Security
Headlines
HeadlinesLatestCVEs

Tag

#buffer_overflow

CVE-2023-4573: Security Vulnerabilities fixed in Firefox 117

When receiving rendering data over IPC `mStream` could have been destroyed when initialized, which could have led to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2, and Thunderbird < 115.2.

CVE
#vulnerability#web#mac#windows#js#buffer_overflow#dell#firefox
GHSA-rr66-qh5m-w6mx: hutool Buffer Overflow vulnerability

hutool v5.8.21 was discovered to contain a buffer overflow via the component `JSONUtil.parse()`.

GHSA-7p8c-crfr-q93p: hutool Buffer Overflow vulnerability

hutool v5.8.21 was discovered to contain a buffer overflow via the component `jsonObject.putByPath`.

GHSA-rxgf-r843-g53h: hutool Buffer Overflow vulnerability

hutool v5.8.21 was discovered to contain a buffer overflow via the component `jsonArray`.

CVE-2023-42277: `putByPath()`方法抛出OutOfMemory异常 · Issue #3285 · dromara/hutool

hutool v5.8.21 was discovered to contain a buffer overflow via the component jsonObject.putByPath.

CVE-2023-42276: `JSONArray`的`add()`方法抛出OutOfMemory异常 · Issue #3286 · dromara/hutool

hutool v5.8.21 was discovered to contain a buffer overflow via the component jsonArray.

GOM Player 2.3.90.5360 Buffer Overflow

GOM Player version 2.3.90.5360 suffers from a buffer overflow vulnerability.

Apple Rushes to Patch Zero-Day Flaws Exploited for Pegasus Spyware on iPhones

Apple on Thursday released emergency security updates for iOS, iPadOS, macOS, and watchOS to address two zero-day flaws that have been exploited in the wild to deliver NSO Group's Pegasus mercenary spyware. The issues are described as below - CVE-2023-41061 - A validation issue in Wallet that could result in arbitrary code execution when handling a maliciously crafted attachment. CVE-2023-41064

CVE-2023-41064: About the security content of macOS Ventura 13.5.2

A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.5.2, iOS 16.6.1 and iPadOS 16.6.1. Processing a maliciously crafted image may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.