246 matches found
SUSE CVE-2024-6293
Use after free in Dawn in Google Chrome prior to 126.0.6478.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...
UBUNTU-CVE-2021-47614
In the Linux kernel, the following vulnerability has been resolved: RDMA/irdma: Fix a user-after-free in addpbleprm When irdmahmcsdone fails, 'chunk' is freed while its still on the PBLE info list. Add the chunk entry to the PBLE info list only after successful setting of the SD in irdmahmcsdone...
OESA-2024-1648 kernel security update
The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: mm/slub: fix to return errno if kmalloc fails In createuniqueid, kmalloc, GFPKERNEL can fail due to out-of-memory, if it fails, return errno correctly rather tha...
DEBIAN-CVE-2024-4761
Out of bounds write in V8 in Google Chrome prior to 124.0.6367.207 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. Chromium security severity: High...
DEBIAN-CVE-2024-26749
In the Linux kernel, the following vulnerability has been resolved: usb: cdns3: fixed memory use after free at cdns3gadgetepdisable ... cdns3gadgetepfreerequest&privep-endpoint, &privreq-request; listdelinit&privreq-list; ... 'privreq' actually free at cdns3gadgetepfreerequest. But listdelinit us...
USN-6718-1 curl vulnerabilities
Dan Fandrich discovered that curl would incorrectly use the default set of protocols when a parameter option disabled all protocols without adding any, contrary to expectations. This issue only affected Ubuntu 23.10. CVE-2024-2004 It was discovered that curl incorrectly handled memory when limiti...
USN-6680-3 linux-aws, linux-aws-6.5 vulnerabilities
黄思聪 discovered that the NFC Controller Interface NCI implementation in the Linux kernel did not properly handle certain memory allocation failure conditions, leading to a null pointer dereference vulnerability. A local attacker could use this to cause a denial of service system crash...
The vulnerability of the Mojo library for Microsoft Edge and Google Chrome browsers allows a hacker to execute arbitrary code.
The vulnerability of the Mojo library for Microsoft Edge and Google Chrome browsers relates to the use of memory after it is freed. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code...
CVE-2024-25451
Bento4 v1.6.0-640 was discovered to contain an out-of-memory bug via the AP4DataBuffer::ReallocateBuffer function...
Design/Logic Flaw
Bento4 v1.6.0-640 was discovered to contain an out-of-memory bug via the AP4UrlAtom::AP4UrlAtom function...
Design/Logic Flaw
Bento4 v1.6.0-640 was discovered to contain an out-of-memory bug via the AP4DataBuffer::ReallocateBuffer function...
CVE-2024-25452
CVE-2024-25452 affects Bento4 v1.6.0-640, with an out-of-memory bug in AP4_UrlAtom::AP4_UrlAtom(). Public document set confirms the vulnerable component and impact (OOM; Availability), but exploitation details are not provided. Red Hat notes the issue; PT-2024-20954 suggests disabling AP4 UrlAtom...
CVE-2024-25451
CVE-2024-25451 concerns Bento4 v1.6.0-640, which contains an out-of-memory bug in the AP4_DataBuffer::ReallocateBuffer() function. Multiple sources confirm the issue and tie it to Bento4’s MP4 reading/writing library, with the vulnerability enabling an OOM condition that can impact system availab...
UBUNTU-CVE-2024-0755
Memory safety bugs present in Firefox 121, Firefox ESR 115.6, and Thunderbird 115.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox 122, Firefox ESR...
The vulnerability of the DOC-file processor in Hancom Office software allows a hacker to execute arbitrary code.
The vulnerability of Hancom Office’s DOC-file processing tool is related to the use of memory after it is freed. Exploiting this vulnerability allows an attacker to execute arbitrary code using a specially created DOC file...
PT-2023-7269
Name of the Vulnerable Software and Affected Versions Vim versions prior to 9.0.2121 Description The issue is related to a heap-use-after-free vulnerability. When executing a :s command for the first time and using a sub-replace-special atom inside the substitution part, it is possible that the...
The vulnerabilities of PDF viewing and editing programs like Adobe Acrobat Document Cloud, Adobe Acrobat Reader Document Cloud, and Adobe Acrobat 2020/Adobe Acrobat Reader 2020 involve memory usage after it is freed, allowing attackers to execute arbitrary code within the context of the current process.
The vulnerability of PDF viewing and editing programs such as Adobe Acrobat Document Cloud, Adobe Acrobat Reader Document Cloud, Adobe Acrobat 2020, and Adobe Acrobat Reader 2020 is related to the use of memory after it is freed. Exploiting this vulnerability can allow an attacker to execute...
The vulnerability of the Substance 3D Stager software lies in its reliance on memory after it is freed, allowing an attacker to execute arbitrary code.
The vulnerability of the Substance 3D Stager software-related 3D design software is related to the use of memory after it is freed. Exploiting this vulnerability can allow an attacker to execute arbitrary code using a specially created file...
The vulnerability of the Site Isolation component in Google Chrome allows a hacker to execute arbitrary code.
The vulnerability of Google Chrome’s Site Isolation component relates to the use of memory after it is freed. Exploiting this vulnerability allows a remote attacker to execute arbitrary code through a specially created HTML page...
The vulnerability of Google Chrome’s autonomous mode for Android allows a hacker to execute arbitrary code.
The vulnerability of Google Chrome’s autonomous browser mode for Android relates to the use of memory after it is freed. Exploiting this vulnerability allows a remote attacker to execute arbitrary code using a specially created HTML page...