CVE-2024-0099 CVE

NVIDIA vGPU software for Linux contains a vulnerability in the Virtual GPU Manager, where the guest OS could cause buffer overrun in the host. A successful exploit of this vulnerability might lead to information disclosure, data tampering, escalation of privileges, and denial of service...

CVE-2024-0099 CVE

NVIDIA vGPU software for Linux contains a vulnerability in the Virtual GPU Manager, where the guest OS could cause buffer overrun in the host. A successful exploit of this vulnerability might lead to information disclosure, data tampering, escalation of privileges, and denial of service...

NVIDIA Virtual GPU Manager Multiple Vulnerabilities (June 2024)

The NVIDIA Virtual GPU Manager software on the remote host is missing a security update. It is, therefore, affected by multiple vulnerabilities, including the following: - NVIDIA GPU driver for Windows and Linux contains a vulnerability where a user can cause an out-of-bounds write. A successful...

ruby security update

3.0.7-162 - Upgrade to Ruby 3.0.7. Resolves: RHEL-35740 - Fix HTTP response splitting in CGI. Resolves: RHEL-35741 - Fix ReDoS vulnerability in URI. Resolves: RHEL-35742 - Fix ReDoS vulnerability in Time. Resolves: RHEL-35743 - Fix buffer overread vulnerability in StringIO. Resolves: RHEL-35744 -...

ROS-20240611-12

Vulnerability of the named DNS server daemon BIND is related to an operation overrunning the buffer boundaries in memory as a result of recursion during processing of received packets. as a result of uncontrolled recursion when processing received packets. Exploitation of the vulnerability could...

The vulnerability of the Ivanti Secure Access Client (formerly Pulse Secure Desktop Client) for corporate networks’ VPN servers in Windows operating systems stems from an operation that goes beyond the buffer in memory, allowing a malicious actor to execute arbitrary code with SYSTEM privileges.

The vulnerability of the Ivanti Secure Access Client formerly Pulse Secure Desktop Client for corporate networks’ VPN servers on Windows operating systems is related to the execution of commands outside of the buffer in memory. Exploiting this vulnerability could allow a malicious actor to execut...

CVE-2024-5302

Kofax Power PDF PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a...

PT-2024-6414 · Pdf Xchange · Pdf-Xchange Editor

Name of the Vulnerable Software and Affected Versions: PDF-XChange Editor affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this issue, where the target...

PT-2024-4363 · Nvidia +1 · Nvidia Vgpu +1

Name of the Vulnerable Software and Affected Versions: NVIDIA vGPU software for Linux affected versions not specified Description: The issue is related to a buffer overrun vulnerability in the Virtual GPU Manager of the NVIDIA vGPU software for Linux. This vulnerability can be exploited by the...

kernel: xhci: handle isoc Babble and Buffer Overrun events properly

A flaw was found in the Linux kernel related to the Extensible Host Controller Interface xHCI subsystem, specifically how it handles certain events. The issue arises when the xHCI driver improperly handles isochronous isoc Babble and Buffer Overrun events. The vulnerability occurs because the xHC...

kernel: xhci: handle isoc Babble and Buffer Overrun events properly

A flaw was found in the Linux kernel related to the Extensible Host Controller Interface xHCI subsystem, specifically how it handles certain events. The issue arises when the xHCI driver improperly handles isochronous isoc Babble and Buffer Overrun events. The vulnerability occurs because the xHC...

The vulnerability of WebRTC implementations in Google Chrome and Microsoft Edge browsers allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of WebRTC implementations in Google Chrome and Microsoft Edge stems from the execution of operations beyond the buffer in memory. Exploiting this vulnerability allows a malicious actor to compromise the confidentiality, integrity, and accessibility of protected information by...

RHEL 8 : kernel update (Moderate) (RHSA-2024:3618)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3618 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: Marvin vulnerability...

The vulnerability of the HMI interface configuration software Monitouch V-SFT lies in the possibility of operations going beyond the buffer boundaries in memory, allowing an attacker to execute arbitrary code.

The vulnerability of the HMI interface configuration software Monitouch V-SFT lies in the escape of operations beyond the buffer in memory due to the mixing of data types. Exploiting this vulnerability allows an attacker to execute arbitrary code by loading a malicious V9C format file...

The vulnerability of the Microprogramming Software of the Alpha5 Smart Service System, related to the execution of operations outside the buffer in memory, allows a hacker to execute arbitrary code.

The vulnerability of the Microprogrammed Software of the Alpha5 Smart service system relates to the execution of operations beyond the buffer in memory. Exploiting this vulnerability allows an attacker to execute arbitrary code by loading specially created malicious C5V files...

CVE-2024-36895

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: uvc: use correct buffer size when parsing configfs lists This commit fixes uvc gadget support on 32-bit platforms. Commit 0df28607c5cb "usb: gadget: uvc: Generalise helper functions for reuse" introduced a helper...

RHEL 5 : zsh (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - zsh: buffer overrun in symlinks CVE-2017-18206 - zsh before 5.0.7 allows evaluation of the initial values...

RHEL 4 : perl (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 4 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - perl: File::Temp insecure temporary file handling CVE-2011-4116 - perl: heap buffer overrun flaw may lead...

The vulnerability of the application software interface of the microprogramming system for programmable logic controllers AutomationDirect P3-550E allows a intruder to trigger a service failure.

The vulnerability of the application software interface for Microprogramming Systems, AutomationDirect P3-550E, is related to writing beyond the buffer boundaries in memory. Exploiting this vulnerability could allow an attacker to cause a service failure...

RHEL 9 : zstd (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 9 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - zstd: mysql: buffer overrun in util.c CVE-2022-4899 Note that Nessus has not tested for this issue but has instead...