Lucene search
K

176 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2020/08/11 7:34 a.m.22 views

Security Bulletin: IBM i2 Analysts' Notebook and IBM i2 Analysts' Notebook Premium Memory vulnerabilities

Summary Multiple memory corruption vulnerabilities have been found in the IBM i2 Analysts' Notebook, and IBM i2 Analysts' Notebook Premium. Please see linked CVE's for details. Vulnerability Details CVEID: CVE-2020-4549 DESCRIPTION: IBM i2 Analyst's Notebook could allow a local attacker to execut...

7.8CVSS2.5AI score0.00419EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2020/03/31 12:0 a.m.129 views

RHEL 7 : ImageMagick (RHSA-2020:1180)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1180 advisory. ImageMagick is an image display and manipulation tool for the X Window System that can read and write multiple image formats. The following...

9.8CVSS6.6AI score0.05916EPSS
Exploits53References164
BDU FSTEC
BDU FSTEC
added 2020/03/26 12:0 a.m.4 views

The vulnerabilities of PDF viewer programs such as Adobe Reader and Document Cloud, as well as PDF editing programs like Adobe Acrobat Document Cloud and Adobe Acrobat, are related to memory usage after it is freed. This allows attackers to execute arbitrary code.

The vulnerabilities of PDF viewer programs such as Adobe Reader and Document Cloud, as well as PDF editing programs like Adobe Acrobat Document Cloud and Adobe Acrobat, are related to the use of memory after it is freed. Exploiting these vulnerabilities can allow an attacker to execute arbitrary...

10CVSS7.8AI score0.04528EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2020/03/26 12:0 a.m.7 views

The vulnerabilities of PDF viewing and editing programs like Adobe Acrobat Document Cloud and Adobe Acrobat Reader Document Cloud, as well as Adobe Acrobat 2017 and Adobe Acrobat Reader 2017, are related to memory usage after it is freed. This allows attackers to execute arbitrary code.

The vulnerabilities of PDF viewing and editing programs such as Adobe Acrobat Document Cloud, Adobe Acrobat Reader Document Cloud, Adobe Acrobat 2017, Adobe Acrobat Reader 2017, and Adobe Acrobat 2015 are related to the use of memory after it is freed. Exploiting these vulnerabilities can allow a...

9.3CVSS7.8AI score0.03637EPSS
Exploits0References3
OSV
OSV
added 2020/01/16 9:11 a.m.6 views

SUSE-SU-2020:0113-1 Security update for tigervnc

This update for tigervnc fixes the following issues: - CVE-2019-15691: Fixed a use-after-return due to incorrect usage of stack memory in ZRLEDecoder bsc1159856. - CVE-2019-15692: Fixed a heap-based buffer overflow in CopyRectDecode bsc1160250. - CVE-2019-15693: Fixed a heap-based buffer overflow...

7.2CVSS7AI score0.04773EPSS
Exploits5References11
The Coalfire Blog
The Coalfire Blog
added 2019/10/02 10:22 p.m.13 views

ERC.Net – A Toolset for Analyzing Windows Application Crashes

ERC.Net is a collection of tools designed to assist in analyzing and debugging Windows application crashes in order to identify potential security vulnerabilities. Supporting both 64 and 32 bit applications, ERC.Net has many use cases including parsing Windows file headers, identifying compile-ti...

2AI score
Exploits0
Ubuntu
Ubuntu
added 2019/10/01 4:12 a.m.304 views

USN-4145-1: Linux kernel vulnerabilities

It was discovered that a race condition existed in the GFS2 file system in the Linux kernel. A local attacker could possibly use this to cause a denial of service system crash. CVE-2016-10905 It was discovered that the IPv6 implementation in the Linux kernel did not properly validate socket optio...

10CVSS6.8AI score0.06342EPSS
Exploits6
OSV
OSV
added 2019/04/10 10:7 p.m.38 views

MGASA-2019-0146 Updated gpac packages fix security vulnerability

It was discovered that the GPAC MP4Box utility incorrectly handled certain memory operations. If an user or automated system were tricked into opening a specially crafted MP4 file, a remote attacker could use this issue to cause MP4Box to crash, resulting in a denial of service, or possibly execu...

9.8CVSS7.9AI score0.02521EPSS
Exploits5References3
CNVD
CNVD
added 2018/10/26 12:0 a.m.3 views

Multiple Memory Corruption Vulnerabilities in Mozilla Firefox ESR

Mozilla Firefox is an open source web browser developed by the Mozilla Foundation in the U.S. Firefox ESR is an extended support version of Firefox. Multiple memory corruption vulnerabilities exist in Mozilla Firefox ESR version 60.2. The vulnerabilities can be exploited by attackers to corrupt...

8.8CVSS9.4AI score0.02346EPSS
Exploits0References1
OSV
OSV
added 2018/07/13 7:26 a.m.5 views

SUSE-SU-2018:1951-1 Security update for libopenmpt

This update for libopenmpt to version 0.3.9 fixes the following issues: These security issues were fixed: - CVE-2018-11710: Prevent write near address 0 in out-of-memory situations when reading AMS files bsc1095644 - CVE-2018-10017: Preven out-of-bounds memory read with IT/ITP/MO3 files containin...

