CVE-2023-28577

In the function call related to CAMREQMGRRELEASEBUF there is no check if the buffer is being used. So when a function called cammemgetcpubuf to get the kernel va to use, another thread can call CAMREQMGRRELEASEBUF to unmap the kernel va which cause UAF of the kernel address...

Adobe Animate 20.x < 20.5.2 / 21.x < 21.0.6 Multiple Vulnerabilities (APSB21-35)

The version of Adobe Animate installed on the remote macOS or Mac OS X host is prior to 20.5.2 or 21.0.6. It is, therefore, affected by multiple vulnerabilities as referenced in the apsb21-35 advisory. - Adobe Animate version 21.0.5 and earlier is affected by an Out-of-bounds Read vulnerability...

SUSE CVE-2024-28577

Null Pointer Dereference vulnerability in open source FreeImage v.3.19.0 r1909 allows a local attacker to cause a denial of service DoS via the jpegreadexifprofileraw function when reading images in JPEG format...

CVE-2024-28577

Null Pointer Dereference vulnerability in open source FreeImage v.3.19.0 r1909 allows a local attacker to cause a denial of service DoS via the jpegreadexifprofileraw function when reading images in JPEG format...

CVE-2024-28577

Null Pointer Dereference vulnerability in open source FreeImage v.3.19.0 r1909 allows a local attacker to cause a denial of service DoS via the jpegreadexifprofileraw function when reading images in JPEG format...

CVE-2024-28577

CVE-2024-28577 affects FreeImage 3.19.0 (r1909). It is a Local Privilege/DoS issue caused by a Null Pointer Dereference in jpeg_read_exif_profile_raw() when reading JPEGs, allowing a local attacker to trigger a denial of service. Connected sources corroborate the vulnerability across multiple fee...

CVE-2024-28577

Null Pointer Dereference vulnerability in open source FreeImage v.3.19.0 r1909 allows a local attacker to cause a denial of service DoS via the jpegreadexifprofileraw function when reading images in JPEG format...

CVE-2023-28577

creationtimestamp| type| source ---|---|--- 2023-08-08 14:14:35+00:00| seen| https://t.me/cibsecurity/67955...

CVE-2023-28577

CVE-2023-28577 describes a kernel-use-after-free (UAF) condition in Qualcomm components where, during CAM_REQ_MGR_RELEASE_BUF, a check is not performed to verify whether the buffer is still in use. If a thread calls cam_mem_get_cpu_buf to retrieve a kernel virtual address (VA) and another thread ...

CVE-2023-28577 Multiple Dmabuf Kernel Address UAF Vulnerability

In the function call related to CAMREQMGRRELEASEBUF there is no check if the buffer is being used. So when a function called cammemgetcpubuf to get the kernel va to use, another thread can call CAMREQMGRRELEASEBUF to unmap the kernel va which cause UAF of the kernel address...

CVE-2023-28577 Multiple Dmabuf Kernel Address UAF Vulnerability

In the function call related to CAMREQMGRRELEASEBUF there is no check if the buffer is being used. So when a function called cammemgetcpubuf to get the kernel va to use, another thread can call CAMREQMGRRELEASEBUF to unmap the kernel va which cause UAF of the kernel address...

TOTOLINK A7100RU Router Command Injection (CVE-2022-28575; CVE-2022-28577; CVE-2022-28578; CVE-2022-28579; CVE-2022-28580; CVE-2022-28581; CVE-2022-28582; CVE-2022-28583; CVE-2022-28584)

A command injection vulnerability exists in TOTOLINK A7100RU router. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...

CVE-2022-28577

CVE-2022-28577 affects the TOTOLINK A7100RU router, specifically version 7.4cu.2313_b20191024. The vulnerability is a command injection in the delParentalRules interface , allowing an attacker to execute arbitrary commands on the device. The issue is rooted in how the interface handles crafted pa...

CVE-2022-28577

It is found that there is a command injection vulnerability in the delParentalRules interface in TOTOlink A7100RU v7.4cu.2313b20191024 router, which allows an attacker to execute arbitrary commands through a carefully constructed payload...

Adobe Animate 20.x < 20.5.2 / 21.x < 21.0.6 Multiple Vulnerabilities (APSB21-35)

The version of Adobe Animate installed on the remote Windows host is prior to 20.5.2 or 21.0.6. It is, therefore, affected by multiple vulnerabilities as referenced in the apsb21-35 advisory. - Adobe Animate version 21.0.5 and earlier is affected by an Out-of-bounds Read vulnerability when parsin...

CVE-2020-28577

An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal server hostname and db names...

CVE-2020-28577

This CVE (CVE-2020-28577) affects Trend Micro Apex One and OfficeScan XG SP1. The connected advisory (ZDI-20-1376) describes an improper access control information disclosure allowing unauthenticated remote attackers to connect to the product server and disclose server hostname and database names...