CVE-2024-45413

The CVE-2024-45413 issue affects the HTTPD binary in multiple ZTE routers. A stack-based buffer overflow in rsa_decrypt, an API wrapper for LUA used to decrypt RSA ciphertext, stores decrypted data on the stack without length checks. This allows an authenticated attacker to achieve remote code ex...

CVE-2024-41867

After Effects versions 23.6.6, 24.5 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a...

CVE-2024-41867

CVE-2024-41867 affects Adobe After Effects versions 23.6.6, 24.5 and earlier, with an out-of-bounds read that could disclose sensitive memory and bypass ASLR. Exploitation requires user interaction (victim opens a malicious file). remediation is via Adobe APSB24-55 security update (fixed in 23.6....

CVE-2024-41867 After Effects | Out-of-bounds Read (CWE-125)

After Effects versions 23.6.6, 24.5 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a...

CVE-2024-41867 After Effects | Out-of-bounds Read (CWE-125)

After Effects versions 23.6.6, 24.5 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a...

EulerOS 2.0 SP10 : orc (EulerOS-SA-2024-2449)

According to the versions of the orc packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Stack-based buffer overflow vulnerability exists in orcparse.c of ORC versions prior to 0.4.39. If a developer is tricked to process a specially...

Huawei EulerOS: Security Advisory for orc (EulerOS-SA-2024-2401)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP9 : orc (EulerOS-SA-2024-2376)

According to the versions of the orc packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Stack-based buffer overflow vulnerability exists in orcparse.c of ORC versions prior to 0.4.39. If a developer is tricked to process a specially...

EulerOS 2.0 SP10 : orc (EulerOS-SA-2024-2426)

According to the versions of the orc packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Stack-based buffer overflow vulnerability exists in orcparse.c of ORC versions prior to 0.4.39. If a developer is tricked to process a specially...

MGASA-2024-0288 Updated orc packages fix security vulnerability

Stack-based buffer overflow vulnerability exists in orcparse.c of ORC versions prior to 0.4.39. If a developer is tricked to process a specially crafted file with the affected ORC compiler, an arbitrary code may be executed on the developer's build environment. This may lead to compromise of...

NewStart CGSL MAIN 6.02 : libjpeg-turbo Vulnerability (NS-SA-2024-0051)

The remote NewStart CGSL host, running version MAIN 6.02, has libjpeg-turbo packages installed that are affected by a vulnerability: - A stack-based buffer overflow flaw was found in libjpeg-turbo library in the tranform component. An attacker may use this flaw to input a malicious image file to ...

Siemens Tecnomatix Plant Simulation

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

Adobe After Effects < 23.6.9 / 24.0 < 24.6 Multiple Vulnerabilities (APSB24-55) (macOS)

The version of Adobe After Effects installed on the remote macOS host is prior to 23.6.9, 24.6. It is, therefore, affected by multiple vulnerabilities as referenced in the APSB24-55 advisory. - After Effects versions 23.6.6, 24.5 and earlier are affected by an out-of-bounds write vulnerability th...

Adobe After Effects < 23.6.9 / 24.0 < 24.6 Multiple Vulnerabilities (APSB24-55)

The version of Adobe After Effects installed on the remote Windows host is prior to 23.6.9, 24.6. It is, therefore, affected by multiple vulnerabilities as referenced in the APSB24-55 advisory. - After Effects versions 23.6.6, 24.5 and earlier are affected by an out-of-bounds write vulnerability...

NewStart CGSL MAIN 6.02 : curl Multiple Vulnerabilities (NS-SA-2024-0050)

The remote NewStart CGSL host, running version MAIN 6.02, has curl packages installed that are affected by multiple vulnerabilities: - The redirect implementation in curl and libcurl 5.11 through 7.19.3, when CURLOPTFOLLOWLOCATION is enabled, accepts arbitrary Location values, which might allow...

ABB Freelance AC 900F and AC 700F Stack-based Buffer Overflow (CVE-2023-0426)

ABB is aware of vulnerabilities in the product versions listed below. An update is available that resolves the reported vulnerabilities in the product versions under maintenance. An attacker who successfully exploited one or more of these vulnerabilities could cause the product to stop or make th...

CVE-2024-8408

A vulnerability was found in Linksys WRT54G 4.21.5. It has been rated as critical. Affected by this issue is the function validateservicesport of the file /apply.cgi of the component POST Parameter Handler. The manipulation of the argument servicesarray leads to stack-based buffer overflow. The...

CVE-2024-8408

The CVE-2024-8408 issue affects Linksys WRT54G (version 4.21.5). The vulnerability lies in the POST Parameter Handler’s function validate_services_port in /apply.cgi, where improper handling of the argument services_array causes a stack-based buffer overflow. This vulnerability can be exploited r...

Moderate: Red Hat Security Advisory: orc security update

An update for orc is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as havin...

RHEL 8 : orc (RHSA-2024:6159)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:6159 advisory. Orc is a library and set of tools for compiling and executing very simple programs that operate on arrays of data. The language is a generic assembly...