110 matches found
CVE-2024-39393
Adobe InDesign Desktop (ID19.4, ID18.5.2 and earlier) is affected by CVE-2024-39393 due to an out-of-bounds read while parsing crafted files, potentially allowing code execution in the caller’s context. Exploitation requires user interaction (victim opens a malicious file). Affected versions are ...
SUSE SLES15: kernel-azure / kernel-azure-devel / kernel-devel-azure / etc (SUSE-SU-2024:2896-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2896-1 advisory. The SUSE Linux Enterprise 15 SP6 Azure kernel was updated to receive various security bugfixes. The following security bugs were...
CVE-2024-34122
CVE-2024-34122 affects Acrobat for Edge (Edge Chromium-based) up to version 126.0.2592.68, with an out-of-bounds read when parsing a crafted file that could allow code execution under the user’s context after user interaction. The issue is confirmed across multiple sources; a remediation exists a...
CVE-2024-34122 T5 Acrobat Vulnerability - Exploitable crash in DecodeTile
Acrobat for Edge versions 126.0.2592.68 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the...
CVE-2024-20753
Adobe Photoshop Desktop (Windows/macOS) is affected by CVE-2024-20753, an out-of-bounds read in PDF/file parsing that could allow code execution in the context of the current user. Affected versions include 24.7.3, 25.7 and earlier; exploitation requires the user to open a crafted file. Several c...
CVE-2024-36010 igb: Fix string truncation warnings in igb_set_fw_version
In the Linux kernel, the following vulnerability has been resolved: igb: Fix string truncation warnings in igbsetfwversion Commit 1978d3ead82c "intel: fix string truncation warnings" fixes '-Wformat-truncation=' warnings in igbmain.c by using kasprintf...
CVE-2024-35940
A vulnerability was found in the Linux kernel's pstore/zone subsystem, specifically in the pszkmsgread function. The issue occurs because kasprintf can return a NULL pointer if memory allocation fails, but there was no check for this in the affected code. Mitigation Mitigation for this issue is...
CVE-2023-52686
In the Linux kernel, the following vulnerability has been resolved: powerpc/powernv: Add a null pointer check in opaleventinit kasprintf returns a pointer to dynamically allocated memory which can be NULL upon failure...
CVE-2023-52690 powerpc/powernv: Add a null pointer check to scom_debug_init_one()
In the Linux kernel, the following vulnerability has been resolved: powerpc/powernv: Add a null pointer check to scomdebuginitone kasprintf returns a pointer to dynamically allocated memory which can be NULL upon failure. Add a null pointer check, and release 'ent' to avoid memory leaks...
CVE-2023-52686 powerpc/powernv: Add a null pointer check in opal_event_init()
In the Linux kernel, the following vulnerability has been resolved: powerpc/powernv: Add a null pointer check in opaleventinit kasprintf returns a pointer to dynamically allocated memory which can be NULL upon failure...
CVE-2023-52686 powerpc/powernv: Add a null pointer check in opal_event_init()
In the Linux kernel, the following vulnerability has been resolved: powerpc/powernv: Add a null pointer check in opaleventinit kasprintf returns a pointer to dynamically allocated memory which can be NULL upon failure...
CVE-2023-52675 powerpc/imc-pmu: Add a null pointer check in update_events_in_group()
In the Linux kernel, the following vulnerability has been resolved: powerpc/imc-pmu: Add a null pointer check in updateeventsingroup kasprintf returns a pointer to dynamically allocated memory which can be NULL upon failure...
CVE-2024-20791 Illustrator 2024 BMP File Parsing Memory Corruption
Illustrator versions 28.4, 27.9.3 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current...
CVE-2022-48650
In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix memory leak in qlt24xxhandleabts Commit 8f394da36a36 "scsi: qla2xxx: Drop TARGETSCFLOOKUPLUNFROMTAG" made the qlt24xxhandleabts function return early if tcmqla2xxxfindcmdbytag didn't find a command, but it miss...
CVE-2024-26908
REJECTED CVE In the Linux kernel, the following vulnerability has been resolved: x86/xen: Add some null pointer checking to smp.c The Linux kernel CVE team has assigned CVE-2024-26908 to this issue...
CVE-2024-26908
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...
CVE-2024-26908
CVE-2024-26908 is a Linux kernel issue where the advisory notes adding null pointer checks in kernel/x86/smp.c (x86/xen path). Connected advisories (RHSA-2024:6992, RHSA-2024:5992/5928 equivalents, ELSA-2024-5928) indicate affected kernel builds in Red Hat, Oracle Linux, and related distributions...
Adobe Animate Buffer Overflow Vulnerability (CNVD-2024-19000)
Adobe Animate is a set of Flash animation software from the American company Audobee Adobe. Adobe Animate suffers from a buffer overflow vulnerability that stems from the application's susceptibility to out-of-bounds reads when parsing carefully crafted files, which may read beyond the end of an...
CVE-2023-52607 powerpc/mm: Fix null-pointer dereference in pgtable_cache_add
In the Linux kernel, the following vulnerability has been resolved: powerpc/mm: Fix null-pointer dereference in pgtablecacheadd kasprintf returns a pointer to dynamically allocated memory which can be NULL upon failure. Ensure the allocation was successful by checking the pointer validity...
CVE-2023-52467
A vulnerability was found in the Linux kernel, where A NULL pointer dereference flaw may occur in sysconregister. In this issue, kasprintf returns a pointer to dynamically allocated memory, which can be NULL upon failure...