2295 matches found
CVE-2024-9369
Insufficient data validation in Mojo in Google Chrome prior to 129.0.6668.89 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory write via a crafted HTML page. Chromium security severity: High...
CVE-2024-9369
Insufficient data validation in Mojo in Google Chrome prior to 129.0.6668.89 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory write via a crafted HTML page. Chromium security severity: High...
CVE-2024-9369
Insufficient data validation in Mojo in Google Chrome prior to 129.0.6668.89 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory write via a crafted HTML page. Chromium security severity: High...
CVE-2024-9369
Insufficient data validation in Mojo in Google Chrome prior to 129.0.6668.89 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory write via a crafted HTML page. Chromium security severity: High...
CVE-2024-9369
CVE-2024-9369: Insufficient data validation in Mojo within Google Chrome (Chromium) allowed a remote attacker, who had compromised the renderer process, to perform an out-of-bounds memory write via a crafted HTML page. The issue is confirmed in Chrome/Chromium and has high impact. Public fix/upda...
CVE-2024-9369
Insufficient data validation in Mojo in Google Chrome prior to 129.0.6668.89 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory write via a crafted HTML page. Chromium security severity: High...
KLA77555 Multiple vulnerabilities in Mozilla Firefox ESR
Multiple vulnerabilities were found in Mozilla Firefox ESR. Malicious users can exploit these vulnerabilities to bypass security restrictions, cause denial of service. Below is a complete list of vulnerabilities: 1. Security vulnerability in Enhanced Tracking Protection’s Strict mode can be...
UBUNTU-CVE-2024-11477
7-Zip Zstandard Decompression Integer Underflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of 7-Zip. Interaction with this library is required to exploit this vulnerability but attack vectors may vary dependi...
The vulnerability of the at24 component in the Linux operating system’s kernel, which allows a hacker to trigger a service failure
The vulnerability of the at24 component in the Linux operating system’s kernel is related to the operation of pushing data out of the buffer into memory within the at24probe function. Exploiting this vulnerability can allow an attacker to cause a system failure...
PT-2024-10645 · Mediatek · Mediatek Audio Driver
Name of the Vulnerable Software and Affected Versions: MediaTek audio driver affected versions not specified Description: The issue is related to a missing bounds check in the mtkscoaudio debugfs, combined with weakened SELinux policies. This could allow for an arbitrary kernel memory write,...
CVE-2024-42385
Improper Neutralization of Delimiters vulnerability in Cesanta Mongoose Web Server v7.14 allows to trigger an out-of-bound memory write if the PEM certificate contains unexpected characters...
CVE-2024-42385
Improper Neutralization of Delimiters vulnerability in Cesanta Mongoose Web Server v7.14 allows to trigger an out-of-bound memory write if the PEM certificate contains unexpected characters...
CVE-2024-42385 Improper Neutralization of Delimiters in Mongoose Web Server library
Improper Neutralization of Delimiters vulnerability in Cesanta Mongoose Web Server v7.14 allows to trigger an out-of-bound memory write if the PEM certificate contains unexpected characters...
CVE-2024-42385 Improper Neutralization of Delimiters in Mongoose Web Server library
Improper Neutralization of Delimiters vulnerability in Cesanta Mongoose Web Server v7.14 allows to trigger an out-of-bound memory write if the PEM certificate contains unexpected characters...
PT-2024-29912 · Cesanta · Cesanta Mongoose Web Server
Name of the Vulnerable Software and Affected Versions: Cesanta Mongoose Web Server version 7.14 Description: The issue is related to improper neutralization of delimiters in the Cesanta Mongoose Web Server. This can cause an out-of-bound memory write if the PEM certificate contains unexpected...
SUSE CVE-2024-50164
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix overloading of MEMUNINIT's meaning Lonial reported an issue in the BPF verifier where checkmemsizereg has the following code: if !tnumisconstreg-varoff / For unprivileged variable accesses, disable raw mode so that the...
AZL-53561 CVE-2024-50164 affecting package kernel for versions less than 6.6.64.2-1
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix overloading of MEMUNINIT's meaning Lonial reported an issue in the BPF verifier where checkmemsizereg has the following code: if !tnumisconstreg-varoff / For unprivileged variable accesses, disable raw mode so that the...
DEBIAN-CVE-2024-50164
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix overloading of MEMUNINIT's meaning Lonial reported an issue in the BPF verifier where checkmemsizereg has the following code: if !tnumisconstreg-varoff / For unprivileged variable accesses, disable raw mode so that the...
UBUNTU-CVE-2024-50164
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix overloading of MEMUNINIT's meaning Lonial reported an issue in the BPF verifier where checkmemsizereg has the following code: if !tnumisconstreg-varoff / For unprivileged variable accesses, disable raw mode so that the...
CVE-2024-50164
The CVE-2024-50164 entry covers a Linux kernel BPF verifier regression where MEM_UNINIT was overloaded to mean both “buffer need not be initialized” and “buffer will be written to.” This allowed a BPF program to write to read-only maps (e.g., .rodata) when the buffer size was not a fixed constant...