Lucene search
K

114 matches found

Veracode
Veracode
added 2019/05/02 5:12 a.m.30 views

Buffer Overflow

The X11 Xorg libraries provide library routines that are used within all X Window applications. Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in the way various X11 client libraries handled certain protocol data. An attacker able to submit invalid protocol da...

6.8CVSS10.2AI score0.04282EPSS
Exploits0References15Affected Software6
Veracode
Veracode
added 2018/07/06 1:56 a.m.24 views

Remote Code Execution (RCE)

microsoft.chakracore is vulnerable to remote code execution attacks. This can happen because it does not prevent the StackScriptFunction::BoxState::Box from accessing uninitialized pointers. This CVE ID is different from CVE-2017-11792, CVE-2017-11793, CVE-2017-11796, CVE-2017-11797,...

7.5CVSS7.8AI score0.69163EPSS
Exploits20References6Affected Software2
OSV
OSV
added 2018/06/05 1:29 p.m.0 views

DEBIAN-CVE-2018-11743

The initcopy function in kernel.c in mruby 1.4.1 makes initializecopy calls for TTICLASS objects, which allows attackers to cause a denial of service mrbhashkeys uninitialized pointer and application crash or possibly have unspecified other impact...

9.8CVSS7.3AI score0.02203EPSS
Exploits1References1
0day.today
0day.today
added 2018/01/09 12:0 a.m.56 views

Microsoft Edge Chakra JIT - Escape Analysis Bug Exploit

Exploit for windows platform in category dos / poc / Escape analysis: https://en.wikipedia.org/wiki/Escapeanalysis Chakra fails to detect if "tmp" escapes the scope, allocates it to the stack. This may lead to dereference uninitialized stack values. PoC: / function opt let tmp = ; tmp0 = tmp;...

7.6CVSS7.8AI score0.62646EPSS
Exploits3
exploitpack
exploitpack
added 2017/10/17 12:0 a.m.8 views

Microsoft Edge Chakra - StackScriptFunction::BoxState::Box Accesses to Uninitialized Pointers (Denial of Service)

Microsoft Edge Chakra - StackScriptFunction::BoxState::Box Accesses to Uninitialized Pointers Denial of Service / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1338 Here's a snippet of the method that interprets a javascript function's bytecode. Js::Var...

0.6AI score
Exploits0
Exploit DB
Exploit DB
added 2017/10/17 12:0 a.m.41 views

Microsoft Edge Chakra - 'StackScriptFunction::BoxState::Box' Accesses to Uninitialized Pointers (Denial of Service)

/ Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1338 Here's a snippet of the method that interprets a javascript function's bytecode. Js::Var Js::InterpreterStackFrame::INTERPRETERLOOPNAME PROBESTACKscriptContext, Js::Constants::MinStackInterpreter; closureInitDone...

7.4AI score
Exploits0
0day.today
0day.today
added 2017/10/15 12:0 a.m.63 views

Microsoft Edge Chakra StackScriptFunction::BoxState::Box Uninitialized Pointers Exploit

Exploit for windows platform in category dos / poc Microsoft Edge: Chakra: Accesses to uninitialized pointers in StackScriptFunction::BoxState::Box CVE-2017-11809 Here's a snippet of the method that interprets a javascript function's bytecode. Js::Var Js::InterpreterStackFrame::INTERPRETERLOOPNAM...

7.6CVSS7.8AI score0.68027EPSS
Exploits3
Packet Storm
Packet Storm
added 2017/10/14 12:0 a.m.73 views

Microsoft Edge Chakra StackScriptFunction::BoxState::Box Uninitialized Pointers

Microsoft Edge: Chakra: Accesses to uninitialized pointers in StackScriptFunction::BoxState::Box CVE-2017-11809 Here's a snippet of the method that interprets a javascript function's bytecode. Js::Var Js::InterpreterStackFrame::INTERPRETERLOOPNAME PROBESTACKscriptContext,...

0.68027EPSS
Exploits3
CNVD
CNVD
added 2017/02/22 12:0 a.m.3 views

Autodesk FBX-SDK Security Bypass Vulnerability

Autodesk FBX-SDK is a free software development platform and API toolkit for C++ from Autodesk. A security vulnerability exists in Autodesk FBX-SDK 2017.0 and earlier versions. An attacker can exploit the vulnerability to gain access to uninitialized pointers...

