104 matches found
OpenSSL Releases Update to Address Several High-Severity Vulnerabilities
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary The OpenSSL Project has released fixes for several security flaws, including a high-severity bug CVE-2023-0286 that could expose users to malicious attacks. The bug is related to a type of confusi...
CVE-2022-38143
A heap out-of-bounds write vulnerability exists in the way OpenImageIO v2.3.19.0 processes RLE encoded BMP images. A specially-crafted bmp file can write to arbitrary out of bounds memory, which can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this...
CVE-2022-35673
Adobe FrameMaker is affected by CVE-2022-35673 (and related) with an out-of-bounds read during parsing of crafted files, potentially enabling code execution in the user’s context. Affected are FrameMaker 2019 Update 8 and earlier and 2020 Update 4 and earlier. The vulnerability requires user inte...
Exploit for Missing Initialization of Resource in Linux Linux_Kernel
CVE-2022-29968 Proof-of-concept exploit for CVE-2022-29968 un...
PT-2022-6933 · Mariadb +9 · Mariadb Server +9
Name of the Vulnerable Software and Affected Versions: MariaDB Server versions 10.6.3 and below Description: The issue is related to a use-after-free vulnerability in the my wildcmp 8bit impl component of the MariaDB database management system. This vulnerability can be exploited by a remote...
CVE-2021-34584
The CVE-2021-34584 issue affects CODESYS V2 web server prior to version 1.1.9.22. Crafted web server requests can read partial stack or heap memory and may trigger a denial-of-service crash. The vulnerability is tied to the V2 web server, and remediation is to upgrade to V1.1.9.22 or later. No ex...
CVE-2021-36074 Adobe Bridge PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
Adobe Bridge versions 11.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of arbitrary memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim mus...
SUSE: Security Advisory (SUSE-SU-2016:0164-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2021-30526
Out of bounds write in TabStrip in Google Chrome prior to 91.0.4472.77 allowed an attacker who convinced a user to install a malicious extension to perform an out of bounds memory write via a crafted HTML page...
MGASA-2020-0454 Updated x11vnc package fixes a security vulnerability
scan.c in x11vnc 0.9.16 uses IPCCREAT|0777 in shmget calls, which allows access by actors other than the current user. CVE-2020-29074...
CVE-2020-15212 Out of bounds access in tensorflow-lite
In TensorFlow Lite before versions 2.2.1 and 2.3.1, models using segment sum can trigger writes outside of bounds of heap allocated buffers by inserting negative elements in the segment ids tensor. Users having access to segmentidsdata can alter outputindex and then write to outside of outputdata...
Code injection
An unauthenticated bitmap image can be loaded in to memory and subsequently cause execution of unverified code. in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in QCS405, QCS605, SD 636, SD 665, SD 675...
CVE-2018-18512
A use-after-free vulnerability can occur while playing a sound notification in Thunderbird. The memory storing the sound data is immediately freed, although the sound is still being played asynchronously, leading to a potentially exploitable crash. This vulnerability affects Thunderbird 60.5...
Security vulnerabilities fixed in Firefox 60.6.1 — Mozilla
Incorrect alias information in IonMonkey JIT compiler for Array.prototype.slice method may lead to missing bounds check and a buffer overflow. Incorrect handling of proto mutations may lead to type confusion in IonMonkey JIT code and can be leveraged for arbitrary memory read and write...
Apple iOS / macOS - Sandbox Escape due to Trusted Length Field in Shared Memory Exploit
Exploit for multiple platform in category dos / poc Apple iOS/macOS - Sandbox Escape due to Trusted Length Field in Shared Memory used by HID Event Subsystem iohideventsystem is a MIG service which provides proxy access to various HID devices for untrusted clients. On iOS it's hosted by backboard...
CVE-2018-16295
An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Reader before 9.3 and PhantomPDF before 9.3, a different vulnerability than CVE-2018-16291, CVE-2018-16292, CVE-2018-16293, CVE-2018-16294, CVE-2018-16296, and CVE-2018-16297. A specially crafted PDF document can...
CVE-2018-16294
An exploitable use-after-free in Foxit Reader before 9.3 and PhantomPDF before 9.3 within the JavaScript engine. A specially crafted PDF can trigger reuse of a previously freed object, enabling arbitrary code execution. User interaction is required (opening the malicious PDF); if the browser plug...
CVE-2018-3992
CVE-2018-3992 is a use-after-free vulnerability in Foxit PDF Reader’s JavaScript engine (version 9.2.0.9297). A specially crafted PDF can reuse a freed memory object, leading to arbitrary code execution. Exploitation requires user action to open the malicious file; if the browser plugin extension...
Microsoft Internet Explorer 11 - MSHTML CSpliceTreeEngine::RemoveSplice Use-After-Free (MS14-035)
Microsoft Internet Explorer 11 - MSHTML CSpliceTreeEngine::RemoveSplice Use-After-Free MS14-035 document.addEventListener"DOMNodeRemoved", function document.open; // free // attempt to modify freed memory here // because it will be...
CVE-2016-4024
Integer overflow in imlib2 before 1.4.9 on 32-bit platforms allows remote attackers to execute arbitrary code via large dimensions in an image, which triggers an out-of-bounds heap memory write operation...