Moderate: Red Hat Security Advisory: rh-mysql80-mysql security update

An update for rh-mysql80-mysql is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

zstd: mysql: buffer overrun in util.c

A vulnerability was found in zstd. This flaw allows an attacker to supply an empty string as an argument to the command line tool to cause a buffer overrun...

The vulnerability of the Adobe Media Encoder application, related to the execution of operations beyond buffer boundaries in memory, allows an attacker to execute arbitrary code.

The vulnerability of the Adobe Media Encoder application relates to the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability allows an attacker to execute arbitrary code using a specially created malicious file...

RHEL 7 : rh-mysql80-mysql (RHSA-2024:2619)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:2619 advisory. MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon, mysqld, and many client programs. The...

The vulnerability of JavaScript script handlers in Microsoft Edge and Google Chrome browsers allows attackers to execute arbitrary code.

The vulnerability of JavaScript script handlers in Microsoft Edge and Google Chrome browsers is related to the execution of operations outside of the buffer in memory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code through a specially created HTML page or file...

Ivanti Avalanche WLAvalancheService Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Ivanti Avalanche. Authentication is not required to exploit this vulnerability. The specific flaw exists within the WLAvalancheService, which listens on TCP port 1777 by default. The issue...

The vulnerability of the ProcXIPassiveGrabDevice() function in the X Window System Xorg-server allows a hacker to gain access to confidential data, compromise its integrity, and cause service failures.

The vulnerability of the ProcXIPassiveGrabDevice function in the X Window System Xorg-server lies in the possibility of data being written outside of the buffer. Exploiting this vulnerability could allow an attacker to access confidential data, compromise its integrity, and even cause service...

The vulnerability in the implementation of the Secure Boot protocol for operating systems with security features allows a perpetrator to circumvent security restrictions.

The vulnerability of the Secure Boot protocol for loading operating systems on Windows is related to the execution of operations beyond the buffer in memory. Exploiting this vulnerability could allow an attacker to circumvent security restrictions...

The vulnerability of the Daemon Routing Protocols (RPD) in Juniper Networks’ Junos OS and Junos OS Evolved operating systems allows a attacker to cause service interruptions.

The vulnerability of the Daemon Routing Protocols RPD in Juniper Networks’ Junos OS and Junos OS Evolved operating systems is related to the occurrence of operations outside the buffer in memory. Exploiting this vulnerability can allow a malicious actor to cause service failures remotely...

DEBIAN-CVE-2024-2961

The iconv function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable...

The vulnerability of the libarchive library for Windows operating systems allows a hacker to execute arbitrary code.

The vulnerability of the libarchive library for Windows operating systems relates to the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability could allow an attacker to execute arbitrary code...

The vulnerability of embedded Qualcomm microprogramming software, related to the lack of a data type conversion mechanism, allows attackers to execute arbitrary code.

The vulnerability of embedded software developed for Qualcomm chips lies in the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to execute arbitrary code...

SUSE CVE-2024-26659

In the Linux kernel, the following vulnerability has been resolved: xhci: handle isoc Babble and Buffer Overrun events properly xHCI 4.9 explicitly forbids assuming that the xHC has released its ownership of a multi-TRB TD when it reports an error on one of the early TRBs. Yet the driver makes su...

CVE-2024-26659

A flaw was found in the Linux kernel related to the Extensible Host Controller Interface xHCI subsystem, specifically how it handles certain events. The issue arises when the xHCI driver improperly handles isochronous isoc Babble and Buffer Overrun events. The vulnerability occurs because the xHC...

CVE-2024-26659

In the Linux kernel, the following vulnerability has been resolved: xhci: handle isoc Babble and Buffer Overrun events properly xHCI 4.9 explicitly forbids assuming that the xHC has released its ownership of a multi-TRB TD when it reports an error on one of the early TRBs. Yet the driver makes su...

DEBIAN-CVE-2024-26659

In the Linux kernel, the following vulnerability has been resolved: xhci: handle isoc Babble and Buffer Overrun events properly xHCI 4.9 explicitly forbids assuming that the xHC has released its ownership of a multi-TRB TD when it reports an error on one of the early TRBs. Yet the driver makes su...

UBUNTU-CVE-2024-26659

In the Linux kernel, the following vulnerability has been resolved: xhci: handle isoc Babble and Buffer Overrun events properly xHCI 4.9 explicitly forbids assuming that the xHC has released its ownership of a multi-TRB TD when it reports an error on one of the early TRBs. Yet the driver makes su...

CVE-2024-26659 xhci: handle isoc Babble and Buffer Overrun events properly

In the Linux kernel, the following vulnerability has been resolved: xhci: handle isoc Babble and Buffer Overrun events properly xHCI 4.9 explicitly forbids assuming that the xHC has released its ownership of a multi-TRB TD when it reports an error on one of the early TRBs. Yet the driver makes su...

CVE-2024-26659

The CVE-2024-26659 issue concerns the Linux kernel xHCI isochronous transfer handling. Affected component: xHCI driver handling isoc Transaction/ Babble errors in multi-TRB TDs. Root cause: the driver may release a TD after an early error, freeing or overwriting remaining TRBs, which obscures the...

CVE-2024-26659

In the Linux kernel, the following vulnerability has been resolved: xhci: handle isoc Babble and Buffer Overrun events properly xHCI 4.9 explicitly forbids assuming that the xHC has released its ownership of a multi-TRB TD when it reports an error on one of the early TRBs. Yet the driver makes su...