GHSA-4JQ9-2XHW-JPX7 Java: DoS Vulnerability in JSON-JAVA

Summary A denial of service vulnerability in JSON-Java was discovered by ClusterFuzz. A bug in the parser means that an input string of modest size can lead to indefinite amounts of memory being used. There are two issues: 1 the parser bug can be used to circumvent a check that is supposed to...

kernel: Linux kernel: Memory leak in RDMA/irdma subsystem leads to Denial of Service

A flaw was found in the Linux kernel's RDMA/irdma subsystem. When the irdma module is unloaded, certain memory objects PBLEs are not properly released, leading to a memory leak. A local attacker could repeatedly trigger this condition, causing system memory to be exhausted and resulting in a Deni...

kernel: vmwgfx: race condition leading to information disclosure vulnerability

A race condition vulnerability was found in the vmwgfx driver in the Linux kernel. The flaw exists within the handling of GEM objects. The issue results from improper locking when performing operations on an object. This flaw allows a local privileged user to disclose information in the context o...

Kofax Power PDF AcroForm Annotation Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handli...

PT-2023-29238 · Kofax · Kofax Power Pdf

Name of the Vulnerable Software and Affected Versions: Kofax Power PDF affected versions not specified Description: This issue allows remote attackers to disclose sensitive information on affected installations. It requires user interaction, such as visiting a malicious page or opening a maliciou...

python-cryptography security update

36.0.1-4 - Fix FTBFS caused by rsapkcs1implicitrejection OpenSSL feature, resolves rhbz2203840 36.0.1-3 - Fix CVE-2023-23931: Don't allow updateinto to mutate immutable objects, resolves rhbz2172399 - Fix FTBFS due to failing testloadinvalideckeyfrompem and testdecryptinvaliddecrypt...

Deserialization Of Untrusted Data

uimaj-tools is vulnerable to Deserialization of Untrusted Data. The vulnerability is due to deserializing Java objects without proper data verification when users or developers utilize the CasIOUtils class in their applications and services to parse serialized CAS data. This weakness can...

PT-2023-9816 · Foxit · Foxit Pdf Editor +1

Name of the Vulnerable Software and Affected Versions: Foxit PDF Reader affected versions not specified Foxit PDF Editor affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations. User interaction is required, where the...

Heap overflow

In versions of FreeBSD 12.4-RELEASE prior to 12.4-RELEASE-p7 and FreeBSD 13.2-RELEASE prior to 13.2-RELEASE-p5 the sflush stdio function in libc does not correctly update FILE objects' write space members for write-buffered streams when the write2 system call returns an error. Depending on the...

Deserialization of untrusted data

Deserialization of Untrusted Data, Improper Input Validation vulnerability in Apache UIMA Java SDK, Apache UIMA Java SDK, Apache UIMA Java SDK, Apache UIMA Java SDK.This issue affects Apache UIMA Java SDK: before 3.5.0. Users are recommended to upgrade to version 3.5.0, which fixes the issue. The...

kernel: vmwgfx: race condition leading to information disclosure vulnerability

A race condition vulnerability was found in the vmwgfx driver in the Linux kernel. The flaw exists within the handling of GEM objects. The issue results from improper locking when performing operations on an object. This flaw allows a local privileged user to disclose information in the context o...

Moderate: Red Hat Security Advisory: python-cryptography security update

An update for python-cryptography is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Privilege escalation

Macvim is a text editor for MacOS. Prior to version 178, Macvim makes use of an insecure interprocess communication IPC mechanism which could lead to a privilege escalation. Distributed objects are a concept introduced by Apple which allow one program to vend an interface to another program. What...

PT-2025-26002 · Linux +1 · Linux Kernel +1

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A memory leak issue has been identified in the Linux kernel, specifically in the cifs Common Internet File System component. The issue occurs when the deferred close work is canceled,...

RHEL 9 : python-cryptography (RHSA-2023:6615)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2023:6615 advisory. The python-cryptography packages contain a Python Cryptographic Authority's PyCA's cryptography library, which provides cryptographic primitives and...

ALSA-2023:6615 Moderate: python-cryptography security update

The python-cryptography packages contain a Python Cryptographic Authority's PyCA's cryptography library, which provides cryptographic primitives and recipes to Python developers. Security Fixes: python-cryptography: memory corruption via immutable objects CVE-2023-23931 For more details about the...

[SECURITY] Fedora 39 Update: libclc-17.0.2-1.fc39

libclc is an open source, BSD licensed implementation of the library requirements of the OpenCL C programming language, as specified by the OpenCL 1.1 Specification. The following sections of the specification impose library requirements: 6.1: Supported Data Types 6.2.3: Explicit Conversions...

CVE-2023-46817

An issue was discovered in phpFox before 4.8.14. The url request parameter passed to the /core/redirect route is not properly sanitized before being used in a call to the unserialize PHP function. This can be exploited by remote, unauthenticated attackers to inject arbitrary PHP objects into the...

Code injection

An issue was discovered in phpFox before 4.8.14. The url request parameter passed to the /core/redirect route is not properly sanitized before being used in a call to the unserialize PHP function. This can be exploited by remote, unauthenticated attackers to inject arbitrary PHP objects into the...

Fedora: Security Advisory for squid (FEDORA-2023-df4923cddc)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...