Page 56 of 8842 results (0.014 seconds)

CVSS: 8.8EPSS: 1%CPEs: 5EXPL: 0

Out of bounds memory access in ANGLE in Google Chrome on Mac prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) • https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop.html https://crbug.com/1456243 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PQKT7EGDD2P3L7S3NXEDDRCPK4NNZNWJ https://security.gentoo.org/glsa/202311-11 https://security.gentoo.org/glsa/202312-07 https://security.gentoo.org/glsa/202401-34 https://www.debian.org/security/2023/dsa-5467 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0

A buffer overflow flaw was found in base/gdevdevn.c:1973 in devn_pcx_write_rle() in ghostscript. This issue may allow a local attacker to cause a denial of service via outputting a crafted PDF file for a DEVN device with gs. Se ha encontrado un fallo de desbordamiento de búfer en base/gdevdevn.c:1973 en devn_pcx_write_rle() en ghostscript. Este problema puede permitir a un atacante local provocar una denegación de servicio mediante la salida de un archivo PDF manipulado para un dispositivo DEVN con gs. • https://access.redhat.com/errata/RHSA-2023:6544 https://access.redhat.com/errata/RHSA-2023:7053 https://access.redhat.com/security/cve/CVE-2023-38559 https://bugs.ghostscript.com/show_bug.cgi?id=706897 https://bugzilla.redhat.com/show_bug.cgi?id=2224367 https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=d81b82c70bc1 https://lists.debian.org/debian-lts-announce/2023/08/msg00006.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-125: Out-of-bounds Read •

CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 0

Memory safety bugs present in Firefox 115, Firefox ESR 115.0, Firefox ESR 102.13, Thunderbird 115.0, and Thunderbird 102.13. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1. Fallos de seguridad de memoria presentes en Firefox 115, Firefox ESR 115.0, Firefox ESR 102.13, Thunderbird 115.0 y Thunderbird 102.13. Algunos de estos fallos mostraban evidencias de corrupción de memoria y suponemos que con el suficiente esfuerzo algunos de ellos podrían haber sido explotados para ejecutar código arbitrario. • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1820587%2C1824634%2C1839235%2C1842325%2C1843847 https://lists.debian.org/debian-lts-announce/2023/08/msg00008.html https://lists.debian.org/debian-lts-announce/2023/08/msg00010.html https://www.debian.org/security/2023/dsa-5464 https://www.debian.org/security/2023/dsa-5469 https://www.mozilla.org/security/advisories/mfsa2023-29 https://www.mozilla.org/security/advisories/mfsa2023-30 https://www.mozilla.org/security/advisories/mfsa2023-31 https& • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •

CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0

When the number of cookies per domain was exceeded in `document.cookie`, the actual cookie jar sent to the host was no longer consistent with expected cookie jar state. This could have caused requests to be sent with some cookies missing. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1. Cuando se superaba el número de cookies por dominio en `document.cookie`, el tarro de cookies real enviado al host ya no era coherente con el estado de tarro de cookies esperado. Esto podía provocar que se enviasen peticiones en las que faltasen algunas cookies. • https://bugzilla.mozilla.org/show_bug.cgi?id=1782561 https://lists.debian.org/debian-lts-announce/2023/08/msg00008.html https://lists.debian.org/debian-lts-announce/2023/08/msg00010.html https://www.debian.org/security/2023/dsa-5464 https://www.debian.org/security/2023/dsa-5469 https://www.mozilla.org/security/advisories/mfsa2023-29 https://www.mozilla.org/security/advisories/mfsa2023-30 https://www.mozilla.org/security/advisories/mfsa2023-31 https://access.redhat.com/security • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-784: Reliance on Cookies without Validation and Integrity Checking in a Security Decision •

CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0

In some cases, an untrusted input stream was copied to a stack buffer without checking its size. This resulted in a potentially exploitable crash which could have led to a sandbox escape. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1. The Mozilla Foundation Security Advisory describes this flaw as: In some cases, an untrusted input stream was copied to a stack buffer without checking its size. This resulted in a potentially exploitable crash which could have led to a sandbox escape. • https://bugzilla.mozilla.org/show_bug.cgi?id=1843038 https://lists.debian.org/debian-lts-announce/2023/08/msg00008.html https://lists.debian.org/debian-lts-announce/2023/08/msg00010.html https://www.debian.org/security/2023/dsa-5464 https://www.debian.org/security/2023/dsa-5469 https://www.mozilla.org/security/advisories/mfsa2023-29 https://www.mozilla.org/security/advisories/mfsa2023-30 https://www.mozilla.org/security/advisories/mfsa2023-31 https://access.redhat.com/security • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •