Security
Headlines
HeadlinesLatestCVEs

Tag

#dos

CVE-2021-46239: Invalid free in MP4Box · Issue #2026 · gpac/gpac

The binary MP4Box in GPAC v1.1.0 was discovered to contain an invalid free vulnerability via the function gf_free () at utils/alloc.c. This vulnerability can lead to a Denial of Service (DoS).

CVE
Open in Source
#vulnerability#linux#dos#js#git
CVE-2021-46238: stack overflow in gf_node_get_name () at scenegraph/base_scenegraph.c:1293 · Issue #2027 · gpac/gpac

GPAC v1.1.0 was discovered to contain a stack overflow via the function gf_node_get_name () at scenegraph/base_scenegraph.c. This vulnerability can lead to a program crash, causing a Denial of Service (DoS).

CVE-2021-46243: Untrusted Pointer Dereference in H5O__dtype_decode_helper () at hdf5/src/H5Odtype.c:499 · Issue #1326 · HDFGroup/hdf5

An untrusted pointer dereference vulnerability exists in HDF5 v1.13.1-1 via the function H5O__dtype_decode_helper () at hdf5/src/H5Odtype.c. This vulnerability can lead to a Denial of Service (DoS).

CVE-2021-46237: Untrusted pointer dereference in gf_node_unregister () at scenegraph/base_scenegraph.c:710 · Issue #2033 · gpac/gpac

An untrusted pointer dereference vulnerability exists in GPAC v1.1.0 via the function gf_node_unregister () at scenegraph/base_scenegraph.c. This vulnerability can lead to a Denial of Service (DoS).

CVE-2021-46236: Null Pointer Dereference in gf_sg_vrml_field_pointer_del () at scenegraph/vrml_tools.c:667 · Issue #2024 · gpac/gpac

A NULL pointer dereference vulnerability exists in GPAC v1.1.0 via the function gf_sg_vrml_field_pointer_del () at scenegraph/vrml_tools.c. This vulnerability can lead to a Denial of Service (DoS).

CVE-2021-46240: Null Pointer Dereference in gf_dump_vrml_sffield () at scene_manager/scene_dump.c:588 · Issue #2028 · gpac/gpac

A NULL pointer dereference vulnerability exists in GPAC v1.1.0 via the function gf_dump_vrml_sffield () at scene_manager/scene_dump.c. This vulnerability can lead to a Denial of Service (DoS).

CVE-2021-23518: Snyk Vulnerability Database | Snyk

The package cached-path-relative before 1.1.0 are vulnerable to Prototype Pollution via the cache variable that is set as {} instead of Object.create(null) in the cachedPathRelative function, which allows access to the parent prototype properties when the object is used to create the cached relative path. When using the origin path as __proto__, the attribute of the object is accessed instead of a path. **Note:** This vulnerability derives from an incomplete fix in https://security.snyk.io/vuln/SNYK-JS-CACHEDPATHRELATIVE-72573

CVE-2021-4032: mishandling of memory error during VCPU construction can lead to DoS

A vulnerability was found in the Linux kernel's KVM subsystem in arch/x86/kvm/lapic.c kvm_free_lapic when a failure allocation was detected. In this flaw the KVM subsystem may crash the kernel due to mishandling of memory errors that happens during VCPU construction, which allows an attacker with special user privilege to cause a denial of service. This flaw affects kernel versions prior to 5.15 rc7.

CVE-2020-4879: Security Bulletin: IBM Cognos Controller has addressed multiple vulnerabilities

IBM Cognos Controller 10.4.0, 10.4.1, and 10.4.2 could allow a remote attacker to bypass security restrictions, caused by improper validation of authentication cookies. IBM X-Force ID: 190847.

CVE-2021-44738: Lexmark Security Advisories

Buffer overflow vulnerability has been identified in Lexmark devices through 2021-12-07 in postscript interpreter.