CVE-2024-47962 Stack-based Buffer Overflow vulnerability in Delta Electronics CNCSoft-G2

Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can manipulate an insider to visit a malicious page or file to leverage this vulnerability to execute code in the context of the current...

Delta Electronics CNCSoft-G2

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.4 ATTENTION : low attack complexity Vendor : Delta Electronics Equipment : CNCSoft-G2 Vulnerabilities : Stack-based Buffer Overflow, Out-of-bounds Write, Heap-Based Buffer Overflow, Out-of-bounds Read, Use of Uninitialized Variable 2. RISK EVALUATION...

CVE-2024-47410

Animate versions 23.0.7, 24.0.4 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

CVE-2024-47410 Animate | Stack-based Buffer Overflow (CWE-121)

Animate versions 23.0.7, 24.0.4 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

EulerOS 2.0 SP11 : orc (EulerOS-SA-2024-2563)

According to the versions of the orc packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Stack-based buffer overflow vulnerability exists in orcparse.c of ORC versions prior to 0.4.39. If a developer is tricked to process a specially...

Security Bulletin: IBM Security Guardium is affected by multiple vulnerabilities

Summary IBM Security Guardium has addressed these vulnerabilities with an update. Vulnerability Details CVEID:CVE-2024-29857 DESCRIPTION: The Bouncy Castle Crypto Package For Java is vulnerable to a denial of service, caused by improper input validation. By importing an EC certificate with crafte...

Security Bulletin: IBM App Connect Enterprise Certified Container UBI updates

Summary IBM App Connect Enterprise Certified Container ACEcc is built on the Red Hat Universal Base Images. ACEcc operator versions 5.0.21 LTS, 12.0.4 LTS and 12.4.0 contain fixes to the listed CVEs found in the base images. This bulletin provides patch information to address the reported...

CVE-2024-41902

A vulnerability has been identified in JT2Go All versions V2406.0003. The affected application contains a stack-based buffer overflow vulnerability that could be triggered while parsing specially crafted PDF files. This could allow an attacker to execute code in the context of the current process...

CVE-2024-41902

A vulnerability has been identified in JT2Go All versions V2406.0003. The affected application contains a stack-based buffer overflow vulnerability that could be triggered while parsing specially crafted PDF files. This could allow an attacker to execute code in the context of the current process...

CVE-2024-41902

Siemens JT2Go is affected by a stack-based buffer overflow in the PDF parsing path for all versions prior to V2406.0003. The vulnerability could allow code execution in the context of the current process. The issue is triggered when handling specially crafted PDF files and is described in CVE-202...

FastStone Image Viewer <= 7.5 Multiple Vulnerabilities

The version of FastStone Image Viewer installed on the remote Windows host is prior to or equal to 7.5. It is, therefore, affected by multiple vulnerabilities: - Unsafe Parsing of a PNG tRNS chunk in FastStone Image Viewer through 7.5 results in a stack buffer overflow. CVE-2022-36947 - A user mo...

Adobe Animate 23.x < 23.0.8 / 24.x < 24.0.5 Multiple Vulnerabilities (APSB24-76)

The version of Adobe Animate installed on the remote macOS or Mac OS X host is prior to 23.0.8 or 24.0.5. It is, therefore, affected by multiple vulnerabilities as referenced in the apsb24-76 advisory. - Animate versions 23.0.7, 24.0.4 and earlier are affected by an out-of-bounds write...

Adobe Animate 23.x < 23.0.8 / 24.x < 24.0.5 Multiple Vulnerabilities (APSB24-76)

The version of Adobe Animate installed on the remote Windows host is prior to 23.0.8 or 24.0.5. It is, therefore, affected by multiple vulnerabilities as referenced in the apsb24-76 advisory. - Animate versions 23.0.7, 24.0.4 and earlier are affected by an out-of-bounds write vulnerability that...

Siemens JT2Go

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

CVE-2024-23374 Stack-based Buffer Overflow in Power Management IC

Memory corruption is possible when an attempt is made from userspace or console to write some haptics effects pattern to the haptics debugfs file...

Advisory ROSA-SA-2024-2492

Software: krb5 1.15.1 OS: rosa-server79 packageevrstring: krb5-1.15.1-55.res7 CVE-ID: CVE-2022-42898 BDU-ID: 2022-06933 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the PAC Privileged Attribute Certificate parameters of the krb5parsepac function of the Heimdal and MIT Kerberos packets of the...

CVE-2024-41592

DrayTek Vigor3910 devices through 4.3.2.6 have a stack-based overflow when processing query string parameters because GetCGI mishandles extraneous ampersand characters and long key-value pairs...

CVE-2024-41586

A stack-based Buffer Overflow vulnerability in DrayTek Vigor310 devices through 4.3.2.6 allows a remote attacker to execute arbitrary code via a long query string to the cgi-bin/ipfedr.cgi component...

CVE-2024-47135

Stack-based buffer overflow vulnerability exists in Kostac PLC Programming Software Former name: Koyo PLC Programming Software Version 1.6.14.0 and earlier. Having a user open a specially crafted project file which was saved using Kostac PLC Programming Software Version 1.6.9.0 and earlier may...

CVE-2024-41592

CVE-2024-41592 affects DrayTek Vigor3910 devices up to 4.3.2.6. The issue is a stack-based overflow in the GetCGI function when processing query string parameters (extraneous ampersands and long key–value pairs). Exploitation could lead to arbitrary code execution or DoS as described in multiple ...