Page 75 of 487 results (0.010 seconds)

CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 1

CVE-2023-2603 – libcap: Integer Overflow in _libcap_strdup()

https://notcve.org/view.php?id=CVE-2023-2603

A vulnerability was found in libcap. This issue occurs in the _libcap_strdup() function and can lead to an integer overflow if the input string is close to 4GiB. • https://bugzilla.redhat.com/show_bug.cgi?id=2209113 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZ57ICDLMVYEREXQGZWL4GWI7FRJCRQT https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IPEGCFMCN5KGCFX5Y2VTKR732TTD4ADW https://www.x41-dsec.de/static/reports/X41-libcap-Code-Review-2023-OSTIF-Final-Report.pdf https://access.redhat.com/security/cve/CVE-2023-2603 • CWE-190: Integer Overflow or Wraparound •

CVSS: 3.3EPSS: 0%CPEs: 10EXPL: 1

CVE-2023-2602 – libcap: Memory Leak on pthread_create() Error

https://notcve.org/view.php?id=CVE-2023-2602

A vulnerability was found in the pthread_create() function in libcap. This issue may allow a malicious actor to use cause __real_pthread_create() to return an error, which can exhaust the process memory. • https://bugzilla.redhat.com/show_bug.cgi?id=2209114 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZ57ICDLMVYEREXQGZWL4GWI7FRJCRQT https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IPEGCFMCN5KGCFX5Y2VTKR732TTD4ADW https://www.x41-dsec.de/static/reports/X41-libcap-Code-Review-2023-OSTIF-Final-Report.pdf https://access.redhat.com/security/cve/CVE-2023-2602 • CWE-401: Missing Release of Memory after Effective Lifetime •

CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 1

CVE-2023-33460 – yajl: Memory leak in yajl_tree_parse function

https://notcve.org/view.php?id=CVE-2023-33460

There's a memory leak in yajl 2.1.0 with use of yajl_tree_parse function. which will cause out-of-memory in server and cause crash. A flaw was found in the yajl library, which exists due to a memory leak within the yajl_tree_parse() function. This flaw allows a remote attacker to parse malicious JSON input to cause out-of-memory in the server, causing a crash, resulting in a denial of service attack. • https://github.com/lloyd/yajl/issues/250 https://lists.debian.org/debian-lts-announce/2023/07/msg00000.html https://lists.debian.org/debian-lts-announce/2023/07/msg00013.html https://lists.debian.org/debian-lts-announce/2023/08/msg00003.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IBUUHG27RM4ROEYKMVRROR27AX6R63MB https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KLE3C4CECEJ4EUYI56KXI6OWACWXX7WN https://lists.fedoraproject • CWE-401: Missing Release of Memory after Effective Lifetime •

CVSS: 8.8EPSS: 13%CPEs: 11EXPL: 2

CVE-2023-3079 – Google Chromium V8 Type Confusion Vulnerability

https://notcve.org/view.php?id=CVE-2023-3079

Type confusion in V8 in Google Chrome prior to 114.0.5735.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera. • https://github.com/mistymntncop/CVE-2023-3079 http://packetstormsecurity.com/files/176211/Chrome-V8-Type-Confusion.html http://packetstormsecurity.com/files/176212/Chrome-V8-Type-Confusion-New-Sandbox-Escape.html https://chromereleases.googleblog.com/2023/06/stable-channel-update-for-desktop.html https://crbug.com/1450481 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DYTXO5E3FI3I2ETDP3HF4SHYYTFMKMIC https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject. • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •

CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 1

CVE-2023-34151

https://notcve.org/view.php?id=CVE-2023-34151

A vulnerability was found in ImageMagick. This security flaw ouccers as an undefined behaviors of casting double to size_t in svg, mvg and other coders (recurring bugs of CVE-2022-32546). • https://access.redhat.com/security/cve/CVE-2023-34151 https://bugzilla.redhat.com/show_bug.cgi?id=2210657 https://github.com/ImageMagick/ImageMagick/issues/6341 https://lists.debian.org/debian-lts-announce/2024/02/msg00007.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4UFQJCYJ23HWHNDOVKBHZQ7HCXXL6MM3 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V2ZUHZXQ2C3JZYKPW4XHCMVVL467MA2V • CWE-190: Integer Overflow or Wraparound •