OpenPLC OpenPLC_v3 OpenPLC Runtime EtherNet/IP parser invalid pointer dereference vulnerabilities

Talos Vulnerability Report TALOS-2024-2016 OpenPLC OpenPLCv3 OpenPLC Runtime EtherNet/IP parser invalid pointer dereference vulnerabilities September 18, 2024 CVE Number CVE-2024-39590,CVE-2024-39589 SUMMARY Multiple invalid pointer dereference vulnerabilities exist in the OpenPLC Runtime...

The vulnerability of the mpt3sas component in the Linux operating system, which allows a hacker to cause a service failure.

The vulnerability of the mpt3sas component in the Linux operating system is related to the release of an invalid pointer or reference. Exploiting this vulnerability can allow an attacker to cause a service failure...

ROS-20240830-01

Vulnerability of the rndissetresponse function in the rndis component of the Linux kernel is related to the "BufOffset + 8" operation, which can cause an integer overflow. Exploitation of the vulnerability could allow an attacker to cause a denial of service A vulnerability in the drm/vrr compone...

CVE-2024-42100

Technical details for CVE-2024-42100 are not provided in the connected documents. The materials reference the CVE but do not specify affected products, versions, root cause, impact, or fixes beyond the initial description; monitor for updates.

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that originates from an invalid pointer dereference in the clk:sunxi-ng module when sunxiccuprobe calls hwtoccucommon,...

UBUNTU-CVE-2024-38615

In the Linux kernel, the following vulnerability has been resolved: cpufreq: exit callback is optional The exit callback is optional and shouldn't be called without checking a valid pointer first. Also, we must clear freqtable pointer even if the exit callback isn't present...

RHEL 8 : cairo (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - cairo: infinite loop in the function arcerrornormalized in the file cairo-arc.c CVE-2019-6462 - cairo...

RHEL 8 : patch (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - patch: Invalid Pointer via anotherhunk function CVE-2021-45261 - GNU patch through 2.7.6 contains a...

DEBIAN-CVE-2024-36845

An invalid pointer in the modbusreceive function of libmodbus v3.1.6 allows attackers to cause a Denial of Service DoS via a crafted message sent to the unit-test-server...

CVE-2024-36845

An invalid pointer in the modbusreceive function of libmodbus v3.1.6 allows attackers to cause a Denial of Service DoS via a crafted message sent to the unit-test-server...

CVE-2024-36845

An invalid pointer in the modbusreceive function of libmodbus v3.1.6 allows attackers to cause a Denial of Service DoS via a crafted message sent to the unit-test-server...

UBUNTU-CVE-2024-36845

An invalid pointer in the modbusreceive function of libmodbus v3.1.6 allows attackers to cause a Denial of Service DoS via a crafted message sent to the unit-test-server...

CVE-2024-36845

An invalid pointer in the modbusreceive function of libmodbus v3.1.6 allows attackers to cause a Denial of Service DoS via a crafted message sent to the unit-test-server...

CVE-2024-36845

An invalid pointer in the modbusreceive function of libmodbus v3.1.6 allows attackers to cause a Denial of Service DoS via a crafted message sent to the unit-test-server...

PT-2024-27179 · Libmodbus +2 · Libmodbus +2

Name of the Vulnerable Software and Affected Versions: libmodbus version 3.1.6 Description: The issue is related to an invalid pointer in the modbus receive function, which allows attackers to cause a Denial of Service DoS via a crafted message sent to the unit-test-server. Recommendations: For...

Linux kernel security vulnerabilities

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from an object overflow that results in an invalid pointer value...

CVE-2023-52852

In the Linux kernel, the following vulnerability has been resolved: f2fs: compress: fix to avoid use-after-free on dic Call trace: memcpy+0x128/0x250 f2fsreadmultipages+0x940/0xf7c f2fsmpagereadpages+0x5a8/0x624 f2fsreadahead+0x5c/0x110 pagecacheraunbounded+0x1b8/0x590...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the JFSIP function returning an invalid pointer when ipimap is null...

FreeBSD : qt6-base (core module) -- Invalid pointer in QStringConverter (e79cc4e2-12d7-11ef-83d8-4ccc6adda413)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the e79cc4e2-12d7-11ef-83d8-4ccc6adda413 advisory. - Andy Shaw reports: QStringConverter has an invalid pointer being passed as a callback which can allow...

qt6-base (core module) -- Invalid pointer in QStringConverter

Andy Shaw reports: QStringConverter has an invalid pointer being passed as a callback which can allow modification of the stack. Qt itself is not vulnerable to remote attack however an application using QStringDecoder either directly or indirectly can be vulnerable. This requires: the attacker be...