During garbage collection extra operations were performed on a object that should not be. This could have led to a potentially exploitable crash. This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1.

...

valtimo-backend-libraries 安全漏洞

valtimo-backend-libraries is an open source business process automation platform from Valtimo. A security vulnerability exists in valtimo-backend-libraries that originates from an unauthorized user being able to list, view, edit, create, or delete objects...

CVE-2023-32172

Unified Automation UaGateway OPC UA Server Use-After-Free Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Unified Automation UaGateway. Authentication is required to exploit this vulnerability. The...

Microsoft Excel SKP File Parsing Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Excel. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SKP...

SUSE CVE-2023-5728

During garbage collection extra operations were performed on a object that should not be. This could have led to a potentially exploitable crash. This vulnerability affects Firefox 119, Firefox ESR 115.4, and Thunderbird 115.4.1...

CVE-2023-32250

A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the processing of SMB2SESSIONSETUP commands. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this vulnerabilit...

The specific flaw exists within the DPT I2O Controller driver. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the kernel.

...

CVE-2023-2007

The specific flaw exists within the DPT I2O Controller driver. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the...

Microsoft Office Word SKP File Parsing Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Office Word. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing ...

Adobe Bridge SVG File Parsing Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Bridge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SVG...

Privilege Escalation

MariaDB is vulnerable to privilege escalation. The vulnerability exists due to a Use-After-Free Privilege due to a lack of sanitization of the existence of an object prior to performing operations on the object...

CVE-2021-46571

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsin...

Foxit PDF Reader Resource Management Error Vulnerability (CNVD-2022-22736)

Foxit PDF Reader is a PDF reader from Foxit, a Chinese company. Foxit PDF Reader is vulnerable due to a lack of verification of the existence of an object before performing operations on it, which can be exploited to execute code in the context of the current process...

Bentley MicroStation CONNECT Remote Code Execution Vulnerability (CNVD-2022-30769)

A remote code execution vulnerability exists in Bentley MicroStation CONNECT, a Cad software platform for 2D and 3D design and drafting from Bentley Systems, U.S.A. The vulnerability stems from a lack of verification of the existence of an object before performing operations on it The vulnerabili...

OpenText Brava! Desktop DWG File Parsing Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Siemens Solid Edge Viewer OBJ File Parsing Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Solid Edge Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

GHSA-9Q94-V7CH-MXQW Insufficient Session Expiration and TOCTOU Race Condition in OPC FOundation UA .Net Standard

This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of OPC Foundation UA .NET Standard 1.04.358.30. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of sessions. The issue results fr...

Insufficient Session Expiration and TOCTOU Race Condition in OPC FOundation UA .Net Standard

This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of OPC Foundation UA .NET Standard 1.04.358.30. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of sessions. The issue results fr...

Foxit PDF Reader Post-release Reuse Vulnerability (CNVD-2021-64096)

Foxit PDF Reader formerly known as Foxit Reader is a set of software used to read PDF format files, developed by Foxit Software Fujian. The vulnerability stems from not verifying the existence of the object before performing operations on it. An attacker could exploit this vulnerability to execut...

Oracle VirtualBox LsiLogicSCSI Race Condition Information Disclosure Vulnerability

This vulnerability allows local attackers to disclose sensitive information on affected installations of Oracle VirtualBox. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within...