SUSE CVE-2018-20023

LibVNC before 8b06f835e259652b0ff026898014fc7297ade858 contains CWE-665: Improper Initialization vulnerability in VNC Repeater client code that allows attacker to read stack memory and can be abuse for information disclosure. Combined with another vulnerability, it can be used to leak stack memor...

SUSE CVE-2019-15790

Apport reads and writes information on a crashed process to /proc/pid with elevated privileges. Apport then determines which user the crashed process belongs to by reading /proc/pid through getpidinfo in data/apport. An unprivileged user could exploit this to read information about a privileged...

SUSE CVE-2019-1010024

GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc. NOTE: Upstream comments indicate "this is being treated as a non-security bug and no real threat...

SUSE CVE-2020-12864

An out-of-bounds read in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to read important information, such as the ASLR offsets of the program, aka GHSL-2020-081...

SUSE CVE-2020-14347

A flaw was found in the way xserver memory was not properly initialized. This could leak parts of server memory to the X client. In cases where Xorg server runs with elevated privileges, this could result in possible ASLR bypass. Xorg-server before version 1.20.9 is vulnerable...

SUSE CVE-2020-25705

A flaw in ICMP packets in the Linux kernel may allow an attacker to quickly scan open UDP ports. This flaw allows an off-path remote attacker to effectively bypass source port UDP randomization. Software that relies on UDP source port randomization are indirectly affected as well on the Linux Bas...

PT-2023-1622 · Adobe · Bridge

Name of the Vulnerable Software and Affected Versions: Adobe Bridge versions 12.0.3 and earlier Adobe Bridge versions 13.0.1 and earlier Description: The issue is related to an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. This vulnerability can be exploited ...

PT-2023-1806 · Adobe · Dimension

Name of the Vulnerable Software and Affected Versions: Adobe Dimension versions 3.4.7 and earlier Description: The issue is related to an out-of-bounds read vulnerability in Adobe Dimension, which could lead to the disclosure of sensitive memory. An attacker could leverage this vulnerability to...

CVE-2023-21603

Adobe Dimension version 3.4.6 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim...

CVE-2023-21601

Adobe Dimension version 3.4.6 and earlier are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must...

Adobe Dimension 资源管理错误漏洞

Adobe Dimension is the United States of America Odo than Adobe company is a set of 2D and 3D composite design tools. A security vulnerability exists in Adobe Dimension 3.4.6 and earlier versions. An attacker could exploit the vulnerability to bypass mitigations such as ASLR and disclose sensitive...

OpenJDK: insufficient randomization of JNDI DNS port numbers (JNDI, 8286910)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JNDI. Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Difficult to exploit...

InHand Networks InRouter302 安全特征问题漏洞

The InHand Networks InRouter302 is an LTE cellular router from InHand Networks, Inc. A security feature issue vulnerability exists in the InHand Networks InRouter302 version prior to V3.5.56, and the InRouter615 version prior to V2.3.0.r5542, which stems from the use of an insufficiently randomiz...

PT-2023-2790 · Inhand Networks · Inrouter 615 +1

Name of the Vulnerable Software and Affected Versions: InHand Networks InRouter 302 versions prior to IR302 V3.5.56 InHand Networks InRouter 615 versions prior to InRouter6XX-S-V2.3.0.r5542 Description: The issue is related to the use of insufficiently random values, specifically with the MQTT...

PT-2022-6067

Name of the Vulnerable Software and Affected Versions Linux Kernel affected versions not specified Description A flaw named "EntryBleed" was found in the Linux Kernel Page Table Isolation KPTI. This issue could allow a local attacker to leak KASLR base via prefetch side-channels based on TLB timi...

Security Bulletin: UDP source port randomization flaw in IBM DataPower Gateway (CVE-2020-25705)

Summary IBM has addressed the CVE Vulnerability Details CVEID:CVE-2020-25705 DESCRIPTION: Linux Kernel could allow a remote attacker to bypass security restrictions, caused by a flaw in the way reply ICMP packets are limited. By sending a specially-crafted request, an attacker could exploit this...

PT-2022-6005 · Adobe · Illustrator

Name of the Vulnerable Software and Affected Versions: Adobe Illustrator versions 26.5.1 and earlier Adobe Illustrator versions 27.0 and earlier Description: The issue is related to an out-of-bounds read vulnerability in Adobe Illustrator, which could lead to the disclosure of sensitive memory...

OpenJDK: insufficient randomization of JNDI DNS port numbers (JNDI, 8286910)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JNDI. Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Difficult to exploit...

OpenRazer 缓冲区错误漏洞

OpenRazer is an open source driver and userspace daemon. It is used to control Razer lighting and other features on GNU/Linux. A buffer error vulnerability exists in OpenRazer versions prior to v3.5.1, which can be exploited by an attacker to disclose the stack address of razerattrreaddpistages,...

MGASA-2022-0435 Updated java packages fix security vulnerability

Class compilation issue. CVE-2022-21540 Improper restriction of MethodHandle.invokeBasic. CVE-2022-21541 Integer truncation issue in Xalan-J. CVE-2022-34169 Improper MultiByte conversion can lead to buffer overflow. CVE-2022-21618 Improper handling of long NTLM client hostnames. CVE-2022-21619...