9.8CVSS7AI score0.01204EPSS
Exploits0References1
OSV
OSV
added 2017/01/25 7:59 p.m.8 views

CVE-2016-9305

Improper handling in the Autodesk FBX-SDK before 2017.1 of type mismatches and previously deleted objects related to reading and converting malformed FBX format files can allow attackers to gain access to uninitialized pointers...

9.8CVSS5.8AI score0.01204EPSS
Exploits0References2
NVD
NVD
added 2017/01/25 7:59 p.m.17 views

CVE-2016-9305

Improper handling in the Autodesk FBX-SDK before 2017.1 of type mismatches and previously deleted objects related to reading and converting malformed FBX format files can allow attackers to gain access to uninitialized pointers...

9.8CVSS9.6AI score0.01204EPSS
Exploits0References2
Prion
Prion
added 2017/01/25 7:59 p.m.16 views

Input validation

Improper handling in the Autodesk FBX-SDK before 2017.1 of type mismatches and previously deleted objects related to reading and converting malformed FBX format files can allow attackers to gain access to uninitialized pointers...

7.5CVSS7.4AI score0.01204EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2017/01/25 7:0 p.m.22 views

CVE-2016-9305

Improper handling in the Autodesk FBX-SDK before 2017.1 of type mismatches and previously deleted objects related to reading and converting malformed FBX format files can allow attackers to gain access to uninitialized pointers...

9.7AI score0.01204EPSS
Exploits0References2
CVE
CVE
added 2017/01/25 7:0 p.m.42 views

CVE-2016-9305

The CVE 2016-9305 entry concerns Autodesk FBX-SDK prior to 2017.1 where improper handling of type mismatches and deleted objects while reading/converting malformed FBX files can lead to access to uninitialized pointers. This vulnerability is described across multiple sources (including CNVD and N...

9.8CVSS9.5AI score0.01204EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2016/07/05 12:0 a.m.5 views

The vulnerability of the Apple QuickTime multimedia package, which allows a malicious attacker to execute arbitrary code or cause a service failure.

Apple QuickTime software contains a vulnerability related to the absence of initialization for pointers. Exploiting this vulnerability allows an unauthorized attacker to execute arbitrary code or cause a system failure by using a specially crafted list of paths in the video file...

9.3CVSS5.9AI score0.03583EPSS
Exploits1References4Affected Software1
CNVD
CNVD
added 2015/04/15 12:0 a.m.2 views

Chrony Memory Corruption Vulnerability

Chrony is a tool for computer time synchronization that implements the NTP protocol and can be used as both a client-side and a server-side program, which is particularly suitable for maintaining computer time accuracy in environments without network connectivity. Chrony has uninitialized pointer...

6.5CVSS7AI score0.02957EPSS
Exploits0References1
securityvulns
securityvulns
added 2015/01/14 12:0 a.m.54 views

Microsoft Office multiple security vulnerabilities

Memory corruptions, index overflows, use-after-free, uninitialized pointers...

9.3CVSS4.8AI score0.19378EPSS
Exploits0Affected Software1
Amazon
Amazon
added 2014/11/22 12:0 a.m.36 views

Medium: libX11, libXcursor, libXfixes, libXi, libXrandr, libXrender, libXres, libXt, libXv, libXvMC, libXxf86dga, libXxf86vm, libdmx, xorg-x11-proto-devel

Issue Overview: Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in the way various X11 client libraries handled certain protocol data. An attacker able to submit invalid protocol data to an X11 server via a malicious X11 client could use either of these flaws t...

6.8CVSS9.5AI score0.03082EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2014/10/13 9:6 p.m.5 views

libXt: Memory corruption due to unchecked use of unchecked function pointers

A flaw was found in the way the X.Org X11 libXt runtime library used uninitialized pointers. A malicious X11 server could possibly use this flaw to execute arbitrary code with the privileges of the user running an X11 client...

6.8CVSS7.7AI score0.02084EPSS
Exploits0References5
FreeBSD
FreeBSD
added 2012/07/31 12:0 a.m.29 views

Several vulnerabilities found in IcedTea-Web

The IcedTea project team reports: CVE-2012-3422: Use of uninitialized instance pointers An uninitialized pointer use flaw was found in IcedTea-Web web browser plugin. A malicious web page could use this flaw make IcedTea-Web browser plugin pass invalid pointer to a web browser. Depending on the...

7.5CVSS9.5AI score0.06172EPSS
Exploits1References1
Rows per page
Query Builder