Vim Memory Reference Error Vulnerability (CNVD-2024-40461)

Vim is Vim open source a cross-platform text editor . Vim suffers from a Memory Reference Error vulnerability that stems from a confusion in the instruction responsible for freeing memory in parameter list handling. An attacker can exploit the vulnerability which may result in a program crash,...

Mozilla Firefox Memory Misreference Vulnerability (CNVD-2024-35561)

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A memory misreference vulnerability exists in versions prior to Mozilla Firefox 129, which stems from a mix-up in the instructions responsible for freeing memory in the JavaScript code coverage...

Denial of Service Vulnerability in Schneider PLC Emulator at Schneider Electric (China) Co.

Schneider Electric China Co., Ltd. is a globalized electrical company and a global expert in energy efficiency management and automation. A denial of service vulnerability exists in the Schneider PLC emulator of Schneider Electric China Limited, which can be exploited by attackers to cause a...

Advisory ROSA-SA-2024-2429

Software: libtiff 4.0.9 OS: ROSA Virtualization 2.1 packageevrstring: libtiff-4.0.9-28.rv3 CVE-ID: CVE-2023-2731 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: A null pointer dereferencing bug was found in the LZWDecode function of the Libtiff library in the libtiff/tiflzw.c file. This flaw allows a...

CVE-2024-4068

The NPM package braces, versions prior to 3.0.3, fails to limit the number of characters it can handle, which could lead to Memory Exhaustion. In lib/parse.js, if a malicious user sends "imbalanced braces" as input, the parsing will enter a loop, which will cause the program to start allocating...

glibc: null pointer dereferences after failed netgroup cache insertion

A flaw was found in the glibc netgroup cache. After a failed cache insertion, addgetnetgrentX tries to send the non-existing response after the not-found header. This can lead to a null pointer dereference that causes a crash or exit...

Fedora 40 : stb / usd (2023-58af3a2eca)

The remote Fedora 40 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2023-58af3a2eca advisory. Security fix for CVE-2023-45661 CVE-2023-45662 CVE-2023-45663 CVE-2023-45664 CVE-2023-45666 CVE-2023-45667 CVE-2023-45675 Tenable has extracted the...

GNU grub2 安全漏洞

GNU GRUB2 is a Linux system bootloader from the American GNU community. GNU GRUB2 suffers from a post-release reuse vulnerability that originates from a confusion in the program's instructions responsible for freeing memory. An attacker could exploit this vulnerability to cause a program crash,...

BIT-TENSORFLOW-2022-35940 Int overflow in `RaggedRangeOp` in Tensoflow

TensorFlow is an open source platform for machine learning. The RaggedRangOp function takes an argument limits that is eventually used to construct a TensorShape as an int64. If limits is a very large float, it can overflow when converted to an int64. This triggers an InvalidArgument but also...

Linux kernel memory misreference vulnerability (CNVD-2024-08085)

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. The Linux kernel suffers from a memory misreference vulnerability that originates from a mix-up in the instruction responsible for freeing memory in the Bluetooth module. An...

SWFTools bufferWriteData method memory misreference vulnerability

SWFTools is a set of utilities for working with Adobe Flash files SWF files. A memory misreference vulnerability exists in SWFTools version 0.9.2, which stems from a confusion in the instructions responsible for freeing memory in the bufferWriteData method of the swftools/lib/action/compile.c pag...

Binary Vulnerability in Damon Database Client of Wuhan Damon Database Co. Ltd (CNVD-2024-08142)

Wuhan Damon Database Co., Ltd. is a leading database product development service provider in China. A binary vulnerability exists in the client side of the Damon Database of Wuhan Damon Database Co. Ltd, which can be exploited by attackers to cause a program crash...

Binary Vulnerability in Damon Database Client of Wuhan Damon Database Co. Ltd (CNVD-2024-07080)

Wuhan Damon Database Co., Ltd. is a leading database product development service provider in China. A binary vulnerability exists in the client side of the Damon Database of Wuhan Damon Database Co. Ltd, which can be exploited by attackers to cause a program crash...

Cryptography has a denial of service vulnerability

Cryptography is a Python library that provides cryptography functionality. Cryptography suffers from a denial of service vulnerability that can be exploited by an attacker to cause a program to crash...

ClickHouse Number Error Vulnerability

ClickHouse is ClickHouse's fastest and most resource efficient open source database for real-time applications and analytics. ClickHouse suffers from a numeric error vulnerability that stems from the presence of a stack buffer overflow, resulting in an integer underflow and program crash...

Advisory ROSA-SA-2023-2307

Software: jasper 2.0.14-5 OS: ROSA Virtualization 2.1 packageevrstring: jasper-2.0.14-5.rv3.src.rpm CVE-ID: CVE-2020-27828 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: Special input provided by an attacker in jasper could cause an arbitrary write outside of the allowed range. This could potentially...

Artifex Software Ghostscript Security Vulnerability

Artifex Software Ghostscript is an open source parser for Postscript a page description language and programming language used in the electronics industry and desktop publishing from Artifex Software, Inc. The product can display Postscript files as well as print Postscript files on non-Postscrip...

Google Chrome memory misreference vulnerability (CNVD-2023-100967)

Google Chrome is a browser by Google. A memory misreference vulnerability exists in versions of Google Chrome prior to 119.0.6045.159, which stems from a mix-up in the instructions responsible for freeing memory by the Garbage Collection function. An attacker could exploit this vulnerability to...

Rocky Linux 8 : jasper (RLSA-2021:4235)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2021:4235 advisory. - There's a flaw in jasper's jpc encoder in versions prior to 2.0.23. Crafted input provided to jasper by an attacker could cause an arbitrary...

Vim memory misreference vulnerability (CNVD-2024-40468)

Vim is a cross-platform text editor. Vim suffers from a memory misreference vulnerability that originates from a messed up instruction in the function gagrowinner in file src/alloc.c that is responsible for freeing memory. An attacker can exploit the vulnerability which may lead to program crash,...