webkitgtk: use-after-free issue leading to arbitrary code execution

A flaw was found in webkitgtk. Improper input validation leads to a memory corruption vulnerability. This flaw allows an attacker with network access to pass specially crafted web content files, causing an application to halt, crash, or perform arbitrary code execution...

SUSE CVE-2024-52594

Gomatrixserverlib is a Go library for matrix federation. Gomatrixserverlib is vulnerable to server-side request forgery, serving content from a private network it can access, under certain conditions. The commit c4f1e01 fixes this issue. Users are advised to upgrade. Users unable to upgrade shoul...

CVE-2023-2203

A flaw was found in the WebKitGTK package. An improper input validation issue may lead to a use-after-free vulnerability. This flaw allows attackers with network access to pass specially crafted web content files, causing a denial of service or arbitrary code execution. This CVE exists because of...

PT-2017-3747

Name of the Vulnerable Software and Affected Versions: libxml2 affected versions not specified Description: A flaw in libxml2 allows remote XML entity inclusion with default parser flags. This may expose a higher-risk attack surface, allowing access to content from local files, HTTP, or FTP...

Trend Micro - Multiple HTTP Problems with CoreServiceShell.exe

Exploit for windows platform in category web applications Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=775 The main component of Trend Micro Antivirus is CoreServiceShell.exe, which runs as NT AUTHORITY\SYSTEM. The CoreServiceShell includes an HTTP daemon, which is used for...