674 matches found
SUSE CVE-2023-0698
Out of bounds read in WebRTC in Google Chrome prior to 110.0.5481.77 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. Chromium security severity: High...
CVE-2023-0472
Use after free in WebRTC in Google Chrome prior to 109.0.5414.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...
GSD-2023-1000638 rtc: class: Fix potential memleak in devm_rtc_allocate_device()
rtc: class: Fix potential memleak in devmrtcallocatedevice This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.0.16 by commit...
GSD-2023-1000011 rtc: cmos: Fix event handler registration ordering issue
rtc: cmos: Fix event handler registration ordering issue This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.0.14 by commit...
PT-2023-33193 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.15.86 Description: The issue concerns an event handler registration ordering problem in the Linux Kernel's rtc: cmos component. The actual impact and potential for attack have not been confirmed...
Security Bulletin: The IBM® Engineering Lifecycle Engineering products using Liberty are vulnerable to denial of service due to GraphQL Java CVE-2022-37734
Summary The IBM® Engineering Lifecycle Engineering products using Liberty are vulnerable to denial of service due to GraphQL Java, affected features are mpGraphQL-1.0 or mpGraphQL-2.0 . Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products...
Security Bulletin: The IBM® Engineering Lifecycle Management products recommendation for Denial of Service due to Neko HTML in WebSphere Application Server Liberty (CVE-2022-24839)
Summary The IBM® Engineering Lifecycle Management products on WebSphere Application Server Liberty versions 17.0.0.3 - 22.0.0.10, vulnerbale to Denial of Service due to Neko HTML CVE-2022-24839. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected...
Security Bulletin: The IBM® Engineering Lifecycle Management products recommendation for IBM Java XML vulnerability CVE-2022-21299
Summary A flaw in the XML component allows attackers to inflict a denial-of-service and/or access external entities which should be inaccessible. Vulnerability is identified in Java versions 7.0.11.5 and earlier, 7.1.5.5 and earlier, 8.0.7.5 and earlier. Vulnerability Details Refer to the securit...
GSD-2022-1005687 rtc: rx8025: fix 12/24 hour mode detection on RX-8035
rtc: rx8025: fix 12/24 hour mode detection on RX-8035 This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.61 by commit...
GSD-2022-1005364 rtc: rx8025: fix 12/24 hour mode detection on RX-8035
rtc: rx8025: fix 12/24 hour mode detection on RX-8035 This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.19.2 by commit...
UBUNTU-CVE-2022-2294
Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...
CVE-2022-1133
Use after free in WebRTC Perf in Google Chrome prior to 100.0.4896.60 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...
GSD-2022-1003862 rtc: mt6397: check return value after calling platform_get_resource()
rtc: mt6397: check return value after calling platformgetresource This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.19.247 by commit...
GSD-2022-1003726 rtc: mt6397: check return value after calling platform_get_resource()
rtc: mt6397: check return value after calling platformgetresource This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.4.198 by commit...
GSD-2022-1003538 rtc: mt6397: check return value after calling platform_get_resource()
rtc: mt6397: check return value after calling platformgetresource This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.122 by commit...
GSD-2022-1003285 rtc: mt6397: check return value after calling platform_get_resource()
rtc: mt6397: check return value after calling platformgetresource This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.47 by commit...
GSD-2022-1002980 rtc: mt6397: check return value after calling platform_get_resource()
rtc: mt6397: check return value after calling platformgetresource This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.17.15 by commit...
GSD-2022-1002628 rtc: mt6397: check return value after calling platform_get_resource()
rtc: mt6397: check return value after calling platformgetresource This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.18.4 by commit...
Malicious code in connect-rtc-js (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 40845c567061d597a3e1c4893cdd7b653e68072e2d6cd0da33757014cec3fefa Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-2155 Malicious code in connect-rtc-js (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 40845c567061d597a3e1c4893cdd7b653e68072e2d6cd0da33757014cec3fefa Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...