116 matches found
USN-7223-1: OpenJPEG vulnerabilities
Frank Zeng discovered that OpenJPEG incorrectly handled memory when using the decompression utility. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. CVE-2024-56826, CVE-2024-56827...
CVE-2025-21171 .NET Remote Code Execution Vulnerability
...
Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 24.10 : xmltok library vulnerabilities (USN-7199-1)
The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 24.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7199-1 advisory. It was discovered that Expat, contained within the xmltok library, incorrectly handled malformed XML data. If...
CVE-2025-0242
Memory safety bugs present in Firefox 133, Thunderbird 133, Firefox ESR 115.18, Firefox ESR 128.5, Thunderbird 115.18, and Thunderbird 128.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary cod...
UBUNTU-CVE-2023-24531
Command go env is documented as outputting a shell script containing the Go environment. However, go env doesn't sanitize values, so executing its output as a shell script can cause various bad bahaviors, including executing arbitrary commands or inserting new environment variables. This issue is...
Autodesk AutoCAD Out-of-Bounds Read Vulnerability (CNVD-2024-33000)
Autodesk AutoCAD is a set of professional 3D drawing software from the American Autodesk Corporation. An out-of-bounds read vulnerability exists in Autodesk AutoCAD version 2024.1.5, which stems from a lack of proper validation of user-supplied data when parsing a maliciously crafted MODEL file i...
ROS-2-2077
2.2077 Vulnerability in Mozilla Thunderbird email client CVE-2021-29964, CVE-2021-29967 1. Vulnerability Description: CVE-2021-29964 A vulnerability in the Mozilla Thunderbird email client, is related to boundary conditions. Exploitation of the vulnerability could allow an attacker acting remotel...
Multi-vendor BIOS Security Vulnerabilities (February, 2024) - Lenovo Support US
No description provided...
CVE-2016-20021
In Gentoo Portage before 3.0.47, there is missing PGP validation of executed code: the standalone emerge-webrsync downloads a .gpgsig file but does not perform signature verification. Unless emerge-webrsync is used, Portage is not vulnerable...
CVE-2023-23605
Mozilla developers and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 108 and Firefox ESR 102.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerabilit...
PT-2023-14075 · Nvidia · Nvidia Bmc
Name of the Vulnerable Software and Affected Versions: NVIDIA BMC affected versions not specified Description: The issue is related to a buffer overflow in the IPMI handler of NVIDIA BMC, which can be exploited by an authorized attacker to cause a denial of service or potentially gain code...
CVE-2022-46878
Mozilla developers Randell Jesup, Valentin Gosu, Olli Pettay, and the Mozilla Fuzzing Team reported memory safety bugs present in Thunderbird 102.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run...
PT-2022-26662 · Autodesk · Autodesk Design Review
Name of the Vulnerable Software and Affected Versions: Autodesk DesignReview versions affected versions not specified Description: A maliciously crafted .dwf or .pct file consumed through the DesignReview.exe application could lead to a memory corruption issue due to a write access violation. Thi...
SUSE-SU-2022:2071-1 Security update for webkit2gtk3
This update for webkit2gtk3 fixes the following issues: Update to version 2.36.3 bsc1200106 - CVE-2022-30293: Fixed heap-based buffer overflow in WebCore::TextureMapperLayer::setContentsLayer bsc1199287. - CVE-2022-26700: Fixed memory corruption issue that may lead to code execution when processi...
CVE-2020-28615
Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any o...
MGASA-2021-0427 Updated thunderbird packages fix security vulnerability
Mozilla developers Tyson Smith and Gabriele Svelto reported memory safety bugs present in Thunderbird ESR 78.13. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code CVE-2021-38493. The...
ASUS RT-AX86U suffers from a buffer overflow vulnerability
The RT-AX86U is a WiFi6 gaming router. The ASUS RT-AX86U suffers from a buffer overflow vulnerability that can be exploited by an attacker to trigger a memory corruption that could lead to code execution...
PT-2020-14809 · N Tron · N-Tron 702M12-W +1
Name of the Vulnerable Software and Affected Versions: N-Tron 702-W / 702M12-W all versions Description: The issue concerns reflected cross-site scripting, which could allow an attacker to execute arbitrary code and perform actions in the context of an attacked user. Recommendations: For all...
MGASA-2017-0410 Updated flash-player-plugin packages fixes security vulnerabilities
Adobe Flash Player 27.0.0.187 addresses critical vulnerabilities that could lead to code execution. The update fixes out-of-bounds reads CVE-2017-3112, CVE-2017-3114, CVE-2017-11213 and use-after-free issues CVE-2017-11215, CVE-2017-11225...
MGASA-2017-0317 Chromium-browser 60.0.3112.101 fixes security issues
Multiple flaws were found in the way Chromium 57 processes various types of web content, where loading a web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information. CVE-2017-5057, CVE-2017-5058, CVE-2017-5059, CVE-2017-5060,...