OSV-2021-861 Use-of-uninitialized-value in jxl::N_AVX2::FloatToRGBA8

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=35231 Crash type: Use-of-uninitialized-value Crash state: jxl::NAVX2::FloatToRGBA8 jxl::FinalizeImageRect jxl::ThreadPool::RunCallStatejxl::FinalizeFrameDecoding...

OSV-2021-853 Heap-buffer-overflow in jxl::ThreadPool::RunCallState<jxl::ConvertToExternal

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=35172 Crash type: Heap-buffer-overflow WRITE 4 Crash state: jxl::ThreadPool::RunCallStatejxl::ConvertToExternal jpegxl::ThreadParallelRunner::ThreadFunc void std::1::threadproxystd::1::tuplestd::1::uniqueptrstd::1::...

openSUSE: Security Advisory for gstreamer, (openSUSE-SU-2021:0822-1)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Design/Logic Flaw

Puma is a concurrent HTTP 1.1 server for Ruby/Rack applications. The fix for CVE-2019-16770 was incomplete. The original fix only protected existing connections that had already been accepted from having their requests starved by greedy persistent-connections saturating all threads in the same...

CVE-2021-29509

Puma is a concurrent HTTP 1.1 server for Ruby/Rack applications. The fix for CVE-2019-16770 was incomplete. The original fix only protected existing connections that had already been accepted from having their requests starved by greedy persistent-connections saturating all threads in the same...

Keepalive Connections Causing Denial Of Service in puma

Impact The fix for CVE-2019-16770 was incomplete. The original fix only protected existing connections that had already been accepted from having their requests starved by greedy persistent-connections saturating all threads in the same process. However, new connections may still be starved by...

Exploit for Use After Free in Microsoft

CVE-2019-0708-poc CVE-2019-0708 remote code execution vulnerab...

CVE-2018-18443

OpenEXR 2.3.0 has a memory leak in ThreadPool in IlmBase/IlmThread/IlmThreadPool.cpp, as demonstrated by exrmultiview...

CVE-2018-18443

OpenEXR 2.3.0 has a memory leak in ThreadPool in IlmBase/IlmThread/IlmThreadPool.cpp, as demonstrated by exrmultiview...

CVE-2018-18443

OpenEXR 2.3.0 has a memory leak in ThreadPool in IlmBase/IlmThread/IlmThreadPool.cpp, as demonstrated by exrmultiview...

Memory corruption

OpenEXR 2.3.0 has a memory leak in ThreadPool in IlmBase/IlmThread/IlmThreadPool.cpp, as demonstrated by exrmultiview...

CVE-2018-18443

OpenEXR 2.3.0 has a memory leak in ThreadPool in IlmBase/IlmThread/IlmThreadPool.cpp, as demonstrated by exrmultiview...

CVE-2018-18443

OpenEXR 2.3.0 has a memory leak in ThreadPool in IlmBase/IlmThread/IlmThreadPool.cpp, as demonstrated by exrmultiview...

CVE-2018-18443

CVE-2018-18443 affects OpenEXR 2.3.0, with a memory leak in ThreadPool (IlmBase/IlmThread/IlmThreadPool.cpp) demonstrated by exrmultiview. The vulnerability is documented in OpenEXR context and is reflected in vendor advisories that updated ilmbase/OpenEXR packages to fixed releases (e.g., Mageia...

CVE-2009-0080

The ThreadPool class in Windows Vista Gold and SP1, and Server 2008, does not properly implement isolation among a set of distinct processes that 1 all run under the NetworkService account or 2 all run under the LocalService account, which allows local users to gain privileges by leveraging...

Design/Logic Flaw

The ThreadPool class in Windows Vista Gold and SP1, and Server 2008, does not properly implement isolation among a set of distinct processes that 1 all run under the NetworkService account or 2 all run under the LocalService account, which allows local users to gain privileges by leveraging...

CVE-2009-0080

CVE-2009-0080 corresponds to the Windows Thread Pool ACL Weakness: a flaw in the ThreadPool isolation allows local users to elevate privileges by exploiting incorrect thread ACLs in processes that run under NetworkService or LocalService. The connected Microsoft security bulletin MS09-012 confirm...

VulnCheck KEV: CVE-2009-0080

The ThreadPool class in Windows Vista Gold and SP1, and Server 2008, does not properly implement isolation among a set of distinct processes that 1 all run under the NetworkService account or 2 all run under the LocalService account, which allows local users to gain privileges by leveraging...

Icecast Header Overwrite

This module exploits a buffer overflow in the header parsing of icecast versions 2.0.1 and earlier, discovered by Luigi Auriemma. Sending 32 HTTP headers will cause a write one past the end of a pointer array. On win32 this happens to overwrite the saved instruction pointer, and on linux dependin...