ROS-20240916-10

A vulnerability in the ncwrapentry component of the library for controlling I/O to the terminal ncurses, is related to an operation exceeding buffer boundaries in memory. Exploitation of the vulnerability could allow an attacker acting remotely to affect confidentiality, integrity, and availabili...

The vulnerability of the decode_status_report() function in the OFono mobile communication interface, related to the issue of operations going beyond the buffer in memory, allows a perpetrator to access confidential data, compromise its integrity, and cause service failures.

The vulnerability of the decodestatusreport function in the OFono mobile communication interface is related to the execution of operations outside the buffer in memory. Exploiting this vulnerability could allow a remote attacker to access confidential data, compromise its integrity, and cause...

The vulnerability of Adobe InDesign’s computer layout automation tool, related to the execution of operations beyond buffer boundaries in memory, allows attackers to bypass the ASLR protection mechanism and gain unauthorized access to protected information.

The vulnerability of Adobe InDesign’s computer layout automation tool is related to the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability could allow an attacker to bypass the ASLR protection mechanism and gain unauthorized access to protected informati...

ROS-20240911-09

Vulnerability of the pkgconftupleparse function libpkgconf/tuple.c of the software tool for setting flags for pkgconf development libraries is related to a buffer overrun. compiler and linker flags for pkgconf development libraries is related to the operation exceeding the buffer boundaries. in...

The vulnerability in Microsoft Edge’s Chromium-based browser occurs due to the execution of operations beyond the buffer boundaries in memory, allowing an attacker to execute arbitrary code.

The vulnerability of Microsoft Edge based on Chromium is related to the issue of operations going beyond the buffer boundaries in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

Fedora: Security Advisory (FEDORA-2024-430678b035)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory (FEDORA-2024-a84c59eedc)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

OESA-2024-2092 edk2 security update

EDK II is a modern, feature-rich, cross-platform firmware development environment for the UEFI and PI specifications. Security Fixes: ASN.1 strings are represented internally within OpenSSL as an ASN1STRING structure which contains a buffer holding the string data and a field holding the buffer...

OESA-2024-2095 edk2 security update

EDK II is a modern, feature-rich, cross-platform firmware development environment for the UEFI and PI specifications. Security Fixes: ASN.1 strings are represented internally within OpenSSL as an ASN1STRING structure which contains a buffer holding the string data and a field holding the buffer...

ROS-20240906-02

Vulnerability of the kmemcachedestroy function of the lib/listdebug.c library of the Linux kernel is related to a buffer overrun. is related to an operation exceeding the buffer boundaries in memory. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

Fedora 40 : lua-mpack (2024-430678b035)

The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-430678b035 advisory. Fix buffer overrun when giving an offset to Session:receive Tenable has extracted the preceding description block directly from the Fedora security advisory...

The vulnerability of the tsc2046 component in the Linux operating system allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the tsc2046 component in the Linux operating system is related to writing beyond the allowed write limits. Exploiting this vulnerability can allow an attacker to compromise the confidentiality, integrity, and accessibility of the protected information...

The vulnerability of the NTLMSSP discriver, an analyzer of computer network traffic by Wireshark, allows a hacker to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the NTLMSSP discriminator and the Wireshark traffic analyzer involves an issue where an operation is executed outside the buffer in memory, as a result of a pointer being reassigned when its validity period has expired. Exploiting this vulnerability allows a remote attacker t...

CBL Mariner 2.0 Security Update: openssl (CVE-2021-3712)

The version of openssl installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2021-3712 advisory. - ASN.1 strings are represented internally within OpenSSL as an ASN1STRING structure which contains a buffer...

kernel: crypto: bcm - Fix pointer arithmetic

In the Linux kernel, the following vulnerability has been resolved: crypto: bcm - Fix pointer arithmetic In spu2dumpomd value of ptr is increased by ciphkeylen instead of hashivlen which could lead to going beyond the buffer boundaries. Fix this bug by changing ciphkeylen to hashivlen. Found by...

The vulnerability of the Windows RRAS operating system’s routing and remote access services allows attackers to disclose sensitive information.

The vulnerability of the Windows RRAS operating system’s routing and remote access service is related to the execution of operations beyond the buffer in memory. Exploiting this vulnerability can allow a malicious actor to disclose sensitive information...

CVE-2024-6812

IrfanView WSQ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious pag...

The vulnerability of the NTFS file system in Windows operating systems allows attackers to increase their privileges.

The vulnerability of the NTFS file system in Windows operating systems is related to the execution of operations beyond the buffer in memory. Exploiting this vulnerability can allow an attacker to increase their privileges...

The vulnerability of the Security Center Broker component of the Windows operating system, which allows a perpetrator to disclose protected information

The vulnerability of the Security Center Broker component of the Windows operating system is related to the execution of operations beyond the buffer in memory. Exploiting this vulnerability can allow an attacker to disclose sensitive information that is protected by security measures...

The vulnerability of the Windows Hyper-V hardware virtualization system allows attackers to escalate their privileges.

The vulnerability of the Windows Hyper-V hardware virtualization system in Windows operating systems is related to the execution of operations beyond the buffer in memory. Exploiting this vulnerability can allow an attacker to gain increased privileges...