CVE-2022-45703

Heap buffer overflow vulnerability in binutils readelf before 2.40 via function displaydebugsection in file readelf.c...

CVE-2021-29390

libjpeg-turbo version 2.0.90 has a heap-based buffer over-read 2 bytes in decompresssmoothdata in jdcoefct.c...

CVE-2023-4459

A NULL pointer dereference flaw was found in vmxnet3rqcleanup in drivers/net/vmxnet3/vmxnet3drv.c in the networking sub-component in vmxnet3 in the Linux Kernel. This issue may allow a local attacker with normal user privilege to cause a denial of service due to a missing sanity check during...

CVE-2023-4385

A NULL pointer dereference flaw was found in dbFree in fs/jfs/jfsdmap.c in the journaling file system JFS in the Linux Kernel. This issue may allow a local attacker to crash the system due to a missing sanity check...

Mozilla: Stored Xss on bugzilla.mozilla.org via comment edit feature from non-admin to admin.

A stored XSS vulnerability was discovered on the comment edit feature of bugzilla.mozilla.org. This allowed an attacker to execute malicious JavaScript code when an admin attempted to edit a comment. The vulnerability was reported and a bug report was filed...

CVE-2023-4128

A use-after-free flaw was found in net/sched/clsfw.c in classifiers clsfw, clsu32, and clsroute in the Linux Kernel. This flaw allows a local attacker to perform a local privilege escalation due to incorrect handling of the existing filter, leading to a kernel information leak issue. Bugs Notes...

CVE-2023-34319

The fix for XSA-423 added logic to Linux'es netback driver to deal with a frontend splitting a packet in a way such that not all of the headers would come in one piece. Unfortunately the logic introduced there didn't account for the extreme case of the entire packet being split into as many piece...

CVE-2023-4155

A flaw was found in KVM AMD Secure Encrypted Virtualization SEV in the Linux kernel. A KVM guest using SEV-ES or SEV-SNP with multiple vCPUs can trigger a double fetch race condition vulnerability and invoke the VMGEXIT handler recursively. If an attacker manages to call the handler multiple time...

CVE-2023-20588

A division-by-zero error on some AMD processors can potentially return speculative data resulting in loss of confidentiality...

SUSE SLES15 Security Update : kernel-firmware (SUSE-SU-2023:3206-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:3206-1 advisory. - An issue in Zen 2 CPUs, under specific microarchitectural circumstances, may allow an attacker to potentially access sensitive information...

CVE-2023-4205

Rejected reason: This was deemed as a false positive both by the reporter and upstream kernel...

CVE-2023-4134

A use-after-free vulnerability was found in the cyttsp4core driver in the Linux kernel. This issue occurs in the device cleanup routine due to a possible rearming of the watchdogtimer from the workqueue. This could allow a local user to crash the system, causing a denial of service...

CVE-2023-38560

An integer overflow flaw was found in pcl/pl/plfont.c:418 in plglyphname in ghostscript. This issue may allow a local attacker to cause a denial of service via transforming a crafted PCL file to PDF format...

CVE-2023-39130

GNU gdb GDB 13.0.50.20220805-git was discovered to contain a heap buffer overflow via the function peas16 at /gdb/coff-pe-read.c...

CVE-2023-39128

GNU gdb GDB 13.0.50.20220805-git was discovered to contain a stack overflow via the function adadecode at /gdb/ada-lang.c...

CVE-2023-39129

GNU gdb GDB 13.0.50.20220805-git was discovered to contain a heap use after free via the function addpeexportedsym at /gdb/coff-pe-read.c...

CVE-2023-32258

A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the processing of SMB2LOGOFF and SMB2CLOSE commands. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this...

CVE-2023-3609

A use-after-free vulnerability in the Linux kernel's net/sched: clsu32 component can be exploited to achieve local privilege escalation. If tcfchangeindev fails, u32setparms will immediately return an error after incrementing or decrementing the reference counter in tcfbindfilter. If an attacker...

CVE-2023-3776

A use-after-free vulnerability in the Linux kernel's net/sched: clsfw component can be exploited to achieve local privilege escalation. If tcfchangeindev fails, fwsetparms will immediately return an error after incrementing or decrementing the reference counter in tcfbindfilter. If an attacker ca...

CVE-2023-38430

An issue was discovered in the Linux kernel before 6.3.9. ksmbd does not validate the SMB request protocol ID, leading to an out-of-bounds read...