SUSE: Security Advisory (SUSE-SU-2025:0344-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE-SU-2025:0344-1 Security update for orc

This update for orc fixes the following issues: - CVE-2024-40897: Fixed stack-based buffer overflow in the Orc compiler when formatting error messages for certain input files bsc1228184...

CVE-2025-25066

nDPI through 4.12 has a potential stack-based buffer overflow in ndpiaddresscacherestore in lib/ndpicache.c...

CVE-2025-25066

nDPI through 4.12 has a potential stack-based buffer overflow in ndpiaddresscacherestore in lib/ndpicache.c...

CVE-2024-53296

Dell PowerProtect DD versions prior to 7.10.1.50 and 7.13.1.20 contain a Stack-based Buffer Overflow vulnerability in the RestAPI. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Denial of service...

CVE-2024-53296

CVE-2024-53296 affects Dell PowerProtect DD (Data Domain) with a stack-based buffer overflow in the RestAPI. Public details indicate vulnerable versions include Dell PowerProtect DD prior to 7.10.1.50 and 7.13.1.20 (per NVD description), with a similar CVE entry noting earlier releases such as 7....

CVE-2024-23963

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Alpine Halo9 devices. An attacker must first obtain the ability to pair a malicious Bluetooth device with the target system in order to exploit this vulnerability. The specific flaw exists...

(Pwn2Own) Canon imageCLASS MF656Cdw TIF File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Canon imageCLASS MF656Cdw printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing of TIF files. The issue results from the lack o...

Alpine Halo9 安全漏洞

Alpine Halo9 is a multimedia player from Alpine. A security vulnerability exists in Alpine Halo9 that stems from a failure to properly validate the length of user-supplied data before copying it to a stack-based buffer. An attacker exploiting this vulnerability could execute code in a rooted...

CVE-2024-23963

CVE-2024-23963 concerns Alpine Halo9 devices. The flaw is in the PBAP_DecodeVCARD function where insufficient validation of user-supplied data length before copying to a stack-based buffer allows a network-adjacent attacker who can pair a malicious Bluetooth device to execute code with root privi...

CVE-2024-23968 ChargePoint Home Flex SrvrToSmSetAutoChnlListMsg Stack-based Buffer Overflow

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of ChargePoint Home Flex charging stations. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SrvrToSmSetAutoChnlListMsg function. The issue...

CVE-2024-23973

CVE-2024-23973 affects Silicon Labs Gecko OS. The vulnerability stems from improper validation of the length of user-supplied data during HTTP GET handling, leading to a stack-based buffer overflow. This flaw enables network-adjacent attackers to execute arbitrary code in the device’s context wit...

CVE-2024-11609

AutomationDirect C‑More EA9/EAP9 contains a stack-based buffer overflow in the EAP9 file parsing due to insufficient validation of user-supplied data length. This allows remote code execution in the affected EA9 installations, with user interaction required (target must visit a malicious page or ...

CVE-2025-0848 Tenda A18 HTTP POST Request SetCmdlineRun stack-based overflow

A vulnerability was found in Tenda A18 up to 15.13.07.09. It has been rated as critical. This issue affects the function SetCmdlineRun of the file /goform/SetCmdlineRun of the component HTTP POST Request Handler. The manipulation of the argument wpapskcrypto5g leads to stack-based buffer overflow...

CVE-2025-0848 Tenda A18 HTTP POST Request SetCmdlineRun stack-based overflow

A vulnerability was found in Tenda A18 up to 15.13.07.09. It has been rated as critical. This issue affects the function SetCmdlineRun of the file /goform/SetCmdlineRun of the component HTTP POST Request Handler. The manipulation of the argument wpapskcrypto5g leads to stack-based buffer overflow...

CVE-2025-0840 GNU Binutils objdump.c disassemble_bytes stack-based overflow

A vulnerability, which was classified as problematic, was found in GNU Binutils up to 2.43. This affects the function disassemblebytes of the file binutils/objdump.c. The manipulation of the argument buf leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The...

CVE-2025-0840

A vulnerability, which was classified as problematic, was found in GNU Binutils up to 2.43. This affects the function disassemblebytes of the file binutils/objdump.c. The manipulation of the argument buf leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The...

Security Bulletin: IBM App Connect Enterprise Certified Container IntegrationServer and IntegrationRuntime operands are vulnerable to denial of service [CVE-2024-7254]

Summary The Google Protocol Buffers package is used by IBM App Connect Enterprise Certified Container for processing DFDL message definitions. IBM App Connect Enterprise Certified Container IntegrationServer and IntegrationRuntime that use the DFDL parser are vulnerable to denial of service. This...

Security Bulletin: IBM App Connect Enterprise is vulnerable to a denial of service due to Google Protocol Buffers (CVE-2024-7254).

Summary IBM App Connect Enterprise and IBM App Connect Enterprise Toolkit are vulnerable to a denial of service due to Google Protocol Buffers CVE-2024-7254. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2024-7254 DESCRIPTION: Google...

Security Bulletin: There is a Denial of Service vulnerability in IBM WebSphere Liberty that is shipped with IBM CICS TX Advanced (CVE-2024-7254).

Summary There is a Denial of Service vulnerability in IBM WebSphere Liberty that is shipped with IBM CICS TX Advanced CVE-2024-7254. An update to IBM CICS TX Advanced has been released to address this vulnerability. Vulnerability Details CVEID:CVE-2024-7254 DESCRIPTION: Google Protocol Buffers...