RSS   Vulnerabilities for 'LEAP'   RSS

2022-01-06
 
CVE-2021-46141

CWE-416
 

 
An issue was discovered in uriparser before 0.9.6. It performs invalid free operations in uriFreeUriMembers and uriMakeOwner.

 
 
CVE-2021-46142

CWE-416
 

 
An issue was discovered in uriparser before 0.9.6. It performs invalid free operations in uriNormalizeSyntax.

 
2021-02-09
 
CVE-2021-26676

NVD-CWE-noinfo
 

 
gdhcp in ConnMan before 1.39 could be used by network-adjacent attackers to leak sensitive stack information, allowing further exploitation of bugs in gdhcp.

 
 
CVE-2021-26675

CWE-787
 

 
A stack-based buffer overflow in dnsproxy in ConnMan before 1.39 could be used by network adjacent attackers to execute code.

 
2020-11-03
 
CVE-2020-16008

CWE-787
 

 
Stack buffer overflow in WebRTC in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit stack corruption via a crafted WebRTC packet.

 
 
CVE-2020-16007

CWE-20
 

 
Insufficient data validation in installer in Google Chrome prior to 86.0.4240.183 allowed a local attacker to potentially elevate privilege via a crafted filesystem.

 
2020-10-29
 
CVE-2020-14323

CWE-476
 

 
A null pointer dereference flaw was found in samba's Winbind service in versions before 4.11.15, before 4.12.9 and before 4.13.1. A local user could use this flaw to crash the winbind service causing denial of service.

 
2020-10-22
 
CVE-2020-15683

NVD-CWE-noinfo
 

 
Mozilla developers and community members reported memory safety bugs present in Firefox 81 and Firefox ESR 78.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 78.4, Firefox < 82, and Thunderbird < 78.4.

 
2020-10-16
 
CVE-2020-25829

NVD-CWE-noinfo
 

 
An issue has been found in PowerDNS Recursor before 4.1.18, 4.2.x before 4.2.5, and 4.3.x before 4.3.5. A remote attacker can cause the cached records for a given name to be updated to the Bogus DNSSEC validation state, instead of their actual DNSSEC Secure state, via a DNS ANY query. This results in a denial of service for installation that always validate (dnssec=validate), and for clients requesting validation when on-demand validation is enabled (dnssec=process).

 
2020-09-30
 
CVE-2020-14377

CWE-125
 

 
A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. A complete lack of validation of attacker-controlled parameters can lead to a buffer over read. The results of the over read are then written back to the guest virtual machine memory. This vulnerability can be used by an attacker in a virtual machine to read significant amounts of host memory. The highest threat from this vulnerability is to data confidentiality and system availability.

 


Copyright 2022, cxsecurity.com

 

Back to Top