Huawei EulerOS: Security Advisory for libtiff (EulerOS-SA-2024-2772)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS Virtualization 2.12.1 : libtiff (EulerOS-SA-2024-2754)

According to the versions of the libtiff package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A flaw was found in the libtiff library. An out-of-memory issue in the TIFFReadEncodedStrip function can be triggered when processi...

EulerOS Virtualization 2.12.0 : libtiff (EulerOS-SA-2024-2772)

According to the versions of the libtiff package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A flaw was found in the libtiff library. An out-of-memory issue in the TIFFReadEncodedStrip function can be triggered when processi...

The vulnerability of the Substance 3D Stager software lies in its software, which is exposed due to a buffer overflow in the dynamic memory. This allows an attacker to execute arbitrary code.

The vulnerability of the Substance 3D Stager software lies in the overflow of memory buffer in dynamic memory. Exploiting this vulnerability allows an attacker to execute arbitrary code in the context of the current user, using a specially created file...

OSV-2024-1205 Memcpy-param-overlap in repeat

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=372515088 Crash type: Memcpy-param-overlap Crash state: repeat repeat pere...

Huawei EulerOS: Security Advisory for libtiff (EulerOS-SA-2024-2509)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

PT-2024-6920 · Microsoft · Windows Shell +1

Name of the Vulnerable Software and Affected Versions: Windows Shell affected versions not specified Description: The issue is related to a memory use after free vulnerability in the Windows Shell. This vulnerability can be exploited by remote attackers to execute arbitrary code on the system,...

PT-2024-6789 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: Windows affected versions not specified Description: The issue is related to a denial-of-service vulnerability in the Network Address Translation NAT technology of Windows operating systems. It is caused by a buffer overflow in memory, which...

PT-2024-8851

Name of the Vulnerable Software and Affected Versions libjxl libjxl-devel-0.11.1-1.1 libmozjs-115-0-115.15.0-4.1 libmozjs-128-0-128.5.1-3.1 jpeg-xl affected versions not specified Description A stack buffer overflow exists in the libjxl library's JPEG XL decoder. A specially crafted file can caus...

ROS-20240924-05

The vulnerability in Firefox ESR web browsers, Firefox and Thunderbird email client is related to writing beyond the buffer boundaries. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service Vulnerability in Thunderbird email client and Firefox,...

PT-2024-29103 · Apple · Apple Macos

Name of the Vulnerable Software and Affected Versions: macOS versions prior to 14.7 macOS versions prior to 15 Description: The issue was addressed with improved memory handling. Processing a maliciously crafted video file may lead to unexpected app termination. Recommendations: For macOS version...

The vulnerability of the FontFace component in the Firefox web browser, related to memory usage after it is freed, allows a hacker to trigger a service denial.

The vulnerability of the FontFace component in the Firefox web browser is related to the use of memory after it is freed. Exploiting this vulnerability could allow a remote attacker to cause a service failure...

Unspecified vulnerability in Linux kernel (CNVD-2024-39468)

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a corrupted physical memory information segment in the s390/boot component. No details of the vulnerability...

Google Chrome 安全漏洞

Google Chrome is a web browser from Google, an American company. A memory misreference vulnerability exists in versions of Google Chrome prior to 128.0.6613.138, which stems from a messed up instruction responsible for freeing memory in Autofill. An attacker could exploit this vulnerability to...

USN-6997-1 tiff vulnerability

It was discovered that LibTIFF incorrectly handled memory. An attacker could possibly use this issue to cause the application to crash, resulting in a denial of service...

CVE-2023-7256

In affected libpcap versions during the setup of a remote packet capture the internal function sockinitaddress calls getaddrinfo and possibly freeaddrinfo, but does not clearly indicate to the caller function whether freeaddrinfo still remains to be called after the function returns. This makes i...

ROS-20240816-13

Vulnerability in the ASN1 Parser function GTime2str of the libcurl library is related to reading outside of memory boundaries memory. Exploitation of the vulnerability could allow an attacker acting remotely to cause an octasis in the maintenance...

CVE-2024-41727

CVE-2024-41727 affects BIG-IP TMM on BIG-IP devices (and BIG-IP VE with Intel E810 SR-IOV NIC) where undisclosed traffic can cause memory resource utilization to spike, degrading performance or causing DoS. Public details specify the vulnerable components as the Traffic Management Microkernel (TM...

DEBIAN-CVE-2024-41989

An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The floatformat template filter is subject to significant memory consumption when given a string representation of a number in scientific notation with a large exponent...

CVE-2024-7541

oFono AT CMT Command Uninitialized Variable Information Disclosure Vulnerability. This vulnerability allows local attackers to disclose sensitive information on affected installations of oFono. An attacker must first obtain the ability to execute code on the target modem in order to exploit this...