DEBIAN-CVE-2024-46826

In the Linux kernel, the following vulnerability has been resolved: ELF: fix kernel.randomizevaspace double read ELF loader uses "randomizevaspace" twice. It is sysctl and can change at any moment, so 2 loads could see 2 different values in theory with unpredictable consequences. Issue exactly on...

AZL-53327 CVE-2024-46826 affecting package kernel 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: ELF: fix kernel.randomizevaspace double read ELF loader uses "randomizevaspace" twice. It is sysctl and can change at any moment, so 2 loads could see 2 different values in theory with unpredictable consequences. Issue exactly on...

CVE-2024-39385

Premiere Pro versions 24.5, 23.6.8 and earlier are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim...

CVE-2024-41870

Media Encoder versions 24.5, 23.6.8 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a...

DEBIAN-CVE-2024-45014

In the Linux kernel, the following vulnerability has been resolved: s390/boot: Avoid possible physmeminfo segment corruption When physical memory for the kernel image is allocated it does not consider extra memory required for offsetting the image start to match it with the lower 20 bits of KASLR...

UBUNTU-CVE-2024-45014

In the Linux kernel, the following vulnerability has been resolved: s390/boot: Avoid possible physmeminfo segment corruption When physical memory for the kernel image is allocated it does not consider extra memory required for offsetting the image start to match it with the lower 20 bits of KASLR...

PT-2024-6294 · Adobe · Illustrator

Name of the Vulnerable Software and Affected Versions: Adobe Illustrator versions 28.6, 27.9.5 and earlier Description: The issue is related to an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigation...

Insufficient Randomization And Data Exposure

github.com/consensys/gnark is vulnerable to Insufficient Randomization and Data Exposure. The vulnerability is due to the lack of additional randomized values in the commitments, which allows an attacker to deduce the witness values through enumeration if those values are small...

SUSE CVE-2024-44959

In the Linux kernel, the following vulnerability has been resolved: tracefs: Use generic inode RCU for synchronizing freeing With structure layout randomization enabled for 'struct inode' we need to avoid overlapping any of the RCU-used / initialized-only-once members, e.g. ilru or isblist to not...

CVE-2024-44959

In the Linux kernel, the following vulnerability has been resolved: tracefs: Use generic inode RCU for synchronizing freeing With structure layout randomization enabled for 'struct inode' we need to avoid overlapping any of the RCU-used / initialized-only-once members, e.g. ilru or isblist to not...

CVE-2024-44959

In the Linux kernel, the following vulnerability has been resolved: tracefs: Use generic inode RCU for synchronizing freeing With structure layout randomization enabled for 'struct inode' we need to avoid overlapping any of the RCU-used / initialized-only-once members, e.g. ilru or isblist to not...

CVE-2024-44959

The CVE-2024-44959 entry concerns the Linux kernel tracefs component. It describes a root cause in the in-kernel memory reclaim path where structure layout randomization of struct inode can cause overlapping or misused RCU fields during freeing, potentially triggering list corruption (list_del) a...

CVE-2024-44959 tracefs: Use generic inode RCU for synchronizing freeing

In the Linux kernel, the following vulnerability has been resolved: tracefs: Use generic inode RCU for synchronizing freeing With structure layout randomization enabled for 'struct inode' we need to avoid overlapping any of the RCU-used / initialized-only-once members, e.g. ilru or isblist to not...

CVE-2024-41832

Acrobat Reader versions 20.005.30636, 24.002.20965, 24.002.20964, 24.001.30123 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this...

CVE-2024-41833

Acrobat Reader versions 20.005.30636, 24.002.20965, 24.002.20964, 24.001.30123 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this...

CVE-2024-34126

Dimension versions 3.4.11 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must...

CVE-2024-20790

Dimension versions 3.4.11 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must...

PT-2024-29604 · Adobe · Substance3D - Sampler

Name of the Vulnerable Software and Affected Versions: Substance3D - Sampler versions 4.5 and earlier Description: The issue is an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as Addres...

PT-2024-5922 · Adobe · Acrobat Reader

Name of the Vulnerable Software and Affected Versions: Adobe Acrobat Reader versions 20.005.30636, 24.002.20964, 24.001.30123, 24.002.20991 and earlier Description: The issue is related to a Use After Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage...

PT-2024-25707 · Adobe · Dimension

Name of the Vulnerable Software and Affected Versions: Adobe Dimension versions 3.4.11 and earlier Description: The issue is an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR...