CVE-2023-35715

CVE-2023-35715 affects Ashlar-Vellum Cobalt. The vulnerability lies in the parsing of AR files where memory is not properly initialized, enabling a remote code execution when a user opens a malicious AR file or visits a malicious page. The issue requires user interaction and could allow code exec...

CVE-2023-35713 Ashlar-Vellum Cobalt XE File Parsing Uninitialized Memory Remote Code Execution Vulnerability

Ashlar-Vellum Cobalt XE File Parsing Uninitialized Memory Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must...

CVE-2023-35713

Ashlar-Vellum Cobalt XE is affected by a vulnerability in the XE file parsing path due to uninitialized memory access, enabling arbitrary code execution in the context of the current process when a user opens a malicious XE file or visits a malicious page. The issue is triggered during parsing of...

CVE-2023-35712 Ashlar-Vellum Cobalt XE File Parsing Uninitialized Memory Remote Code Execution Vulnerability

Ashlar-Vellum Cobalt XE File Parsing Uninitialized Memory Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must...

CVE-2023-35712 Ashlar-Vellum Cobalt XE File Parsing Uninitialized Memory Remote Code Execution Vulnerability

Ashlar-Vellum Cobalt XE File Parsing Uninitialized Memory Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must...

CVE-2023-34310 Ashlar-Vellum Cobalt Uninitialized Memory Remote Code Execution Vulnerability

Ashlar-Vellum Cobalt Uninitialized Memory Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicio...

(Pwn2Own) Oracle VirtualBox E1000 Uninitialized Memory Information Disclosure Vulnerability

This vulnerability allows local attackers to disclose sensitive information on affected installations of Oracle VirtualBox. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within...

Oracle Linux 7 / 8 : Unbreakable Enterprise kernel (ELSA-2024-12271)

The remote Oracle Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-12271 advisory. - KVM: x86: Add BHINO Daniel Sneddon Orabug: 36384803 CVE-2024-2201 - x86/bhi: Mitigate KVM by default Pawan Gupta Orabug: 36384803 CVE-2024-2201 ...

CVE-2024-26805 netlink: Fix kernel-infoleak-after-free in __skb_datagram_iter

In the Linux kernel, the following vulnerability has been resolved: netlink: Fix kernel-infoleak-after-free in skbdatagramiter syzbot reported the following uninit-value access issue 1: netlinktofullskb creates a new skb and puts the skb-data passed as a 1st arg of netlinktofullskb onto new skb...

CVE-2021-47136

In the Linux kernel, the following vulnerability has been resolved: net: zero-initialize tc skb extension on allocation Function skbextadd doesn't initialize created skb extension with any value and leaves it up to the user. However, since extension of type TCSKBEXT originally contained only sing...

Ubuntu 18.04 LTS / 20.04 LTS : Linux kernel (Azure) vulnerabilities (USN-6716-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6716-1 advisory. Wenqing Liu discovered that the f2fs file system implementation in the Linux kernel did not properly validate inode types while performing...

Ubuntu: Security Advisory (USN-6686-4)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 18.04 LTS / 20.04 LTS : Linux kernel (AWS) vulnerabilities (USN-6681-4)

The remote Ubuntu 18.04 LTS / 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6681-4 advisory. Wenqing Liu discovered that the f2fs file system implementation in the Linux kernel did not properly validate inode types while performing...

Dassault Systèmes eDrawings SLDDRW File Parsing Uninitialized Variable Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Dassault Syst��mes eDrawings. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Dassault Systèmes eDrawings IPT File Parsing Uninitialized Variable Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Dassault Syst��mes eDrawings. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

CVE-2023-31346

Failure to initialize memory in SEV Firmware may allow a privileged attacker to access stale data from other guests...

UBUNTU-CVE-2023-31346

Failure to initialize memory in SEV Firmware may allow a privileged attacker to access stale data from other guests...

CVE-2023-31346

Failure to initialize memory in SEV Firmware may allow a privileged attacker to access stale data from other guests...

CVE-2023-31346

CVE-2023-31346 is confirmed by connected advisories to affect linux-firmware related components and SEV firmware handling. The issue describes memory initialization failure in SEV firmware that may allow a privileged attacker to access stale data from other guests, impacting guest memory integrit...

CVE-2023-31346

Failure to initialize memory in SEV Firmware may allow a privileged attacker to access stale data from other guests...