PT-2024-17709 · Velocidex · Velocidex Winpmem

Name of the Vulnerable Software and Affected Versions: Velocidex WinPmem versions below 4.1 Description: The issue allows a user space program to trick the driver into writing a 0 into any chosen memory location by using an IO Control. In conjunction with information leakage from the WinPmem...

SUSE CVE-2024-47541

GStreamer is a library for constructing graphs of media-handling components. An OOB-write vulnerability has been identified in the gstssaparseremoveoverridecodes function of the gstssaparse.c file. This function is responsible for parsing and removing SSA SubStation Alpha style override codes,...

PT-2025-3035 · Apple · Macos Sonoma +2

Name of the Vulnerable Software and Affected Versions: macOS Sonoma versions prior to 14.7.2 macOS Sonoma versions prior to 14.7.3 macOS Sequoia versions prior to 15.2 Description: An out-of-bounds write issue was addressed with improved input validation. This issue may allow an app to cause...

The vulnerabilities of the Linux kernel functions wcd938x_set_swr_port() and wcd938x_get_swr_port(), which allow an attacker to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerabilities of the functions wcd938xsetswrport and wcd938xgetswrport in the Linux kernel’s sound/soc/codecs/wcd938x.c module are related to memory writing beyond the bounds of the allocated buffer. Exploiting these vulnerabilities could allow a remote attacker to compromise the...

CVE-2024-9369

Insufficient data validation in Mojo in Google Chrome prior to 129.0.6668.89 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory write via a crafted HTML page. Chromium security severity: High...

CVE-2024-9369

Insufficient data validation in Mojo in Google Chrome prior to 129.0.6668.89 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory write via a crafted HTML page. Chromium security severity: High...

CVE-2024-9369

Insufficient data validation in Mojo in Google Chrome prior to 129.0.6668.89 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory write via a crafted HTML page. Chromium security severity: High...

CVE-2024-9369

Insufficient data validation in Mojo in Google Chrome prior to 129.0.6668.89 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory write via a crafted HTML page. Chromium security severity: High...

CVE-2024-9369

CVE-2024-9369: Insufficient data validation in Mojo within Google Chrome (Chromium) allowed a remote attacker, who had compromised the renderer process, to perform an out-of-bounds memory write via a crafted HTML page. The issue is confirmed in Chrome/Chromium and has high impact. Public fix/upda...

CVE-2024-9369

Insufficient data validation in Mojo in Google Chrome prior to 129.0.6668.89 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory write via a crafted HTML page. Chromium security severity: High...

KLA77555 Multiple vulnerabilities in Mozilla Firefox ESR

Multiple vulnerabilities were found in Mozilla Firefox ESR. Malicious users can exploit these vulnerabilities to bypass security restrictions, cause denial of service. Below is a complete list of vulnerabilities: 1. Security vulnerability in Enhanced Tracking Protection’s Strict mode can be...

Astra Linux – Vulnerability in Chromium

Insufficient data validation in Mojo in Google Chrome prior to 129.0.6668.89 allowed a remote attacker who had compromised the renderer process to perform an out-of-bounds memory write via a crafted HTML page. Chromium security severity: High...

Astra Linux – Vulnerability in Chromium

“Type Confusion in V8” in Google Chrome before version 129.0.6668.100 allowed a remote attacker to perform an out-of-bounds memory write through a crafted HTML page. Chromium security severity: High...

UBUNTU-CVE-2024-11477

7-Zip Zstandard Decompression Integer Underflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of 7-Zip. Interaction with this library is required to exploit this vulnerability but attack vectors may vary dependi...

The vulnerability of the at24 component in the Linux operating system’s kernel, which allows a hacker to trigger a service failure

The vulnerability of the at24 component in the Linux operating system’s kernel is related to the operation of pushing data out of the buffer into memory within the at24probe function. Exploiting this vulnerability can allow an attacker to cause a system failure...

PT-2024-10645 · Mediatek · Mediatek Audio Driver

Name of the Vulnerable Software and Affected Versions: MediaTek audio driver affected versions not specified Description: The issue is related to a missing bounds check in the mtkscoaudio debugfs, combined with weakened SELinux policies. This could allow for an arbitrary kernel memory write,...

CVE-2024-42385

Improper Neutralization of Delimiters vulnerability in Cesanta Mongoose Web Server v7.14 allows to trigger an out-of-bound memory write if the PEM certificate contains unexpected characters...

CVE-2024-42385

Improper Neutralization of Delimiters vulnerability in Cesanta Mongoose Web Server v7.14 allows to trigger an out-of-bound memory write if the PEM certificate contains unexpected characters...

CVE-2024-42385 Improper Neutralization of Delimiters in Mongoose Web Server library

Improper Neutralization of Delimiters vulnerability in Cesanta Mongoose Web Server v7.14 allows to trigger an out-of-bound memory write if the PEM certificate contains unexpected characters...

CVE-2024-42385 Improper Neutralization of Delimiters in Mongoose Web Server library

Improper Neutralization of Delimiters vulnerability in Cesanta Mongoose Web Server v7.14 allows to trigger an out-of-bound memory write if the PEM certificate contains unexpected characters...