USN-6119-1 openssl, openssl1.0 vulnerabilities

Matt Caswell discovered that OpenSSL incorrectly handled certain ASN.1 object identifiers. A remote attacker could possibly use this issue to cause OpenSSL to consume resources, resulting in a denial of service. CVE-2023-2650 Anton Romanov discovered that OpenSSL incorrectly handled AES-XTS ciphe...

RIOT RIOT-OS 缓冲区错误漏洞

RIOT RIOT-OS is a set of operating systems used in the Internet of Things IoT space. A security vulnerability exists in RIOT RIOT-OS versions prior to 2023.04 that stems from the use of uninitialized objects, which can be exploited by an attacker to conduct a denial-of-service attack...

PT-2023-5842 · Foxit · Foxit Pdf Reader

Name of the Vulnerable Software and Affected Versions: Foxit PDF Reader affected versions not specified Description: This issue allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this, where the target...

Adobe Acrobat Reader DC Annotation fillColor Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within th...

Adobe Acrobat Reader DC Highlight Annotation noView Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handli...

GHSA-863X-868H-968X Ingress-nginx `path` sanitization can be bypassed with newline character

A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use a newline character to bypass the sanitization of the spec.rules.http.paths.path field of an Ingress object in the networking.k8s.io or extensions API group to obtain the credentials of...

PT-2023-12076 · Unknown · Ingress-Nginx

Name of the Vulnerable Software and Affected Versions: ingress-nginx affected versions not specified Description: A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use a newline character to bypass the sanitization of the...

CVE-2023-23306

The Toybox.Ant.BurstPayload.add API method in CIQ API version 2.2.0 through 4.1.7 suffers from a type confusion vulnreability, which can result in an out-of-bounds write operation. A malicious application could create a specially crafted Toybox.Ant.BurstPayload object, call its add method, overri...

The vulnerability in the web interface of the Cisco Identity Services Engine (ISE) management platform allows a attacker to perform an SSRF attack.

The vulnerability in the web interface of the Cisco Identity Services Engine ISE management platform relates to incorrect restrictions on XML links to external objects. Exploiting this vulnerability allows a malicious actor to execute an SSRF attack by loading a specially created XML file...

CVE-2022-1552 : Autovacuum, REINDEX, and others omit "security restricted operation" sandbox

A flaw was found in PostgreSQL. There is an issue with incomplete efforts to operate safely when a privileged user is maintaining another user's objects. The Autovacuum, REINDEX, CREATE INDEX, REFRESH MATERIALIZED VIEW, CLUSTER, and pgamcheck commands activated relevant protections too late or no...

CVE-2023-23557

CVE-2023-23557 affects Facebook Hermes (JavaScript engine used in React Native). The root cause is a type-confusion bug caused by copying object properties prior to commit, enabling an attacker to execute arbitrary code when Hermes runs untrusted JavaScript. The vulnerability is described across ...

jackson-databind: denial of service via a large depth of nested objects

A flaw was found in the Jackson Databind package. This cause of the issue is due to a Java StackOverflow exception and a denial of service via a significant depth of nested objects...

json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion)

A flaw was found in the json-smart package. This security flaw occurs when reaching a ‘‘ or ‘‘ character in the JSON input, and the code parses an array or an object, respectively. The 3PP does not have any limit to the nesting of such arrays or objects. Since nested arrays and objects are parsed...

PT-2023-35830 · Assimp · Assimp

Name of the Vulnerable Software and Affected Versions: Assimp affected versions not specified Description: The issue is related to a heap-use-after-free error. Technical details about the crash include the Assimp::FBXExporter::WriteObjects and Assimp::FBXExporter::ExportBinary functions, as well ...

json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion)

A flaw was found in the json-smart package. This security flaw occurs when reaching a ‘‘ or ‘‘ character in the JSON input, and the code parses an array or an object, respectively. The 3PP does not have any limit to the nesting of such arrays or objects. Since nested arrays and objects are parsed...

Linux Kernel vmwgfx Driver Race Condition Information Disclosure Vulnerability

This vulnerability allows local attackers to disclose sensitive information on affected installations of Linux Kernel. An attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handlin...

kernel: mm/slub: actually fix freelist pointer vs redzoning

In the Linux kernel, the following vulnerability has been resolved: mm/slub: actually fix freelist pointer vs redzoning It turns out that SLUB redzoning "slubdebug=Z" checks from s-objectsize rather than from s-inuse which is normally bumped to make room for the freelist pointer, so a cache creat...

PT-2024-11230 · Linux +3 · Linux Kernel +3

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to the SLUB redzoning feature in the Linux kernel, which checks for corruption from s-object size instead of s-inuse. This can cause the freelist pointer to be...

GHSA-WHPJ-8F3W-67P5 vm2 Sandbox Escape vulnerability

A sandbox escape vulnerability exists in vm2 for versions up to 3.9.17. It abuses an unexpected creation of a host object based on the specification of Proxy. Impact A threat actor can bypass the sandbox protections to gain remote code execution rights on the host running the sandbox. Patches Thi...

Xpdf 安全漏洞

Glyph & Cog Xpdf is an open source PDF file viewer from Glyph & Cog. A security vulnerability exists in Xpdf 4.04 and earlier versions, which stems from a loop of PDF objects embedded in the file tree that can lead to infinite recursion and a stack overflow...