DEBIAN-CVE-2023-28198

A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 16.4 and iPadOS 16.4, macOS Ventura 13.3. Processing web content may lead to arbitrary code execution...

OESA-2023-1469 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: In multiple functions of binder.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

PT-2023-36236 · Conmon · Conmon

Name of the Vulnerable Software and Affected Versions: conmon versions prior to 2.1.7 Description: The issue concerns conmon, where several bugs have been fixed, including leaking symbolic links in the opt socket path directory, cgroup oom issues, and OOM watcher for cgroupv2 oom kill events. The...

PT-2023-35891 · Git +1 · Ghostscript

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a crash type known as Memcpy-param-overlap. The crash occurs in the following functions: pdfi copy truetype font, pdfi load font,...

PT-2023-25289 · Ashlar Vellum · Ashlar-Vellum Cobalt

Name of the Vulnerable Software and Affected Versions: Ashlar-Vellum Cobalt affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. It requires user interaction, where the target must visit a...

curl: Use-after-free triggered by an HTTP proxy deny response

A vulnerability was found in curl. In this issue, curl can be asked to tunnel all protocols virtually it supports through an HTTP proxy. HTTP proxies can deny these tunnel operations using an appropriate HTTP error response code. When getting denied to tunnel the specific SMB or TELNET protocols,...

OESA-2023-1329 libssh security update

The ssh library was designed to be used by programmers needing a working SSH implementation by the mean of a library. The complete control of the client is made by the programmer. With libssh, you can remotely execute programs, transfer files, use a secure and transparent tunnel for your remote...

OESA-2023-1306 libssh security update

The ssh library was designed to be used by programmers needing a working SSH implementation by the mean of a library. The complete control of the client is made by the programmer. With libssh, you can remotely execute programs, transfer files, use a secure and transparent tunnel for your remote...

OESA-2023-1305 libssh security update

The ssh library was designed to be used by programmers needing a working SSH implementation by the mean of a library. The complete control of the client is made by the programmer. With libssh, you can remotely execute programs, transfer files, use a secure and transparent tunnel for your remote...

PT-2023-7046 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to the use of memory after it has been freed in the batadv dat start timer function of the distributed-arp-table.c module in the B.A.T.M.A.N. Better Approach To...

CVE-2023-28319

A use after free vulnerability exists in curl v8.1.0 in the way libcurl offers a feature to verify an SSH server's public key using a SHA 256 hash. When this check fails, libcurl would free the memory for the fingerprint before it returns an error message containing the now freed hash. This flaw...

USN-6075-1 thunderbird vulnerabilities

Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass security restrictions, cross-site tracing,...

CVE-2023-31914

Jerryscript 3.0 commit 05dbbd1 was discovered to contain out-of-memory issue in malloc...

Design/Logic Flaw

Jerryscript 3.0 commit 05dbbd1 was discovered to contain out-of-memory issue in malloc...

CVE-2023-31914

Jerryscript 3.0 commit 05dbbd1 was discovered to contain out-of-memory issue in malloc...

PT-2023-23516 · Unknown · Jerryscript

Name of the Vulnerable Software and Affected Versions: Jerryscript version 3.0 commit 05dbbd1 Description: The issue is related to an out-of-memory problem in the malloc function. Recommendations: For Jerryscript version 3.0 commit 05dbbd1, consider restricting memory allocation to prevent...

SUSE-SU-2023:2153-1 Security update for docker-distribution

This update for docker-distribution fixes the following issues: - CVE-2023-2253: Catalog Endpoint can lead to OOM by user input bsc1207705...

USN-6021-1 chromium-browser vulnerabilities

It was discovered that Chromium did not properly manage memory in several components. A remote attacker could possibly use this issue to corrupt memory via a crafted HTML page, resulting in a denial of service, or possibly execute arbitrary code. CVE-2023-1528, CVE-2023-1530, CVE-2023-1531,...

Bento4 Denial of Service Vulnerability (CNVD-2023-69815)

Bento4 is an open source C++ library for reading and writing MP4 files. A denial of service vulnerability exists in Bento4 v1.6.0-639, which stems from an out-of-memory issue in the mp42avc component. An attacker can exploit this vulnerability to cause a denial of service...

Important: tar

Issue Overview: GNU Tar through 1.34 has a one-byte out-of-bounds read that results in use of uninitialized memory for a conditional jump. Exploitation to change the flow of control has not been demonstrated. The issue occurs in fromheader in list.c via a V7 archive in which mtime has approximate...