2023-12-12
|
CVE-2023-42883
|
The issue was addressed with improved memory handling. This issue is fixed in Safari 17.2, macOS Sonoma 14.2, iOS 17.2 and iPadOS 17.2, watchOS 10.2, tvOS 17.2, iOS 16.7.3 and iPadOS 16.7.3. Processing an image may lead to a denial-of-service.
|
Ipados, Iphone_os, Macos, Safari, Tvos, Watchos, Debian_linux
|
5.5
|
|
|
2023-08-08
|
CVE-2023-20569
|
A side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address prediction. This may result in speculative execution at an attacker-controlled?address, potentially leading to information disclosure.
|
Epyc_72f3_firmware, Epyc_7313_firmware, Epyc_7313p_firmware, Epyc_7343_firmware, Epyc_7373x_firmware, Epyc_73f3_firmware, Epyc_7413_firmware, Epyc_7443_firmware, Epyc_7443p_firmware, Epyc_7453_firmware, Epyc_7473x_firmware, Epyc_74f3_firmware, Epyc_7513_firmware, Epyc_7543_firmware, Epyc_7543p_firmware, Epyc_7573x_firmware, Epyc_75f3_firmware, Epyc_7643_firmware, Epyc_7663_firmware, Epyc_7713_firmware, Epyc_7713p_firmware, Epyc_7763_firmware, Epyc_7773x_firmware, Epyc_9124_firmware, Epyc_9174f_firmware, Epyc_9184x_firmware, Epyc_9224_firmware, Epyc_9254_firmware, Epyc_9274f_firmware, Epyc_9334_firmware, Epyc_9354_firmware, Epyc_9354p_firmware, Epyc_9374f_firmware, Epyc_9384x_firmware, Epyc_9454_firmware, Epyc_9454p_firmware, Epyc_9474f_firmware, Epyc_9534_firmware, Epyc_9554_firmware, Epyc_9554p_firmware, Epyc_9634_firmware, Epyc_9654_firmware, Epyc_9654p_firmware, Epyc_9684x_firmware, Epyc_9734_firmware, Epyc_9754_firmware, Epyc_9754s_firmware, Ryzen_3_5100_firmware, Ryzen_3_5125c_firmware, Ryzen_3_5300g_firmware, Ryzen_3_5300ge_firmware, Ryzen_3_5300u_firmware, Ryzen_3_5400u_firmware, Ryzen_3_5425u_firmware, Ryzen_3_7335u_firmware, Ryzen_3_7440u_firmware, Ryzen_3_pro_7330u_firmware, Ryzen_5_5500_firmware, Ryzen_5_5500u_firmware, Ryzen_5_5560u_firmware, Ryzen_5_5600_firmware, Ryzen_5_5600g_firmware, Ryzen_5_5600ge_firmware, Ryzen_5_5600h_firmware, Ryzen_5_5600hs_firmware, Ryzen_5_5600u_firmware, Ryzen_5_5600x3d_firmware, Ryzen_5_5600x_firmware, Ryzen_5_5625u_firmware, Ryzen_5_6600h_firmware, Ryzen_5_6600hs_firmware, Ryzen_5_6600u_firmware, Ryzen_5_7500f_firmware, Ryzen_5_7535hs_firmware, Ryzen_5_7535u_firmware, Ryzen_5_7540u_firmware, Ryzen_5_7600_firmware, Ryzen_5_7600x_firmware, Ryzen_5_7640h_firmware, Ryzen_5_7640u_firmware, Ryzen_5_7645hx_firmware, Ryzen_5_pro_5645_firmware, Ryzen_5_pro_7530u_firmware, Ryzen_5_pro_7640hs_firmware, Ryzen_5_pro_7645_firmware, Ryzen_7_5700_firmware, Ryzen_7_5700g_firmware, Ryzen_7_5700ge_firmware, Ryzen_7_5700u_firmware, Ryzen_7_5700x_firmware, Ryzen_7_5800_firmware, Ryzen_7_5800h_firmware, Ryzen_7_5800hs_firmware, Ryzen_7_5800u_firmware, Ryzen_7_5800x3d_firmware, Ryzen_7_5800x_firmware, Ryzen_7_5825u_firmware, Ryzen_7_6800h_firmware, Ryzen_7_6800hs_firmware, Ryzen_7_6800u_firmware, Ryzen_7_7700_firmware, Ryzen_7_7700x_firmware, Ryzen_7_7735hs_firmware, Ryzen_7_7735u_firmware, Ryzen_7_7736u_firmware, Ryzen_7_7745hx_firmware, Ryzen_7_7800x3d_firmware, Ryzen_7_7840h_firmware, Ryzen_7_7840u_firmware, Ryzen_7_pro_5845_firmware, Ryzen_7_pro_7730u_firmware, Ryzen_7_pro_7745_firmware, Ryzen_7_pro_7840hs_firmware, Ryzen_9_5900_firmware, Ryzen_9_5900hs_firmware, Ryzen_9_5900hx_firmware, Ryzen_9_5900x_firmware, Ryzen_9_5950x_firmware, Ryzen_9_5980hs_firmware, Ryzen_9_5980hx_firmware, Ryzen_9_6900hs_firmware, Ryzen_9_6900hx_firmware, Ryzen_9_6980hs_firmware, Ryzen_9_6980hx_firmware, Ryzen_9_7845hx_firmware, Ryzen_9_7900_firmware, Ryzen_9_7900x3d_firmware, Ryzen_9_7900x_firmware, Ryzen_9_7940h_firmware, Ryzen_9_7945hx3d_firmware, Ryzen_9_7945hx_firmware, Ryzen_9_7950x3d_firmware, Ryzen_9_7950x_firmware, Ryzen_9_pro_5945_firmware, Ryzen_9_pro_7640hs_firmware, Ryzen_9_pro_7945_firmware, Ryzen_threadripper_pro_5945wx_firmware, Ryzen_threadripper_pro_5955wx_firmware, Ryzen_threadripper_pro_5965wx_firmware, Ryzen_threadripper_pro_5975wx_firmware, Ryzen_threadripper_pro_5995wx_firmware, Debian_linux, Fedora, Windows_10_1507, Windows_10_1607, Windows_10_1809, Windows_10_21h2, Windows_10_22h2, Windows_11_21h2, Windows_11_22h2, Windows_server_2008, Windows_server_2012, Windows_server_2016, Windows_server_2019, Windows_server_2022
|
4.7
|
|
|
2021-11-03
|
CVE-2021-37147
|
Improper input validation vulnerability in header parsing of Apache Traffic Server allows an attacker to smuggle requests. This issue affects Apache Traffic Server 8.0.0 to 8.1.2 and 9.0.0 to 9.1.0.
|
Traffic_server, Debian_linux
|
7.5
|
|
|
2022-10-19
|
CVE-2022-39253
|
Git is an open source, scalable, distributed revision control system. Versions prior to 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4 are subject to exposure of sensitive information to a malicious actor. When performing a local clone (where the source and target of the clone are on the same volume), Git copies the contents of the source's `$GIT_DIR/objects` directory into the destination by either creating hardlinks to the source contents, or copying them (if hardlinks...
|
Xcode, Debian_linux, Fedora, Git
|
5.5
|
|
|
2023-05-25
|
CVE-2023-31130
|
c-ares is an asynchronous resolver library. ares_inet_net_pton() is vulnerable to a buffer underflow for certain ipv6 addresses, in particular "0::00:00:00/2" was found to cause an issue. C-ares only uses this function internally for configuration purposes which would require an administrator to configure such an address via ares_set_sortlist(). However, users may externally use ares_inet_net_pton() for other purposes and thus be vulnerable to more severe issues. This issue has been fixed...
|
C\-Ares, Debian_linux, Fedora
|
6.4
|
|
|
2023-05-25
|
CVE-2023-32067
|
c-ares is an asynchronous resolver library. c-ares is vulnerable to denial of service. If a target resolver sends a query, the attacker forges a malformed UDP packet with a length of 0 and returns them to the target resolver. The target resolver erroneously interprets the 0 length as a graceful shutdown of the connection. This issue has been patched in version 1.19.1.
|
C\-Ares, Debian_linux, Fedora
|
7.5
|
|
|
2023-07-24
|
CVE-2023-20593
|
An issue in “Zen 2” CPUs, under specific microarchitectural circumstances, may allow an attacker to potentially access sensitive information.
