Astra Linux – Vulnerability in Chromium

“Type Confusion in V8” in Google Chrome before version 129.0.6668.100 allowed a remote attacker to perform an out-of-bounds memory write through a crafted HTML page. Chromium security severity: High...

UBUNTU-CVE-2024-11477

7-Zip Zstandard Decompression Integer Underflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of 7-Zip. Interaction with this library is required to exploit this vulnerability but attack vectors may vary dependi...

The vulnerability of the at24 component in the Linux operating system’s kernel, which allows a hacker to trigger a service failure

The vulnerability of the at24 component in the Linux operating system’s kernel is related to the operation of pushing data out of the buffer into memory within the at24probe function. Exploiting this vulnerability can allow an attacker to cause a system failure...

PT-2024-10645 · Mediatek · Mediatek Audio Driver

Name of the Vulnerable Software and Affected Versions: MediaTek audio driver affected versions not specified Description: The issue is related to a missing bounds check in the mtkscoaudio debugfs, combined with weakened SELinux policies. This could allow for an arbitrary kernel memory write,...

CVE-2024-42385

Improper Neutralization of Delimiters vulnerability in Cesanta Mongoose Web Server v7.14 allows to trigger an out-of-bound memory write if the PEM certificate contains unexpected characters...

CVE-2024-42385

Improper Neutralization of Delimiters vulnerability in Cesanta Mongoose Web Server v7.14 allows to trigger an out-of-bound memory write if the PEM certificate contains unexpected characters...

CVE-2024-42385 Improper Neutralization of Delimiters in Mongoose Web Server library

Improper Neutralization of Delimiters vulnerability in Cesanta Mongoose Web Server v7.14 allows to trigger an out-of-bound memory write if the PEM certificate contains unexpected characters...

CVE-2024-42385 Improper Neutralization of Delimiters in Mongoose Web Server library

Improper Neutralization of Delimiters vulnerability in Cesanta Mongoose Web Server v7.14 allows to trigger an out-of-bound memory write if the PEM certificate contains unexpected characters...

PT-2024-29912 · Cesanta · Cesanta Mongoose Web Server

Name of the Vulnerable Software and Affected Versions: Cesanta Mongoose Web Server version 7.14 Description: The issue is related to improper neutralization of delimiters in the Cesanta Mongoose Web Server. This can cause an out-of-bound memory write if the PEM certificate contains unexpected...

SUSE CVE-2024-50164

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix overloading of MEMUNINIT's meaning Lonial reported an issue in the BPF verifier where checkmemsizereg has the following code: if !tnumisconstreg-varoff / For unprivileged variable accesses, disable raw mode so that the...

AZL-53561 CVE-2024-50164 affecting package kernel for versions less than 6.6.64.2-1

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix overloading of MEMUNINIT's meaning Lonial reported an issue in the BPF verifier where checkmemsizereg has the following code: if !tnumisconstreg-varoff / For unprivileged variable accesses, disable raw mode so that the...

DEBIAN-CVE-2024-50164

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix overloading of MEMUNINIT's meaning Lonial reported an issue in the BPF verifier where checkmemsizereg has the following code: if !tnumisconstreg-varoff / For unprivileged variable accesses, disable raw mode so that the...

UBUNTU-CVE-2024-50164

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix overloading of MEMUNINIT's meaning Lonial reported an issue in the BPF verifier where checkmemsizereg has the following code: if !tnumisconstreg-varoff / For unprivileged variable accesses, disable raw mode so that the...

CVE-2024-50164

The CVE-2024-50164 entry covers a Linux kernel BPF verifier regression where MEM_UNINIT was overloaded to mean both “buffer need not be initialized” and “buffer will be written to.” This allowed a BPF program to write to read-only maps (e.g., .rodata) when the buffer size was not a fixed constant...

AZL-52432 CVE-2024-50134 affecting package kernel for versions less than 5.15.173.1-1

In the Linux kernel, the following vulnerability has been resolved: drm/vboxvideo: Replace fake VLA at end of vbvamousepointershape with real VLA Replace the fake VLA at end of the vbvamousepointershape shape with a real VLA to fix a "memcpy: detected field-spanning write error" warning: 13.31981...

PT-2024-33520 · Samsung · Galaxy S24

Name of the Vulnerable Software and Affected Versions: Galaxy S24 versions prior to Firmware update Sep-2024 Release Description: The issue is related to an out-of-bounds write in the Battery Full Capacity node, allowing local attackers to write out-of-bounds memory. System privilege is required...

KLA74684 Multiple vulnerabilities in Microsoft Browser

Multiple vulnerabilities were found in Microsoft Browser. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code. Below is a complete list of vulnerabilities: 1. Out of bounds memory write vulnerability in Dawn can be exploited to cause denial of...

VulnCheck KEV: CVE-2020-9870

A logic issue was addressed with improved validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8. An attacker with memory write capability may be able to bypass pointer authentication codes and run arbitrary code...

DEBIAN-CVE-2022-48967

In the Linux kernel, the following vulnerability has been resolved: NFC: nci: Bounds check struct nfctarget arrays While running under CONFIGFORTIFYSOURCE=y, syzkaller reported: memcpy: detected field-spanning write size 129 of single field "target-sensfres" at net/nfc/nci/ntf.c:260 size 18 This...

Microsoft Edge (Chromium-Based) Multiple Vulnerabilities (Oct-2 2024)

Microsoft Edge Chromium-Based is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...