CVE-2024-21480 Buffer Copy Without Checking Size of Input (`Classic Buffer Overflow`) in Audio

Memory corruption while playing audio file having large-sized input buffer...

CVE-2024-21480 Buffer Copy Without Checking Size of Input (`Classic Buffer Overflow`) in Audio

Memory corruption while playing audio file having large-sized input buffer...

CVE-2024-21480

CVE-2024-21480 relates to memory corruption in Qualcomm chipsets when playing audio files with large input buffers. The entry is documented across multiple sources (NVD/NCSC/Red Hat) as a memory- or buffer-related vulnerability affecting Qualcomm closed-source components, with references indicati...

PT-2024-18901 · Qualcomm · Snapdragon +101

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue involves memory corruption that occurs when playing an audio file with a large-sized input buffer. There is no information provided about the...

DJI Mavic和Matrice 安全漏洞

DJI Mavic and DJI Matrice are both products of the Chinese company DJI.DJI Mavic is a series of drones.DJI Matrice is a series of commercial drone platforms. A security vulnerability exists in the DJI Mavic 3, Matrice 300, and Matrice M30 that stems from a buffer that does not check the size of...

CVE-2024-27094

OpenZeppelin Contracts is a library for secure smart contract development. The Base64.encode function encodes a bytes input by iterating over it in chunks of 3 bytes. When this input is not a multiple of 3, the last iteration may read parts of the memory that are beyond the input buffer. The...

BIT-GUACAMOLE-2023-30576

Apache Guacamole 0.9.10 through 1.5.1 may continue to reference a freed RDP audio input buffer. Depending on timing, this may allow an attacker to execute arbitrary code with the privileges of the guacd process...

BIT-GUACAMOLE-SERVER-2023-30576

Apache Guacamole 0.9.10 through 1.5.1 may continue to reference a freed RDP audio input buffer. Depending on timing, this may allow an attacker to execute arbitrary code with the privileges of the guacd process...

CLSA-2024-1708417192 libxml2: Fix of 3 CVEs

CVE-2017-7375: add validation for parsed entity references - CVE-2017-7376: fix buffer overflow in URL handling - CVE-2017-8872: free input buffer in xmlHaltParser...

Input validation

Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine. When calls to external contracts are made, we write the input buffer starting at byte 28, and allocate the return buffer to start at byte 0 overlapping with the input buffer. When checking RETURNDATASIZE for dynamic...

CVE-2024-24560 Vyper external calls can overflow return data to return input buffer

Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine. When calls to external contracts are made, we write the input buffer starting at byte 28, and allocate the return buffer to start at byte 0 overlapping with the input buffer. When checking RETURNDATASIZE for dynamic...

Vyper Buffer Error Vulnerability

Vyper is the Pythonic smart contract language for EVM. Vyper suffers from a buffer error vulnerability that stems from mistaking erroneous data in the input buffer for return data...

Synology SSL VPN Client Security Vulnerability

Synology SSL VPN Client is a VPN client software for secure connection to Synology NAS from China-based Synology Inc. A security vulnerability exists in Synology SSL VPN Client prior to version 1.4.7-0687, which stems from a buffer replication in the cgi component that does not check the input...

CVE-2023-20560

Insufficient validation of the IOCTL Input Output Control input buffer in AMD Ryzen™ Master may allow a privileged attacker to provide a null value potentially resulting in a Windows crash leading to denial of service...

CVE-2023-20561

Insufficient validation of the IOCTL Input Output Control input buffer in AMD μProf may allow an authenticated user to send an arbitrary address, potentially resulting in a Windows crash, leading to a denial of service. Mitigation Please contact AMD support for updates...

CVE-2023-20562

CVE-2023-20562 involves AMD μProf (AMD uProf) where there is insufficient validation in the IOCTL input buffer. The impact described across sources is that an authenticated user may load an unsigned driver, potentially enabling arbitrary kernel execution. Connected materials explicitly discuss ex...

CVE-2023-20562

Insufficient validation in the IOCTL Input Output Control input buffer in AMD uProf may allow an authenticated user to load an unsigned driver potentially leading to arbitrary kernel execution...

SAMSUNG Mobile devices security vulnerability

SAMSUNG Mobile devices are a range of Samsung mobile devices, including cell phones, tablets, etc., from the South Korean company Samsung SAMSUNG. A security vulnerability exists in SAMSUNG Mobile devices NFC, which stems from a copy of a buffer that is not checked for input size could cause the...

AMD μProf Security Vulnerability

AMD μProf is a software analysis tool from Ultra Micro Semiconductor AMD. AMD μProf suffers from a security vulnerability that stems from insufficient validation of the IOCTL input buffer, which allows an attacker to load an unsigned driver, leading to arbitrary kernel execution...

Security Vulnerabilities fixed in Thunderbird 115.1 — Mozilla

Offscreen Canvas did not properly track cross-origin tainting, which could have been used to access image data from another site in violation of same-origin policy. In some circumstances, a stale value could have been used for a global variable in WASM JIT analysis. This resulted in incorrect...