53 matches found
CVE-2011-10021
Magix Musik Maker 16 is vulnerable to a stack-based buffer overflow due to improper handling of .mmm arrangement files. The vulnerability arises from an unsafe strcpy operation that fails to validate input length, allowing attackers to overwrite the Structured Exception Handler SEH. By crafting a...
CVE-2011-10021
Magix Musik Maker 16 is affected by a stack-based buffer overflow when processing .mmm files due to an unsafe strcpy() that fails to validate input length, allowing an attacker to overwrite the Structured Exception Handler (SEH). Exploitation is triggered by opening a crafted .mmm file and can le...
CVE-2025-0289 CVE-2025-0289
Various Paragon Software products contain an insecure kernel resource access vulnerability facilitated by the driver not validating the MappedSystemVa pointer before passing it to HalReturnToFirmware, which can allows an attacker the ability to compromise the service...
Amazon Corretto Java 17.x < 17.0.14.7.1 Vulnerability
The version of Amazon Corretto installed on the remote host is 17 prior to 17.0.14.7.1. It is, therefore, affected by a vulnerability as referenced in the corretto-17-2025-Jan-21 advisory. - hotspot/compiler CVE-2025-21502 Note that Nessus has not tested for this issue but has instead relied only...
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : postgresql, postgresql16, postgresql17 (SUSE-SU-2024:4173-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:4173-1 advisory. This update ships postgresql17 , and fixes security issues with postgresql16: - bsc1230423: Rela...
Security update for postgresql, postgresql16, postgresql17
This update for postgresql, postgresql16, postgresql17 fixes the following issues: This update ships postgresql17 , and fixes security issues with postgresql16: bsc1230423: Relax the dependency of extensions on the server version from exact major.minor to greater or equal, after Tom Lane confirme...
CVE-2024-7404 Improper Restriction of Rendered UI Layers or Frames in GitLab
An issue was discovered in GitLab CE/EE affecting all versions starting from 17.2 prior to 17.3.7, starting from 17.4 prior to 17.4.4 and starting from 17.5 prior to 17.5.2, which could have allowed an attacker gaining full API access as the victim via the Device OAuth flow...
CVE-2024-3958 Improper Control of Generation of Code ('Code Injection') in GitLab
An issue has been discovered in GitLab CE/EE affecting all versions before 17.0.6, 17.1 prior to 17.1.4, and 17.2 prior to 17.2.2. An issue was found that allows someone to abuse a discrepancy between the Web application display and the git command line interface to social engineer victims into...
PT-2023-9571
Name of the Vulnerable Software and Affected Versions Oracle Java SE versions 8u421, 8u421-perf, 11.0.24, 17.0.12, 21.0.4, 23 Oracle GraalVM for JDK versions 17.0.12, 21.0.4, 23 Oracle GraalVM Enterprise Edition versions 20.3.15, 21.3.11 Description The issue is related to the Serialization...
Azure File Sync Agent v17.0 Release – December 2023 (KB5023053)
Update for Azure File Sync agent version 17.0.0.0. For more details, see the associated Microsoft Knowledge Base article...
Apple Safari Security Update (HT213941)
Apple Safari is multiple vulnerabilities SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apple:safari"; ifdescription...
SUSE CVE-2011-3038
Use-after-free vulnerability in Google Chrome before 17.0.963.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to multi-column handling...
DSA-5335-1 openjdk-17 - security update
Bulletin has no description...
Oracle OpenJDK Unspecified Vulnerability (Jul 2022)
Oracle OpenJDK is prone to an unspecified vulnerability. Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you...
Trend Micro Security 缓冲区错误漏洞
Trend Micro Security Consumer is an antivirus software from Trend Micro. A buffer error vulnerability exists in Trend Micro Security Consumer versions 17 through 17.7.1130 that originates from a boundary condition. A local attacker could exploit the vulnerability to access potentially sensitive...
Amazon Corretto Java 17.x < 17.0.3.6.1 Multiple Vulnerabilities
The version of Amazon Corretto installed on the remote host is prior to 17 17.0.3.6.1. It is, therefore, affected by multiple vulnerabilities as referenced in the corretto-17-2022-Apr-17 advisory. - zlib before 1.2.12 allows memory corruption when deflating i.e., when compressing if the input has...
Mitsubishi Electric MELSEC iQ-R Series C Controller Module Uncontrolled Resource Consumption (CVE-2021-20600)
Uncontrolled resource consumption in MELSEC iQ-R series C Controller Module R12CCPU-V all versions allows a remote unauthenticated attacker to cause a denial-of-service DoS condition by sending a large number of packets in a short time while the module starting up. System reset is required for...
Oracle Java SE Security Update (oct2021) 02 - Windows
Oracle Java SE is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Digium Asterisk Security Vulnerability
Digium Asterisk is a set of open source telephone exchange PBX system software from Digium, USA. The software supports voicemail, multi-party voice conferencing, interactive voice response IVR, and more. A security vulnerability exists in Digium Asterisk. The vulnerability stems from allowing a...
CVE-2019-14818
A flaw was found in all dpdk version 17.x.x before 17.11.8, 16.x.x before 16.11.10, 18.x.x before 18.11.4 and 19.x.x before 19.08.1 where a malicious master, or a container with access to vhostuser socket, can send specially crafted VRINGSETNUM messages, resulting in a memory leak including file...