Total
775 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-28912 | 2024-11-21 | N/A | 8.8 HIGH | ||
| Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | |||||
| CVE-2024-28911 | 2024-11-21 | N/A | 8.8 HIGH | ||
| Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | |||||
| CVE-2024-28910 | 2024-11-21 | N/A | 8.8 HIGH | ||
| Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | |||||
| CVE-2024-28909 | 2024-11-21 | N/A | 8.8 HIGH | ||
| Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | |||||
| CVE-2024-28908 | 2024-11-21 | N/A | 8.8 HIGH | ||
| Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | |||||
| CVE-2024-28906 | 2024-11-21 | N/A | 8.8 HIGH | ||
| Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | |||||
| CVE-2024-28896 | 2024-11-21 | N/A | 7.5 HIGH | ||
| Secure Boot Security Feature Bypass Vulnerability | |||||
| CVE-2024-28572 | 2024-11-21 | N/A | 6.2 MEDIUM | ||
| Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the FreeImage_SetTagValue() function when reading images in JPEG format. | |||||
| CVE-2024-28231 | 2024-11-21 | N/A | 9.6 CRITICAL | ||
| eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.14.0, 2.13.4, 2.12.3, 2.10.4, and 2.6.8, manipulated DATA Submessage can cause a heap overflow error in the Fast-DDS process, causing the process to be terminated remotely. Additionally, the payload_size in the DATA Submessage packet is declared as uint32_t. When a negative number, such as -1, is input into this variable, it results in an Integer Overflow (for example, -1 gets converted to 0xFFFFFFFF). This eventually leads to a heap-buffer-overflow, causing the program to terminate. Versions 2.14.0, 2.13.4, 2.12.3, 2.10.4, and 2.6.8 contain a fix for this issue. | |||||
| CVE-2024-27374 | 1 Samsung | 10 Exynos 1280, Exynos 1280 Firmware, Exynos 1330 and 7 more | 2024-11-21 | N/A | 6.7 MEDIUM |
| An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos 850, Exynos 1280, Exynos 1380, and Exynos 1330. In the function slsi_nan_publish_get_nl_params(), there is no input validation check on hal_req->service_specific_info_len coming from userspace, which can lead to a heap overwrite. | |||||
| CVE-2024-27372 | 1 Samsung | 10 Exynos 1280, Exynos 1280 Firmware, Exynos 1330 and 7 more | 2024-11-21 | N/A | 6.7 MEDIUM |
| An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos 850, Exynos 1280, Exynos 1380, and Exynos 1330. In the function slsi_nan_config_get_nl_params(), there is no input validation check on disc_attr->infrastructure_ssid_len coming from userspace, which can lead to a heap overwrite. | |||||
| CVE-2024-27341 | 2024-11-21 | N/A | 7.8 HIGH | ||
| Kofax Power PDF PDF File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22927. | |||||
| CVE-2024-27340 | 2024-11-21 | N/A | 7.8 HIGH | ||
| Kofax Power PDF PDF File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22926. | |||||
| CVE-2024-27243 | 2024-11-21 | N/A | 6.5 MEDIUM | ||
| Buffer overflow in some Zoom Workplace Apps and SDK’s may allow an authenticated user to conduct a denial of service via network access. | |||||
| CVE-2024-27209 | 2024-11-21 | N/A | 8.4 HIGH | ||
| there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2024-26540 | 2024-11-21 | N/A | 7.8 HIGH | ||
| A heap-based buffer overflow in Clmg before 3.3.3 can occur via a crafted file to cimg_library::CImg<unsigned char>::_load_analyze. | |||||
| CVE-2024-26327 | 2024-11-21 | N/A | 5.3 MEDIUM | ||
| An issue was discovered in QEMU 7.1.0 through 8.2.1. register_vfs in hw/pci/pcie_sriov.c mishandles the situation where a guest writes NumVFs greater than TotalVFs, leading to a buffer overflow in VF implementations. | |||||
| CVE-2024-26256 | 2024-11-21 | N/A | 7.8 HIGH | ||
| Libarchive Remote Code Execution Vulnerability | |||||
| CVE-2024-26239 | 2024-11-21 | N/A | 7.8 HIGH | ||
| Windows Telephony Server Elevation of Privilege Vulnerability | |||||
| CVE-2024-26229 | 2024-11-21 | N/A | 7.8 HIGH | ||
| Windows CSC Service Elevation of Privilege Vulnerability | |||||