This occurs in the thread call function. There is no information provided about the estimated numb...
GHSA-XH22-FW58-56PP Robocode Arbitrary Code Execution
The Event Dispatch Thread in Robocode before 1.5.1 allows remote attackers to execute arbitrary Java code by using a robot to invoke the SwingUtilities.invokeLater method...
Robocode Arbitrary Code Execution
The Event Dispatch Thread in Robocode before 1.5.1 allows remote attackers to execute arbitrary Java code by using a robot to invoke the SwingUtilities.invokeLater method...
Cybercriminals Using New Malware Loader 'Bumblebee' in the Wild
Cybercriminal actors previously observed delivering BazaLoader and IcedID as part of their malware campaigns are said to have transitioned to a new loader called Bumblebee that's under active development. "Based on the timing of its appearance in the threat landscape and use by multiple...
log4j-core: DoS in log4j 2.x with Thread Context Map (MDC) input data contains a recursive lookup and context lookup pattern
A flaw was found in the Apache Log4j logging library 2.x. when the logging configuration uses a non-default Pattern Layout with a Context Lookup. Attackers with control over Thread Context Map MDC input data can craft malicious input data that contains a recursive lookup and can cause Denial of...
CVE-2022-24070
A use-after-free vulnerability was found in Subversion in the moddavsvn Apache HTTP server HTTPd module. While looking up path-based authorization authz rules, multiple calls to the postconfig hook can invalidate cached pointers to object-pools, which Subversion subsequently uses. This issue...
Mozilla: Use-after-free in NSSToken objects
A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of NSSToken objects referenced via direct points that could have been accessed unsafely on different threads, leading to a use-after-free and potentially exploitable crash...
Mozilla: Use-after-free in NSSToken objects
A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of NSSToken objects referenced via direct points that could have been accessed unsafely on different threads, leading to a use-after-free and potentially exploitable crash...
Mozilla: Use-after-free in NSSToken objects
A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of NSSToken objects referenced via direct points that could have been accessed unsafely on different threads, leading to a use-after-free and potentially exploitable crash...
log4j-core: DoS in log4j 2.x with Thread Context Map (MDC) input data contains a recursive lookup and context lookup pattern
A flaw was found in the Apache Log4j logging library 2.x. when the logging configuration uses a non-default Pattern Layout with a Context Lookup. Attackers with control over Thread Context Map MDC input data can craft malicious input data that contains a recursive lookup and can cause Denial of...
log4j-core: DoS in log4j 2.x with thread context message pattern and context lookup pattern (incomplete fix for CVE-2021-44228)
A flaw was found in the Apache Log4j logging library in versions from 2.0.0 and before 2.16.0. A remote attacker with control over Thread Context Map MDC input data could craft malicious input using a JNDI Lookup pattern resulting in remote code execution RCE in a limited number of environments...
Mozilla: Use-after-free in NSSToken objects
A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of NSSToken objects referenced via direct points that could have been accessed unsafely on different threads, leading to a use-after-free and potentially exploitable crash...
Mozilla: Use-after-free in NSSToken objects
A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of NSSToken objects referenced via direct points that could have been accessed unsafely on different threads, leading to a use-after-free and potentially exploitable crash...