Skip to content
…
A critical buffer overflow vulnerability has been found in c-ares before 1_16_1 thru 1_17_0 via the function ares_parse_soa_reply in ares_parse_soa_reply.c ( CVE-2020-22217 ). Due to how simple this bug is to exploit and its significant threat to the confidentiality, integrity,…
A critical vulnerability was found in the OpenDMARC open-source implementation of the DMARC specification. It was discovered that OpenDMARC through 1.3.2 and 1.4.x through 1.4.0-Beta1 incorrectly handled certain inputs, resulting in remote memory corruption in certain situations ( CVE-2020-12460 ).…
A critical memory safety bug has been discovered in Thunderbird 115.0 and Thunderbird 102.13 ( CVE-2023-4056 ). Due to the severity of this vulnerability's threat to the confidentiality, integrity, and availability of impacted systems, it has received a National Vulnerability…
Several denial of service (DoS) and code execution vulnerabilities have been discovered in the Vim enhanced vi editor.…
Multiple severe, remotely exploitable security vulnerabilities have been found in Chromium, including out-of-bounds memory access in V8, CSS, and Fonts ( CVE-2023-4427 , CVE-2023-4428 , and CVE-2023-4431 ), and use after frees in Loader and Vulkan ( CVE-2023-4429 and CVE-2023-4430…
Two major security vulnerabilities were recently discovered in PHP. It was discovered that PHP incorrectly handled certain XML files ( CVE-2023-3823 ) and certain PHAR files ( CVE-2023-3824 ). Due to their ease of exploitation and the severe threat that…
Multiple significant microcode security issues have been discovered. An information exposure bug known as Downfall ( CVE-2022-40982 ) has been found in some Intel(R) Processors, as well as a side channel vulnerability in some AMD CPUs known as Inception (…
It was discovered that ClamAV incorrectly handled parsing HFS+ files ( CVE-2023-20197 ). This bug is easy to exploit and poses a severe threat to the availability of impacted systems.…
Thank you to Ruth Webb for contributing this article.WordPress stands tall as one of the most popular content management systems (CMS), empowering millions of websites worldwide in the ever-evolving digital landscape. Its flexibility and user-friendliness have made it a top…
It was discovered that under specific microarchitectural circumstances, a register in "Zen 2" CPUs might not be written to 0 correctly, potentially causing data from another process and/or thread to be stored in the YMM register (CVE-2023-20593, also known as…
Several significant out-of-bounds access vulnerabilities have been found in the X.Org X Server (CVE-2021-4008, CVE-2021-4009, and CVE-2021-4011). These flaws threaten data confidentiality and integrity, as well as system availability, and have received a National Vulnerability Database severity rating of ''High''.…
Multiple significant security vulnerabilities have been discovered in the Linux kernel, including a remotely exploitable null pointer dereference flaw in the networking protocol (CVE-2023-3338), use-after-free vulnerabilities in kernel's netfilter subsystem in net/netfilter/nf_tables_api.c (CVE-2023-3390) and nft_chain_lookup_byid() (CVE-2023-31248), and an out-of-bounds read/write…
It was discovered that in Django 3.2 before 3.2.20, 4 before 4.1.10, and 4.2 before 4.2.3, EmailValidator and URLValidator are subject to a potential ReDoS (regular expression denial of service) attacks via a vast number of domain name labels of…
Multiple severe security issues were discovered in the GPAC multimedia framework, including a heap-based Buffer Overflow in the GitHub repository gpac/gpac before V2.1.0-DEV (CVE-2023-0760) and a NULL Pointer Dereference in the GitHub repository gpac/gpac before 2.2.2 (CVE-2023-3012). These vulnerabilities have…
A type confusion issue that may have been actively exploited has been identified in the WebKitGTK web engine (CVE-2023-32439). With a low attack complexity and a high confidentiality, integrity and availability impact, this vulnerability has received a National Vulnerability Database…
Exploit code will soon become available for a critical vulnerability in the Linux kernel that a security researcher discovered and reported in mid-June. Dubbed StackRot (CVE-2023-3269), this bug impacts the Linux kernel 6.1 through 6.4. The data structure for managing…
Several security issues were found in the Linux kernel, including an out-of-bounds write vulnerability in the Flower classifier implementation in the kernel (CVE-2023-35788). It was also discovered that for some Intel processors the INVLPG instruction implementation did not properly flush…
Multiple SQL injection vulnerabilities have been disclosed in Gentoo Soko that could lead to remote code execution (RCE) on vulnerable systems. "These SQL injections happened despite the use of an Object-Relational Mapping (ORM) library and prepared statements," SonarSource researcher Thomas…
Multiple remotely exploitable denial of service (DoS) and code execution vulnerabilities have been found in the VLC multimedia player and streamer. These bugs have been classified as ''high-severity'' by the National Vulnerability Database due to their high confidentiality, integrity and…
文 » A
Scroll Up
×