CVE-2024-41038 firmware: cs_dsp: Prevent buffer overrun when processing V2 alg headers

In the Linux kernel, the following vulnerability has been resolved: firmware: csdsp: Prevent buffer overrun when processing V2 alg headers Check that all fields of a V2 algorithm header fit into the available firmware data buffer. The wmfw V2 format introduced variable-length strings in the...

PT-2024-37880 · Irfanview · Irfanview

Name of the Vulnerable Software and Affected Versions: IrfanView affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this issue, where the target must visit a...

PT-2024-37886 · Irfan Skiljan · Irfanview

Name of the Vulnerable Software and Affected Versions: IrfanView affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this, where the target must visit a malicious...

The vulnerability of the Adobe Animate software for creating multimedia and computer animations lies in the ability to write code beyond the buffer boundaries in memory, allowing attackers to execute arbitrary code.

The vulnerability of the Adobe Animate software for creating multimedia and computer animations is related to writing beyond the buffer boundaries in memory. Exploiting this vulnerability allows a hacker to remotely execute arbitrary code using a specially crafted file...

The vulnerability of the WSQ Plugin for IrfanView, a program for viewing and playing graphic, video, and audio files, arises from the operation of the function that allows data to be written beyond the buffer in memory. This vulnerability allows an attacker to execute arbitrary code.

The vulnerability of the WSQ Plugin for IrfanView, a program for viewing and playing graphic, video, and audio files, is related to the occurrence of operations outside the buffer in memory during the processing of WSQ format files. Exploiting this vulnerability can allow an attacker to execute...

The vulnerability of the AsInsHelp64.sys driver, part of the DeviceIoControl utility in ASUS’ ASUS Fan Xpert computer and laptop fan control software, allows a hacker to execute arbitrary code, increase their privileges, or disclose sensitive information.

The vulnerability of the AsInsHelp64.sys driver, which is part of the DeviceIoControl utility in the ASUS ASUS Fan Xpert speed control software, relates to operations that go beyond the buffer limits in memory. Exploiting this vulnerability allows an attacker to execute arbitrary code, gain...

tpm2-tss: Buffer Overlow in TSS2_RC_Decode

A flaw was found in tpm2-tss, which is an open source software implementation of the Trusted Computing Group TCG Trusted Platform Module TPM 2 Software Stack TSS2. In affected versions, Tss2RCSetHandler and Tss2RCDecode index into the layerhandler with an 8-bit layer number, but the array only ha...

The vulnerability of the microprogramming software for AutomationDirect P3-550E lies in the possibility of writing beyond the buffer boundaries in memory, allowing a intruder to cause malfunctions during maintenance.

The vulnerability of the microprogrammed software in AutomationDirect P3-550E controllers is related to writing beyond the buffer boundaries in memory. Exploiting this vulnerability could allow an attacker to cause malfunctions in the system remotely...

The vulnerability of the User Mode Driver for DirectX 11 in AMD Radeon microcomputer graphics software allows a hacker to execute arbitrary code.

The vulnerability of the User Mode Driver for DirectX 11 in AMD Radeon graphics processors is related to the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to execute arbitrary code...

The vulnerability of the pre-processing processor Simcenter Femap, related to writing beyond buffer boundaries, allows a hacker to execute arbitrary code.

The vulnerability of the pre-processing processor Simcenter Femap is related to writing beyond the buffer boundaries. Exploiting this vulnerability can allow a attacker to execute arbitrary code using a specially created IGS format malicious file...

The vulnerability of the Remote Desktop Licensing Service for Windows operating systems allows a perpetrator to trigger a service failure.

The vulnerability of the Remote Desktop Licensing Service for Windows operating systems is related to the execution of operations outside the buffer in memory. Exploiting this vulnerability could allow a malicious actor to cause service failures...

The vulnerability of the JT Open Toolkit (JTTK) and PLM XML SDK development tools arises from the possibility of an operation exceeding the buffer boundaries in memory, allowing a hacker to execute arbitrary code.

The vulnerability of the JT Open Toolkit JTTK and PLM XML SDK development tools is related to the execution of operations outside the buffer in memory. Exploiting this vulnerability can allow an attacker to execute arbitrary code using a specially created malicious XML file...

The vulnerability of the ImageIO component in operating systems iPadOS, iOS, and macOS allows a hacker to execute arbitrary code.

The vulnerability of the ImageIO component in operating systems such as iPadOS, iOS, macOS, and visionOS is related to writing beyond the buffer boundaries. Exploiting this vulnerability can allow an attacker to execute arbitrary code...

The vulnerability in the implementation of the Secure Boot protocol for operating systems with Windows, which allows attackers to circumvent existing security restrictions.

The vulnerability of the Secure Boot protocol for Windows operating systems lies in the fact that operations may go beyond the buffer boundaries in memory. Exploiting this vulnerability could allow a malicious actor to circumvent existing security restrictions remotely...

The vulnerability of Mozilla Firefox, Firefox ESR, and the email client Thunderbird relates to the execution of operations outside the buffer in memory. This allows an attacker to execute arbitrary code or cause a service failure.

The vulnerability in Mozilla Firefox, Firefox ESR, and the email client Thunderbird relates to the execution of operations outside of the buffer in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code or cause service interruptions using the tag...

Vulnerability of QTS and QuTS operating systems, as well as QNAP network devices, related to the operation of operations beyond the buffer in memory, allowing attackers to execute arbitrary code.

The vulnerability of QTS and QuTS operating systems, as well as QNAP network devices, is related to the execution of operations beyond the buffer in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

The vulnerability of Siemens Solid Edge’s design and simulation tools relates to the execution of operations beyond the buffer boundaries in memory. This allows attackers to execute arbitrary code.

The vulnerability of Siemens Solid Edge’s design and simulation tools relates to the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability can allow attackers to execute arbitrary code using specially created PAR files...

The vulnerability of the microprogramming software of the Nighthawk WiFi 6 Router (RAX30) allows a hacker to execute arbitrary code.

The vulnerability of the finddil function in the microprogramming software for Nighthawk WiFi 6 Routers RAX30 is related to the execution of operations outside the buffer in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code with root privileges...

The vulnerability of the IOAESAccelerator component in the UDF file system of the Mac OS allows a hacker to increase their privileges.

The vulnerability of the IOAESAccelerator component in the UDF file system of the Mac OS operating system is related to operations that go beyond the buffer boundaries in memory. Exploiting this vulnerability can allow a remote attacker to gain increased privileges...

PT-2024-4397 · Moxa · Oncell G3470A-Lte Series

Name of the Vulnerable Software and Affected Versions: OnCell G3470A-LTE Series firmware versions v1.7.7 and prior Description: The issue is related to missing bounds checking on buffer operations, which could allow an attacker to write past the boundaries of allocated buffer regions in memory,...