Fedora 40 : libwebp (2023-d5faede1d6)

The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-d5faede1d6 advisory. Automatic update for libwebp-1.3.1-3.fc40. Changelog Wed Sep 13 2023 Boudhayan Bhattacharya - 1.3.1-3 - Add patch for CVE-2023-4863 ref rhbz2238543 Tenable h...

NewStart CGSL CORE 5.04 / MAIN 5.04 : libldb Vulnerability (NS-SA-2024-0010)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has libldb packages installed that are affected by a vulnerability: - A flaw was found in Samba's libldb. Multiple, consecutive leading spaces in an LDAP attribute can lead to an out-of-bounds memory write, leading to a crash o...

The vulnerability of the Simcenter Femap simulation application, related to writing beyond the buffer boundaries in memory, allows a hacker to execute arbitrary code.

The vulnerability of the Simcenter Femap simulation application lies in the writing of data beyond the buffer boundaries in memory. Exploiting this vulnerability could allow an attacker to execute arbitrary code using a specially created Catia MODEL file...

CVE-2024-20848

Improper Input Validation vulnerability in text parsing implementation of libsdffextractor prior to SMR Apr-2024 Release 1 allows local attackers to write out-of-bounds memory...

SAMSUNG Mobile devices 安全漏洞

SAMSUNG Mobile devices are a range of Samsung mobile devices, including cell phones, tablets, etc., from the South Korean company SAMSUNG. A security vulnerability exists in SAMSUNG Mobile devices prior to SMR Apr-2024 Release 1, which stems from an out-of-bounds write when freeing memory...

MediaTek 芯片 安全漏洞

MediaTek chips are a variety of chips from MediaTek, a Chinese company called MediaTek. A security vulnerability exists in the MediaTek chips, which stems from a missing boundary check issue in the da module, which could result in an out-of-bounds write...

PT-2024-2641 · Dji · Dji Matrice 300 +6

Name of the Vulnerable Software and Affected Versions: DJI Mavic 3 Pro versions prior to v01.01.0300 DJI Mavic 3 versions prior to v01.00.1200 DJI Mavic 3 Classic versions prior to v01.00.0500 DJI Mavic 3 Enterprise versions prior to v07.01.10.03 DJI Matrice 300 versions prior to v57.00.01.00 DJI...

CVE-2024-26645

In the Linux kernel, the following vulnerability has been resolved: tracing: Ensure visibility when inserting an element into tracingmap Running the following two commands in parallel on a multi-processor AArch64 machine can sporadically produce an unexpected warning about duplicate histogram...

Huawei EulerOS: Security Advisory for libwebp (EulerOS-SA-2024-1401)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS Virtualization 2.11.1 : libwebp (EulerOS-SA-2024-1401)

According to the versions of the libwebp packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform ...

EulerOS Virtualization 2.11.0 : libwebp (EulerOS-SA-2024-1429)

According to the versions of the libwebp package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform a...

kernel: ktls overwrites readonly memory pages when using function splice with a ktls socket as destination

An out-of-bounds memory write flaw was found in the Linux kernel’s Transport Layer Security functionality in how a user calls a function splice with a ktls socket as the destination. This flaw allows a local user to crash or potentially escalate their privileges on the system...

RHEL 8 : kpatch-patch (RHSA-2024:1368)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:1368 advisory. This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel...

Oracle Linux 9 : kernel (ELSA-2024-1248)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-1248 advisory. - drm/amdgpu: Fix potential fence use-after-free v2 Jan Stancek RHEL-24501 RHEL-24504 RHEL-22506 RHEL-22507 CVE-2023-51042 - netfilter: nftables: skip...

PT-2024-2342 · Dell · Dell Poweredge Server Bios

Name of the Vulnerable Software and Affected Versions: Dell PowerEdge Server BIOS affected versions not specified Description: The issue is related to a heap-based buffer overflow vulnerability in the Dell PowerEdge Server BIOS. A local high privileged attacker could potentially exploit this...

kernel: ktls overwrites readonly memory pages when using function splice with a ktls socket as destination

An out-of-bounds memory write flaw was found in the Linux kernel’s Transport Layer Security functionality in how a user calls a function splice with a ktls socket as the destination. This flaw allows a local user to crash or potentially escalate their privileges on the system...

kernel: net/sched: sch_qfq component can be exploited if in qfq_change_agg function happens qfq_enqueue overhead

An out-of-bounds memory write flaw was found in qfqchangeagg in net/sched/schqfq.c in the Traffic Control QoS subsystem in the Linux kernel. This flaw allows a local user to crash or potentially escalate their privileges on the system...

kernel: ktls overwrites readonly memory pages when using function splice with a ktls socket as destination

An out-of-bounds memory write flaw was found in the Linux kernel’s Transport Layer Security functionality in how a user calls a function splice with a ktls socket as the destination. This flaw allows a local user to crash or potentially escalate their privileges on the system...

kernel: net/sched: sch_qfq component can be exploited if in qfq_change_agg function happens qfq_enqueue overhead

An out-of-bounds memory write flaw was found in qfqchangeagg in net/sched/schqfq.c in the Traffic Control QoS subsystem in the Linux kernel. This flaw allows a local user to crash or potentially escalate their privileges on the system...

CVE-2024-26001

An unauthenticated remote attacker can write memory out of bounds due to improper input validation in the MQTT stack. The brute force attack is not always successful because of memory randomization...