18 matches found
CVE-2025-46306
The issue was addressed with improved bounds checks. This issue is fixed in Keynote 15.1, iOS 26 and iPadOS 26, macOS Tahoe 26. Processing a maliciously crafted Keynote file may disclose memory contents...
CVE-2023-32443
An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Monterey 12.6.8, macOS Ventura 13.5, macOS Big Sur 11.7.9. Processing a file may lead to a denial-of-service or potentially disclose memory contents...
CVE-2023-42983
Processing a file may lead to a denial-of-service or potentially disclose memory contents. This issue is fixed in macOS 14. The issue was addressed with improved checks...
CVE-2024-27877
The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.7.6, macOS Sonoma 14.6, macOS Ventura 13.6.8. Processing a maliciously crafted file may lead to a denial-of-service or potentially disclose memory contents...
PT-2024-22101 · Apple · Apple Macos
Name of the Vulnerable Software and Affected Versions: macOS versions prior to 12.7.6 macOS versions prior to 13.6.8 macOS versions prior to 14.6 Description: The issue was addressed with improved memory handling. Processing a maliciously crafted file may lead to a denial-of-service or potentiall...
CVE-2024-23249
The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.4. Processing a file may lead to a denial-of-service or potentially disclose memory contents...
Mageia: Security Advisory (MGASA-2023-0130)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
openssl-src contains Read Buffer Overflow in X.509 Name Constraint
A read buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed the malicious certificate or for the application to continue certificate...
CVE-2022-26873
A potential attacker can execute an arbitrary code at the time of the PEI phase and influence the subsequent boot stages. This can lead to the mitigations bypassing, physical memory contents disclosure, discovery of any secrets from any Virtual Machines VMs and bypassing memory isolation and...
Juniper Junos OS Vulnerability (JSA11293)
The version of Junos OS installed on the remote host is affected by a vulnerability as referenced in the JSA11293 advisory. - ASN.1 strings are represented internally within OpenSSL as an ASN1STRING structure which contains a buffer holding the string data and a field holding the buffer length...
Ubuntu 18.04 LTS : OpenSSL vulnerability (USN-5051-3)
The remote Ubuntu 18.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-5051-3 advisory. USN-5051-1 fixed a vulnerability in OpenSSL. This update provides the corresponding update for the openssl1.0 package in Ubuntu 18.04 LTS. Tenable has extracted t...
CVE-2021-30911
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Monterey 12.0.1, Security Update 2021-007 Catalina, iOS 15.1 and iPadOS 15.1, macOS Big Sur 11.6.1. Processing a maliciously crafted USD file may disclose memory contents...
Foxit PhantomPDF < 9.7.1 Multiple Vulnerabilities
According to its version, the Foxit PhantomPDF application formally known as Phantom installed on the remote Windows host is prior to 9.7.1. It is, therefore, affected by multiple vulnerabilities: - A use-after-free error exists related to handling watermarks, AcroForm objects, text fields, or...
Microsoft Internet Explorer Information Disclosure Vulnerability (CNVD-2015-08071)
Microsoft Internet Explorer IE is a Web browser developed by the American company Microsoft and is the default browser that comes with the Windows operating system. An information disclosure vulnerability exists in Microsoft Internet Explorer version 11, which is caused due to the program failing...
Medium: postgresql8
Issue Overview: A double-free flaw was found in the connection handling. An unauthenticated attacker could exploit this flaw to crash the PostgreSQL back end by disconnecting at approximately the same time as the authentication time out is triggered. CVE-2015-3165 It was discovered that PostgreSQ...
PHP 5.4.x < 5.4.30 / 5.5.x < 5.5.14 Multiple Vulnerabilities
Binary data 8320.prm...
CVE-2009-2626
The CVE-2009-2626 issue affects PHP 5.3.0, 5.2.10 and earlier, where zend_restore_ini_entry_cb in zend_ini.c allows a context-specific attacker to cause memory disclosure and PHP crashes by abusing ini_set and ini_restore. Connected advisories confirm this as a vulnerability in PHP’s ini_restore(...
[CORE SDI ADVISORY] RealServer memory contents disclosure
CORE SDI http://www.core-sdi.com Report for RealServer memory contents disclosure vulnerability Date Published: November 16th, 2000 Advisory ID: CORE-20001116 Bugtraq ID: 1957 CVE CAN: None currently assigned. Title: RealServer memory contents disclosure vulnerability Class: Failure to handle...