| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| A vulnerability has been found in GNU elfutils 0.192 and classified as critical. This vulnerability affects the function __libdw_thread_tail in the library libdw_alloc.c of the component eu-readelf. The manipulation of the argument w leads to memory corruption. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The name of the patch is 2636426a091bd6c6f7f02e49ab20d4cdc6bfc753. It is recommended to apply a patch to fix this issue. |
| Memory safety bug present in Firefox ESR 128.10, and Thunderbird 128.10. This bug showed evidence of memory corruption and we presume that with enough effort this could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 128.11 and Thunderbird < 128.11. |
| Memory safety bug present in Firefox ESR 128.9, and Thunderbird 128.9. This bug showed evidence of memory corruption and we presume that with enough effort this could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 128.10 and Thunderbird < 128.10. |
| Memory safety bugs present in Firefox 137, Thunderbird 137, Firefox ESR 128.9, and Thunderbird 128.9. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 138, Firefox ESR < 128.10, Thunderbird < 138, and Thunderbird < 128.10. |
| The issue was addressed with improved memory handling. This issue is fixed in watchOS 11.6, iOS 18.6 and iPadOS 18.6, tvOS 18.6, macOS Sequoia 15.6, macOS Sonoma 14.7.7, visionOS 2.6, macOS Ventura 13.7.7. Parsing a file may lead to an unexpected app termination. |
| This issue was addressed with improved memory handling. This issue is fixed in watchOS 11.5, tvOS 18.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, Safari 18.5. Processing maliciously crafted web content may lead to an unexpected Safari crash. |
| The issue was addressed with improved input sanitization. This issue is fixed in visionOS 2.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, tvOS 18.5. An attacker may be able to cause unexpected system termination or corrupt kernel memory. |
| The issue was addressed with improved memory handling. This issue is fixed in watchOS 11.5, macOS Sonoma 14.7.6, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, macOS Ventura 13.7.6. An attacker may be able to cause unexpected system termination or corrupt kernel memory. |
| The issue was addressed with improved memory handling. This issue is fixed in watchOS 11.5, tvOS 18.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, Safari 18.5. Processing maliciously crafted web content may lead to memory corruption. |
| A vulnerability was found in DCMTK 3.6.9. It has been declared as critical. This vulnerability affects unknown code of the component dcmjpls JPEG-LS Decoder. The manipulation leads to memory corruption. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 3239a7915. It is recommended to apply a patch to fix this issue. |
| The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.5. Processing maliciously crafted web content may lead to an unexpected process crash. |
| A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Sequoia 15.3, visionOS 2.3, iPadOS 17.7.7, watchOS 11.3, macOS Sonoma 14.7.5, iOS 18.3 and iPadOS 18.3, tvOS 18.3, macOS Ventura 13.7.5. An app may be able to cause unexpected system termination. |
| The issue was addressed with improved memory handling. This issue is fixed in watchOS 10.6, tvOS 17.6, Safari 17.6, macOS Sonoma 14.6, visionOS 1.3, iOS 17.6 and iPadOS 17.6. Processing web content may lead to a denial-of-service. |
| A vulnerability classified as critical has been found in Linux Kernel. Affected is the function btf_dump_name_dups of the file tools/lib/bpf/btf_dump.c of the component libbpf. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211032. |
| EDK2 is susceptible to a vulnerability in the CreateHob() function, allowing a user to trigger a integer overflow to buffer overflow via a local network. Successful exploitation of this vulnerability may result in a compromise of confidentiality, integrity, and/or availability. |
| EDK2 is susceptible to a vulnerability in the Tcg2MeasurePeImage() function, allowing a user to trigger a heap buffer overflow via a local network. Successful exploitation of this vulnerability may result in a compromise of confidentiality, integrity, and/or availability. |
| EDK2 is susceptible to a vulnerability in the Tcg2MeasureGptTable() function, allowing a user to trigger a heap buffer overflow via a local network. Successful exploitation of this vulnerability may result in a compromise of confidentiality, integrity, and/or availability. |
| NetworkPkg/IScsiDxe has remotely exploitable buffer overflows. |
| A flaw was found in libcaca. A buffer overflow of export.c in function export_troff might lead to memory corruption and other potential consequences. |
| An issue was discovered in freedesktop poppler version 20.12.1, allows remote attackers to cause a denial of service (DoS) via crafted .pdf file to FoFiType1C::cvtGlyph function. |
