PT-2024-29912 · Cesanta · Cesanta Mongoose Web Server

Name of the Vulnerable Software and Affected Versions: Cesanta Mongoose Web Server version 7.14 Description: The issue is related to improper neutralization of delimiters in the Cesanta Mongoose Web Server. This can cause an out-of-bound memory write if the PEM certificate contains unexpected...

SUSE CVE-2024-50164

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix overloading of MEMUNINIT's meaning Lonial reported an issue in the BPF verifier where checkmemsizereg has the following code: if !tnumisconstreg-varoff / For unprivileged variable accesses, disable raw mode so that the...

AZL-53561 CVE-2024-50164 affecting package kernel for versions less than 6.6.64.2-1

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix overloading of MEMUNINIT's meaning Lonial reported an issue in the BPF verifier where checkmemsizereg has the following code: if !tnumisconstreg-varoff / For unprivileged variable accesses, disable raw mode so that the...

DEBIAN-CVE-2024-50164

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix overloading of MEMUNINIT's meaning Lonial reported an issue in the BPF verifier where checkmemsizereg has the following code: if !tnumisconstreg-varoff / For unprivileged variable accesses, disable raw mode so that the...

UBUNTU-CVE-2024-50164

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix overloading of MEMUNINIT's meaning Lonial reported an issue in the BPF verifier where checkmemsizereg has the following code: if !tnumisconstreg-varoff / For unprivileged variable accesses, disable raw mode so that the...

CVE-2024-50164

The CVE-2024-50164 entry covers a Linux kernel BPF verifier regression where MEM_UNINIT was overloaded to mean both “buffer need not be initialized” and “buffer will be written to.” This allowed a BPF program to write to read-only maps (e.g., .rodata) when the buffer size was not a fixed constant...

AZL-52432 CVE-2024-50134 affecting package kernel for versions less than 5.15.173.1-1

In the Linux kernel, the following vulnerability has been resolved: drm/vboxvideo: Replace fake VLA at end of vbvamousepointershape with real VLA Replace the fake VLA at end of the vbvamousepointershape shape with a real VLA to fix a "memcpy: detected field-spanning write error" warning: 13.31981...

PT-2024-33520 · Samsung · Galaxy S24

Name of the Vulnerable Software and Affected Versions: Galaxy S24 versions prior to Firmware update Sep-2024 Release Description: The issue is related to an out-of-bounds write in the Battery Full Capacity node, allowing local attackers to write out-of-bounds memory. System privilege is required...

KLA74684 Multiple vulnerabilities in Microsoft Browser

Multiple vulnerabilities were found in Microsoft Browser. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code. Below is a complete list of vulnerabilities: 1. Out of bounds memory write vulnerability in Dawn can be exploited to cause denial of...

VulnCheck KEV: CVE-2020-9870

A logic issue was addressed with improved validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8. An attacker with memory write capability may be able to bypass pointer authentication codes and run arbitrary code...

DEBIAN-CVE-2022-48967

In the Linux kernel, the following vulnerability has been resolved: NFC: nci: Bounds check struct nfctarget arrays While running under CONFIGFORTIFYSOURCE=y, syzkaller reported: memcpy: detected field-spanning write size 129 of single field "target-sensfres" at net/nfc/nci/ntf.c:260 size 18 This...

Microsoft Edge (Chromium-Based) Multiple Vulnerabilities (Oct-2 2024)

Microsoft Edge Chromium-Based is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

SUSE CVE-2024-9602

Type Confusion in V8 in Google Chrome prior to 129.0.6668.100 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. Chromium security severity: High...

Google Chrome Security Update (stable-channel-update-for-desktop_8-2024-10) - Mac OS X

Google Chrome is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:google:chrome"; ifdescription...

Google Chrome Security Update (stable-channel-update-for-desktop_8-2024-10) - Windows

Google Chrome is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:google:chrome"; ifdescription...

Microsoft Edge (Chromium) < 129.0.2792.89 Multiple Vulnerabilities

The version of Microsoft Edge installed on the remote Windows host is prior to 129.0.2792.89. It is, therefore, affected by multiple vulnerabilities as referenced in the October 10, 2024 advisory. - Type Confusion in V8 in Google Chrome prior to 129.0.6668.100 allowed a remote attacker to perform...

CVE-2024-9602

Type Confusion in V8 in Google Chrome prior to 129.0.6668.100 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. Chromium security severity: High...

CVE-2024-9602

Type Confusion in V8 in Google Chrome prior to 129.0.6668.100 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. Chromium security severity: High...

CVE-2024-9602

Type Confusion in V8 in Google Chrome prior to 129.0.6668.100 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. Chromium security severity: High...

CVE-2024-9602

CVE-2024-9602 affects Chromium/Google Chrome's V8 engine. A type confusion in V8 allows a remote attacker to trigger an out-of-bounds memory write via a crafted HTML page on Chrome/Chromium builds older than 129.0.6668.100. Impact is high as per CVSS, with potential for arbitrary code execution o...