Total
2497 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-27833 | 1 Apple | 5 Ipados, Iphone Os, Safari and 2 more | 2024-11-21 | N/A | 8.8 HIGH |
| An integer overflow was addressed with improved input validation. This issue is fixed in tvOS 17.5, iOS 16.7.8 and iPadOS 16.7.8, visionOS 1.2, Safari 17.5, iOS 17.5 and iPadOS 17.5. Processing maliciously crafted web content may lead to arbitrary code execution. | |||||
| CVE-2024-27304 | 2024-11-21 | N/A | 9.8 CRITICAL | ||
| pgx is a PostgreSQL driver and toolkit for Go. SQL injection can occur if an attacker can cause a single query or bind message to exceed 4 GB in size. An integer overflow in the calculated message size can cause the one large message to be sent as multiple messages under the attacker's control. The problem is resolved in v4.18.2 and v5.5.4. As a workaround, reject user input large enough to cause a single query or bind message to exceed 4 GB in size. | |||||
| CVE-2024-27101 | 2024-11-21 | N/A | 7.3 HIGH | ||
| SpiceDB is an open source, Google Zanzibar-inspired database for creating and managing security-critical application permissions. Integer overflow in chunking helper causes dispatching to miss elements or panic. Any SpiceDB cluster with any schema where a resource being checked has more than 65535 relationships for the same resource and subject type is affected by this problem. The CheckPermission, BulkCheckPermission, and LookupSubjects API methods are affected. This vulnerability is fixed in 1.29.2. | |||||
| CVE-2024-26884 | 1 Linux | 1 Linux Kernel | 2024-11-21 | N/A | 7.8 HIGH |
| In the Linux kernel, the following vulnerability has been resolved: bpf: Fix hashtab overflow check on 32-bit arches The hashtab code relies on roundup_pow_of_two() to compute the number of hash buckets, and contains an overflow check by checking if the resulting value is 0. However, on 32-bit arches, the roundup code itself can overflow by doing a 32-bit left-shift of an unsigned long value, which is undefined behaviour, so it is not guaranteed to truncate neatly. This was triggered by syzbot on the DEVMAP_HASH type, which contains the same check, copied from the hashtab code. So apply the same fix to hashtab, by moving the overflow check to before the roundup. | |||||
| CVE-2024-26184 | 1 Microsoft | 7 Windows 10 21h2, Windows 10 22h2, Windows 11 21h2 and 4 more | 2024-11-21 | N/A | 6.8 MEDIUM |
| Secure Boot Security Feature Bypass Vulnerability | |||||
| CVE-2024-26171 | 2024-11-21 | N/A | 6.7 MEDIUM | ||
| Secure Boot Security Feature Bypass Vulnerability | |||||
| CVE-2024-25366 | 2024-11-21 | N/A | 6.2 MEDIUM | ||
| Buffer Overflow vulnerability in mz-automation.de libiec61859 v.1.4.0 allows a remote attacker to cause a denial of service via the mmsServer_handleGetNameListRequest function to the mms_getnamelist_service component. | |||||
| CVE-2024-24857 | 1 Linux | 1 Linux Kernel | 2024-11-21 | N/A | 4.6 MEDIUM |
| A race condition was found in the Linux kernel's net/bluetooth device driver in conn_info_{min,max}_age_set() function. This can result in integrity overflow issue, possibly leading to bluetooth connection abnormality or denial of service. | |||||
| CVE-2024-23775 | 1 Arm | 1 Mbed Tls | 2024-11-21 | N/A | 7.5 HIGH |
| Integer Overflow vulnerability in Mbed TLS 2.x before 2.28.7 and 3.x before 3.5.2, allows attackers to cause a denial of service (DoS) via mbedtls_x509_set_extension(). | |||||
| CVE-2024-23695 | 2024-11-21 | N/A | 8.4 HIGH | ||
| In CacheOpPMRExec of cache_km.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2024-23605 | 2024-11-21 | N/A | 8.8 HIGH | ||
| A heap-based buffer overflow vulnerability exists in the GGUF library header.n_kv functionality of llama.cpp Commit 18c2e17. A specially crafted .gguf file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. | |||||
| CVE-2024-23531 | 2024-11-21 | N/A | 7.5 HIGH | ||
| An Integer Overflow vulnerability in WLInfoRailService component of Ivanti Avalanche before 6.4.3 allows an unauthenticated remote attacker to perform denial of service attacks. In certain rare conditions this could also lead to reading content from memory. | |||||
| CVE-2024-23496 | 2024-11-21 | N/A | 8.8 HIGH | ||
| A heap-based buffer overflow vulnerability exists in the GGUF library gguf_fread_str functionality of llama.cpp Commit 18c2e17. A specially crafted .gguf file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. | |||||
| CVE-2024-23372 | 1 Qualcomm | 222 Fastconnect 6200, Fastconnect 6200 Firmware, Fastconnect 6700 and 219 more | 2024-11-21 | N/A | 8.4 HIGH |
| Memory corruption while invoking IOCTL call for GPU memory allocation and size param is greater than expected size. | |||||
| CVE-2024-23307 | 1 Linux | 1 Linux Kernel | 2024-11-21 | N/A | 4.4 MEDIUM |
| Integer Overflow or Wraparound vulnerability in Linux Linux kernel kernel on Linux, x86, ARM (md, raid, raid5 modules) allows Forced Integer Overflow. | |||||
| CVE-2024-22862 | 1 Ffmpeg | 1 Ffmpeg | 2024-11-21 | N/A | 9.8 CRITICAL |
| Integer overflow vulnerability in FFmpeg before n6.1, allows remote attackers to execute arbitrary code via the JJPEG XL Parser. | |||||
| CVE-2024-22861 | 1 Ffmpeg | 1 Ffmpeg | 2024-11-21 | N/A | 7.5 HIGH |
| Integer overflow vulnerability in FFmpeg before n6.1, allows attackers to cause a denial of service (DoS) via the avcodec/osq module. | |||||
| CVE-2024-22860 | 1 Ffmpeg | 1 Ffmpeg | 2024-11-21 | N/A | 9.8 CRITICAL |
| Integer overflow vulnerability in FFmpeg before n6.1, allows remote attackers to execute arbitrary code via the jpegxl_anim_read_packet component in the JPEG XL Animation decoder. | |||||
| CVE-2024-22396 | 2024-11-21 | N/A | 5.3 MEDIUM | ||
| An Integer-based buffer overflow vulnerability in the SonicOS via IPSec allows a remote attacker in specific conditions to cause Denial of Service (DoS) and potentially execute arbitrary code by sending a specially crafted IKEv2 payload. | |||||
| CVE-2024-22211 | 1 Freerdp | 1 Freerdp | 2024-11-21 | N/A | 3.7 LOW |
| FreeRDP is a set of free and open source remote desktop protocol library and clients. In affected versions an integer overflow in `freerdp_bitmap_planar_context_reset` leads to heap-buffer overflow. This affects FreeRDP based clients. FreeRDP based server implementations and proxy are not affected. A malicious server could prepare a `RDPGFX_RESET_GRAPHICS_PDU` to allocate too small buffers, possibly triggering later out of bound read/write. Data extraction over network is not possible, the buffers are used to display an image. This issue has been addressed in version 2.11.5 and 3.2.0. Users are advised to upgrade. there are no know workarounds for this vulnerability. | |||||