Total
10861 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-20017 | 2024-11-21 | N/A | 9.8 CRITICAL | ||
| In wlan service, there is a possible out of bounds write due to improper input validation. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation Patch ID: WCNCR00350938; Issue ID: MSV-1132. | |||||
| CVE-2024-20016 | 2 Google, Mediatek | 35 Android, Mt6735, Mt6737 and 32 more | 2024-11-21 | N/A | 4.4 MEDIUM |
| In ged, there is a possible out of bounds write due to an integer overflow. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation Patch ID: ALPS07835901; Issue ID: ALPS07835901. | |||||
| CVE-2024-20013 | 2 Google, Mediatek | 58 Android, Mt6580, Mt6731 and 55 more | 2024-11-21 | N/A | 6.7 MEDIUM |
| In keyInstall, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08471742; Issue ID: ALPS08308608. | |||||
| CVE-2024-20009 | 2 Google, Mediatek | 34 Android, Mt6580, Mt6739 and 31 more | 2024-11-21 | N/A | 8.8 HIGH |
| In alac decoder, there is a possible out of bounds write due to an incorrect error handling. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS08441150; Issue ID: ALPS08441150. | |||||
| CVE-2024-20007 | 2 Google, Mediatek | 34 Android, Mt6580, Mt6739 and 31 more | 2024-11-21 | N/A | 7.5 HIGH |
| In mp3 decoder, there is a possible out of bounds write due to a race condition. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS08441369; Issue ID: ALPS08441369. | |||||
| CVE-2024-20006 | 4 Google, Mediatek, Openwrt and 1 more | 8 Android, Mt2713, Mt6781 and 5 more | 2024-11-21 | N/A | 6.7 MEDIUM |
| In da, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08477148; Issue ID: ALPS08477148. | |||||
| CVE-2024-20002 | 2 Google, Mediatek | 59 Android, Mt5583, Mt5586 and 56 more | 2024-11-21 | N/A | 6.7 MEDIUM |
| In TVAPI, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: DTV03961715; Issue ID: DTV03961715. | |||||
| CVE-2024-20001 | 2 Google, Mediatek | 59 Android, Mt5583, Mt5586 and 56 more | 2024-11-21 | N/A | 6.7 MEDIUM |
| In TVAPI, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: DTV03961601; Issue ID: DTV03961601. | |||||
| CVE-2024-1913 | 2024-11-21 | N/A | 7.6 HIGH | ||
| An attacker who successfully exploited these vulnerabilities could cause the robot to stop, make the robot controller inaccessible, or execute arbitrary code. The vulnerability could potentially be exploited to perform unauthorized actions by an attacker. This vulnerability arises under specific condition when specially crafted message is processed by the system. Below are reported vulnerabilities in the Robot Ware versions. * IRC5- RobotWare 6 < 6.15.06 except 6.10.10, and 6.13.07 * OmniCore- RobotWare 7 < 7.14 | |||||
| CVE-2024-1848 | 2024-11-21 | N/A | 7.8 HIGH | ||
| Heap-based Buffer Overflow, Memory Corruption, Out-Of-Bounds Read, Out-Of-Bounds Write, Stack-based Buffer Overflow, Type Confusion, Uninitialized Variable, Use-After-Free vulnerabilities exist in the file reading procedure in SOLIDWORKS Desktop on Release SOLIDWORKS 2024. These vulnerabilities could allow an attacker to execute arbitrary code while opening a specially crafted CATPART, DWG, DXF, IPT, JT, SAT, SLDDRW, SLDPRT, STL, STP, X_B or X_T file. | |||||
| CVE-2024-1847 | 2024-11-21 | N/A | 7.8 HIGH | ||
| Heap-based Buffer Overflow, Memory Corruption, Out-Of-Bounds Read, Out-Of-Bounds Write, Stack-based Buffer Overflow, Type Confusion, Uninitialized Variable, Use-After-Free vulnerabilities exist in the file reading procedure in eDrawings from Release SOLIDWORKS 2023 through Release SOLIDWORKS 2024. These vulnerabilities could allow an attacker to execute arbitrary code while opening a specially crafted CATPART, IPT, JT, SAT, STL, STP, X_B or X_T file. NOTE: CVE-2024-3298 and CVE-2024-3299 were SPLIT from this ID. | |||||
| CVE-2024-1696 | 2024-11-21 | N/A | 7.8 HIGH | ||
| In Santesoft Sante FFT Imaging versions 1.4.1 and prior once a user opens a malicious DCM file on affected FFT Imaging installations, a local attacker could perform an out-of-bounds write, which could allow for arbitrary code execution. | |||||
| CVE-2024-1557 | 2024-11-21 | N/A | 8.1 HIGH | ||
| Memory safety bugs present in Firefox 122. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 123. | |||||
| CVE-2024-1283 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2024-11-21 | N/A | 9.8 CRITICAL |
| Heap buffer overflow in Skia in Google Chrome prior to 121.0.6167.160 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2024-1151 | 4 Debian, Fedoraproject, Linux and 1 more | 4 Debian Linux, Fedora, Linux Kernel and 1 more | 2024-11-21 | N/A | 5.5 MEDIUM |
| A vulnerability was reported in the Open vSwitch sub-component in the Linux Kernel. The flaw occurs when a recursive operation of code push recursively calls into the code block. The OVS module does not validate the stack depth, pushing too many frames and causing a stack overflow. As a result, this can lead to a crash or other related issues. | |||||
| CVE-2024-1112 | 1 Angusj | 1 Resource Hacker | 2024-11-21 | N/A | 7.3 HIGH |
| Heap-based buffer overflow vulnerability in Resource Hacker, developed by Angus Johnson, affecting version 3.6.0.92. This vulnerability could allow an attacker to execute arbitrary code via a long filename argument. | |||||
| CVE-2024-1000 | 1 Totolink | 2 N200re, N200re Firmware | 2024-11-21 | 8.3 HIGH | 7.2 HIGH |
| A vulnerability was found in Totolink N200RE 9.3.5u.6139_B20201216. It has been rated as critical. This issue affects the function setTracerouteCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument command leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-252269 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-10573 | 2024-11-21 | N/A | 6.7 MEDIUM | ||
| An out-of-bounds write flaw was found in mpg123 when handling crafted streams. When decoding PCM, the libmpg123 may write past the end of a heap-located buffer. Consequently, heap corruption may happen, and arbitrary code execution is not discarded. The complexity required to exploit this flaw is considered high as the payload must be validated by the MPEG decoder and the PCM synth before execution. Additionally, to successfully execute the attack, the user must scan through the stream, making web live stream content (such as web radios) a very unlikely attack vector. | |||||
| CVE-2024-0996 | 1 Tenda | 2 I9, I9 Firmware | 2024-11-21 | 8.3 HIGH | 7.2 HIGH |
| A vulnerability classified as critical has been found in Tenda i9 1.0.0.9(4122). This affects the function formSetCfm of the file /goform/setcfm of the component httpd. The manipulation of the argument funcpara1 leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-252261 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-0995 | 1 Tenda | 2 W6, W6 Firmware | 2024-11-21 | 8.3 HIGH | 7.2 HIGH |
| A vulnerability was found in Tenda W6 1.0.0.9(4122). It has been rated as critical. Affected by this issue is the function formwrlSSIDset of the file /goform/wifiSSIDset of the component httpd. The manipulation of the argument index leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252260. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||