CVE-2024-11521

The CVE-2024-11521 entry describes an IrfanView DJVU file parsing Use-After-Free remote code execution vulnerability. Affected software: IrfanView (DJVU parsing path). Root cause: the parser performs operations on an object without validating its existence, enabling manipulation leading to code e...

CVE-2024-46775 drm/amd/display: Validate function returns

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Validate function returns WHAT & HOW Function return values must be checked before data can be used in subsequent functions. This fixes 4 CHECKEDRETURN issues reported by Coverity...

CVE-2024-7725

CVE-2024-7725 is a Use-After-Free in Foxit PDF Editor/Reader AcroForm handling that can allow remote code execution after user opens a malicious file or visits a malicious page. The flaw stems from not validating the existence of an object before operations, enabling code execution in the process...

CVE-2024-42236

CVE-2024-42236 affects the Linux kernel in the usb gadget configfs string handling. The vulnerability arises from not validating userspace-provided strings that can be empty, enabling an out-of-bounds (OOB) read at str[0-1] and a subsequent OOB write to str[0-1] = '\0'. The issue is fixed by addi...

GHSA-CRJG-W57M-RQQF DNSJava vulnerable to KeyTrap - Denial-of-Service Algorithmic Complexity Attacks

Impact Users using the ValidatingResolver for DNSSEC validation can run into CPU exhaustion with specially crafted DNSSEC-signed zones. Patches Users should upgrade to dnsjava v3.6.0 Workarounds Although not recommended, only using a non-validating resolver, will remove the vulnerability...

DNSJava vulnerable to KeyTrap - Denial-of-Service Algorithmic Complexity Attacks

Impact Users using the ValidatingResolver for DNSSEC validation can run into CPU exhaustion with specially crafted DNSSEC-signed zones. Patches Users should upgrade to dnsjava v3.6.0 Workarounds Although not recommended, only using a non-validating resolver, will remove the vulnerability...

GHSA-MMWX-RJ87-VFGR DNSJava affected by KeyTrap - NSEC3 closest encloser proof can exhaust CPU resources

Impact Users using the ValidatingResolver for DNSSEC validation can run into CPU exhaustion with specially crafted DNSSEC-signed zones. Patches Users should upgrade to dnsjava v3.6.0 Workarounds Although not recommended, only using a non-validating resolver, will remove the vulnerability...

DNSJava affected by KeyTrap - NSEC3 closest encloser proof can exhaust CPU resources

Impact Users using the ValidatingResolver for DNSSEC validation can run into CPU exhaustion with specially crafted DNSSEC-signed zones. Patches Users should upgrade to dnsjava v3.6.0 Workarounds Although not recommended, only using a non-validating resolver, will remove the vulnerability...

PT-2024-21058 · Dnsjava +2 · Dnsjava +2

Name of the Vulnerable Software and Affected Versions: dnsjava versions prior to 3.6.0 Description: The issue arises from dnsjava not checking the relevance of records in DNS replies to the query, allowing an attacker to respond with records from different zones. This can lead to applications...

phonenumber Security Vulnerabilities

phonenumber is a Whisperfish open source library for parsing, formatting and validating international phone numbers. A security vulnerability exists in phonenumber version 0.3.4 through versions prior to 0.3.6 that stems from the presence of out-of-bounds access...

CVE-2021-47265

CVE-2021-47265 is a Linux kernel RDMA issue in the mlx5_ib driver. The vulnerability stems from missing validation of the user-supplied port when creating a flow rule, leading to an improper check and a kernel oops as shown in the call trace (_create_flow_rule … mlx5_ib_create_flow …). The CVE ha...

CVE-2024-35963

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcisock: Fix not validating setsockopt user input Check user input length before copying data...

Adobe Acrobat Reader DC Annotation Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handli...

CVE-2024-27790

Claris International has resolved an issue of potentially allowing unauthorized access to records stored in databases hosted on FileMaker Server. This issue has been fixed in FileMaker Server 20.3.2 by validating transactions before replying to client requests...

CVE-2021-34972

Foxit PDF Reader AcroForm Use-After-Free Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a...

CVE-2023-42089

Foxit PDF Reader templates Use-After-Free Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a...

CVE-2023-51557

CVE-2023-51557 affects Foxit PDF Reader/Editor (AcroForm Doc handling). The flaw is a Use-After-Free in Doc objects due to not validating the existence of an object before operations, allowing code execution in the current process. Exploitation requires user interaction (visiting a malicious page...

CVE-2023-44430 Bentley View SKP File Parsing Use-After-Free Remote Code Execution Vulnerability

Bentley View SKP File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View. User interaction is required to exploit this vulnerability in that the target must visit a malicious pa...

CVE-2023-42104 Ashlar-Vellum Cobalt AR File Parsing Use-After-Free Remote Code Execution Vulnerability

Ashlar-Vellum Cobalt AR File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit...

CVE-2023-42041

CVE-2023-42041 is a Use-After-Free vulnerability in PDF-XChange Editor related to annotation handling. The flaw stems from failing to validate the existence of an Annotation object before operating on it, enabling an attacker to execute arbitrary code with the current process once the user visits...