CWE:
 

Nic nie znaleziono w bazie WLB2


Common Weakness Enumeration (CWE)

CVE
Szczegóły
Opis
2021-12-22
Low
CVE-2021-45261

Vendor: GNU
Software: Patch
 

 
An Invalid Pointer vulnerability exists in GNU patch 2.7 via the another_hunk function, which causes a Denial of Service.

 
2021-11-17
Medium
CVE-2021-3939

Vendor: Canonical
Software: Accountsservice
 

 
Ubuntu-specific modifications to accountsservice (in patch file debian/patches/0010-set-language.patch) caused the fallback_locale variable, pointing to static storage, to be freed, in the user_change_language_authorized_cb function. This is reachable via the SetLanguage dbus function. This is fixed in versions 0.6.55-0ubuntu12~20.04.5, 0.6.55-0ubuntu13.3, 0.6.55-0ubuntu14.1.

 
2021-11-15
Medium
CVE-2020-12963

Updating...
 

 
An insufficient pointer validation vulnerability in the AMD Graphics Driver for Windows may allow unprivileged users to compromise the system.

 
Medium
CVE-2021-42377

Vendor: Busybox
Software: Busybox
 

 
An attacker-controlled pointer free in Busybox's hush applet leads to denial of service and possible code execution when processing a crafted shell command, due to the shell mishandling the &&& string. This may be used for remote code execution under rare conditions of filtered command input.

 
2021-08-05
Medium
CVE-2021-3682

Vendor: QEMU
Software: QEMU
 

 
A flaw was found in the USB redirector device emulation of QEMU in versions prior to 6.1.0-rc2. It occurs when dropping packets during a bulk transfer from a SPICE client due to the packet queue being full. A malicious SPICE client could use this flaw to make QEMU call free() with faked heap chunk metadata, resulting in a crash of QEMU or potential code execution with the privileges of the QEMU process on the host.

 
2021-07-01
Medium
CVE-2020-36404

Updating...
 

 
Keystone Engine 0.9.2 has an invalid free in llvm_ks::SmallVectorImpl<llvm_ks::MCFixup>::~SmallVectorImpl.

 
2021-06-11
Medium
CVE-2021-22760

Vendor: Schneider-electric
Software: Interactive ...
 

 
A CWE-763: Release of invalid pointer or reference vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in loss of data or remote code execution due to missing checks of user-supplied input data, when a malicious CGF file is imported to IGSS Definition.

 
2021-05-06
Medium
CVE-2021-30473

Vendor: Aomedia
Software: Aomedia
 

 
aom_image.c in libaom in AOMedia before 2021-04-07 frees memory that is not located on the heap.

 
2021-04-14
Medium
CVE-2021-24028

Vendor: Facebook
Software: Thrift
 

 
An invalid free in Thrift's table-based serialization can cause the application to crash or potentially result in code execution or other undesirable effects. This issue affects Facebook Thrift prior to v2021.02.22.00.

 
2021-03-23
Medium
CVE-2021-21401

Vendor: Nanopb project
Software: Nanopb
 

 
Nanopb is a small code-size Protocol Buffers implementation in ansi C. In Nanopb before versions 0.3.9.8 and 0.4.5, decoding a specifically formed message can cause invalid `free()` or `realloc()` calls if the message type contains an `oneof` field, and the `oneof` directly contains both a pointer field and a non-pointer field. If the message data first contains the non-pointer field and then the pointer field, the data of the non-pointer field is incorrectly treated as if it was a pointer value. Such message data rarely occurs in normal messages, but it is a concern when untrusted data is parsed. This has been fixed in versions 0.3.9.8 and 0.4.5. See referenced GitHub Security Advisory for more information including workarounds.

 

 


Copyright 2022, cxsecurity.com

 

Back to Top