62 matches found
Rocky Linux 9 : firefox (RLSA-2023:0810)
The remote Rocky Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:0810 advisory. - Mozilla developers Philipp and Gabriele Svelto reported memory safety bugs present in Firefox ESR 102.7. Some of these bugs showed evidence of memory...
Debian dla-3324 : thunderbird - security update
The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3324 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3324-1 [email protected]...
SUSE SLES15: libfreebl3 / libfreebl3-32bit / libfreebl3-hmac / etc (SUSE-SU-2023:0443-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:0443-1 advisory. Updated to NSS 3.79.4 bsc1208138: - CVE-2023-0767: Fixed handling of unknown PKCS12 safe bag types. Tenable has extracted the preceding...
CVE-2023-0767
The Mozilla Foundation Security Advisory describes this flaw as: An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory writes via PKCS 12 Safe Bag attributes being mishandled...
SUSE CVE-2012-0864
Integer overflow in the vfprintf function in stdio-common/vfprintf.c in glibc 2.14 and other versions allows context-dependent attackers to bypass the FORTIFYSOURCE protection mechanism, conduct format string attacks, and write to arbitrary memory via a large number of arguments...
git: Heap overflow in `git archive`, `git log --format` leading to RCE
A flaw was found in Git, a distributed revision control system. This issue occurs due to an integer overflow in pretty.c::formatandpadcommit, where a sizet is stored improperly as an int, and then added as an offset to a memcpy. This overflow can be triggered directly by a user running a command...
Tuxera NTFS-3G 数字错误漏洞
Tuxera NTFS-3G is an open source, cross-platform set of drivers from Tuxera Finland for supporting read and write NTFS partitions.Tuxera NTFS-3G suffers from a numeric error vulnerability that originates from integer underflow in fuselibreaddir, which can be exploited by attackers to cause...
Google Android arbitrary memory write vulnerability
Google Android is a Linux-based open-source operating system from Google, Inc. Google Android is vulnerable to arbitrary memory writes, which can be exploited by attackers to perform arbitrary memory writes and code execution due to incorrect boundary checking in the edenruntime hal service...
Google Android 安全漏洞
Google Android is a Linux-based open-source operating system from Google, Inc. Google Android is vulnerable to arbitrary memory writes, which can be exploited by attackers to perform arbitrary memory writes and code execution due to incorrect boundary checking in the edenruntime hal service...
Google Android 安全漏洞
Google Android is a Linux-based open-source operating system from Google, Inc. The Google Android buffer overflow vulnerability stems from improper boundary checking. An attacker could exploit the vulnerability to perform arbitrary memory writes and code execution...
Samsung NPU driver 安全漏洞
Samsung NPU driver is a neural network processor from Samsung South Korea. A security vulnerability exists in Samsung Mobile's NPU driver prior to SMR Jan-2022 Release 1, which arises from improper checking or handling of exceptions in the NPU driver, allowing arbitrary memory writes and code...
Samsung Notes libSPenBase buffer overflow vulnerability (CNVD-2022-86540)
Samsung Notes is an application from Samsung South Korea. It is used to provide a recording function. A buffer overflow vulnerability exists in versions prior to Samsung Note 4.3.02.61, which stems from a lack of buffer bounds checking in the libSPenBase library, and can be exploited by a remote...
Samsung Notes 缓冲区错误漏洞
Samsung Notes is an application from Samsung South Korea. It is used to provide a recording function. A buffer overflow vulnerability exists in Samsung Note versions prior to 4.3.02.61, which stems from a lack of buffer bounds checking in the libSPenBase library, and can be exploited by a remote...
Samsung Notes 缓冲区错误漏洞
Samsung Notes is an application from Samsung South Korea. It is used to provide a recording function. A buffer overflow vulnerability exists in versions prior to Samsung Note 4.3.02.61, which stems from a lack of buffer bounds checking in the libSPenBase library, and can be exploited by a remote...
Tuxera NTFS-3G 缓冲区错误漏洞
Tuxera NTFS-3G is Finland's Tuxera company's set of open source , cross-platform for supporting NTFS partition read and write drivers . NTFS-3G suffers from a buffer overflow vulnerability that can be exploited by an attacker to potentially cause a heap buffer overflow and allow arbitrary memory...
Samsung SMR 缓冲区错误漏洞
Samsung SMR is a system patch package from Samsung South Korea. It provides patches for Samsung mobile applications. A security vulnerability exists in SMR JUN-2021 Release 1, which stems from a possible out-of-bounds write vulnerability in the application's NPU driver that allows arbitrary memor...
Qualcomm Video Input Validation Error Vulnerability
Qualcomm Video is a Qualcomm Incorporated USA video component used in Qualcomm products. A security vulnerability exists in Qualcomm Video that stems from an arbitrary memory write issue in the video driver when setting internal buffers...
Samsung Mobile Device Buffer Overflow Vulnerability (CNVD-2020-30775)
Android is a Linux-based open source operating system jointly developed by Google Inc. and the Open Handheld Alliance OHA for short. A buffer overflow vulnerability exists in Samsung mobile devices, which can be exploited by an attacker to perform arbitrary write operations to memory...
Broadcom BCM43xx Wi-Fi - 'BroadPWN' Denial of Service
This Exploit allows arbitrary memory writes and reads. Running the specified payload within this package will write to the device's main CPU kernel, causing it to crash. More information about its origins here: http://boosterok.com/blog/broadpwn2/ Download:...
Scientific Linux Security Update : libvpx on SL6.x i386/x86_64
An integer overflow flaw, leading to arbitrary memory writes, was found in libvpx. An attacker could create a specially crafted video encoded using the VP8 codec that, when played by a victim with an application using libvpx such as Totem, would cause the application to crash or, potentially,...