AMD Radeon DirectX 11 Driver atidxx64.dll Shader Functionality arbitrary write vulnerability

Talos Vulnerability Report TALOS-2023-1847 AMD Radeon DirectX 11 Driver atidxx64.dll Shader Functionality arbitrary write vulnerability April 10, 2024 CVE Number CVE-2024-21979 SUMMARY An arbitrary write vulnerability exists in the Shader Functionality of AMD Radeon DirectX 11 Driver atidxx64.dll...

DEBIAN-CVE-2024-3159

Out of bounds memory access in V8 in Google Chrome prior to 123.0.6312.105 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. Chromium security severity: High...

Arbitrary Write

gtkwave is vulnerable to Arbitrary Write. These vulnerabilities can be exploited via a specially crafted .vcd file, allows a victim would need to open the malicious file and potentially leading to arbitrary code execution...

Arbitrary Write

gtkwave is vulnerable to Arbitrary Write. These vulnerabilities can be exploited via a specially crafted .vcd file, allows a victim would need to open the malicious file and potentially leading to arbitrary code execution...

Arbitrary Write

gtkwave is vulnerable to Arbitrary Write. These vulnerabilities can be exploited via a specially crafted .vcd file, allows a victim would need to open the malicious file and potentially leading to arbitrary code execution...

The vulnerability of software for storing images in OpenEXR format, which has a wide dynamic range of brightness levels, arises due to buffer overflows in dynamic memory. This allows attackers to read or write arbitrary data.

The vulnerability of software for storing images in the OpenEXR format with a wide dynamic range of brightness levels arises due to buffer overflows in the dynamic memory. Exploiting this vulnerability allows an attacker to read or write arbitrary data remotely...

kernel: UAF in nftables when nft_set_lookup_global triggered after handling named and anonymous sets in batch requests

A use-after-free flaw was found in the Netfilter subsystem of the Linux kernel when processing named and anonymous sets in batch requests, which can lead to performing arbitrary reads and writes in kernel memory. This flaw allows a local user with CAPNETADMIN capability to crash or potentially...

Oracle Linux 9 : kernel (ELSA-2024-0461)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-0461 advisory. - nfp: fix use-after-free in areacacheget Ricardo Robaina RHEL-19456 RHEL-19536 RHEL-6566 RHEL-7241 CVE-2022-3545 - fbcon: setcon2fbmap needs to set...

BIT-TENSORFLOW-2022-23561 Out of bounds write in TFLite

Tensorflow is an Open Source Machine Learning Framework. An attacker can craft a TFLite model that would cause a write outside of bounds of an array in TFLite. In fact, the attacker can override the linked list used by the memory allocator. This can be leveraged for an arbitrary write primitive...

CVE-2024-1329 Nomad Vulnerable to Arbitrary Write Through Symlink Attack

HashiCorp Nomad and Nomad Enterprise 1.5.13 up to 1.6.6, and 1.7.3 template renderer is vulnerable to arbitrary file write on the host as the Nomad client user through symlink attacks. This vulnerability, CVE-2024-1329, is fixed in Nomad 1.7.4, 1.6.7, and 1.5.14...

CVE-2024-1329 Nomad Vulnerable to Arbitrary Write Through Symlink Attack

HashiCorp Nomad and Nomad Enterprise 1.5.13 up to 1.6.6, and 1.7.3 template renderer is vulnerable to arbitrary file write on the host as the Nomad client user through symlink attacks. This vulnerability, CVE-2024-1329, is fixed in Nomad 1.7.4, 1.6.7, and 1.5.14...

HashiCorp Nomad and HashiCorp Nomad Enterprise Security Vulnerabilities

HashiCorp Nomad and HashiCorp Nomad Enterprise are both products of HashiCorp, Inc. HashiCorp Nomad is a simple and flexible scheduler and orchestrator. HashiCorp Nomad is a simple and flexible scheduler and orchestrator for managing containerized and non-containerized applications at scale, both...

Nginx-UI vulnerable to arbitrary file write through the Import Certificate feature

Summary The Import Certificate feature allows arbitrary write into the system. The feature does not check if the provided user input is a certification/key and allows to write into arbitrary paths in the system...

CVE-2024-23827

Nginx-UI is a web interface to manage Nginx configurations. The Import Certificate feature allows arbitrary write into the system. The feature does not check if the provided user input is a certification/key and allows to write into arbitrary paths in the system. It's possible to leverage the...

Remote code execution

Nginx-UI is a web interface to manage Nginx configurations. The Import Certificate feature allows arbitrary write into the system. The feature does not check if the provided user input is a certification/key and allows to write into arbitrary paths in the system. It's possible to leverage the...

CVE-2024-23827 Nginx-UI arbitrary file write through the Import Certificate feature

Nginx-UI is a web interface to manage Nginx configurations. The Import Certificate feature allows arbitrary write into the system. The feature does not check if the provided user input is a certification/key and allows to write into arbitrary paths in the system. It's possible to leverage the...

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Nginx-UI is a web interface to manage Nginx configurations. The Import Certificate feature allows arbitrary write into the system. The feature does not check if the provided user input is a certification/key and allows to write into arbitrary paths in the system. It's possible to leverage the...

UBUNTU-CVE-2023-52076

Atril Document Viewer is the default document reader of the MATE desktop environment for Linux. A path traversal and arbitrary file write vulnerability exists in versions of Atril prior to 1.26.2. This vulnerability is capable of writing arbitrary files anywhere on the filesystem to which the use...

GTKWave Arbitrary Write Vulnerability (CNVD-2024-04851)

GTKWave is a full-featured, GTK+-based waveform viewer from GTKWave. An arbitrary write vulnerability exists in GTKWave version 3.3.115, which can be exploited by an attacker to cause arbitrary code execution via specially crafted .vcd files...

GTKWave Arbitrary Write Vulnerability

GTKWave is a full-featured, GTK+-based waveform viewer from GTKWave. An arbitrary write vulnerability exists in GTKWave version 3.3.115, which can be exploited by an attacker to cause arbitrary code execution via specially crafted .vcd files...