The vulnerability of the Adobe Photoshop graphic editor arises from the possibility of an operation exceeding the buffer boundaries in memory. This allows a malicious actor to gain unauthorized access to protected information and circumvent the ASLR protection mechanism.

The vulnerability of the Adobe Photoshop graphic editor is related to the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information and bypass the ASLR protection mechanism...

UBUNTU-CVE-2024-3708

A condition exists in lighttpd version prior to 1.4.51 whereby a remote attacker can craft an http request which could result in multiple outcomes: 1. cause lighttpd to access freed memory in which case the process lighttpd is running in could be terminated or other non-deterministic behavior cou...

The vulnerability of the Adobe Animate software for creating multimedia and computer animations lies in the possibility of an operation going beyond the buffer in memory. This allows attackers to gain unauthorized access to protected information and circumvent the ASLR protection mechanism.

The vulnerability of the Adobe Animate program for creating multimedia and computer animations is related to the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information and bypass the...

The vulnerability of Adobe InDesign’s computer font automation tool, related to memory-walking, allows attackers to gain unauthorized access to protected information and circumvent the ASLR protection mechanism.

The vulnerability of Adobe InDesign’s computer layout automation tool is related to memory-walking attacks. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information and bypass security mechanisms like ASLR...

ALSA-2024:2980 Moderate: harfbuzz security update

HarfBuzz is an implementation of the OpenType Layout engine. Security Fixes: harfbuzz: allows attackers to trigger On^2 growth via consecutive marks CVE-2023-25193 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer...

Moderate: harfbuzz security update

HarfBuzz is an implementation of the OpenType Layout engine. Security Fixes: harfbuzz: allows attackers to trigger On^2 growth via consecutive marks CVE-2023-25193 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer...

The vulnerability of the lighttpd web server arises from the execution of operations beyond the buffer in memory, allowing an attacker to bypass the ASLR protection mechanism and gain unauthorized access to protected information.

The vulnerability of the lighttpd web server arises from the issue of operations going beyond the buffer in memory when comparing values of the If-Modified-Since header fields. Exploiting this vulnerability allows a remote attacker to bypass the ASLR protection mechanism and gain unauthorized...

The vulnerability of the Linux operating system’s Network File System kernel allows a hacker to cause a service failure.

The vulnerability of the Linux operating system’s Network File System kernel lies in the lack of protection against unauthorized data processing during the execution of the .GETDEVICEINFO and LAYOUTGET operations in UDP packets. Exploiting this vulnerability can allow an attacker to cause service...

CVE-2024-34101

Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier Answer: are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user...

CVE-2024-30312

Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier Answer: are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user...

CVE-2024-30311

Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier Answer: are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user...

CVE-2024-3189

The Gutenberg Blocks by Kadence Blocks – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'Testimonial', 'Progress Bar', 'Lottie Animations', 'Row Layout', 'Google Maps', and 'Advanced Gallery' blocks in all versions up to, and including,...

CVE-2024-3189 Gutenberg Blocks by Kadence Blocks – Page Builder Features <= 3.2.37 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Gutenberg Blocks by Kadence Blocks – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'Testimonial', 'Progress Bar', 'Lottie Animations', 'Row Layout', 'Google Maps', and 'Advanced Gallery' blocks in all versions up to, and including,...

CVE-2024-3189

CVE-2024-3189 affects Gutenberg Blocks by Kadence Blocks – Page Builder Features for WordPress. All versions ≤ 3.2.37 are vulnerable to Stored XSS via the plugin blocks (Testimonial, Progress Bar, Lottie Animations, Row Layout, Google Maps, Advanced Gallery) due to insufficient input sanitization...

WordPress plugin Gutenberg Blocks by Kadence Blocks 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A security vulnerability exists in th...

PT-2024-40414 · Adobe · Magento Open Source +1

Name of the Vulnerable Software and Affected Versions: Magento Commerce versions 1.9.0.0 through 1.14.3.9 Magento Open Source versions 1.5.0.0 through 1.9.3.9 Description: The issue concerns various security vulnerabilities, including authenticated Admin user remote code execution RCE, cross-site...

CVE-2024-4277

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘layouthtml’ parameter in all versions up to, and including, 4.2.6.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

AZL-40699 CVE-2024-33875 affecting package hdf5 for versions less than 1.14.4-1

HDF5 Library through 1.14.3 has a heap-based buffer overflow in H5Olayoutencode in H5Olayout.c, resulting in the corruption of the instruction pointer...

DEBIAN-CVE-2024-33875

HDF5 Library through 1.14.3 has a heap-based buffer overflow in H5Olayoutencode in H5Olayout.c, resulting in the corruption of the instruction pointer...

AZL-40580 CVE-2024-33875 affecting package hdf5 for versions less than 1.14.4.3-1

HDF5 Library through 1.14.3 has a heap-based buffer overflow in H5Olayoutencode in H5Olayout.c, resulting in the corruption of the instruction pointer...