Page 32 of 4107 results (0.040 seconds)

CVSS: 3.7EPSS: 0%CPEs: -EXPL: 0

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u401-perf, 11.0.22, 17.0.10, 21.0.2, 22; Oracle GraalVM for JDK: 17.0.10, 21.0.2 and 22; Oracle GraalVM Enterprise Edition: 21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. • https://lists.debian.org/debian-lts-announce/2024/04/msg00014.html https://security.netapp.com/advisory/ntap-20240426-0004 https://www.oracle.com/security-alerts/cpuapr2024.html https://access.redhat.com/security/cve/CVE-2024-21068 https://bugzilla.redhat.com/show_bug.cgi?id=2275003 • CWE-787: Out-of-bounds Write •

CVSS: 6.1EPSS: 0%CPEs: -EXPL: 0

On 32-bit versions there were integer-overflows that led to an out-of-bounds-read that potentially could be triggered by a malformed OpenType font. ... The Mozilla Foundation Security Advisory describes this flaw as: On 32-bit versions there were integer-overflows that led to an out-of-bounds-read that potentially could be triggered by a malformed OpenType font. • https://bugzilla.mozilla.org/show_bug.cgi?id=1874489 https://lists.debian.org/debian-lts-announce/2024/04/msg00012.html https://lists.debian.org/debian-lts-announce/2024/04/msg00013.html https://www.mozilla.org/security/advisories/mfsa2024-18 https://www.mozilla.org/security/advisories/mfsa2024-19 https://www.mozilla.org/security/advisories/mfsa2024-20 https://access.redhat.com/security/cve/CVE-2024-3859 https://bugzilla.redhat.com/show_bug.cgi?id=2275552 • CWE-125: Out-of-bounds Read CWE-190: Integer Overflow or Wraparound

CVSS: -EPSS: 0%CPEs: 8EXPL: 1

In the Linux kernel, the following vulnerability has been resolved: amdkfd: use calloc instead of kzalloc to avoid integer overflow This uses calloc instead of doing the multiplication which might overflow. • https://github.com/MaherAzzouzi/CVE-2024-26817-amdkfd https://git.kernel.org/stable/c/e6721ea845fcb93a764a92bd40f1afc0d6c69751 https://git.kernel.org/stable/c/8b0564704255c6b3c6a7188e86939f754e1577c0 https://git.kernel.org/stable/c/fcbd99b3c73309107e3be71f20dff9414df64f91 https://git.kernel.org/stable/c/cbac7de1d9901521e78cdc34e15451df3611f2ad https://git.kernel.org/stable/c/e6768c6737f4c02cba193a3339f0cc2907f0b86a https://git.kernel.org/stable/c/315eb3c2df7e4cb18e3eacfa18a53a46f2bf0ef7 https://git.kernel.org/stable/c/0c33d11153949310d76631d8f4a4736519eacd3a http •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

Animate versions 23.0.4, 24.0.1 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. • https://helpx.adobe.com/security/products/animate/apsb24-26.html • CWE-190: Integer Overflow or Wraparound

CVSS: 8.8EPSS: 0%CPEs: 15EXPL: 0

Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability Vulnerabilidad de ejecución remota de código del controlador ODBC de Microsoft para SQL Server • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28933 • CWE-191: Integer Underflow (Wrap or Wraparound) •