6554 matches found
CBL Mariner 2.0 Security Update: kernel (CVE-2024-53061)
The version of kernel installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-53061 advisory. - In the Linux kernel, the following vulnerability has been resolved: media: s5p-jpeg: prevent buffer overflow...
ABB Cylon Aspect 3.08.00 fileSystemUpdate.php File Upload / Denial Of Service Vulnerabilities
ABB Cylon Aspect version 3.08.00 suffers from a vulnerability in the fileSystemUpdate.php endpoint of the ABB BEMS controller due to improper handling of uploaded files. The endpoint lacks restrictions on file size and type, allowing attackers to upload excessively large or malicious files. This...
ABB Cylon Aspect 3.08.00 fileSystemUpdate.php File Upload / Denial Of Service
ABB Cylon Aspect 3.08.00 fileSystemUpdate.php Insecure File Upload Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio Firmware: =3.08.00 Summary: ASPECT is an award-winning scalable building energy management...
[SECURITY] [DLA 3978-1] editorconfig-core security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-3978-1 [email protected] https://www.debian.org/lts/security/ Thorsten Alteholz November 30, 2024 https://wiki.debian.org/LTS -...
ABB Cylon Aspect 3.08.00 (fileSystemUpdate.php) Insecure File Upload
Summary ASPECT is an award-winning scalable building energy management and control solution designed to allow users seamless access to their building data through standard building protocols including smart devices. Description A vulnerability exists in the fileSystemUpdate.php endpoint of the AB...
CVE-2024-53849
The CVE-2024-53849 issue affects editorconfig-core-c (EditorConfig core library in C) where multiple escaped characters in input patterns can trigger stack/pointer overflows in the '[' handling during parsing. The root cause is that added backslashes reduce available space in nested-bracket outpu...
CVE-2024-53849 Several stack buffer overflows and pointer overflows in editorconfig-core-c
editorconfig-core-c is theEditorConfig core library written in C for use by plugins supporting EditorConfig parsing. In affected versions several overflows may occur in switch case '' when the input pattern contains many escaped characters. The added backslashes leave too little space in the outp...
CVE-2024-53849 Several stack buffer overflows and pointer overflows in editorconfig-core-c
editorconfig-core-c is theEditorConfig core library written in C for use by plugins supporting EditorConfig parsing. In affected versions several overflows may occur in switch case '' when the input pattern contains many escaped characters. The added backslashes leave too little space in the outp...
The vulnerability of the Native Client component of the Microsoft SQL Server database management system allows a hacker to execute arbitrary code.
The vulnerability of the Native Client component in the Microsoft SQL Server database management system is related to buffer overflows in dynamic memory. Exploiting this vulnerability allows an attacker to execute arbitrary code remotely...
The vulnerability of the Native Client component of the Microsoft SQL Server database management system allows a hacker to execute arbitrary code.
The vulnerability of the Native Client component in the Microsoft SQL Server database management system is related to buffer overflows in dynamic memory. Exploiting this vulnerability allows an attacker to execute arbitrary code remotely...
The vulnerability of the Native Client component of the Microsoft SQL Server database management system allows a hacker to execute arbitrary code.
The vulnerability of the Native Client component in the Microsoft SQL Server database management system is related to buffer overflows in dynamic memory. Exploiting this vulnerability allows an attacker to execute arbitrary code remotely...
The vulnerability of the Native Client component of the Microsoft SQL Server database management system allows a hacker to execute arbitrary code.
The vulnerability of the Native Client component in the Microsoft SQL Server database management system is related to buffer overflows in dynamic memory. Exploiting this vulnerability allows an attacker to execute arbitrary code remotely...
The vulnerability of the Native Client component of the Microsoft SQL Server database management system allows a hacker to execute arbitrary code.
The vulnerability of the Native Client component in the Microsoft SQL Server database management system is related to buffer overflows in dynamic memory. Exploiting this vulnerability allows an attacker to execute arbitrary code remotely...
The vulnerability of the Native Client component of the Microsoft SQL Server database management system allows a hacker to execute arbitrary code.
The vulnerability of the Native Client component in the Microsoft SQL Server database management system is related to buffer overflows in dynamic memory. Exploiting this vulnerability allows an attacker to execute arbitrary code remotely...
The vulnerability of the Native Client component of the Microsoft SQL Server database management system allows a hacker to execute arbitrary code.
The vulnerability of the Native Client component in the Microsoft SQL Server database management system is related to buffer overflows in dynamic memory. Exploiting this vulnerability allows an attacker to execute arbitrary code remotely...
The vulnerability of the Native Client component of the Microsoft SQL Server database management system allows a hacker to execute arbitrary code.
The vulnerability of the Native Client component in the Microsoft SQL Server database management system is related to buffer overflows in dynamic memory. Exploiting this vulnerability allows an attacker to execute arbitrary code remotely...
CVE-2024-53061
In the Linux kernel, the following vulnerability has been resolved: media: s5p-jpeg: prevent buffer overflows The current logic allows word to be less than 2. If this happens, there will be buffer overflows, as reported by smatch. Add extra checks to prevent it. While here, remove an unused word ...
CVE-2024-53061
In the Linux kernel, the following vulnerability has been resolved: media: s5p-jpeg: prevent buffer overflows The current logic allows word to be less than 2. If this happens, there will be buffer overflows, as reported by smatch. Add extra checks to prevent it. While here, remove an unused word ...
CVE-2024-53061 media: s5p-jpeg: prevent buffer overflows
In the Linux kernel, the following vulnerability has been resolved: media: s5p-jpeg: prevent buffer overflows The current logic allows word to be less than 2. If this happens, there will be buffer overflows, as reported by smatch. Add extra checks to prevent it. While here, remove an unused word ...
CVE-2024-53061
CVE-2024-53061 affects the Linux kernel media: s5p-jpeg path, where the current logic allowed a word to be less than 2, risking buffer overflows. The fix adds extra checks to prevent small-word underflow and buffer overflows, as reported by the patch notes. Additionally, an unused assignment (wor...