chromium -- security fix

Chrome Releases reports: This update includes 1 security fix: 1513379 High CVE-2024-0333: Insufficient data validation in Extensions. Reported by Malcolm Stagg @malcolmst of SODIUM-24, LLC on 2023-12-20...

Google Chrome < 120.0.6099.216 Vulnerability

The version of Google Chrome installed on the remote Windows host is prior to 120.0.6099.216. It is, therefore, affected by a vulnerability as referenced in the 202401stable-channel-update-for-desktop9 advisory. - Insufficient data validation in Extensions in Google Chrome prior to 120.0.6099.216...

Google Chrome < 120.0.6099.216 Vulnerability

The version of Google Chrome installed on the remote macOS host is prior to 120.0.6099.216. It is, therefore, affected by a vulnerability as referenced in the 202401stable-channel-update-for-desktop9 advisory. - Insufficient data validation in Extensions in Google Chrome prior to 120.0.6099.216...

qt5-webengine -- Multiple vulnerabilities

Qt qtwebengine-chromium repo reports: Backports for 8 security bugs in Chromium: 1505053 High CVE-2023-6345: Integer overflow in Skia 1501326 High CVE-2023-6702: Type Confusion in V8 1513170 High CVE-2023-7024: Heap buffer overflow in WebRTC 1501798 High CVE-2024-0222: Use after free in ANGLE...

qt6-webengine -- Multiple vulnerabilities

Qt qtwebengine-chromium repo reports: Backports for 15 security bugs in Chromium: 1505053 High CVE-2023-6345: Integer overflow in Skia 1500856 High CVE-2023-6346: Use after free in WebAudio 1494461 High CVE-2023-6347: Use after free in Mojo 1501326 High CVE-2023-6702: Type Confusion in V8 1502102...

Design/Logic Flaw

A vulnerability has been identified in syngo fastView All versions. The affected application lacks proper validation of user-supplied data when parsing BMP files. This could result in a write-what-where condition and an attacker could leverage this vulnerability to execute code in the context of...

CVE-2021-40367

A vulnerability has been identified in syngo fastView All versions. The affected application lacks proper validation of user-supplied data when parsing DICOM files. This could result in an out-of-bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to...

CVE-2021-45465

A vulnerability has been identified in syngo fastView All versions. The affected application lacks proper validation of user-supplied data when parsing BMP files. This could result in a write-what-where condition and an attacker could leverage this vulnerability to execute code in the context of...

X.Org Server RRChangeOutputProperty Integer Overflow Information Disclosure Vulnerability

This vulnerability allows local attackers to disclose sensitive information on affected installations of X.Org Server. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling...

Kofax Power PDF BMP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of BMP...

Kofax Power PDF OXPS File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of OXP...

SUSE CVE-2023-50229

BlueZ Phone Book Access Profile Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of BlueZ. User interaction is required to exploit this vulnerability in that the target must...

Tenda i29 sysScheduleRebootSet method buffer overflow vulnerability

The Tenda i29 is a wireless router from the Chinese company Tenda. The Tenda i29 suffers from a buffer overflow vulnerability that originates from the rebootTime parameter of the sysScheduleRebootSet method failing to correctly validate the length of the input data, which can be exploited by a...

GLSA-202312-07 : QtWebEngine: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202312-07 QtWebEngine: Multiple Vulnerabilities - Type Confusion in V8 in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. Chromium security severity: High...

The vulnerability of 5G MediaTek wireless communication modules, related to insufficient validation of input data, allows attackers to trigger service interruptions.

The vulnerability of 5G wireless communication modules by MediaTek is related to insufficient verification of input data. Exploiting this vulnerability can allow a remote attacker to cause service failures...

(0Day) BlueZ OBEX Library Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of BlueZ. User interaction is required to exploit this vulnerability in that the target must connect to a malicious Bluetooth device. The specific flaw exists within the handling of OB...

Foxit PDF Reader Doc Out-Of-Bounds Read Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of D...

oFono SMS Decoder Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of oFono. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing of SMS PDUs. The issue results from the lack of proper validation of the length of...

Trimble SketchUp Viewer SKP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsin...

BlueZ Phone Book Access Profile Heap-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of BlueZ. User interaction is required to exploit this vulnerability in that the target must connect to a malicious Bluetooth device. The specific flaw exists within the handling of the Phone...