662 matches found
SUSE CVE-2023-4575
When creating a callback over IPC for showing the File Picker window, multiple of the same callbacks could have been created at a time and eventually all simultaneously destroyed as soon as one of the callbacks finished. This could have led to a use-after-free causing a potentially exploitable...
UBUNTU-CVE-2023-4575
When creating a callback over IPC for showing the File Picker window, multiple of the same callbacks could have been created at a time and eventually all simultaneously destroyed as soon as one of the callbacks finished. This could have led to a use-after-free causing a potentially exploitable...
Mozilla Firefox 资源管理错误漏洞
Mozilla Firefox is an open source web browser from the Mozilla Foundation. Mozilla Firefox suffers from a Resource Management Error vulnerability that stems from the fact that when creating callbacks via IPC to display a file chooser window, multiple identical callbacks may be created at the same...
UBUNTU-CVE-2023-4574
When creating a callback over IPC for showing the Color Picker window, multiple of the same callbacks could have been created at a time and eventually all simultaneously destroyed as soon as one of the callbacks finished. This could have led to a use-after-free causing a potentially exploitable...
Mozilla Firefox 资源管理错误漏洞
Mozilla Firefox is an open source web browser from the Mozilla Foundation. Mozilla Firefox suffers from a resource management error vulnerability that stems from the fact that when creating a callback to display a color picker window via IPC, multiple identical callbacks may be created...
Reentrancy vulnerability in SGLLendingCommon._removeCollateral
Lines of code Vulnerability details Impact This vulnerability could allow an attacker to withdraw collateral from the SGLLendingCommon contract without actually removing it. This could result in a loss of funds for the lender. Proof of Concept The SGLLendingCommon.removeCollateral function is...
CVE-2023-3603
A missing allocation check in sftp server processing read requests may cause a NULL dereference on low-memory conditions. The malicious client can request up to 4GB SFTP reads, causing allocation of up to 4GB buffers, which was not being checked for failure. This will likely crash the authenticat...
Ubuntu: Security Advisory (USN-6237-2)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
The last error in swap.go#swapCoins() was not handled correctly.
Lines of code Vulnerability details Impact If the last statement of the swapCoins function returns an error, the swap is only half completed, i.e. only the user's assets are deducted transferred to the pool, but the user's bought assets are not sent to the user, resulting in a loss of the user's...
CVE-2023-34166
Vulnerability of system restart triggered by abnormal callbacks passed to APIs.Successful exploitation of this vulnerability may cause the system to restart...
CVE-2023-34166
Vulnerability of system restart triggered by abnormal callbacks passed to APIs.Successful exploitation of this vulnerability may cause the system to restart...
CVE-2023-34166
Vulnerability of system restart triggered by abnormal callbacks passed to APIs.Successful exploitation of this vulnerability may cause the system to restart...
CVE-2023-34166
Vulnerability of system restart triggered by abnormal callbacks passed to APIs.Successful exploitation of this vulnerability may cause the system to restart...
CVE-2023-34166
CVE-2023-34166 is linked to Huawei HarmonyOS in the provided documents. The Huawei/CNNVD entry describes a vulnerability in which an interface pass-in exception callback to APIs can cause a system reboot by an attacker. The NVD entry lists a CVSSv3.1 base score of 7.5 (Network, Low attack complex...
CVE-2023-34166
Vulnerability of system restart triggered by abnormal callbacks passed to APIs.Successful exploitation of this vulnerability may cause the system to restart...
Acheron - Indirect Syscalls For AV/EDR Evasion In Go Assembly
Acheron is a library inspired by SysWhisper3/FreshyCalls/RecycledGate, with most of the functionality implemented in Go assembly. acheron package can be used to add indirect syscall capabilities to your Golang tradecraft, to bypass AV/EDRs that makes use of usermode hooks and instrumentation...
kernel: scsi: target: iscsi: Fix a race condition between login_work and the login thread
In the Linux kernel, the following vulnerability has been resolved: scsi: target: iscsi: Fix a race condition between loginwork and the login thread In case a malicious initiator sends some random data immediately after a login PDU; the iscsitargetskdataready callback will schedule the loginwork...
kernel: netfilter: nf_tables: netlink notifier might race to release objects
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: netlink notifier might race to release objects commit release path is invoked via callrcu and it runs lockless to release the objects after rcu grace period. The netlink notifier handler might win race to...
Fedora: Security Advisory for rubygem-activemodel (FEDORA-2023-7002afbbb8)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] Fedora 37 Update: rubygem-activemodel-7.0.4.3-1.fc37
A toolkit for building modeling frameworks like Active Record. Rich support for attributes, callbacks, validations, serialization, internationalization, and testing...