SUSE CVE-2019-5848

Incorrect font handling in autofill in Google Chrome prior to 75.0.3770.142 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page...

SUSE CVE-2020-6472

Insufficient policy enforcement in developer tools in Google Chrome prior to 83.0.4103.61 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information from process memory or disk via a crafted Chrome Extension...

K12824341: OpenSSL vulnerability CVE-2015-3195

Security Advisory Description The ASN1TFLGCOMBINE implementation in crypto/asn1/tasndec.c in OpenSSL before 0.9.8zh, 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1q, and 1.0.2 before 1.0.2e mishandles errors caused by malformed X509ATTRIBUTE data, which allows remote attackers to obtain sensitive...

[SECURITY] [DLA 3274-1] webkit2gtk security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-3274-1 [email protected] https://www.debian.org/lts/security/ Emilio Pozuelo Monfort January 19, 2023 https://wiki.debian.org/LTS -...

CVE-2022-42852

The issue was addressed with improved memory handling. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may result in the disclosure of process memory...

Debian: Security Advisory (DSA-5308-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian DSA-5308-1 : webkit2gtk - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5308 advisory. The following vulnerabilities have been discovered in the WebKitGTK web engine: CVE-2022-42852 hazbinhotel discovered that processing maliciously crafted web...

Fedora 36 : webkit2gtk3 (2022-71121c44a4)

The remote Fedora 36 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2022-71121c44a4 advisory. Update to 2.38.3: Fix runtime critical warnings from media player. Fix network process crash when fetching website data on ephemeral session. Fix th...

SUSE-SU-2022:4642-1 Security update for webkit2gtk3

This update for webkit2gtk3 fixes the following issues: Update to version 2.38.3: - CVE-2022-42856: Fixed a potential arbitrary code execution when processing maliciously crafted web content bsc1206474. - CVE-2022-42852: Fixed disclosure of process memory by improved memory handling. -...

GuLoader’s Advanced Anti-Analysis Techniques

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary GuLoader is an advanced malware downloader that uses polymorphic shellcode to bypass traditional security solutions. In GuLoader, all embedded DJB2 hash values are mapped against every API used by the...

Fedora 36 : chromium (2022-b49c9bc07a)

The remote Fedora 36 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2022-b49c9bc07a advisory. Update to chromium-105.0.5195.125. This package only has minor changes... ah, just kidding. Here is the pile of security issues it fixes:...

Fedora 35 : chromium (2022-3ca063941b)

The remote Fedora 35 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2022-3ca063941b advisory. Update to chromium-105.0.5195.125. This package only has minor changes... ah, just kidding. Here is the pile of security issues it fixes:...

CVE-2022-42852

The issue was addressed with improved memory handling. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may result in the disclosure of process memory...

CVE-2022-42852

The issue was addressed with improved memory handling. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may result in the disclosure of process memory...

About the security content of Safari 16.2

About the security content of Safari 16.2 This document describes the security content of Safari 16.2. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available...

CVE-2021-26393

Insufficient memory cleanup in the AMD Secure Processor ASP Trusted Execution Environment TEE may allow an authenticated attacker with privileges to generate a valid signed TA and potentially poison the contents of the process memory with attacker controlled data resulting in a loss of...

CVE-2022-1738

Fuji Electric D300win prior to version 3.7.1.17 is vulnerable to an out-of-bounds read, which could allow an attacker to leak sensitive data from the process memory...

CVE-2022-1738 Fuji Electric D300win Out-of-bounds Read

Fuji Electric D300win prior to version 3.7.1.17 is vulnerable to an out-of-bounds read, which could allow an attacker to leak sensitive data from the process memory...

CVE-2022-32841

The issue was addressed with improved memory handling. This issue is fixed in watchOS 8.7, tvOS 15.6, iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5. Processing a maliciously crafted image may result in disclosure of process memory...

CVE-2022-32853

An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in Security Update 2022-005 Catalina, macOS Big Sur 11.6.8, macOS Monterey 12.5. Processing a maliciously crafted AppleScript binary may result in unexpected termination or disclosure of process memory...