Trimble SketchUp Viewer SKP File Parsing Uninitialized Variable Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsin...

DEBIAN-CVE-2023-6862

A use-after-free was identified in the nsDNSService::Init. This issue appears to manifest rarely during start-up. This vulnerability affects Firefox ESR 115.6 and Thunderbird 115.6...

PT-2024-12275

Name of the Vulnerable Software and Affected Versions SEV Firmware affected versions not specified Description The issue is related to the failure to initialize memory in SEV Firmware, which may allow a privileged attacker to access stale data from other guests. Recommendations At the moment, the...

Microsoft Excel SKP File Parsing Uninitialized Variable Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Microsoft Excel. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsin...

Adobe Prelude MP4 File Uninitialized Variable Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Prelude. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing ...

CLSA-2023-1702495193 openssl: Fix of CVE-2023-5363

CVE-2023-5363: evp: process key length and iv length early if present...

USN-6549-3: Linux kernel (Low Latency) vulnerabilities

It was discovered that the USB subsystem in the Linux kernel contained a race condition while handling device descriptors in certain situations, leading to a out-of-bounds read vulnerability. A local attacker could possibly use this to cause a denial of service system crash. CVE-2023-37453 Lin Ma...

USN-6534-2: Linux kernel vulnerabilities

It was discovered that the USB subsystem in the Linux kernel contained a race condition while handling device descriptors in certain situations, leading to a out-of-bounds read vulnerability. A local attacker could possibly use this to cause a denial of service system crash. CVE-2023-37453 Lin Ma...

Container Breakout (Leaky Vessels)

Overview Affected versions of this package are vulnerable to Container Breakout Leaky Vessels. Due to certain leaked file descriptors, an attacker could cause a newly-spawned container process from runc exec to have a working directory in the host filesystem namespace, allowing for a container...

CVE-2023-50431

An information leak vulnerability was found in the Linux kernel. This issue occurs because of a missing initialization in the habanalabs driver, resulting in a leak of kernel heap data to user space...

AZL-62064 CVE-2023-50431 affecting package kernel for versions less than 6.6.92.2-1

secattestinfo in drivers/accel/habanalabs/common/habanalabsioctl.c in the Linux kernel through 6.6.5 allows an information leak to user space because info-pad0 is not initialized...

Google Pixel Buffer Error Vulnerability

Google Pixel is a smartphone from Google Inc. in the United States. A security vulnerability exists in Google Pixel, which stems from a missing boundary check issue in Init of protocolcalladapter.cpp, which may result in out-of-bounds reads...

PT-2023-30834 · Google · Android

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue is related to a possible out of bounds read in the Init of protocolnetadapter.cpp due to a missing bounds check. This could lead to remote...

Google Pixel Buffer Error Vulnerability

Google Pixel is a smartphone from Google, Inc. in the United States. A security vulnerability exists in Google Pixel, which stems from a missing boundary check issue in Init of protocolnetadapter.cpp, which may result in out-of-bounds reads...

PT-2023-35629 · Apache · Apache Poi

Name of the Vulnerable Software and Affected Versions: Apache POI affected versions not specified Description: A security exception occurs in the javax.crypto.spec.SecretKeySpec constructor, which is called by org.apache.poi.poifs.crypt.binaryrc4.BinaryRC4Decryptor.initCipherForBlock. This issue ...

Google Pixel Buffer Error Vulnerability

Google Pixel is a smartphone from Google, Inc. in the United States. A security vulnerability exists in Google Pixel, which stems from a missing boundary check issue in Init of protocolnetadapter.cpp, which may result in out-of-bounds reads...

Google Pixel Buffer Error Vulnerability

The Google Pixel is a smartphone from Google, Inc. A security vulnerability exists in Google Pixel, which stems from a missing bounds check issue in ProtocolMiscATCommandAdapter::Init of protocolmiscadapter.cpp, which may result in out-of-bounds reads...

USN-6536-1: Linux kernel vulnerabilities

Lucas Leong discovered that the netfilter subsystem in the Linux kernel did not properly validate some attributes passed from userspace. A local attacker could use this to cause a denial of service system crash or possibly expose sensitive information kernel memory. CVE-2023-39189 Kyle Zeng...

The vulnerability of the BIG-IP Access Policy Manager’s access control and remote authentication mechanisms, as well as the software products such as BIG-IP Advanced Firewall Manager, BIG-IP Analytics, BIG-IP Application Acceleration Manager, BIG-IP Application Security Manager, BIG-IP Hybrid Defender, BIG-IP Domain Name System, BIG-IP Fraud Protection Service, BIG-IP Link Controller, BIG-IP Local Traffic Manager, BIG-IP Policy Enforcement Manager, BIG-IP Orchestrator, allows a perpetrator to trigger a service failure.

The vulnerabilities of the BIG-IP Access Policy Manager, as well as the BIG-IP Advanced Firewall Manager, BIG-IP Analytics, BIG-IP Application Acceleration Manager, BIG-IP Application Security Manager, BIG-IP Hybrid Defender, BIG-IP Domain Name System, BIG-IP Fraud Protection Service, BIG-IP Link...

The vulnerability of the Updater service in Parallels Desktop hypervisor allows a hacker to execute arbitrary code and increase their privileges.

The vulnerability of the Toolgate controller in Parallels Desktop lies in initialization errors. Exploiting this vulnerability allows an attacker to execute arbitrary code and enhance their privileges...