4443 matches found
SUSE CVE-2018-1000204
Linux Kernel version 3.18 to 4.16 incorrectly handles an SGIO ioctl on /dev/sg0 with dxferdirection=SGDXFERFROMDEV and an empty 6-byte cmdp. This may lead to copying up to 1000 kernel heap pages to the userspace. This has been fixed upstream in...
SUSE CVE-2019-13668
Insufficient policy enforcement in developer tools in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page...
SUSE CVE-2019-15211
An issue was discovered in the Linux kernel before 5.2.6. There is a use-after-free caused by a malicious USB device in the drivers/media/v4l2-core/v4l2-dev.c driver because drivers/media/radio/radio-raremono.c does not properly allocate memory...
SUSE CVE-2021-20268
An out-of-bounds access flaw was found in the Linux kernel's implementation of the eBPF code verifier in the way a user running the eBPF script calls devmapinitmap or sockmapalloc. This flaw allows a local user to crash the system or possibly escalate their privileges. The highest threat from thi...
SUSE CVE-2021-37986
Heap buffer overflow in Settings in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to engage with Dev Tools to potentially exploit heap corruption via a crafted HTML page...
SUSE CVE-2022-1493
Use after free in Dev Tools in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via specific and direct user interaction...
SUSE CVE-2022-1500
Insufficient data validation in Dev Tools in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to bypass content security policy via a crafted HTML page...
SUSE CVE-2022-29156
drivers/infiniband/ulp/rtrs/rtrs-clt.c in the Linux kernel before 5.16.12 has a double free related to rtrscltdevrelease...
SUSE CVE-2022-37706
enlightenmentsys in Enlightenment before 0.25.4 allows local users to gain privileges because it is setuid root, and the system library function mishandles pathnames that begin with a /dev/.. substring...
SUSE CVE-2022-41973
multipath-tools 0.7.7 through 0.9.x before 0.9.2 allows local users to obtain root access, as exploited in conjunction with CVE-2022-41974. Local users able to access /dev/shm can change symlinks in multipathd due to incorrect symlink handling, which could lead to controlled file writes outside o...
SUSE CVE-2023-23599
When copying a network request from the developer tools panel as a curl command the output was not being properly sanitized and could allow arbitrary commands to be hidden within. This vulnerability affects Firefox 109, Firefox ESR 102.7, and Thunderbird 102.7...
The vulnerability of the memory manager in the Linux operating system’s kernel, backing-dev.c, allows a hacker to cause a service failure.
The vulnerability of the Linux operating system’s memory manager, specifically the backing-dev.c module, is related to the use of previously freed memory in the functions bdiput and bdiunregister. Exploiting this vulnerability can allow an attacker to cause a service failure...
Chinese Hackers Targeting South American Diplomatic Entities with ShadowPad
Microsoft on Monday attributed a China-based cyber espionage actor to a set of attacks targeting diplomatic entities in South America. The tech giant's Security Intelligence team is tracking the cluster under the emerging moniker DEV-0147, describing the activity as an "expansion of the group's...
CVE-2023-0817
Buffer Over-read in GitHub repository gpac/gpac prior to v2.3.0-DEV...
CVE-2023-0818
Off-by-one Error in GitHub repository gpac/gpac prior to v2.3.0-DEV...
CVE-2023-0819
Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to v2.3.0-DEV...
UBUNTU-CVE-2023-0819
Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to v2.3.0-DEV...
CVE-2023-0817
Buffer Over-read in GitHub repository gpac/gpac prior to v2.3.0-DEV...
Buffer overflow
Buffer Over-read in GitHub repository gpac/gpac prior to v2.3.0-DEV...
UBUNTU-CVE-2023-0817
Buffer Over-read in GitHub repository gpac/gpac prior to v2.3.0-DEV...