NewStart CGSL MAIN 6.02 : libjpeg-turbo Vulnerability (NS-SA-2024-0051)

The remote NewStart CGSL host, running version MAIN 6.02, has libjpeg-turbo packages installed that are affected by a vulnerability: - A stack-based buffer overflow flaw was found in libjpeg-turbo library in the tranform component. An attacker may use this flaw to input a malicious image file to ...

Siemens Tecnomatix Plant Simulation

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

Adobe After Effects < 23.6.9 / 24.0 < 24.6 Multiple Vulnerabilities (APSB24-55) (macOS)

The version of Adobe After Effects installed on the remote macOS host is prior to 23.6.9, 24.6. It is, therefore, affected by multiple vulnerabilities as referenced in the APSB24-55 advisory. - After Effects versions 23.6.6, 24.5 and earlier are affected by an out-of-bounds write vulnerability th...

NewStart CGSL MAIN 6.02 : curl Multiple Vulnerabilities (NS-SA-2024-0050)

The remote NewStart CGSL host, running version MAIN 6.02, has curl packages installed that are affected by multiple vulnerabilities: - The redirect implementation in curl and libcurl 5.11 through 7.19.3, when CURLOPTFOLLOWLOCATION is enabled, accepts arbitrary Location values, which might allow...

Adobe After Effects < 23.6.9 / 24.0 < 24.6 Multiple Vulnerabilities (APSB24-55)

The version of Adobe After Effects installed on the remote Windows host is prior to 23.6.9, 24.6. It is, therefore, affected by multiple vulnerabilities as referenced in the APSB24-55 advisory. - After Effects versions 23.6.6, 24.5 and earlier are affected by an out-of-bounds write vulnerability...

ABB Freelance AC 900F and AC 700F Stack-based Buffer Overflow (CVE-2023-0426)

ABB is aware of vulnerabilities in the product versions listed below. An update is available that resolves the reported vulnerabilities in the product versions under maintenance. An attacker who successfully exploited one or more of these vulnerabilities could cause the product to stop or make th...

CVE-2024-8408

A vulnerability was found in Linksys WRT54G 4.21.5. It has been rated as critical. Affected by this issue is the function validateservicesport of the file /apply.cgi of the component POST Parameter Handler. The manipulation of the argument servicesarray leads to stack-based buffer overflow. The...

CVE-2024-8408

The CVE-2024-8408 issue affects Linksys WRT54G (version 4.21.5). The vulnerability lies in the POST Parameter Handler’s function validate_services_port in /apply.cgi, where improper handling of the argument services_array causes a stack-based buffer overflow. This vulnerability can be exploited r...

Moderate: Red Hat Security Advisory: orc security update

An update for orc is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as havin...

RHEL 8 : orc (RHSA-2024:6159)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:6159 advisory. Orc is a library and set of tools for compiling and executing very simple programs that operate on arrays of data. The language is a generic assembly...

RHEL 9 : orc (RHSA-2024:6184)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:6184 advisory. Orc is a library and set of tools for compiling and executing very simple programs that operate on arrays of data. The language is a generic assembly...

CVE-2024-45623

D-Link DAP-2310 Hardware A Firmware 1.16RC028 allows remote attackers to execute arbitrary code via a stack-based buffer overflow in the ATP binary that handles PHP HTTP GET requests for the Apache HTTP Server httpd. NOTE: This vulnerability only affects products that are no longer supported by t...

CVE-2024-45623

CVE-2024-45623 affects D-Link DAP-2310 Hardware A Firmware 1.16RC028. A stack-based buffer overflow in the ATP binary that handles PHP HTTP GET requests for the Apache HTTP Server (httpd) allows remote code execution. Impact is high (remote, no user interaction; network access required) per the N...

ROS-20240902-17

A vulnerability in the orcparse.c file in the library for compiling and executing programs that work with GStreamer ORC data arrays is related to a stack-based buffer overflow. GStreamer ORC data arrays is related to a stack-based buffer overflow. Exploitation of the vulnerability could allow an...

CVE-2024-8231

A vulnerability classified as critical has been found in Tenda O6 1.0.0.72054. Affected is the function fromVirtualSet of the file /goform/setPortForward. The manipulation of the argument ip/localPort/publicPort/app leads to stack-based buffer overflow. It is possible to launch the attack remotel...

CVE-2024-8230

A vulnerability was found in Tenda O6 1.0.0.72054. It has been rated as critical. This issue affects the function fromSafeSetMacFilter of the file /goform/setMacFilterList. The manipulation of the argument remark/type/time leads to stack-based buffer overflow. The attack may be initiated remotely...

CVE-2024-8229

A vulnerability was found in Tenda O6 1.0.0.72054. It has been declared as critical. This vulnerability affects the function frommacFilterModify of the file /goform/operateMacFilter. The manipulation of the argument mac leads to stack-based buffer overflow. The attack can be initiated remotely. T...

CVE-2024-8230

The CVE-2024-8230 entry concerns Tenda O6 firmware version 1.0.0.7(2054). The vulnerability lies in the fromSafeSetMacFilter function of /goform/setMacFilterList, where manipulating the arguments remark, type, or time can trigger a stack-based buffer overflow. Public exploitation is claimed, enab...

CVE-2024-8226

A vulnerability has been found in Tenda O1 1.0.0.710648 and classified as critical. Affected by this vulnerability is the function formSetCfm of the file /goform/setcfm. The manipulation of the argument funcpara1 leads to stack-based buffer overflow. The attack can be launched remotely. The explo...

CVE-2024-8228

A vulnerability was found in Tenda O5 1.0.0.85017. It has been classified as critical. This affects the function fromSafeSetMacFilter of the file /goform/setMacFilterList. The manipulation of the argument remark/type/time leads to stack-based buffer overflow. It is possible to initiate the attack...