Incorrect code generation during JIT compilation. (CVE-2023-25751) Potential out-of-bounds when accessing throttled streams. (CVE-20223-25752) Invalid downcast in Worklets. (CVE-2023-28162) URL being dragged from a removed cross-origin iframe into the same tab triggered navigation. (CVE-2023-28164)
If a malicious Flatpak app is run on a Linux virtual console such as /dev/tty1, it can copy text from the virtual console and paste it back into the virtual console's input buffer, from which the command might be run by the user's shell after the Flatpak app has exited. This is similar to CVE-2017-5226, but using the TIOCLINUX ioctl command instead
In the MHD_PostProcessor, malformed inputs can be used to crash the server (for denial-of-service). References: - https://bugs.mageia.org/show_bug.cgi?id=31670
LibTIFF 4.4.0 has an out-of-bounds read in tiffcp in tools/tiffcp.c:948, allowing attackers to cause a denial-of-service via a crafted tiff file. (CVE-2022-4645) References:
XML External Entity (XXE) Injection (CVE-2023-27476) References: - https://bugs.mageia.org/show_bug.cgi?id=31667 - https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. document.getElementById('cloak6523a664c606952edc47e94c60550d87').innerHTML = ''; var prefix = 'ma' + 'il' + 'to'; var path = 'hr' + 'ef' + '='; var addy6523a664c606952edc47e94c60550d87 = 'package-announce' + '@'; addy6523a664c606952edc47e94c60550d87 = addy6523a664c606952edc47e94c60550d87 + 'lists' + '.' + 'fedoraproject' + '.' + 'org'; var addy_text6523a664c606952edc47e94c60550d87 = 'package-announce' + '@' + 'lists' + '.' + 'fedoraproject' + '.' + 'org';document.getElementById('cloak6523a664c606952edc47e94c60550d87').innerHTML += ''+addy_text6523a664c606952edc47e94c60550d87+''; /thread/PYNYFUUI2JO56U35RT7DTZDQDCNCDAMH/
Sometimes, when invalidating JIT code while following an iterator, the newly generated code could be overwritten incorrectly. This could lead to a potentially exploitable crash (CVE-2023-25751). When accessing throttled streams, the count of available bytes needed to be
Divide By Zero in GitHub repository vim/vim prior to 9.0.1367. (CVE-2023-1127) Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1376. (CVE-2023-1170) Incorrect Calculation of Buffer Size in GitHub repository vim/vim prior to
A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests. (CVE-2022-41723) Large handshake records may cause panics in crypto/tls. (CVE-2022-41724) Denial of service from excessive resource consumption in net/http and
Multiple out-of-bounds read when decoding NTLM fields. (CVE-2023-25563) Memory corruption when decoding UTF16 strings. (CVE-2023-25564) Incorrect free when decoding target information. (CVE-2023-25565) Memory leak when parsing usernames. (CVE-2023-25566) Out-of-bounds read when decoding target information. (CVE-2023-25567)
