Total
6380 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2024-6443 | 2024-10-04 | N/A | 6.3 MEDIUM | ||
In utf8_trunc in zephyr/lib/utils/utf8.c, last_byte_p can point to one byte before the string pointer if the string is empty. | |||||
CVE-2024-41595 | 2024-10-04 | N/A | 8.0 HIGH | ||
DrayTek Vigor310 devices through 4.3.2.6 allow a remote attacker to change settings or cause a denial of service via .cgi pages because of missing bounds checks on read and write operations. | |||||
CVE-2023-38666 | 1 Axiosys | 1 Bento4 | 2024-10-03 | N/A | 5.5 MEDIUM |
Bento4 v1.6.0-639 was discovered to contain a segmentation violation via the AP4_Processor::ProcessFragments function in mp4encrypt. | |||||
CVE-2024-6876 | 1 Codesys | 1 Oscat Basic Library | 2024-10-01 | N/A | 4.4 MEDIUM |
Out-of-Bounds read vulnerability in OSCAT Basic Library allows an local, unprivileged attacker to access limited internal data of the PLC which may lead to a crash of the affected service. | |||||
CVE-2024-39434 | 2 Google, Unisoc | 10 Android, S8000, T606 and 7 more | 2024-09-30 | N/A | 4.4 MEDIUM |
In drm service, there is a possible out of bounds read due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. | |||||
CVE-2023-51456 | 2024-09-30 | N/A | 6.8 MEDIUM | ||
A Improper Input Validation issue affecting the v2_sdk_service running on a set of DJI drone devices on the port 10000 could allow an attacker to trigger an out-of-bound read/write into the process memory through a crafted payload due to a missing input sanity check in the v2_pack_array_to_msg function implemented in the libv2_sdk.so library imported by the v2_sdk_service binary implementing the service, potentially leading to a memory information leak or an arbitrary code execution. Affected models are Mavic 3 Pro until v01.01.0300, Mavic 3 until v01.00.1200, Mavic 3 Classic until v01.00.0500, Mavic 3 Enterprise until v07.01.10.03, Matrice 300 until v57.00.01.00, Matrice M30 until v07.01.0022 and Mini 3 Pro until v01.00.0620. | |||||
CVE-2023-39984 | 1 Hitachi | 1 Eh-view | 2024-09-27 | N/A | 7.8 HIGH |
** UNSUPPORTED WHEN ASSIGNED ** Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Hitachi EH-VIEW (KeypadDesigner) allows local attackers to potentially disclose information and execute arbitray code on affected EH-VIEW installations. User interaction is required to exploit the vulnerabilities in that the user must open a malicious file. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
CVE-2024-36981 | 1 Openplcproject | 1 Openplc V3 Firmware | 2024-09-26 | N/A | 7.5 HIGH |
An out-of-bounds read vulnerability exists in the OpenPLC Runtime EtherNet/IP PCCC parser functionality of OpenPLC_v3 b4702061dc14d1024856f71b4543298d77007b88. A specially crafted network request can lead to denial of service. An attacker can send a series of EtherNet/IP requests to trigger this vulnerability.This is the final instance of the incorrect comparison. | |||||
CVE-2024-36980 | 1 Openplcproject | 1 Openplc V3 Firmware | 2024-09-26 | N/A | 7.5 HIGH |
An out-of-bounds read vulnerability exists in the OpenPLC Runtime EtherNet/IP PCCC parser functionality of OpenPLC_v3 b4702061dc14d1024856f71b4543298d77007b88. A specially crafted network request can lead to denial of service. An attacker can send a series of EtherNet/IP requests to trigger this vulnerability.This is the first instance of the incorrect comparison. | |||||
CVE-2024-44161 | 1 Apple | 1 Macos | 2024-09-26 | N/A | 5.5 MEDIUM |
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Ventura 13.7, macOS Sonoma 14.7, macOS Sequoia 15. Processing a maliciously crafted texture may lead to unexpected app termination. | |||||
CVE-2024-46731 | 1 Linux | 1 Linux Kernel | 2024-09-26 | N/A | 7.1 HIGH |
In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: fix the Out-of-bounds read warning using index i - 1U may beyond element index for mc_data[] when i = 0. | |||||
CVE-2023-6387 | 1 Silabs | 1 Gecko Software Development Kit | 2024-09-25 | N/A | 7.5 HIGH |
A potential buffer overflow exists in the Bluetooth LE HCI CPC sample application in the Gecko SDK which may result in a denial of service or remote code execution | |||||
CVE-2023-51395 | 2024-09-25 | N/A | 8.8 HIGH | ||
The vulnerability described by CVE-2023-0972 has been additionally discovered in Silicon Labs Z-Wave end devices. This vulnerability may allow an unauthenticated attacker within Z-Wave range to overflow a stack buffer, leading to arbitrary code execution. | |||||
CVE-2023-4280 | 1 Silabs | 1 Gecko Software Development Kit | 2024-09-25 | N/A | 9.8 CRITICAL |
An unvalidated input in Silicon Labs TrustZone implementation in v4.3.x and earlier of the Gecko SDK allows an attacker to access the trusted region of memory from the untrusted region. | |||||
CVE-2023-4020 | 1 Silabs | 1 Gecko Software Development Kit | 2024-09-25 | N/A | 9.1 CRITICAL |
An unvalidated input in a library function responsible for communicating between secure and non-secure memory in Silicon Labs TrustZone implementation allows reading/writing of memory in the secure region of memory from the non-secure region of memory. | |||||
CVE-2023-3487 | 1 Silabs | 1 Gecko Bootloader | 2024-09-25 | N/A | 7.8 HIGH |
An integer overflow in Silicon Labs Gecko Bootloader version 4.3.1 and earlier allows unbounded memory access when reading from or writing to storage slots. | |||||
CVE-2023-3110 | 1 Silabs | 1 Unify Software Development Kit | 2024-09-25 | N/A | 8.8 HIGH |
Description: A vulnerability in SiLabs Unify Gateway 1.3.1 and earlier allows an unauthenticated attacker within Z-Wave range to overflow a stack buffer, leading to arbitrary code execution. | |||||
CVE-2023-0972 | 1 Silabs | 1 Z\/ip Gateway Sdk | 2024-09-25 | N/A | 8.8 HIGH |
Description: A vulnerability in SiLabs Z/IP Gateway 7.18.01 and earlier allows an unauthenticated attacker within Z-Wave range to overflow a stack buffer, leading to arbitrary code execution. | |||||
CVE-2023-0970 | 1 Silabs | 1 Z\/ip Gateway Sdk | 2024-09-25 | N/A | 6.8 MEDIUM |
Multiple buffer overflow vulnerabilities in SiLabs Z/IP Gateway SDK version 7.18.01 and earlier allow an attacker with invasive physical access to a Z-Wave controller device to overwrite global memory and potentially execute arbitrary code. | |||||
CVE-2023-0969 | 1 Silabs | 1 Z\/ip Gateway Sdk | 2024-09-25 | N/A | 3.5 LOW |
A vulnerability in SiLabs Z/IP Gateway 7.18.01 and earlier allows an authenticated attacker within Z-Wave range to manipulate an array pointer to disclose the contents of global memory. |