Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from a failure to perform proper null checking on incoming parameters...

Cross Site Scripting(XSS)

DOMPurify is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper depth checking, which can be bypassed through special HTML nesting techniques and prototype pollution, allowing an attacker to execute malicious scripts in the victim's browser...

CVE-2024-44161

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Sequoia 15, macOS Sonoma 14.7, macOS Ventura 13.7. Processing a maliciously crafted texture may lead to unexpected app termination...

CVE-2024-44161

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Ventura 13.7, macOS Sonoma 14.7, macOS Sequoia 15. Processing a maliciously crafted texture may lead to unexpected app termination...

CVE-2024-44176

An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in macOS Ventura 13.7, iOS 17.7 and iPadOS 17.7, visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 and iPadOS 18, macOS Sonoma 14.7, tvOS 18. Processing an image may lead to a denial-of-service...

CVE-2024-40841

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Sonoma 14.7, macOS Sequoia 15. Processing a maliciously crafted video file may lead to unexpected app termination...

CVE-2024-40841

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Sequoia 15, macOS Sonoma 14.7. Processing a maliciously crafted video file may lead to unexpected app termination...

CVE-2024-44161

CVE-2024-44161 is an out-of-bounds read vulnerability in macOS texture processing that could cause an application to terminate if a maliciously crafted texture is processed. The issue is mitigated by improved bounds checking and is fixed in macOS Ventura 13.7, macOS Sonoma 14.7, and macOS Sequoia...

CVE-2024-44161

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Ventura 13.7, macOS Sonoma 14.7, macOS Sequoia 15. Processing a maliciously crafted texture may lead to unexpected app termination...

CVE-2024-44161

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Sequoia 15, macOS Sonoma 14.7, macOS Ventura 13.7. Processing a maliciously crafted texture may lead to unexpected app termination...

CVE-2024-44176

CVE-2024-44176 describes an out-of-bounds access leading to a denial-of-service when processing an image. Affected products include macOS Ventura 13.7; macOS Sequoia 15; macOS Sonoma 14.7; iOS 17.7 and iPadOS 17.7; iOS 18 and iPadOS 18; visionOS 2; watchOS 11; tvOS 18. Remediation is via software...

CVE-2024-40841

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Sonoma 14.7, macOS Sequoia 15. Processing a maliciously crafted video file may lead to unexpected app termination...

CVE-2024-40841

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Sequoia 15, macOS Sonoma 14.7. Processing a maliciously crafted video file may lead to unexpected app termination...

CVE-2024-40841

CVE-2024-40841 is an out-of-bounds write vulnerability affecting macOS components (notably Apple Graphics/AppleVA) where processing a maliciously crafted video can cause an app to terminate. The issue is fixed in macOS Sonoma 14.7 and macOS Sequoia 15 via improved bounds/memory handling. Root cau...

CVE-2024-45801

A flaw was found in DOMPurify. This issue may allow an attacker to use specially-crafted HTML to bypass the depth checking or use Prototype Pollution to weaken the depth check, which can lead to cross site scripting XSS attacks. Mitigation Mitigation for this issue is either not available or the...

CVE-2024-45801

DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. It has been discovered that malicious HTML using special nesting techniques can bypass the depth checking added to DOMPurify in recent releases. It was also possible to use Prototype Pollution to weaken the...

CVE-2024-45801 Tampering by prototype polution in DOMPurify

DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. It has been discovered that malicious HTML using special nesting techniques can bypass the depth checking added to DOMPurify in recent releases. It was also possible to use Prototype Pollution to weaken the...

CVE-2024-45801

DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. It has been discovered that malicious HTML using special nesting techniques can bypass the depth checking added to DOMPurify in recent releases. It was also possible to use Prototype Pollution to weaken the...

USN-7012-1: curl vulnerability

Hiroki Kurosawa discovered that curl incorrectly handled certain OCSP responses. This could result in bad certificates not being checked properly, contrary to expectations...

MPlayer Lite r33064 Buffer Overflow

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'MPlayer Lite M3U Buffer Overflow', 'Description' = %q This module exploits a stack-based buffer overflow vulnerability in MPlayer Lite r33064,...