Total
2430 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-34244 | 2024-07-03 | N/A | 7.5 HIGH | ||
| libmodbus v3.1.10 is vulnerable to Buffer Overflow via the modbus_write_bits function. This issue can be triggered when the function is fed with specially crafted input, which leads to out-of-bounds read and can potentially cause a crash or other unintended behaviors. | |||||
| CVE-2024-33874 | 2024-07-03 | N/A | 9.8 CRITICAL | ||
| HDF5 Library through 1.14.3 has a heap buffer overflow in H5O__mtime_new_encode in H5Omtime.c. | |||||
| CVE-2024-33820 | 2024-07-03 | N/A | 7.5 HIGH | ||
| Totolink AC1200 Wireless Dual Band Gigabit Router A3002R_V4 Firmware V4.0.0-B20230531.1404 is vulnerable to Buffer Overflow via the formWlEncrypt function of the boa server. Specifically, they exploit the length of the wlan_ssid field triggers the overflow. | |||||
| CVE-2024-33783 | 2024-07-03 | N/A | 6.5 MEDIUM | ||
| MP-SPDZ v0.3.8 was discovered to contain a segmentation violation via the function osuCrypto::SilentMultiPprfReceiver::expand in /Tools/SilentPprf.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted message. | |||||
| CVE-2024-33780 | 2024-07-03 | N/A | 6.5 MEDIUM | ||
| MP-SPDZ v0.3.8 was discovered to contain a segmentation violation via the function osuCrypto::copyOut at /Tools/SilentPprf.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted message. | |||||
| CVE-2024-33454 | 2024-07-03 | N/A | 6.5 MEDIUM | ||
| Buffer Overflow vulnerability in esp-idf v.5.1 allows a remote attacker to execute arbitrary code via a crafted script to the Bluetooth stack component. | |||||
| CVE-2024-33278 | 2024-07-03 | N/A | 9.8 CRITICAL | ||
| Buffer Overflow vulnerability in ASUS router RT-AX88U with firmware versions v3.0.0.4.388_24198 allows a remote attacker to execute arbitrary code via the connection_state_machine due to improper length validation for the cookie field. | |||||
| CVE-2024-33214 | 2024-07-03 | N/A | 7.5 HIGH | ||
| Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based buffer overflow vulnerability via the entrys parameter in ip/goform/RouteStatic. | |||||
| CVE-2024-32228 | 2024-07-03 | N/A | 6.6 MEDIUM | ||
| FFmpeg 7.0 is vulnerable to Buffer Overflow. There is a SEGV at libavcodec/hevcdec.c:2947:22 in hevc_frame_end. | |||||
| CVE-2024-31963 | 2024-07-03 | N/A | 6.4 MEDIUM | ||
| A vulnerability on Mitel 6800 Series and 6900 Series SIP Phones through 6.3 SP3 HF4, 6900w Series SIP Phone through 6.3.3, and 6970 Conference Unit through 5.1.1 SP8 allows an authenticated attacker to conduct a buffer overflow attack due to insufficient bounds checking and input sanitization. A successful exploit could allow an attacker to gain access to sensitive information, modify system configuration or execute arbitrary commands within the context of the system. | |||||
| CVE-2024-31040 | 2024-07-03 | N/A | 2.7 LOW | ||
| Buffer Overflow vulnerability in the get_var_integer function in mqtt_parser.c in NanoMQ 0.21.7 allows remote attackers to cause a denial of service via a series of specially crafted hexstreams. | |||||
| CVE-2024-30165 | 2024-07-03 | N/A | 7.1 HIGH | ||
| Amazon AWS Client VPN before 3.9.1 on macOS has a buffer overflow that could potentially allow a local actor to execute arbitrary commands with elevated permissions, a different vulnerability than CVE-2024-30164. | |||||
| CVE-2024-30164 | 2024-07-03 | N/A | 6.7 MEDIUM | ||
| Amazon AWS Client VPN has a buffer overflow that could potentially allow a local actor to execute arbitrary commands with elevated permissions. This is resolved in 3.11.1 on Windows, 3.9.1 on macOS, and 3.12.1 on Linux. NOTE: although the macOS resolution is the same as for CVE-2024-30165, this vulnerability on macOS is not the same as CVE-2024-30165. | |||||
| CVE-2024-27407 | 2024-07-03 | N/A | 8.4 HIGH | ||
| In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Fixed overflow check in mi_enum_attr() | |||||
| CVE-2024-27280 | 2024-07-03 | N/A | 9.8 CRITICAL | ||
| A buffer-overread issue was discovered in StringIO 3.0.1, as distributed in Ruby 3.0.x through 3.0.6 and 3.1.x through 3.1.4. The ungetbyte and ungetc methods on a StringIO can read past the end of a string, and a subsequent call to StringIO.gets may return the memory value. 3.0.3 is the main fixed version; however, for Ruby 3.0 users, a fixed version is stringio 3.0.1.1, and for Ruby 3.1 users, a fixed version is stringio 3.0.1.2. | |||||
| CVE-2024-26952 | 1 Linux | 1 Linux Kernel | 2024-07-03 | N/A | 7.8 HIGH |
| In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix potencial out-of-bounds when buffer offset is invalid I found potencial out-of-bounds when buffer offset fields of a few requests is invalid. This patch set the minimum value of buffer offset field to ->Buffer offset to validate buffer length. | |||||
| CVE-2024-26927 | 2024-07-03 | N/A | 8.4 HIGH | ||
| In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: Add some bounds checking to firmware data Smatch complains about "head->full_size - head->header_size" can underflow. To some extent, we're always going to have to trust the firmware a bit. However, it's easy enough to add a check for negatives, and let's add a upper bounds check as well. | |||||
| CVE-2024-25724 | 2024-07-03 | N/A | 7.3 HIGH | ||
| In RTI Connext Professional 5.3.1 through 6.1.0 before 6.1.1, a buffer overflow in XML parsing from Routing Service, Recording Service, Queuing Service, and Cloud Discovery Service allows attackers to execute code with the affected service's privileges, compromise the service's integrity, leak sensitive information, or crash the service. These attacks could be done via a remote malicious RTPS message; a compromised call with malicious parameters to the RTI_RoutingService_new, rti::recording::Service, RTI_QueuingService_new, or RTI_CDS_Service_new public APIs; or a compromised local file system containing a malicious XML file. | |||||
| CVE-2024-25395 | 2024-07-03 | N/A | 8.8 HIGH | ||
| A buffer overflow occurs in utilities/rt-link/src/rtlink.c in RT-Thread through 5.0.2. | |||||
| CVE-2024-25394 | 2024-07-03 | N/A | N/A | ||
| A buffer overflow occurs in utilities/ymodem/ry_sy.c in RT-Thread through 5.0.2 because of an incorrect sprintf call or a missing '\0' character. | |||||