7654 matches found
CVE-2024-40841
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Sonoma 14.7, macOS Sequoia 15. Processing a maliciously crafted video file may lead to unexpected app termination...
CVE-2024-44161
CVE-2024-44161 is an out-of-bounds read vulnerability in macOS texture processing that could cause an application to terminate if a maliciously crafted texture is processed. The issue is mitigated by improved bounds checking and is fixed in macOS Ventura 13.7, macOS Sonoma 14.7, and macOS Sequoia...
CVE-2024-44161
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Ventura 13.7, macOS Sonoma 14.7, macOS Sequoia 15. Processing a maliciously crafted texture may lead to unexpected app termination...
CVE-2024-44161
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Sequoia 15, macOS Sonoma 14.7, macOS Ventura 13.7. Processing a maliciously crafted texture may lead to unexpected app termination...
CVE-2024-44176
CVE-2024-44176 describes an out-of-bounds access leading to a denial-of-service when processing an image. Affected products include macOS Ventura 13.7; macOS Sequoia 15; macOS Sonoma 14.7; iOS 17.7 and iPadOS 17.7; iOS 18 and iPadOS 18; visionOS 2; watchOS 11; tvOS 18. Remediation is via software...
CVE-2024-40841
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Sequoia 15, macOS Sonoma 14.7. Processing a maliciously crafted video file may lead to unexpected app termination...
CVE-2024-40841
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Sonoma 14.7, macOS Sequoia 15. Processing a maliciously crafted video file may lead to unexpected app termination...
CVE-2024-40841
CVE-2024-40841 is an out-of-bounds write vulnerability affecting macOS components (notably Apple Graphics/AppleVA) where processing a maliciously crafted video can cause an app to terminate. The issue is fixed in macOS Sonoma 14.7 and macOS Sequoia 15 via improved bounds/memory handling. Root cau...
CVE-2024-45801
A flaw was found in DOMPurify. This issue may allow an attacker to use specially-crafted HTML to bypass the depth checking or use Prototype Pollution to weaken the depth check, which can lead to cross site scripting XSS attacks. Mitigation Mitigation for this issue is either not available or the...
CVE-2024-45801
DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. It has been discovered that malicious HTML using special nesting techniques can bypass the depth checking added to DOMPurify in recent releases. It was also possible to use Prototype Pollution to weaken the...
CVE-2024-45801 Tampering by prototype polution in DOMPurify
DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. It has been discovered that malicious HTML using special nesting techniques can bypass the depth checking added to DOMPurify in recent releases. It was also possible to use Prototype Pollution to weaken the...
CVE-2024-45801
DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. It has been discovered that malicious HTML using special nesting techniques can bypass the depth checking added to DOMPurify in recent releases. It was also possible to use Prototype Pollution to weaken the...
USN-7012-1: curl vulnerability
Hiroki Kurosawa discovered that curl incorrectly handled certain OCSP responses. This could result in bad certificates not being checked properly, contrary to expectations...
Google Android elevation of privilege vulnerability (CNVD-2024-45225)
Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability caused by a lack of privilege checking in CreateofSettingsHomepageActivity.java, which can be exploited by an attacker to gain elevated privileges on the...
MPlayer Lite r33064 Buffer Overflow
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'MPlayer Lite M3U Buffer Overflow', 'Description' = %q This module exploits a stack-based buffer overflow vulnerability in MPlayer Lite r33064,...
CVE-2024-45023
In the Linux kernel, the following vulnerability has been resolved: md/raid1: Fix data corruption for degraded array with slow disk readbalance will avoid reading from slow disks as much as possible, however, if valid data only lands in slow disks, and a new normal disk is still in recovery,...
CVE-2024-45023 md/raid1: Fix data corruption for degraded array with slow disk
In the Linux kernel, the following vulnerability has been resolved: md/raid1: Fix data corruption for degraded array with slow disk readbalance will avoid reading from slow disks as much as possible, however, if valid data only lands in slow disks, and a new normal disk is still in recovery,...
usb: atm: cxacru: fix endpoint checking in cxacru_bind()
...
comedi: vmk80xx: fix incomplete endpoint checking
...
CVE-2024-24972
Buffer Copy without Checking Size of Input CWE-120 in the Controller 6000 and Controller 7000 diagnostic web interface allows an authorised and authenticated operator to reboot the Controller, causing a Denial of Service. Gallagher recommend the diagnostic web page is not enabled default is off...