8.8CVSS7.3AI score0.02155EPSS
Exploits0References5
GoogleProjectZero
GoogleProjectZero
added 2018/06/21 12:0 a.m.16 views

Detecting Kernel Memory Disclosure – Whitepaper

Posted by Mateusz Jurczyk, Project Zero Since early 2017, we have been working on Bochspwn Reloaded – a piece of dynamic binary instrumentation built on top of the Bochs IA-32 software emulator, designed to identify memory disclosure vulnerabilities in operating system kernels. Over the course of...

7.6AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2018/06/04 12:0 a.m.33 views

FreeBSD : Git -- Fix memory out-of-bounds and remote code execution vulnerabilities (CVE-2018-11233 and CVE-2018-11235) (c7a135f4-66a4-11e8-9e63-3085a9a47796)

The Git community reports : - In affected versions of Git, code to sanity-check pathnames on NTFS can result in reading out-of-bounds memory. - In affected versions of Git, remote code execution can occur. With a crafted .gitmodules file, a malicious project can execute an arbitrary script on a...

7.8CVSS8.3AI score0.49188EPSS
Exploits10References3
Tenable Nessus
Tenable Nessus
added 2017/12/21 12:0 a.m.61 views

SUSE SLES11 Security Update : ImageMagick (SUSE-SU-2017:3378-1)

This update for ImageMagick fixes the following issues : - CVE-2017-14607: out of bounds read flaw related to ReadTIFFImagehas could possibly disclose potentially sensitive memory bsc1059778 - CVE-2017-11640: NULL pointer deref in WritePTIFImage in coders/tiff.c bsc1050632 - CVE-2017-14342: a...

8.8CVSS6.9AI score0.02692EPSS
Exploits10References79
OSV
OSV
added 2017/12/14 11:19 a.m.10 views

SUSE-SU-2017:3300-1 Security update for the Linux Kernel (Live Patch 10 for SLE 12 SP2)

This update for the Linux Kernel 4.4.74-9229 fixes several issues. The following security issues were fixed: - CVE-2017-1000405: Problematic use of pmdmkdirty in the touchpmd function allowed users to overwrite read-only huge pages e.g. the zero huge page and sealed shmem files bsc1070307. -...

7.8CVSS7.4AI score0.02841EPSS
Exploits12References7
Cvelist
Cvelist
added 2017/11/16 10:0 p.m.24 views

CVE-2017-8279

In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, missing race condition protection while updating msg mask table can lead to buffer over-read. Also access to freed memory can happen while updating msgmask information...

7.3AI score0.00327EPSS
Exploits0References1
Mageia
Mageia
added 2017/07/25 10:7 p.m.36 views

Updated libquicktime packages fix security vulnerabilities

A DoS in quicktimereadmoov function in moov.c via acrafted mp4 file was fixed CVE-2017-9122. An invalid memory read in lqtframeduration via a crafted mp4 file was fixed CVE-2017-9123. A NULL pointer dereference in quicktimematch32 via a crafted mp4 file was fixed CVE-2017-9124. A DoS in...

7.1CVSS4.3AI score0.06487EPSS
Exploits3References2
Tenable Nessus
Tenable Nessus
added 2017/04/25 12:0 a.m.41 views

SUSE SLED12 Security Update : zziplib (SUSE-SU-2017:1095-1)

This update for zziplib fixes the following issues: Secuirty issues fixed : - CVE-2017-5974: heap-based buffer overflow in zzipget32 fetch.c bsc1024517 - CVE-2017-5975: heap-based buffer overflow in zzipget64 fetch.c bsc1024528 - CVE-2017-5976: heap-based buffer overflow in zzipmementryextrablock...

5.5CVSS5.8AI score0.02078EPSS
Exploits8References27
OSV
OSV
added 2016/10/12 3:9 p.m.4 views

MGASA-2016-0341 Updated libass packages fixes security vulnerabilities

Amount of memory allocated during memory reallocation in the shaper wasn't tracked, possibly resulting in undefined behavior CVE-2016-7972. Illegal read in Gaussian blur coefficient calculations CVE-2016-7970. Mode 0/3 line wrapping equalization in specific cases could result in illegal reads whi...

7.5CVSS7.5AI score0.05186EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2016/07/05 12:0 a.m.4 views

The vulnerability of the Firefox ESR browser allows a malicious individual to execute arbitrary code or trigger a service failure.

The Mozilla Firefox ESR browser contains numerous vulnerabilities related to memory-related errors. Exploiting these vulnerabilities allows a malicious individual to execute arbitrary code through a specially created website, cause service failures, or trigger an emergency shutdown of the...

9.3CVSS7.7AI score0.08099EPSS
Exploits1References5Affected Software1
BDU FSTEC
BDU FSTEC
added 2016/07/05 12:0 a.m.4 views

The vulnerability of the Thunderbird email client, which allows a malicious individual to execute arbitrary code or trigger a service failure.

Mozilla Thunderbird email client contains numerous vulnerabilities related to memory-related errors. Exploiting these vulnerabilities allows a malicious individual to execute arbitrary code through a specially created website, cause service failures, or trigger an emergency shutdown of the...

9.3CVSS7.7AI score0.08099EPSS
Exploits1References5Affected Software1
Rows per page
Query Builder