Important: firefox

Issue Overview: Memory corruption in IPC CanvasTranslator CVE-2023-4573 Memory corruption in IPC ColorPickerShownCallback CVE-2023-4574 Memory corruption in IPC FilePickerShownCallback CVE-2023-4575 XLL file extensions were downloadable without warnings. CVE-2023-4581 Memory safety bug...

CVE-2023-33035

Memory corruption while invoking callback function of AFE from ADSP...

Memory corruption

Memory corruption while invoking callback function of AFE from ADSP...

CVE-2023-33035 Buffer Copy Without Checking Size of Input in Audio

Memory corruption while invoking callback function of AFE from ADSP...

OSV-2023-896 UNKNOWN READ in deliver_chunked_chunks

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=62609 Crash type: UNKNOWN READ Crash state: deliverchunkedchunks httpcb fuzz.c...

PT-2023-36033 · Git +1 · Mongoose

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a crash type of UNKNOWN READ. The crash state includes functions such as deliver chunked chunks and http cb, which are located in...

PT-2023-36017 · Git +1 · Mongoose

Name of the Vulnerable Software and Affected Versions: No specific software or versions mentioned. Description: A crash occurred due to a negative-size-param issue, as reported by OSS-Fuzz. The crash involves the http cb function in fuzz.c. Recommendations: At the moment, there is no information...

possibility of reentrancy attack when poolManger.sol#Transfer called with malicious recipient contract address

Lines of code Vulnerability details Impact when users calls the transfer function in the poolManger.sol the transaction data will be send to the centrifuge chain first and then it will be back to the router and then direct it to thehandleTransfer function in poolManger.sol, user can make a...

USN-6237-3 curl vulnerabilities

USN-6237-1 fixed several vulnerabilities in curl. This update provides the corresponding updates for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, and Ubuntu 18.04 LTS. Original advisory details: Hiroki Kurosawa discovered that curl incorrectly handled validating certain certificate wildcards. A remote...

RKE2 supervisor port is vulnerable to unauthenticated remote denial-of-service (DoS) attack via TLS SAN stuffing attack

Impact An issue was found in RKE2 where an attacker with network access to RKE2 servers' supervisor port TCP 9345 can force the TLS server to add entries to the certificate's Subject Alternative Name SAN list, through a stuffing attack, until the certificate grows so large that it exceeds the...

CVE-2023-4574

When creating a callback over IPC for showing the Color Picker window, multiple of the same callbacks could have been created at a time and eventually all simultaneously destroyed as soon as one of the callbacks finished. This could have led to a use-after-free causing a potentially exploitable...

DEBIAN-CVE-2023-4574

When creating a callback over IPC for showing the Color Picker window, multiple of the same callbacks could have been created at a time and eventually all simultaneously destroyed as soon as one of the callbacks finished. This could have led to a use-after-free causing a potentially exploitable...

CVE-2023-4575

When creating a callback over IPC for showing the File Picker window, multiple of the same callbacks could have been created at a time and eventually all simultaneously destroyed as soon as one of the callbacks finished. This could have led to a use-after-free causing a potentially exploitable...

CVE-2023-4575

When creating a callback over IPC for showing the File Picker window, multiple of the same callbacks could have been created at a time and eventually all simultaneously destroyed as soon as one of the callbacks finished. This could have led to a use-after-free causing a potentially exploitable...

CVE-2023-4574

When creating a callback over IPC for showing the Color Picker window, multiple of the same callbacks could have been created at a time and eventually all simultaneously destroyed as soon as one of the callbacks finished. This could have led to a use-after-free causing a potentially exploitable...

Design/Logic Flaw

When creating a callback over IPC for showing the File Picker window, multiple of the same callbacks could have been created at a time and eventually all simultaneously destroyed as soon as one of the callbacks finished. This could have led to a use-after-free causing a potentially exploitable...

Design/Logic Flaw

When creating a callback over IPC for showing the Color Picker window, multiple of the same callbacks could have been created at a time and eventually all simultaneously destroyed as soon as one of the callbacks finished. This could have led to a use-after-free causing a potentially exploitable...

CVE-2023-4575

When creating a callback over IPC for showing the File Picker window, multiple of the same callbacks could have been created at a time and eventually all simultaneously destroyed as soon as one of the callbacks finished. This could have led to a use-after-free causing a potentially exploitable...

CVE-2023-4575

CVE-2023-4575 describes a memory safety risk in Mozilla components where IPC FilePickerShownCallback could suffer a use-after-free due to multiple identical callbacks being created and destroyed concurrently during File Picker window invocation. Affected products include Firefox (all listed varia...

CVE-2023-4575

When creating a callback over IPC for showing the File Picker window, multiple of the same callbacks could have been created at a time and eventually all simultaneously destroyed as soon as one of the callbacks finished. This could have led to a use-after-free causing a potentially exploitable...