PT-2024-13091 · Qualcomm · Snapdragon +133

Name of the Vulnerable Software and Affected Versions: No specific software or versions mentioned. Description: The issue involves memory corruption that occurs when parsing an invalid mp2 clip in a video. Recommendations: At the moment, there is no information about a newer version that contains...

LibTIFF Denial of Service Vulnerability (CNVD-2024-06436)

LibTIFF is a library for reading and writing TIFF Tagged Image File Format files. The library contains some command line tools for working with TIFF files. A denial of service vulnerability exists in LibTIFF, which stems from an out-of-memory issue that can be exploited by a remote attacker to...

EulerOS 2.0 SP10 : glibc (EulerOS-SA-2023-3177)

According to the versions of the glibc packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A flaw was found in glibc. In an uncommon situation, the gaihinet function may use memory that has been freed, resulting in an application crash...

USN-6563-1 thunderbird vulnerabilities

Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass security restrictions, cross-site tracing,...

USN-6562-1 firefox vulnerabilities

Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code.CVE-2023-6865, CVE-2023-6857,...

The vulnerability of the NodeManagerOpcUa object handler of the Unified Automation UaGateway software migration tool allows a attacker to execute arbitrary code.

The vulnerability of the NodeManagerOpcUa object handler in the Unified Automation UaGateway migration software lies in the possibility of exploiting memory after it is released. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

PT-2023-35645 · Git +1 · Libavc

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a crash caused by a check failure, specifically in the CheckUnwind function, which leads to a call to iv aligned free and then...

LibTIFF Security Vulnerability

LibTIFF is a library for reading and writing TIFF Tagged Image File Format files. The library contains some command line tools for working with TIFF files. A security vulnerability exists in LibTIFF, which stems from a lack of memory, where passing a carefully crafted tiff file to the TIFFOpen AP...

USN-6467-1 krb5 vulnerability

Robert Morris discovered that Kerberos did not properly handle memory access when processing RPC data through kadmind, which could lead to the freeing of uninitialized memory. An authenticated remote attacker could possibly use this issue to cause kadmind to crash, resulting in a denial of servic...

era-compiler-vyper security vulnerability

era-compiler-vyper is the EraVM Vyper compiler. A security vulnerability exists in versions of era-compiler-vyper prior to 1.3.10, which stems from the presence of a memory issue...

CVE-2023-45664

stbimage is a single file MIT licensed library for processing images. A crafted image file can trigger stbiloadgifmainoutofmem attempt to double-free the out variable. This happens in stbiloadgifmain because when the layers stride value is zero the behavior is implementation defined, but common...

PT-2023-8852 · Vim +6 · Vim +6

Name of the Vulnerable Software and Affected Versions: vim versions prior to 9.0.2010 Description: The issue is related to a Use After Free vulnerability in the buf contents changed function of the vim text editor, which is associated with the use of memory after it has been freed. Exploitation o...

USN-6404-1 firefox vulnerabilities

Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. CVE-2023-5169, CVE-2023-5170,...

PYSEC-2023-188

When deserializing untrusted or corrupted data, it is possible for a reader to consume memory beyond the allowed constraints and thus lead to out of memory on the system.This issue affects Java applications using Apache Avro Java SDK up to and including 1.11.2. Users should update to apache-avro...

MGASA-2023-0263 Updated curl packages fix security vulnerability

TELNET option IAC injection. CVE-2023-27533 SFTP path resolving discrepancy. CVE-2023-27534 FTP too eager connection reuse. CVE-2023-27535 GSS delegation too eager connection re-use. CVE-2023-27536 HSTS double free. CVE-2023-27537 SSH connection too eager reuse still. CVE-2023-27538 UAF in SSH...

The vulnerability of the open_stream function in the file conversion utility for files with the .fig and .fig2dev extensions allows a malicious actor to cause a service failure by writing beyond the buffer boundaries in memory.

The vulnerability of the openstream function in the file conversion utility for files with the .fig and .fig2dev extensions is related to writing beyond the buffer boundaries in memory. Exploiting this vulnerability could allow an attacker to cause a service failure...

USN-6368-1 thunderbird vulnerabilities

Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass security restrictions, cross-site tracing,...

CVE-2023-30800 MikroTik RouterOS Web Interface Heap Corruption

The web server used by MikroTik RouterOS version 6 is affected by a heap memory corruption issue. A remote and unauthenticated attacker can corrupt the server's heap memory by sending a crafted HTTP request. As a result, the web interface crashes and is immediately restarted. The issue was fixed ...

DEBIAN-CVE-2020-19724

A memory consumption issue in getdata function in binutils/nm.c in GNU nm before 2.34 allows attackers to cause a denial of service via crafted command...

UBUNTU-CVE-2020-19724

A memory consumption issue in getdata function in binutils/nm.c in GNU nm before 2.34 allows attackers to cause a denial of service via crafted command...