CVE-2023-32160

PDF-XChange Editor PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must vis...

CVE-2023-32154

Mikrotik RouterOS RADVD Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Mikrotik RouterOS. Authentication is not required to exploit this vulnerability. The specific flaw exists...

The vulnerability of the fromAddressNat() function (/goform/addressNat) in the Tenda FH1206 router microprogramming software allows a perpetrator to execute arbitrary code or cause service failures.

The vulnerability of the fromAddressNat function /goform/addressNat in the Tenda FH1206 router microprogramming system is related to the operation that goes beyond the buffer boundaries in memory when processing the parameter entrys. Exploiting this vulnerability could allow a remote attacker to...

Sante DICOM Viewer Pro 安全漏洞

Santesoft Sante DICOM Viewer Pro is a powerful viewer, anonymizer, converter and PACS client from Santesoft Cyprus. Works with DICOM files of all models and manufacturers. A security vulnerability exists in Sante DICOM Viewer Pro, which stems from a carefully crafted J2K image that can be written...

The vulnerability of the Layer-2 Control Protocol Daemon (l2cpd) protocol of LLDP allows a attacker to cause a service failure in Juniper Networks’ Junos OS and Junos OS Evolved operating systems.

The vulnerability of the Layer-2 Control Protocol Daemon l2cpd protocol of the LLDP protocol in Juniper Networks’ Junos OS and Junos OS Evolved operating systems is related to the issue of operations going beyond the buffer in memory when processing LLDP packets. Exploiting this vulnerability can...

The vulnerability of the JavaScript script handler interface in Google Chrome and Microsoft Edge browsers allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the JavaScript script handler interface in Google Chrome and Microsoft Edge browsers is related to the execution of operations beyond the buffer in memory. Exploiting this vulnerability can allow a malicious actor to gain unauthorized access to protected information by openin...

Moderate: Red Hat Security Advisory: rh-mysql80-mysql security update

An update for rh-mysql80-mysql is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

zstd: mysql: buffer overrun in util.c

A vulnerability was found in zstd. This flaw allows an attacker to supply an empty string as an argument to the command line tool to cause a buffer overrun...

The vulnerability of the Adobe Media Encoder application, related to the execution of operations beyond buffer boundaries in memory, allows an attacker to execute arbitrary code.

The vulnerability of the Adobe Media Encoder application relates to the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability allows an attacker to execute arbitrary code using a specially created malicious file...

RHEL 7 : rh-mysql80-mysql (RHSA-2024:2619)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:2619 advisory. MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon, mysqld, and many client programs. The...

The vulnerability of JavaScript script handlers in Microsoft Edge and Google Chrome browsers allows attackers to execute arbitrary code.

The vulnerability of JavaScript script handlers in Microsoft Edge and Google Chrome browsers is related to the execution of operations outside of the buffer in memory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code through a specially created HTML page or file...

Ivanti Avalanche WLAvalancheService Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Ivanti Avalanche. Authentication is not required to exploit this vulnerability. The specific flaw exists within the WLAvalancheService, which listens on TCP port 1777 by default. The issue...

The vulnerability of the ProcXIPassiveGrabDevice() function in the X Window System Xorg-server allows a hacker to gain access to confidential data, compromise its integrity, and cause service failures.

The vulnerability of the ProcXIPassiveGrabDevice function in the X Window System Xorg-server lies in the possibility of data being written outside of the buffer. Exploiting this vulnerability could allow an attacker to access confidential data, compromise its integrity, and even cause service...

The vulnerability in the implementation of the Secure Boot protocol for operating systems with security features allows a perpetrator to circumvent security restrictions.

The vulnerability of the Secure Boot protocol for loading operating systems on Windows is related to the execution of operations beyond the buffer in memory. Exploiting this vulnerability could allow an attacker to circumvent security restrictions...

The vulnerability of the Daemon Routing Protocols (RPD) in Juniper Networks’ Junos OS and Junos OS Evolved operating systems allows a attacker to cause service interruptions.

The vulnerability of the Daemon Routing Protocols RPD in Juniper Networks’ Junos OS and Junos OS Evolved operating systems is related to the occurrence of operations outside the buffer in memory. Exploiting this vulnerability can allow a malicious actor to cause service failures remotely...

DEBIAN-CVE-2024-2961

The iconv function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable...

The vulnerability of the libarchive library for Windows operating systems allows a hacker to execute arbitrary code.

The vulnerability of the libarchive library for Windows operating systems relates to the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability could allow an attacker to execute arbitrary code...

The vulnerability of embedded Qualcomm microprogramming software, related to the lack of a data type conversion mechanism, allows attackers to execute arbitrary code.

The vulnerability of embedded software developed for Qualcomm chips lies in the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to execute arbitrary code...

SUSE CVE-2024-26659

In the Linux kernel, the following vulnerability has been resolved: xhci: handle isoc Babble and Buffer Overrun events properly xHCI 4.9 explicitly forbids assuming that the xHC has released its ownership of a multi-TRB TD when it reports an error on one of the early TRBs. Yet the driver makes su...

CVE-2024-26659

A flaw was found in the Linux kernel related to the Extensible Host Controller Interface xHCI subsystem, specifically how it handles certain events. The issue arises when the xHCI driver improperly handles isochronous isoc Babble and Buffer Overrun events. The vulnerability occurs because the xHC...