CVE-2024-23697

In RGXCreateHWRTDataaux of rgxta3d.c, there is a possible arbitrary code execution due to a use after free. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation...

AZL-40649 CVE-2024-29163 affecting package hdf5 for versions less than 1.14.4.3-1

HDF5 through 1.14.3 contains a heap buffer overflow in H5Tbitfind, resulting in the corruption of the instruction pointer and causing denial of service or potential code execution...

USN-6725-2 linux-aws, linux-aws-5.15 vulnerabilities

Chih-Yen Chang discovered that the KSMBD implementation in the Linux kernel did not properly validate certain data structure fields when parsing lease contexts, leading to an out-of-bounds read vulnerability. A remote attacker could use this to cause a denial of service system crash or possibly...

PT-2023-8277 · Ivanti · Ivanti Avalanche

Name of the Vulnerable Software and Affected Versions: Ivanti Avalanche affected versions not specified Description: The issue is related to a stack-based buffer overflow in the WLAvalancheService of the Ivanti Avalanche system, which can be exploited by an attacker sending specially crafted data...

CVE-2023-5179

An issue was discovered in Open Design Alliance Drawings SDK before 2024.10. A corrupted value for the start of MiniFat sector in a crafted DGN file leads to an out-of-bounds read. This can allow attackers to cause a crash, potentially enabling a denial-of-service attack Crash, Exit, or Restart o...

CVE-2023-33245

Minecraft through 1.19 and 1.20 pre-releases before 7 Java allow arbitrary file overwrite, and possibly code execution, via crafted world data that contains a symlink...

SUSE CVE-2003-0245

Vulnerability in the aprpsprintf function in the Apache Portable Runtime APR library for Apache 2.0.37 through 2.0.45 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via long strings, as demonstrated using XML objects to moddav, and possibly other...

SUSE CVE-2007-3996

Multiple integer overflows in libgd in PHP before 5.2.4 allow remote attackers to cause a denial of service application crash and possibly execute arbitrary code via a large 1 srcW or 2 srcH value to the a gdImageCopyResized function, or a large 3 sy height or 4 sx width value to the b...

SUSE CVE-2009-1868

Heap-based buffer overflow in Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to cause a denial of service application crash or possibly execute arbitrary code via unspecified vectors involving URL parsing...

SUSE CVE-2012-3983

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 16.0, Thunderbird before 16.0, and SeaMonkey before 2.13 allow remote attackers to cause a denial of service memory corruption and application crash or possibly execute arbitrary code via unknown vectors...

SUSE CVE-2014-1587

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before 31.3, and SeaMonkey before 2.31 allow remote attackers to cause a denial of service memory corruption and application crash or possibly execute arbitrary cod...

SUSE CVE-2017-5668

bitlbee-libpurple before 3.5.1 allows remote attackers to cause a denial of service NULL pointer dereference and crash and possibly execute arbitrary code via a file transfer request for a contact that is not in the contact list. NOTE: this vulnerability exists because of an incomplete fix for...

SUSE CVE-2021-42379

A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the nextinputfile function...

Huawei EulerOS: Security Advisory for crash (EulerOS-SA-2023-1350)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

DEBIAN-CVE-2022-1920

Integer overflow in matroskademux element in gstmatroskademuxaddwvpkheader function which allows a heap overwrite while parsing matroska files. Potential for arbitrary code execution through heap overwrite...

DEBIAN-CVE-2022-30065

A use-after-free in Busybox 1.35-x's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the copyvar function...

ALPINE-CVE-2021-42380

A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the clrvar function...

Mozilla: Memory safety bugs fixed in Firefox 93, Firefox ESR 78.15, and Firefox ESR 91.2

Mozilla developers reported memory safety bugs present in Firefox 92 and Firefox ESR 91.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird 78.15,...

Mozilla: Memory safety bugs fixed in Firefox 92, Firefox ESR 78.14 and Firefox ESR 91.1

Mozilla developers reported memory safety bugs present in Firefox 91 and Firefox ESR 78.13. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR 78.14,...

CVE-2020-23907

An issue was discovered in retdec v3.3. In function canSplitFunctionOn of irmodifications.cpp, there is a possible out of bounds read due to a heap buffer overflow. The impact is: Deny of Service, Memory Disclosure, and Possible Code Execution...