|
Athlon_gold_7220u_firmware, Epyc_7232p_firmware, Epyc_7252_firmware, Epyc_7262_firmware, Epyc_7272_firmware, Epyc_7282_firmware, Epyc_7302_firmware, Epyc_7302p_firmware, Epyc_7352_firmware, Epyc_7402_firmware, Epyc_7402p_firmware, Epyc_7452_firmware, Epyc_7502_firmware, Epyc_7502p_firmware, Epyc_7532_firmware, Epyc_7542_firmware, Epyc_7552_firmware, Epyc_7642_firmware, Epyc_7662_firmware, Epyc_7702_firmware, Epyc_7702p_firmware, Epyc_7742_firmware, Epyc_7f32_firmware, Epyc_7f52_firmware, Epyc_7f72_firmware, Epyc_7h12_firmware, Ryzen_3_3100_firmware, Ryzen_3_3300x_firmware, Ryzen_3_4300g_firmware, Ryzen_3_4300ge_firmware, Ryzen_3_5300u_firmware, Ryzen_3_7320u_firmware, Ryzen_3_pro_4200g_firmware, Ryzen_3_pro_4350g_firmware, Ryzen_3_pro_4350ge_firmware, Ryzen_3_pro_4450u_firmware, Ryzen_5_3500_firmware, Ryzen_5_3500x_firmware, Ryzen_5_3600_firmware, Ryzen_5_3600x_firmware, Ryzen_5_3600xt_firmware, Ryzen_5_4600g_firmware, Ryzen_5_4600ge_firmware, Ryzen_5_5500u_firmware, Ryzen_5_7520u_firmware, Ryzen_5_pro_4400g_firmware, Ryzen_5_pro_4650g_firmware, Ryzen_5_pro_4650ge_firmware, Ryzen_7_3700x_firmware, Ryzen_7_3800x_firmware, Ryzen_7_3800xt_firmware, Ryzen_7_4700g_firmware, Ryzen_7_4700ge_firmware, Ryzen_7_5700u_firmware, Ryzen_7_pro_4750g_firmware, Ryzen_7_pro_4750ge_firmware, Ryzen_7_pro_4750u_firmware, Ryzen_9_3900_firmware, Ryzen_9_3900x_firmware, Ryzen_9_3900xt_firmware, Ryzen_9_3950x_firmware, Ryzen_9_pro_3900_firmware, Ryzen_threadripper_3960x_firmware, Ryzen_threadripper_3970x_firmware, Ryzen_threadripper_3990x_firmware, Ryzen_threadripper_pro_3945wx_firmware, Ryzen_threadripper_pro_3955wx_firmware, Ryzen_threadripper_pro_3975wx_firmware, Ryzen_threadripper_pro_3995wx_firmware, Debian_linux, Xen
|
5.5
|
|
|
2023-08-08
|
CVE-2023-20588
|
A division-by-zero error on some AMD processors can potentially return speculative data resulting in loss of confidentiality.
|
Athlon_gold_3150g_firmware, Athlon_gold_3150ge_firmware, Athlon_gold_pro_3150g_firmware, Athlon_gold_pro_3150ge_firmware, Athlon_pro_300ge_firmware, Athlon_silver_3050ge_firmware, Athlon_silver_pro_3125ge_firmware, Epyc_7251_firmware, Epyc_7261_firmware, Epyc_7281_firmware, Epyc_7301_firmware, Epyc_7351_firmware, Epyc_7351p_firmware, Epyc_7371_firmware, Epyc_7401_firmware, Epyc_7401p_firmware, Epyc_7451_firmware, Epyc_7501_firmware, Epyc_7551_firmware, Epyc_7551p_firmware, Epyc_7571_firmware, Epyc_7601_firmware, Ryzen_3_3200g_firmware, Ryzen_3_3200ge_firmware, Ryzen_3_pro_3200g_firmware, Ryzen_3_pro_3200ge_firmware, Ryzen_5_3400g_firmware, Ryzen_5_pro_3350g_firmware, Ryzen_5_pro_3350ge_firmware, Ryzen_5_pro_3400g_firmware, Ryzen_5_pro_3400ge_firmware, Debian_linux, Fedora, Windows_10_1507, Windows_10_1607, Windows_10_1809, Windows_10_21h2, Windows_10_22h2, Windows_11_21h2, Windows_11_22h2, Windows_11_23h2, Windows_server_2008, Windows_server_2012, Windows_server_2016, Windows_server_2019, Windows_server_2022_23h2, Xen
|
5.5
|
|
|
2023-09-25
|
CVE-2023-3550
|
Mediawiki v1.40.0 does not validate namespaces used in XML files.
Therefore, if the instance administrator allows XML file uploads,
a remote attacker with a low-privileged user account can use this
exploit to become an administrator by sending a malicious link to
the instance administrator.
|
Debian_linux, Mediawiki
|
7.3
|
|
|
2023-12-21
|
CVE-2023-7024
|
Heap buffer overflow in WebRTC in Google Chrome prior to 120.0.6099.129 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
|
Debian_linux, Fedora, Chrome
|
8.8
|
|
|