CVE-2023-34474
- EPSS 0.37%
- Veröffentlicht 16.06.2023 20:15:09
- Zuletzt bearbeitet 21.11.2024 08:07:20
A heap-based buffer overflow issue was discovered in ImageMagick's ReadTIM2ImageData() function in coders/tim2.c. A local attacker could trick the user in opening specially crafted file, triggering an out-of-bounds read error, allowing an application...
CVE-2023-34475
- EPSS 0.35%
- Veröffentlicht 16.06.2023 20:15:09
- Zuletzt bearbeitet 21.11.2024 08:07:20
A heap use after free issue was discovered in ImageMagick's ReplaceXmpValue() function in MagickCore/profile.c. An attacker could trick user to open a specially crafted file to convert, triggering an heap-use-after-free write error, allowing an appli...
CVE-2023-3195
- EPSS 0.5%
- Veröffentlicht 16.06.2023 20:15:09
- Zuletzt bearbeitet 21.11.2024 08:16:40
A stack-based buffer overflow issue was found in ImageMagick's coders/tiff.c. This flaw allows an attacker to trick the user into opening a specially crafted malicious tiff file, causing an application to crash, resulting in a denial of service.
CVE-2023-2431
- EPSS 0.26%
- Veröffentlicht 16.06.2023 08:15:08
- Zuletzt bearbeitet 12.12.2024 16:15:07
A security issue was discovered in Kubelet that allows pods to bypass the seccomp profile enforcement. Pods that use localhost type for seccomp profile but specify an empty profile field, are affected by this issue. In this scenario, this vulnerabili...
CVE-2023-30631
- EPSS 2.01%
- Veröffentlicht 14.06.2023 08:15:09
- Zuletzt bearbeitet 13.02.2025 17:16:25
Improper Input Validation vulnerability in Apache Software Foundation Apache Traffic Server. The configuration option proxy.config.http.push_method_enabled didn't function. However, by default the PUSH method is blocked in the ip_allow configuratio...
CVE-2023-3214
- EPSS 0.94%
- Veröffentlicht 13.06.2023 18:15:22
- Zuletzt bearbeitet 05.05.2025 16:15:44
Use after free in Autofill payments in Google Chrome prior to 114.0.5735.133 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)
CVE-2023-3215
- EPSS 13.81%
- Veröffentlicht 13.06.2023 18:15:22
- Zuletzt bearbeitet 05.05.2025 16:15:44
Use after free in WebRTC in Google Chrome prior to 114.0.5735.133 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2023-3216
- EPSS 0.94%
- Veröffentlicht 13.06.2023 18:15:22
- Zuletzt bearbeitet 05.05.2025 16:15:44
Type confusion in V8 in Google Chrome prior to 114.0.5735.133 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2023-3217
- EPSS 13.31%
- Veröffentlicht 13.06.2023 18:15:22
- Zuletzt bearbeitet 05.05.2025 16:15:44
Use after free in WebXR in Google Chrome prior to 114.0.5735.133 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2023-20867
- EPSS 13.64%
- Veröffentlicht 13.06.2023 17:15:14
- Zuletzt bearbeitet 28.10.2025 13:46:56
A fully compromised ESXi host can force VMware Tools to fail to authenticate host-to-guest operations, impacting the confidentiality and integrity of the guest virtual machine.