DEBIAN-CVE-2023-2008

A flaw was found in the Linux kernel's udmabuf device driver. The specific flaw exists within a fault handler. The issue results from the lack of proper validation of user-supplied data, which can result in a memory access past the end of an array. An attacker can leverage this vulnerability to...

SUSE CVE-2023-27349

BlueZ Audio Profile AVRCP Improper Validation of Array Index Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code via Bluetooth on affected installations of BlueZ. User interaction is required to exploit this vulnerability in that the...

The vulnerability of the Microsoft Office software package, related to insufficient validation of input data, allows a hacker to execute arbitrary code.

The vulnerability of the Microsoft Office package is related to insufficient testing of input data. Exploiting this vulnerability could allow an attacker to execute arbitrary code...

The vulnerability of the Microsoft Visual Studio software allows a hacker to execute arbitrary code.

The vulnerability of the Microsoft Visual Studio software development tool is related to insufficient testing of input data. Exploiting this vulnerability could allow an attacker to execute arbitrary code...

Autodesk Maya USD File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk Maya. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of USD...

Adobe Substance 3D Designer USDC File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Substance 3D Designer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Adobe Substance 3D Designer USDC File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Substance 3D Designer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Autodesk Maya USD File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk Maya. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of USD...

The vulnerability of the HTTP-based client profiling function in Cisco IOS XE allows a hacker to trigger a service failure.

The vulnerability of the HTTP-based client profiling function in Cisco IOS XE exists due to insufficient validation of input data. Exploiting this vulnerability can allow a malicious actor to cause service failures remotely...

The vulnerability of the IBM DB2 database management system, related to insufficient validation of input data, allows a hacker to trigger a service failure.

The vulnerability of the IBM DB2 database management system is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to cause a service failure by executing the Load command...

USN-5997-1 ipmitool vulnerability

It was discovered that IPMItool was not properly checking the data received from a remote LAN party. A remote attacker could possibly use this issue to to cause a crash or arbitrary code execution...

CVE-2023-24724

A stored cross site scripting XSS vulnerability was discovered in the user management module of the SAS 9.4 Admin Console, due to insufficient validation and sanitization of data input into the user creation and editing form fields. The product name is SAS Web Administration interface SASAdmin. F...

Microsoft Print 3D OBJ File Parsing Memory Corruption Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Print 3D. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of...

Corel CorelDRAW Graphics Suite buffer overflow vulnerability (CNVD-2023-29422)

Corel CorelDRAW Graphics Suite is a vector graphics editing software from Corel Digital Technology Canada. Corel CorelDRAW Graphics Suite version 23.5.0.506 contains a buffer overflow vulnerability, which stems from a lack of proper validation of user-supplied data when parsing JP2 files and can ...

CVE-2022-43617

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Corel CorelDRAW Graphics Suite 23.5.0.506. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...

CVE-2022-43616

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Corel CorelDRAW Graphics Suite 23.5.0.506. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...

CVE-2022-43612

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Corel CorelDRAW Graphics Suite 23.5.0.506. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fla...

CVE-2022-36977

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche 6.3.2.3490. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the Certificate...

CVE-2022-36978

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche 6.3.2.3490. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the Notification...

CVE-2022-36974

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche 6.3.2.3490. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the Web File...