CVE-2024-26659 xhci: handle isoc Babble and Buffer Overrun events properly

In the Linux kernel, the following vulnerability has been resolved: xhci: handle isoc Babble and Buffer Overrun events properly xHCI 4.9 explicitly forbids assuming that the xHC has released its ownership of a multi-TRB TD when it reports an error on one of the early TRBs. Yet the driver makes su...

CVE-2024-26659

In the Linux kernel, the following vulnerability has been resolved: xhci: handle isoc Babble and Buffer Overrun events properly xHCI 4.9 explicitly forbids assuming that the xHC has released its ownership of a multi-TRB TD when it reports an error on one of the early TRBs. Yet the driver makes su...

CVE-2024-26659

In the Linux kernel, the following vulnerability has been resolved: xhci: handle isoc Babble and Buffer Overrun events properly xHCI 4.9 explicitly forbids assuming that the xHC has released its ownership of a multi-TRB TD when it reports an error on one of the early TRBs. Yet the driver makes su...

The software for simulation and automation of discrete events in Arena Simulation is vulnerable due to an operation that goes beyond the buffer in memory, allowing attackers to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the Arena Simulation software for modeling and automating discrete events arises from the execution of an operation outside the buffer in memory. Exploiting this vulnerability can allow a hacker to compromise the confidentiality, integrity, and accessibility of the protected...

Vulnerability of software for modeling, designing, and drawing in AutoCAD, related to the execution of operations beyond buffer boundaries in memory. This allows attackers to gain unauthorized access to protected information, execute arbitrary code, or cause system failures.

The vulnerability of the software for modeling, designing, and drawing in AutoCAD is related to the operation of writing data beyond the buffer boundaries in memory when processing an SLDPRT file with the ODXSWDLL.dll library. Exploiting this vulnerability can allow an attacker to gain unauthoriz...

The vulnerability of the Mozilla Firefox browser, related to the execution of operations beyond the buffer in memory, allows attackers to execute arbitrary code or cause a service failure.

The vulnerability of the Mozilla Firefox browser is related to the execution of operations beyond the buffer boundaries in memory, due to incorrect checks of buffer boundaries based on a range-based approach. Exploiting this vulnerability allows an attacker to execute arbitrary code or cause...

The vulnerability of the Adobe Bridge file manager, related to writing beyond the buffer boundaries in memory, allows a hacker to execute arbitrary code.

The vulnerability of the Adobe Bridge file manager is related to writing beyond the buffer boundaries in memory. Exploiting this vulnerability could allow an attacker to execute arbitrary code...

BIT-NODE-2022-3602 X.509 Email Address 4-byte Buffer Overflow

A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed the malicious certificate or for the application to continue certificate...

BIT-NODE-2022-3786 X.509 Email Address Variable Length Buffer Overflow

A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed a malicious certificate or for an application to continue certificate...

zstd: mysql: buffer overrun in util.c

A vulnerability was found in zstd. This flaw allows an attacker to supply an empty string as an argument to the command line tool to cause a buffer overrun...

systemd: buffer overrun in format_timespan() function

An off-by-one error flaw was found in systemd in the formattimespan function of time-util.c. This flaw allows an attacker to supply specific values for time and accuracy, leading to a buffer overrun in formattimespan, leading to a denial of service...

Moderate: Red Hat Security Advisory: systemd security update

An update for systemd is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

SUSE-SU-2024:0759-1 Security update for glibc

This update for glibc fixes the following issues: Security issues fixed: - CVE-2020-29573: x86: printf was hardened against non-normal long double values bsc1179721, BZ 26649 - CVE-2021-3326: Fix assertion failure in gconv ISO-2022-JP-3 module bsc1181505, BZ 27256 - CVE-2019-25013: Fix buffer...

RHEL 8 : systemd (RHSA-2024:1105)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:1105 advisory. The systemd packages contain systemd, a system and service manager for Linux, compatible with the SysV and LSB init scripts. It provides...

The vulnerability of HP DesignJet printer’s microprogramming software relates to the execution of operations beyond the buffer boundaries in memory, allowing an intruder to gain unauthorized access to protected information.

The vulnerability of HP DesignJet printer’s microprogramming software lies in the execution of operations beyond the buffer limits. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information by connecting to port 9220...

RHEL 9 : mysql (RHSA-2024:1141)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:1141 advisory. MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon mysqld and many client programs and...

openSUSE Security Advisory (openSUSE-SU-2024:0023-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CentOS 9 : opensc-0.23.0-2.el9

The remote CentOS Linux 9 host has a package installed that is affected by a vulnerability as referenced in the opensc-0.23.0-2.el9 build changelog. - buffer overrun in pkcs15init for cardos CVE-2023-2977 Note that Nessus has not tested for this issue but has instead relied only on the...

The vulnerability of the `apply_sao_internal<unsigned short>` function (sao.cc) in the h.265 Libde265 codec implementation allows a attacker to cause a service failure.

The vulnerability of the applysaointernal function sao.cc in the h.265 Libde265 implementation is related to writing beyond the buffer boundaries. Exploiting this vulnerability could allow a remote attacker to cause service interruptions...

The vulnerability of the put_qpel_0_0_fallback_16 function (fallback-motion.cc) in the implementation of the h.265 Libde265 video codec allows a perpetrator to trigger a service failure.

The vulnerability of the putqpel00fallback16 function in fallback-motion.cc in the h.265 Libde265 implementation is related to writing beyond the buffer boundaries. Exploiting this vulnerability can allow a remote attacker to trigger a service failure using a specially created file...