CVE-2024-32502

An issue was discovered in Samsung Mobile Processor and Wearable Processor Exynos 850, Exynos 1080, Exynos 2100, Exynos 1280, Exynos 1380, Exynos 1330, Exynos W920, Exynos W930. The mobile processor lacks proper reference count checking, which can result in a UAF Use-After-Free vulnerability...

JVN#55045256: Multiple vulnerabilities in "FreeFrom - the nostr client" App

"FreeFrom - the nostr client" App provided by FreeFrom K.K. contains multiple vulnerabilities listed below. Improper verification of cryptographic signature CWE-347 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Base Score 5.3 CVE-2024-36277 Reliance on obfuscation or encryption of security-relevan...

Dell BIOS 安全漏洞

Dell BIOS is embedded software on a small memory chip on the motherboard of a computer from Dell USA. A security vulnerability exists in Dell BIOS, which stems from a lack of integrity checking support, and could be exploited by an attacker with physical access to the system to bypass security...

SUSE CVE-2024-36951

In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: range check cp bad op exception interrupts Due to a CP interrupt bug, bad packet garbage exception codes are raised. Do a range check so that the debugger and runtime do not receive garbage codes. Update the user api ...

CVE-2024-36124

iq80 Snappy is a compression/decompression library. When uncompressing certain data, Snappy tries to read outside the bounds of the given byte arrays. Because Snappy uses the JDK class sun.misc.Unsafe to speed up memory access, no additional bounds checks are performed and this has similar securi...

CVE-2023-43542 Buffer Copy Without Checking Size of Input in Trusted Execution Environment

Memory corruption while copying a keyblobs material when the key materials size is not accurately checked...

CVE-2023-43538 Buffer Copy Without Checking Size of Input (`Classic Buffer Overflow`) in TZ Secure OS

Memory corruption in TZ Secure OS while Tunnel Invoke Manager initialization...

RHEL 4 : cups (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 4 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - cups: insufficient checking of the HTTP Host: header CVE-2009-0164 Note that Nessus has not tested for this issue b...

RHEL 5 : wget (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - wget: FTP symlink arbitrary filesystem access CVE-2014-4877 - wget: Lack of filename checking allows...

RHEL 8 : mercurial (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - mercurial: Path-checking logic bypass via symlinks and subrepositories CVE-2019-3902 Note that Nessus has not teste...

[SECURITY] Fedora 39 Update: roundcubemail-1.6.7-1.fc39

RoundCube Webmail is a browser-based multilingual IMAP client with an application-like user interface. It provides full functionality you expect from an e-mail client, including MIME support, address book, folder manipulation, message searching and spell checking. RoundCube Webmail is written in...

[SECURITY] Fedora 40 Update: roundcubemail-1.6.7-1.fc40

RoundCube Webmail is a browser-based multilingual IMAP client with an application-like user interface. It provides full functionality you expect from an e-mail client, including MIME support, address book, folder manipulation, message searching and spell checking. RoundCube Webmail is written in...

SUSE-SU-2024:1557-2 Security update for rpm

This update for rpm fixes the following issues: Security fixes: - CVE-2021-3521: Fixed missing subkey binding signature checking bsc1191175 Other fixes: - accept more signature subpackets marked as critical bsc1218686 - backport limit support for the autopatch macro bsc1189495...

Denial Of Service (DoS) / Information Disclosure

io.airlift: aircompressor is vulnerable to Denial Of Service DoS / Information Disclosure. The vulnerability is due to improper memory bounds checking during data decompression, caused by the use of the sun.misc.Unsafe class without additional safeguards. This can lead to out-of-bounds memory...

Heap Buffer Overflow

chromium is vulnerable to a Heap Buffer Overflow. This vulnerability due to inadequate bounds checking via a crafted HTML page, allows a remote attacker to perform an out-of-bounds memory read...

Heap Buffer Overflow

chromium is vulnerable to Heap Buffer Overflow. The vulnerability is due to improper bounds checking, allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page...

CVE-2024-35333

A stack-buffer-overflow vulnerability exists in the readcharsetdecl function of html2xhtml 1.3. This vulnerability occurs due to improper bounds checking when copying data into a fixed-size stack buffer. An attacker can exploit this vulnerability by providing a specially crafted input to the...

CVE-2024-35333

CVE-2024-35333 affects html2xhtml version 1.3, specifically the read_charset_decl function. The root cause is improper bounds checking when copying data into a fixed-size stack buffer, allowing a stack-based overflow. Reported impact includes arbitrary code execution, denial of service, or data c...

CVE-2021-47537 octeontx2-af: Fix a memleak bug in rvu_mbox_init()

In the Linux kernel, the following vulnerability has been resolved: octeontx2-af: Fix a memleak bug in rvumboxinit In rvumboxinit, mboxregions is not freed or passed out under the switch-default region, which could lead to a memory leak. Fix this bug by changing 'return err' to 'goto freeregions'...

PT-2024-4191 · Gitoxide · Gitoxide

Name of the Vulnerable Software and Affected Versions: gitoxide affected versions not specified Description: The issue is related to how gitoxide handles legacy device names on Windows. When fetching refs or checking out paths that clash with these names, it can read from or write to devices,...