AlmaLinux 8 : mysql:8.0 (ALSA-2024:0894)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:0894 advisory. mysql: InnoDB unspecified vulnerability CPU Apr 2023 CVE-2023-21911 mysql: Server: DDL unspecified vulnerability CPU Apr 2023 CVE-2023-21919,...

PT-2024-1862 · Irfan Skiljan · Irfanview

Name of the Vulnerable Software and Affected Versions: IrfanView affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations. User interaction is required, where the target must visit a malicious page or open a malicious file...

Moderate: Red Hat Security Advisory: mysql:8.0 security update

An update for the mysql:8.0 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

zstd: mysql: buffer overrun in util.c

A vulnerability was found in zstd. This flaw allows an attacker to supply an empty string as an argument to the command line tool to cause a buffer overrun...

RHEL 8 : mysql:8.0 (RHSA-2024:0894)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:0894 advisory. MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon mysqld and many client programs and...

The vulnerability of the 3D model texturing program Adobe Substance 3D Painter, related to the execution of operations beyond the buffer boundaries in memory, allows attackers to execute arbitrary code.

The vulnerability of the 3D model texturing software Adobe Substance 3D Painter lies in the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability allows an attacker to execute arbitrary code...

The vulnerability of the 3D model texturing program Adobe Substance 3D Painter, related to the occurrence of operations outside the buffer boundaries in memory, allows attackers to exploit the protected information.

The vulnerability of the 3D model texturing software Adobe Substance 3D Painter lies in the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability can allow attackers to disclose protected information...

The vulnerability of the PhysmemCreateNewDmaBufBackedPMR function in the ChromeOS operating system allows a hacker to execute arbitrary code and enhance their privileges.

The vulnerability of the PhysmemCreateNewDmaBufBackedPMR function in the ChromeOS operating system is related to writing beyond the buffer’s boundaries. Exploiting this vulnerability can allow an attacker to execute arbitrary code and increase their privileges...

The vulnerability of the tiffrasterscanlinesize64() function in the LibTIFF library, which allows a hacker to cause a service failure

The vulnerability of the tiffrasterscanlinesize64 function in the LibTIFF library is related to writing beyond the buffer boundaries in memory. Exploiting this vulnerability could allow a malicious actor to cause service interruptions...

PT-2024-1963 · Siemens · Simcenter Femap

Name of the Vulnerable Software and Affected Versions: Simcenter Femap versions prior to V2401.0000 Description: A vulnerability has been identified in Simcenter Femap that involves an out of bounds write past the end of an allocated buffer while parsing a specially crafted Catia MODEL file. This...

The vulnerability of the Substance 3D Sampler software for creating textures and materials for 3D models lies in the ability to write data beyond the buffer boundaries in memory, allowing an attacker to execute arbitrary code.

The vulnerability of the Substance 3D Sampler software for creating textures and materials for 3D models lies in the writing of data beyond the buffer boundaries in memory. Exploiting this vulnerability allows an attacker to execute arbitrary code using a specially created file...

The vulnerability of the CAMX driver for the Chrome OS operating system allows a hacker to escalate their privileges and execute arbitrary code.

The vulnerability of the CAMX driver for the Chrome OS operating system is related to writing beyond buffer boundaries. Exploiting this vulnerability can allow an attacker to increase their privileges and execute arbitrary code...

CentOS 8 : systemd (CESA-2023:0100)

The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the CESA-2023:0100 advisory. - An off-by-one Error issue was discovered in Systemd in formattimespan function of time-util.c. An attacker could supply specific values for time and accuracy...

The vulnerability of the soapcgi_main function in D-Link DIR-815 router microprogramming software allows a hacker to execute arbitrary code.

The vulnerability of the soapcgimain function in D-Link DIR-815 router microprogramming software arises from an operation that goes beyond the buffer boundaries in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

GLSA-202402-08 : OpenSSL: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202402-08 OpenSSL: Multiple Vulnerabilities - OpenSSL supports creating a custom cipher via the legacy EVPCIPHERmethnew function and associated function calls. This function was deprecated in OpenSSL 3.0 and application authors ar...

The vulnerability of the formwrlSSIDset() function in the httpd daemon of the wireless access point Tenda W6 allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the formwrlSSIDset function in the httpd daemon of the microprogrammed wireless access points Tenda W6 is related to the operation that goes beyond the buffer in memory when processing the index parameter. Exploiting this vulnerability could allow an attacker to compromise th...

The vulnerability of the Delta Industrial Automation DOPSoft software for designing human-machine interfaces lies in the copying of buffers without checking the size of the input data. This allows a malicious actor to execute arbitrary code.

The vulnerability of the Delta Industrial Automation DOPSoft software for designing human-machine interfaces lies in the copying of buffers without checking the size of the input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using a specially created DPS...

The vulnerability of the setOpModeCfg() function in the cstecgi.cgi script of the Totolink N200RE router’s microprogramming system, which allows a hacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the setOpModeCfg function in the cstecgi.cgi script of the Totolink N200RE router’s microprogramming system is related to the issue of operations going beyond the buffer boundaries in memory when processing the pppoeUser parameter. Exploiting this vulnerability could allow an...

The vulnerability of the formSetCfm() function in the httpd daemon of the wireless access points’ microprogramming software from Tenda i9, which allows a intruder to trigger a service failure.

The vulnerability of the formSetCfm function in the httpd daemon of the microprogrammed wireless access points from Tenda i9 is related to the operation that goes beyond the buffer in memory when processing the funcpara1 parameter. Exploiting this vulnerability could allow a malicious actor to...

The vulnerability in the main() function of the cstecgi.cgi script of the Totolink N200RE router’s microprogramming system allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability in the main function of the cstecgi.cgi script of the Totolink N200RE router software relates to the output of operations that go beyond the buffer in memory. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibility of...