CVE-2024-47777

GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been identified in the gstwavparsesmplchunk function within gstwavparse.c. This function attempts to read 4 bytes from the data + 12 offset without checking if the size of the data buffer is...

CVE-2024-47598

GStreamer core vulnerability CVE-2024-47598: an OOB-read in qtdemux_merge_sample_table (qtdemux.c) occurs because the stts buffer size isn’t properly checked before reading stts_duration, allowing reads beyond stts->data. This reads up to 4 bytes past allocated bounds. Impact is memory read be...

Qualcomm Chipsets 安全漏洞

Qualcomm Chipsets are a family of chipsets from Qualcomm Incorporated USA. A security vulnerability exists in Qualcomm Chipsets that arises from the HLOS module containing an improperly restricted operation within a memory buffer...

The vulnerability in the implementation of the Secure Boot protocol for operating systems with Windows, which allows attackers to circumvent existing security restrictions.

The vulnerability of the Secure Boot protocol for Windows operating systems lies in the fact that operations are performed outside of the buffer in memory. Exploiting this vulnerability could allow a malicious actor to circumvent existing security restrictions remotely...

The vulnerability of the microprogramming software in SIP phones of the Mitel series 6800, 6900, 6970, and 6900w allows a intruder to execute arbitrary commands.

The vulnerability of the microprogramming software of Mitel telephones of models 6800, 6900, 6970, and 6900w lies in the fact that the operation results are stored outside of the buffer in memory. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands by sending...

PT-2024-11217 · Linux +2 · Linux Kernel +2

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue arises when a user attempts to submit a bulk transfer through usbfs with a buffer that is excessively large, generating a WARNing. This is not a bug in the kernel but rather ...

CVE-2023-52501 ring-buffer: Do not attempt to read past "commit"

In the Linux kernel, the following vulnerability has been resolved: ring-buffer: Do not attempt to read past "commit" When iterating over the ring buffer while the ring buffer is active, the writer can corrupt the reader. There's barriers to help detect this and handle it, but that code missed th...

UBUNTU-CVE-2024-1546

When storing and re-accessing data on a networking channel, the length of buffers may have been confused, resulting in an out-of-bounds memory read. This vulnerability affects Firefox 123, Firefox ESR 115.8, and Thunderbird 115.8...

Important: redis6

Issue Overview: Redis is an in-memory database that persists on disk. Redis incorrectly handles resizing of memory buffers which can result in integer overflow that leads to heap overflow and potential remote code execution. This issue has been patched in version 7.0.15 and 7.2.4. CVE-2023-41056...

The vulnerability of the MMU_UnmapPages() function in the PowerVR GPU driver for Android and ChromeOS allows a hacker to execute arbitrary code and gain elevated privileges.

The vulnerability of the MMUUnmapPages function in the PowerVR GPU driver for Android and ChromeOS systems is related to the execution of operations outside of memory buffers. Exploiting this vulnerability can allow attackers to gain increased privileges...

The vulnerability of Mozilla Firefox, Firefox ESR, and the email client Thunderbird relates to the execution of operations beyond the buffer in memory, allowing an attacker to execute arbitrary code.

The vulnerability in Mozilla Firefox, Firefox ESR, and the email client Thunderbird relates to the execution of operations outside of the buffer in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

xorg-x11-server: Out-of-bounds write in XIChangeDeviceProperty/RRChangeOutputProperty

A out-of-bounds write flaw was found in the xorg-x11-server. This issue occurs due to an incorrect calculation of a buffer offset when copying data stored in the heap in the XIChangeDeviceProperty function in Xi/xiproperty.c and in RRChangeOutputProperty function in randr/rrproperty.c, allowing f...

Important: kernel-livepatch-4.14.322-246.539

Issue Overview: An issue was discovered in drivers/net/ethernet/intel/igb/igbmain.c in the IGB driver in the Linux kernel before 6.5.3. A buffer size may not be adequate for frames larger than the MTU. CVE-2023-45871 Affected Packages: kernel-livepatch-4.14.322-246.539 Issue Correction: Please...

PT-2023-26516 · Intel · Intel Unison

Name of the Vulnerable Software and Affected Versions: Intel Unison affected versions not specified Description: The issue allows an authenticated user to potentially enable escalation of privilege via local access due to access of memory location after end of buffer. Recommendations: At the...

PT-2023-12966 · Intel · Intel Server Boards

Name of the Vulnerable Software and Affected Versions: IntelR Server Board BIOS firmware affected versions not specified Description: The issue is related to improper buffer restrictions in the BIOS firmware, which may allow a privileged user to potentially enable escalation of privilege via loca...

PT-2025-18871 · Linux +2 · Linux Kernel +2

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.1.4-cloudflare-kasan-2023.1.2 Description: A use-after-free issue has been identified in the Linux kernel, specifically in the veth module. This issue arises when the pskb expand head function is used to expan...

CVE-2023-42506

The CVE-2023-42506 issue affects OnSinView2, specifically versions 2.0.1 and earlier. The root cause is an improper restriction of operations within the bounds of a memory buffer (CWE-119), leading to potential information disclosure or arbitrary code execution when a user opens a specially craft...

The vulnerability of the DDP microprogramming software-based wireless access points from D-Link, model DAP-2622, allows a intruder to execute any arbitrary code.

The vulnerability of the DDP microprogramming software used in D-Link DAP-2622 wireless access points lies in the fact that the execution of commands is carried out outside of the buffer in memory. Exploiting this vulnerability allows an attacker to execute arbitrary code...

The vulnerability of the DDP microprogramming software-based wireless access points from D-Link, model DAP-2622, allows a intruder to execute any arbitrary code.

The vulnerability of the DDP microprogramming software used in D-Link DAP-2622 wireless access points lies in the fact that the execution of commands is carried out outside of the buffer in memory. Exploiting this vulnerability allows an attacker to execute arbitrary code...

CVE-2023-28581 Improper Restriction of Operations within the Bounds of a Memory Buffer in WLAN Firmware

Memory corruption in WLAN Firmware while parsing receieved GTK Keys in GTK KDE...