The vulnerability of the formLogDnsquery function (/goform/formLogDnsquery) in D-Link DIR-605L router software allows a hacker to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the formLogDnsquery function /goform/formLogDnsquery in D-Link DIR-605L router microprogramming software is related to the copying of buffers without checking the size of the input data. Exploiting this vulnerability allows an attacker to compromise the confidentiality,...

The vulnerability of the cgiMovePhoto() function (/cgi-bin/photocenter_mgr.cgi) in the software of D-Link devices such as DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05, and DNS-1550-04 allows a hacker to execute arbitrary commands.

The vulnerability of the cgiMovePhoto function /cgi-bin/photocentermgr.cgi in the microprogramming software of D-Link devices such as DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4,...

webp crate may expose memory contents when encoding an image

Affected versions of this crate did not check that the input slice passed to "webp::Encoder::encode is large enough for the specified image dimensions. If the input slice is too short, the library will read out of bounds of the buffer and encode other memory contents as an image, resulting in...

RUSTSEC-2024-0443 webp crate may expose memory contents when encoding an image

Affected versions of this crate did not check that the input slice passed to "webp::Encoder::encode is large enough for the specified image dimensions. If the input slice is too short, the library will read out of bounds of the buffer and encode other memory contents as an image, resulting in...

CVE-2024-45008

CVE-2024-45008 affects the Linux kernel input subsystem. The vulnerability arises when input_mt_init_slots() allocates slots based on user-supplied num_slots via UI_DEV_CREATE, risking oversized allocations. A patch caps the maximum slots at 1024, mitigating memory exhaustion. Connected advisorie...

DEBIAN-CVE-2024-5991

In function MatchDomainName, input param str is treated as a NULL terminated string despite being user provided and unchecked. Specifically, the function X509checkhost takes in a pointer and length to check against, with no requirements that it be NULL terminated. If a caller was attempting to do...

AMD μProf 安全漏洞

AMD μProf is a software analysis tool from Ultra Micro Semiconductor AMD. A security vulnerability exists in AMD μProf that stems from insufficient validation of the input buffer, which could allow an authenticated attacker to perform out-of-bounds writes, which could result in a crash of the...

Debian dla-3819 : fossil - security update

The remote Debian 10 host has a package installed that is affected by a vulnerability as referenced in the dla-3819 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3819-1 [email protected] https://www.debian.org/lts/security/...

QNAP Systems QTS和QuTS hero 安全漏洞

QNAP Systems QTS and QNAP Systems QuTS hero are both products of China Weilian Technology QNAP Systems, Inc.QNAP Systems QTS is an operating system used by entry to mid-level QNAP NAS.QNAP Systems QuTS hero is an operating system. A security vulnerability exists in QTS and QuTS Hero that stems fr...

CVE-2024-21480

Memory corruption while playing audio file having large-sized input buffer...

CVE-2024-21480 Buffer Copy Without Checking Size of Input (`Classic Buffer Overflow`) in Audio

Memory corruption while playing audio file having large-sized input buffer...

CVE-2024-21480 Buffer Copy Without Checking Size of Input (`Classic Buffer Overflow`) in Audio

Memory corruption while playing audio file having large-sized input buffer...

CVE-2024-21480

CVE-2024-21480 relates to memory corruption in Qualcomm chipsets when playing audio files with large input buffers. The entry is documented across multiple sources (NVD/NCSC/Red Hat) as a memory- or buffer-related vulnerability affecting Qualcomm closed-source components, with references indicati...

PT-2024-18901 · Qualcomm · Snapdragon +101

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue involves memory corruption that occurs when playing an audio file with a large-sized input buffer. There is no information provided about the...

DJI Mavic和Matrice 安全漏洞

DJI Mavic and DJI Matrice are both products of the Chinese company DJI.DJI Mavic is a series of drones.DJI Matrice is a series of commercial drone platforms. A security vulnerability exists in the DJI Mavic 3, Matrice 300, and Matrice M30 that stems from a buffer that does not check the size of...

CVE-2024-27094

OpenZeppelin Contracts is a library for secure smart contract development. The Base64.encode function encodes a bytes input by iterating over it in chunks of 3 bytes. When this input is not a multiple of 3, the last iteration may read parts of the memory that are beyond the input buffer. The...

BIT-GUACAMOLE-2023-30576

Apache Guacamole 0.9.10 through 1.5.1 may continue to reference a freed RDP audio input buffer. Depending on timing, this may allow an attacker to execute arbitrary code with the privileges of the guacd process...

BIT-GUACAMOLE-SERVER-2023-30576

Apache Guacamole 0.9.10 through 1.5.1 may continue to reference a freed RDP audio input buffer. Depending on timing, this may allow an attacker to execute arbitrary code with the privileges of the guacd process...

CLSA-2024-1708417192 libxml2: Fix of 3 CVEs

CVE-2017-7375: add validation for parsed entity references - CVE-2017-7376: fix buffer overflow in URL handling - CVE-2017-8872: free input buffer in xmlHaltParser...

The vulnerability of the Setting Handler component in the software for creating, testing, documenting, publishing, and maintaining the API interface of applications allows a perpetrator to execute arbitrary code.

The vulnerability of the Setting Handler component in software for creating, testing, documenting, publishing, and maintaining the API interface of an application relates to the copying of buffers without checking the size of input data when processing PDF files. Exploiting this vulnerability...