SUSE CVE-2013-4474

Format string vulnerability in the extractPages function in utils/pdfseparate.cc in poppler before 0.24.3 allows remote attackers to cause a denial of service crash via format string specifiers in a destination filename...

SUSE CVE-2017-5442

A use-after-free vulnerability during changes in style when manipulating DOM elements. This results in a potentially exploitable crash. This vulnerability affects Thunderbird 52.1, Firefox ESR 45.9, Firefox ESR 52.1, and Firefox 53...

SUSE CVE-2017-7824

A buffer overflow occurs when drawing and validating elements with the ANGLE graphics library, used for WebGL content. This is due to an incorrect value being passed within the library during checks and results in a potentially exploitable crash. This vulnerability affects Firefox 56, Firefox ESR...

SUSE CVE-2018-12392

When manipulating user events in nested loops while opening a document through script, it is possible to trigger a potentially exploitable crash due to poor event handling. This vulnerability affects Firefox 63, Firefox ESR 60.3, and Thunderbird 60.3...

Mozilla: Use-after-free in WebGL

The Mozilla Foundation Security Advisory describes this flaw as: A missing check related to tex units could have led to a use-after-free and potentially exploitable crash...

bind: memory leaks in EdDSA DNSSEC verification code

A flaw was found in the Bind package, where the DNSSEC verification code for the EdDSA algorithm leaks memory when there is a signature length mismatch. By spoofing the target resolver with responses that have a malformed EdDSA signature, an attacker can trigger a small memory leak, resulting in...

Google Chrome 资源管理错误漏洞

Google Chrome is a web browser from Google, an American company. A memory misreference vulnerability exists in versions of Google Chrome prior to 106.0.5249.62, which stems from a confusion in the instructions responsible for freeing memory in Survey. An attacker could exploit the vulnerability t...

Mozilla: Incoherent instruction cache when building WASM on ARM64

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of inconsistent data in the instruction and data cache when creating wasm code, which could lead to a potentially exploitable crash...

Nginx代码问题漏洞

A denial of service vulnerability exists in Nginx NJS version 0.7.2, which stems from the njsvmcodearray component in /src/njsvmcode.c containing a NULL pointer dereference. An attacker could exploit this vulnerability to cause the program to crash...

SAP 3D Visual Enterprise Viewer 输入验证错误漏洞

SAP 3D Visual Enterprise Viewer is a 3D view viewer from SAP Germany. The software supports publishing 2D and 3D scenes in all industry-standard desktop applications and supports separate installations as standalone executables and ActiveX spaces.SAP 3D Visual Enterprise Viewer is vulnerable to a...

swaylock 安全漏洞

swaylock is a screen locking utility for the Wayland synthesizer. A security vulnerability exists in swaylock versions prior to 1.6. This vulnerability allows an attacker to trigger a crash and gain unlocked access to the Wayland synthesizer...

Oracle MySQL 输入验证错误漏洞

Oracle MySQL is an open source relational database management system from Oracle Corporation. MySQL Cluster is a highly useful, highly redundant version of Oracle MySQL Cluster for distributed computing environments. The vulnerability can be exploited to read the contents of memory or crash the...

CVE-2021-37024

There is a Improper Input Validation vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability will cause kernel crash...

Binary vulnerability in Century Star configuration software of Beijing Century Changqiu Technology Co., Ltd (CNVD-2021-39296)

Century Star is a PC-based HMI configuration software developed by Beijing Century Changqiu Technology Co. A binary vulnerability exists in the Century Star configuration software of Beijing Century Changqiu Technology Co., Ltd. that can be exploited by an attacker to send a well-constructed pack...

DEBIAN-CVE-2021-28904

In function extgetplugin in libyang = v1.0.225, it doesn't check whether the value of revision is NULL. If revision is NULL, the operation of strcmprevision, extpluginsu.revision will lead to a crash...

Exiv2 out-of-bounds read vulnerability (CNVD-2021-31753)

Exiv2 is a cross-platform C++ library and command line utility for managing image metadata. An out-of-bounds read vulnerability exists in Exiv2 0.27.3 and earlier versions. An attacker can exploit this vulnerability to cause Exiv2 to crash via specially crafted image files...

Firefox unity-firefox-extension 安全漏洞

Firefox unity-firefox-extension is a Firefox open source application plug-in . Firefox unity-firefox-extension contains a security vulnerability that can be exploited by attackers to cause Firefox to crash...

Docker Resource Management Error Vulnerability (CNVD-2021-27276)

Docker is an open source application container engine from the American company Docker. It supports creating a container lightweight virtual machine and deploying and running applications on Linux systems, as well as automating the installation, deployment and upgrade of applications through...

Mozilla: Use-after-poison for incorrectly redeclared JavaScript variables during GC

The Mozilla Foundation Security Advisory describes this flaw as: Performing garbage collection on re-declared JavaScript variables resulted in a user-after-poison, and a potentially exploitable crash...

OpenLDAP Denial of Service Vulnerability (CNVD-2021-07937)

OpenLDAP is a free, open source implementation of the Lightweight Directory Access Protocol LDAP. A denial of service vulnerability exists in ldapX509dn2bv in OpenLDAP versions prior to 2.4.57. An attacker can exploit this vulnerability to cause a slapd crash in the X.509 DN resolution of...