DEBIAN-CVE-2024-38661

In the Linux kernel, the following vulnerability has been resolved: s390/ap: Fix crash in AP internal function modifybitmap A system crash like this Failing address: 200000cb7df6f000 TEID: 200000cb7df6f403 Fault in home space mode while using kernel ASCE. AS:00000002d71bc007 R3:00000003fe5b8007...

CVE-2024-23150

A maliciously crafted PRT file, when parsed in odxugdll.dll through Autodesk AutoCAD, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process...

CVE-2024-37002 Multiple Vulnerabilities in the Autodesk AutoCAD Desktop Software

A maliciously crafted MODEL file, when parsed in ASMkern229A.dllthrough Autodesk applications, can be used to uninitialized variables. This vulnerability, along with other vulnerabilities, could lead to code execution in the current process...

SUSE CVE-2024-36481

In the Linux kernel, the following vulnerability has been resolved: tracing/probes: fix error check in parsebtffield btffindstructmember might return NULL or an error via the ERRPTR macro. However, its caller in parsebtffield only checks for the NULL condition. Fix this by using ISERR and returni...

CVE-2024-38381

A vulnerability was found in the NCI component in the Linux kernel's NFC subsystem. This issue involves an uninitialized value in the ncirxwork function, which could lead to unintended behavior or potential security risks. Mitigation Mitigation for this issue is either not available or the...

AZL-42834 CVE-2024-36481 affecting package kernel for versions less than 6.6.35.1-4

In the Linux kernel, the following vulnerability has been resolved: tracing/probes: fix error check in parsebtffield btffindstructmember might return NULL or an error via the ERRPTR macro. However, its caller in parsebtffield only checks for the NULL condition. Fix this by using ISERR and returni...

DEBIAN-CVE-2024-36481

In the Linux kernel, the following vulnerability has been resolved: tracing/probes: fix error check in parsebtffield btffindstructmember might return NULL or an error via the ERRPTR macro. However, its caller in parsebtffield only checks for the NULL condition. Fix this by using ISERR and returni...

AZL-42854 CVE-2024-36481 affecting package kernel for versions less than 5.15.160.1-1

In the Linux kernel, the following vulnerability has been resolved: tracing/probes: fix error check in parsebtffield btffindstructmember might return NULL or an error via the ERRPTR macro. However, its caller in parsebtffield only checks for the NULL condition. Fix this by using ISERR and returni...

UBUNTU-CVE-2024-36481

In the Linux kernel, the following vulnerability has been resolved: tracing/probes: fix error check in parsebtffield btffindstructmember might return NULL or an error via the ERRPTR macro. However, its caller in parsebtffield only checks for the NULL condition. Fix this by using ISERR and returni...

golang: net/http: golang: mime/multipart: golang: net/textproto: memory exhaustion in Request.ParseMultipartForm

A flaw was discovered in Go's net/http standard library package. When parsing a multipart form either explicitly with Request.ParseMultipartForm or implicitly with Request.FormValue, Request.PostFormValue, or Request.FormFile, limits on the total size of the parsed form were not applied to the...

PT-2024-5552 · Tencent +4 · Rapidjson +4

Name of the Vulnerable Software and Affected Versions: Tencent RapidJSON affected versions not specified Description: The issue is related to an integer underflow in the GenericReader::ParseNumber function of include/rapidjson/reader.h when parsing JSON text from a stream. This can be exploited b...

CVE-2024-38427

In International Color Consortium DemoIccMAX before 85ce74e, a logic flaw in CIccTagXmlProfileSequenceId::ParseXml in IccXML/IccLibXML/IccTagXml.cpp results in unconditionally returning false...

PT-2024-27997 · International Color Consortium · Demoiccmax

Name of the Vulnerable Software and Affected Versions: International Color Consortium DemoIccMAX versions prior to 85ce74e Description: A logic flaw exists in the CIccTagXmlProfileSequenceId::ParseXml function within IccTagXml.cpp, causing it to unconditionally return false. This issue is related...

Rocky Linux 9 : .NET 7.0 (RLSA-2024:2843)

The remote Rocky Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:2843 advisory. dotnet: stack buffer overrun in Double Parse CVE-2024-30045 dotnet: denial of service in ASP.NET Core due to deadlock in Http2OutputProducer.Stop...

Rocky Linux 9 : .NET 8.0 (RLSA-2024:2842)

The remote Rocky Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:2842 advisory. dotnet: stack buffer overrun in Double Parse CVE-2024-30045 dotnet: denial of service in ASP.NET Core due to deadlock in Http2OutputProducer.Stop...

CVE-2024-32898

In ProtocolCellIdentityParserV4::Parse of protocolnetadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with baseband firmware compromise required. User Interaction is not needed for exploitation...

SUSE CVE-2024-36761

naga v0.14.0 was discovered to contain a stack overflow via the component /wgsl/parse/mod.rs...

Google Pixel Security Breach

Google Pixel is a smartphone from Google, Inc. in the United States. A security vulnerability exists in Google Pixel, which stems from a lack of bounds checking in the ProtocolCellIdentityParserV4::Parse module of protocolnetadapter.cpp, which may allow out-of-bounds reads...

PT-2024-26435 · Libyaml · Libyaml

Name of the Vulnerable Software and Affected Versions: libyaml version 0.2.5 Description: The issue affects the function yaml parser parse of the file /src/libyaml/src/parser.c, making libyaml vulnerable to Denial of Service DDOS attacks. Recommendations: As a temporary workaround, consider...

CVE-2024-36761

naga v0.14.0 was discovered to contain a stack overflow via the component /wgsl/parse/mod.rs...