Total
29 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2024-28219 | 2024-08-20 | N/A | 6.7 MEDIUM | ||
In _imagingcms.c in Pillow before 10.3.0, a buffer overflow exists because strcpy is used instead of strncpy. | |||||
CVE-2024-24478 | 2024-08-02 | N/A | 7.5 HIGH | ||
An issue in Wireshark before 4.2.0 allows a remote attacker to cause a denial of service via the packet-bgp.c, dissect_bgp_open(tvbuff_t*tvb, proto_tree*tree, packet_info*pinfo), optlen components. NOTE: this is disputed by the vendor because neither release 4.2.0 nor any other release was affected. | |||||
CVE-2024-33078 | 2024-08-01 | N/A | 9.8 CRITICAL | ||
Tencent Libpag v4.3 is vulnerable to Buffer Overflow. A user can send a crafted image to trigger a overflow leading to remote code execution. | |||||
CVE-2023-37536 | 3 Apache, Fedoraproject, Hcltech | 3 Xerces-c\+\+, Fedora, Bigfix Platform | 2024-08-01 | N/A | 8.8 HIGH |
An integer overflow in xerces-c++ 3.2.3 in BigFix Platform allows remote attackers to cause out-of-bound access via HTTP request. | |||||
CVE-2024-6381 | 2024-07-03 | N/A | 4.0 MEDIUM | ||
The bson_strfreev function in the MongoDB C driver library may be susceptible to an integer overflow where the function will try to free memory at a negative offset. This may result in memory corruption. This issue affected libbson versions prior to 1.26.2 | |||||
CVE-2024-2608 | 2024-07-03 | N/A | N/A | ||
`AppendEncodedAttributeValue(), ExtraSpaceNeededForAttrEncoding()` and `AppendEncodedCharacters()` could have experienced integer overflows, causing underallocation of an output buffer leading to an out of bounds write. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9. | |||||
CVE-2024-37305 | 2024-06-20 | N/A | 8.2 HIGH | ||
oqs-provider is a provider for the OpenSSL 3 cryptography library that adds support for post-quantum cryptography in TLS, X.509, and S/MIME using post-quantum algorithms from liboqs. Flaws have been identified in the way oqs-provider handles lengths decoded with DECODE_UINT32 at the start of serialized hybrid (traditional + post-quantum) keys and signatures. Unchecked length values are later used for memory reads and writes; malformed input can lead to crashes or information leakage. Handling of plain/non-hybrid PQ key operation is not affected. This issue has been patched in in v0.6.1. All users are advised to upgrade. There are no workarounds for this issue. | |||||
CVE-2023-21648 | 1 Qualcomm | 68 Aqt1000, Aqt1000 Firmware, Qca6391 and 65 more | 2024-04-12 | N/A | 7.8 HIGH |
Memory corruption in RIL while trying to send apdu packet. | |||||
CVE-2023-21644 | 1 Qualcomm | 102 Aqt1000, Aqt1000 Firmware, Qca6390 and 99 more | 2024-04-12 | N/A | 7.8 HIGH |
Memory corruption in RIL due to Integer Overflow while triggering qcril_uim_request_apdu request. | |||||
CVE-2022-40530 | 1 Qualcomm | 378 Aqt1000, Aqt1000 Firmware, Ar8031 and 375 more | 2024-04-12 | N/A | 7.8 HIGH |
Memory corruption in WLAN due to integer overflow to buffer overflow in WLAN during initialization phase. | |||||
CVE-2022-33296 | 1 Qualcomm | 228 315 5g Iot Modem, 315 5g Iot Modem Firmware, 8905 and 225 more | 2024-04-12 | N/A | 7.8 HIGH |
Memory corruption due to integer overflow to buffer overflow in Modem while parsing Traffic Channel Neighbor List Update message. | |||||
CVE-2022-33282 | 1 Qualcomm | 40 Msm8996au, Msm8996au Firmware, Qam8295p and 37 more | 2024-04-12 | N/A | 7.8 HIGH |
Memory corruption in Automotive Multimedia due to integer overflow to buffer overflow during IOCTL calls in video playback. | |||||
CVE-2022-33248 | 1 Qualcomm | 324 Apq8009, Apq8009 Firmware, Apq8009w and 321 more | 2024-04-12 | N/A | 7.8 HIGH |
Memory corruption in User Identity Module due to integer overflow to buffer overflow when a segement is received via qmi http. | |||||
CVE-2022-25705 | 1 Qualcomm | 402 Apq8009, Apq8009 Firmware, Apq8009w and 399 more | 2024-04-12 | N/A | 7.8 HIGH |
Memory corruption in modem due to integer overflow to buffer overflow while handling APDU response | |||||
CVE-2023-33022 | 1 Qualcomm | 424 315 5g Iot Modem, 315 5g Iot Modem Firmware, Apq5053-aa and 421 more | 2024-04-12 | N/A | 7.8 HIGH |
Memory corruption in HLOS while invoking IOCTL calls from user-space. | |||||
CVE-2023-33018 | 1 Qualcomm | 526 315 5g Iot Modem, 315 5g Iot Modem Firmware, 8098 and 523 more | 2024-04-12 | N/A | 7.8 HIGH |
Memory corruption while using the UIM diag command to get the operators name. | |||||
CVE-2023-28585 | 1 Qualcomm | 562 315 5g Iot Modem, 315 5g Iot Modem Firmware, 9205 Lte Modem and 559 more | 2024-04-12 | N/A | 8.8 HIGH |
Memory corruption while loading an ELF segment in TEE Kernel. | |||||
CVE-2024-21470 | 2024-04-12 | N/A | 8.4 HIGH | ||
Memory corruption while allocating memory for graphics. | |||||
CVE-2024-21454 | 2024-04-12 | N/A | 7.5 HIGH | ||
Transient DOS while decoding the ToBeSignedMessage in Automotive Telematics. | |||||
CVE-2022-24834 | 2 Fedoraproject, Redis | 2 Fedora, Redis | 2024-02-28 | N/A | 8.8 HIGH |
Redis is an in-memory database that persists on disk. A specially crafted Lua script executing in Redis can trigger a heap overflow in the cjson library, and result with heap corruption and potentially remote code execution. The problem exists in all versions of Redis with Lua scripting support, starting from 2.6, and affects only authenticated and authorized users. The problem is fixed in versions 7.0.12, 6.2.13, and 6.0.20. |