Total
2429 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-28576 | 2024-08-05 | N/A | 5.5 MEDIUM | ||
| Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the opj_j2k_tcp_destroy() function when reading images in J2K format. | |||||
| CVE-2024-28569 | 2024-08-05 | N/A | 7.8 HIGH | ||
| Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to execute arbitrary code via the Imf_2_2::Xdr::read() function when reading images in EXR format. | |||||
| CVE-2024-28583 | 2024-08-05 | N/A | 7.8 HIGH | ||
| Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to execute arbitrary code via the readLine() function when reading images in XPM format. | |||||
| CVE-2023-52729 | 2024-08-05 | N/A | 7.5 HIGH | ||
| TCPServer.cpp in SimpleNetwork through 29bc615 has an off-by-one error that causes a buffer overflow when trying to add '\0' to the end of long msg data. It can be exploited via crafted TCP packets. | |||||
| CVE-2024-25139 | 2024-08-05 | N/A | 10.0 CRITICAL | ||
| In TP-Link Omada er605 1.0.1 through (v2.6) 2.2.3, a cloud-brd binary is susceptible to an integer overflow that leads to a heap-based buffer overflow. After heap shaping, an attacker can achieve code execution in the context of the cloud-brd binary that runs at the root level. This is fixed in ER605(UN)_v2_2.2.4 Build 020240119. | |||||
| CVE-2020-28759 | 1 Tengine Project | 1 Tengine | 2024-08-04 | 4.3 MEDIUM | 5.5 MEDIUM |
| The serializer module in OAID Tengine lite-v1.0 has a Buffer Overflow and crash. NOTE: another person has stated "I don't think there is an proof of overflow so far. | |||||
| CVE-2020-25756 | 1 Cesanta | 1 Mongoose | 2024-08-04 | 7.5 HIGH | 9.8 CRITICAL |
| A buffer overflow vulnerability exists in the mg_get_http_header function in Cesanta Mongoose 6.18 due to a lack of bounds checking. A crafted HTTP header can exploit this bug. NOTE: a committer has stated "this will not happen in practice. | |||||
| CVE-2020-21469 | 1 Postgresql | 1 Postgresql | 2024-08-04 | N/A | 4.4 MEDIUM |
| An issue was discovered in PostgreSQL 12.2 allows attackers to cause a denial of service via repeatedly sending SIGHUP signals. NOTE: this is disputed by the vendor because untrusted users cannot send SIGHUP signals; they can only be sent by a PostgreSQL superuser, a user with pg_reload_conf access, or a user with sufficient privileges at the OS level (the postgres account or the root account). | |||||
| CVE-2021-41496 | 1 Numpy | 1 Numpy | 2024-08-04 | 2.1 LOW | 5.5 MEDIUM |
| Buffer overflow in the array_from_pyobj function of fortranobject.c in NumPy < 1.19, which allows attackers to conduct a Denial of Service attacks by carefully constructing an array with negative values. NOTE: The vendor does not agree this is a vulnerability; the negative dimensions can only be created by an already privileged user (or internally) | |||||
| CVE-2021-33430 | 1 Numpy | 1 Numpy | 2024-08-04 | 3.5 LOW | 5.3 MEDIUM |
| A Buffer Overflow vulnerability exists in NumPy 1.9.x in the PyArray_NewFromDescr_int function of ctors.c when specifying arrays of large dimensions (over 32) from Python code, which could let a malicious user cause a Denial of Service. NOTE: The vendor does not agree this is a vulneraility; In (very limited) circumstances a user may be able provoke the buffer overflow, the user is most likely already privileged to at least provoke denial of service by exhausting memory. Triggering this further requires the use of uncommon API (complicated structured dtypes), which is very unlikely to be available to an unprivileged user | |||||
| CVE-2021-33226 | 1 Saltstack | 1 Salt | 2024-08-04 | N/A | 9.8 CRITICAL |
| Buffer Overflow vulnerability in Saltstack v.3003 and before allows attacker to execute arbitrary code via the func variable in salt/salt/modules/status.py file. NOTE: this is disputed by third parties because an attacker cannot influence the eval input | |||||
| CVE-2021-3182 | 1 Dlink | 2 Dcs-5220, Dcs-5220 Firmware | 2024-08-03 | 7.7 HIGH | 8.0 HIGH |
| D-Link DCS-5220 devices have a buffer overflow. NOTE: This vulnerability only affects products that are no longer supported by the maintainer | |||||
| CVE-2022-43752 | 2 Common Desktop Environment Project, Oracle | 2 Common Desktop Environment, Solaris | 2024-08-03 | N/A | 7.8 HIGH |
| Oracle Solaris version 10 1/13, when using the Common Desktop Environment (CDE), is vulnerable to a privilege escalation vulnerability. A low privileged user can escalate to root by crafting a malicious printer and double clicking on the the crafted printer's icon. | |||||
| CVE-2022-24702 | 1 Winaprs | 1 Winaprs | 2024-08-03 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in WinAPRS 2.9.0. A buffer overflow in the VHF KISS TNC component allows a remote attacker to achieve remote code execution via malicious AX.25 packets over the air. NOTE: This vulnerability only affects products that are no longer supported by the maintainer | |||||
| CVE-2022-24701 | 1 Winaprs | 1 Winaprs | 2024-08-03 | 4.6 MEDIUM | 7.8 HIGH |
| An issue was discovered in WinAPRS 2.9.0. A buffer overflow in national.txt processing allows a local attacker to cause a denial of service or possibly achieve code execution. NOTE: This vulnerability only affects products that are no longer supported by the maintainer | |||||
| CVE-2022-24700 | 1 Winaprs | 1 Winaprs | 2024-08-03 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in WinAPRS 2.9.0. A buffer overflow in DIGI address processing for VHF KISS packets allows a remote attacker to cause a denial of service (daemon crash) via a malicious AX.25 packet over the air. NOTE: This vulnerability only affects products that are no longer supported by the maintainer | |||||
| CVE-2024-29243 | 2024-08-02 | N/A | 9.8 CRITICAL | ||
| Shenzhen Libituo Technology Co., Ltd LBT-T300-mini v1.2.9 was discovered to contain a buffer overflow via the vpn_client_ip parameter at /apply.cgi. | |||||
| CVE-2023-43314 | 1 Zyxel | 2 Pmg2005-t20b, Pmg2005-t20b Firmware | 2024-08-02 | N/A | 7.5 HIGH |
| ** UNSUPPORTED WHEN ASSIGNED **The buffer overflow vulnerability in the Zyxel PMG2005-T20B firmware version V1.00(ABNK.2)b11_C0 could allow an unauthenticated attacker to cause a denial of service condition via a crafted uid. | |||||
| CVE-2024-29506 | 1 Artifex | 1 Ghostscript | 2024-08-02 | N/A | 8.8 HIGH |
| Artifex Ghostscript before 10.03.0 has a stack-based buffer overflow in the pdfi_apply_filter() function via a long PDF filter name. | |||||
| CVE-2023-39668 | 1 Dlink | 2 Dir-868l, Dir-868l Firmware | 2024-08-02 | N/A | 9.8 CRITICAL |
| D-Link DIR-868L fw_revA_1-12_eu_multi_20170316 was discovered to contain a buffer overflow via the param_2 parameter in the inet_ntoa() function. | |||||