iccDEV 数字错误漏洞

iccDEV is an open-source color configuration code library developed by the International Color Consortium. Versions of iccDEV prior to 2.3.1.6 contained a numerical error vulnerability. This vulnerability occurred due to specially crafted TIFF inputs, which could lead to zero errors and trigger...

iccDEV 安全漏洞

iccDEV is an open-source color configuration code library developed by the International Color Consortium. Versions of iccDEV prior to 2.3.1.6 contained security vulnerabilities; these vulnerabilities were caused by specially crafted ICC configuration files that could trigger undefined behaviors...

iccDEV security vulnerability

iccDEV is an open-source color configuration code library developed by the International Color Consortium. Versions of iccDEV prior to 2.3.1.1 contained security vulnerabilities. These vulnerabilities were caused by empty pointer dereferencing and undefined behaviors in CIccXmlArrayType, which...

The vulnerability of the ShutdownObserver() function in browsers such as Mozilla Firefox, Firefox ESR, and the email client Thunderbird allows an attacker to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the ShutdownObserver function in browsers such as Mozilla Firefox, Firefox ESR, and the email client Thunderbird is related to dependencies on behaviors that are undefined for each implementation type. Exploiting this vulnerability could allow a malicious actor to compromise...

EulerOS 2.0 SP9 : kernel (EulerOS-SA-2023-2631)

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A use-after-free vulnerability was found in the Linux kernel's ext4 filesystem in the way it handled the extra inode size for extended attribute...

CVE-2023-35827

A race condition was found in the Linux kernel's Renesas Ethernet AVB driver when removing the module before cleanup in the ravbremove function. This can result in a use-after-free issue, possibly leading to a system crash or other undefined behaviors...

CVE-2023-35829

A race condition was found in the Linux kernel's rkvdec driver when removing the module before cleanup in the rkvdecremove function. This can result in a use-after-free issue, possibly leading to a system crash or other undefined behaviors...

CVE-2023-35825

A race condition was found in the Linux kernel's r592 device driver, when removing the module before cleanup in the r592remove function. This can result in a use-after-free issue, possibly leading to a system crash or other undefined behaviors...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : ImageMagick (SUSE-SU-2023:2344-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:2344-1 advisory. - A vulnerability was found in ImageMagick. This security flaw ouccers as an undefined behaviors...

CVE-2023-34151

A vulnerability was found in ImageMagick. This security flaw ouccers as an undefined behaviors of casting double to sizet in svg, mvg and other coders recurring bugs of CVE-2022-32546...

CVE-2023-34151

CVE-2023-34151 affects ImageMagick. The issue is an undefined behavior caused by casting double to size_t in SVG, MVG, and other coders, leading to vulnerability exposure. Public references document multiple advisories confirming patches across distributions (e.g., Debian DSA-5628-1 and DLA-3737-...

CVE-2023-34151

A vulnerability was found in ImageMagick. This security flaw ouccers as an undefined behaviors of casting double to sizet in svg, mvg and other coders recurring bugs of CVE-2022-32546...

Amazon Linux 2 : kernel (ALASKERNEL-5.10-2023-032)

The version of kernel installed on the remote host is prior to 5.10.179-166.674. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.10-2023-032 advisory. 2023-09-14: CVE-2023-2163 was added to this advisory. bpf: incorrect verifier pruning due to missing...

Medium: kernel

Issue Overview: A use-after-free vulnerability was found in the Linux kernel's ext4 filesystem in the way it handled the extra inode size for extended attributes. This flaw could allow a privileged local user to cause a system crash or other undefined behaviors. CVE-2023-2513 qfqchangeclass in...

CVE-2023-2513

A use-after-free vulnerability was found in the Linux kernel's ext4 filesystem in the way it handled the extra inode size for extended attributes. This flaw could allow a privileged local user to cause a system crash or other undefined behaviors...

CVE-2023-2513

A use-after-free vulnerability was found in the Linux kernel's ext4 filesystem in the way it handled the extra inode size for extended attributes. This flaw could allow a privileged local user to cause a system crash or other undefined behaviors...

CVE-2023-2513

A use-after-free vulnerability was found in the Linux kernel's ext4 filesystem in the way it handled the extra inode size for extended attributes. This flaw could allow a privileged local user to cause a system crash or other undefined behaviors...

CVE-2023-2513

A use-after-free vulnerability was found in the Linux kernel's ext4 filesystem in the way it handled the extra inode size for extended attributes. This flaw allows a privileged local user to cause a system crash or other undefined behaviors...

CVE-2023-2483

A race condition vulnerability was found in the Linux kernel's Qualcomm EMAC Gigabit Ethernet Controller when the user physically removes the device before cleanup in the emacremove function. This flaw can eventually result in a use-after-free issue, possibly leading to a system crash or other...

CVE-2022-31212

A stack-based buffer over-read flaw was found in the dbus-broker package. Dbus-Broker depends on c-uitl/c-shquote to parse the DBus service's Exec line, and if a malicious Exec line is supplied, this can lead to a crash or other undefined behaviors...