Vulnerabilities (CVE)

Filtered by CWE-787
Total 10958 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-7532 1 Google 1 Chrome 2024-08-12 N/A 8.8 HIGH
Out of bounds memory access in ANGLE in Google Chrome prior to 127.0.6533.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)
CVE-2024-42395 2 Arubanetworks, Hp 2 Arubaos, Instantos 2024-08-12 N/A 9.8 CRITICAL
There is a vulnerability in the AP Certificate Management Service which could allow a threat actor to execute an unauthenticated RCE attack. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system leading to complete system compromise.
CVE-2024-42394 2 Arubanetworks, Hp 2 Arubaos, Instantos 2024-08-12 N/A 9.8 CRITICAL
There are vulnerabilities in the Soft AP Daemon Service which could allow a threat actor to execute an unauthenticated RCE attack. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system leading to complete system compromise.
CVE-2024-42393 2 Arubanetworks, Hp 2 Arubaos, Instantos 2024-08-12 N/A 9.8 CRITICAL
There are vulnerabilities in the Soft AP Daemon Service which could allow a threat actor to execute an unauthenticated RCE attack. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system leading to complete system compromise.
CVE-2024-7519 1 Mozilla 3 Firefox, Firefox Esr, Thunderbird 2024-08-12 N/A 9.6 CRITICAL
Insufficient checks when processing graphics shared memory could have led to memory corruption. This could be leveraged by an attacker to perform a sandbox escape. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14.
CVE-2024-34623 1 Samsung 1 Notes 2024-08-09 N/A 7.8 HIGH
Out-of-bounds write in applying connected information in Samsung Notes prior to version 4.4.21.62 allows local attackers to potentially execute arbitrary code with Samsung Notes privilege.
CVE-2024-34622 1 Samsung 1 Notes 2024-08-09 N/A 7.8 HIGH
Out-of-bounds write in appending paragraph in Samsung Notes prior to version 4.4.21.62 allows local attackers to potentially execute arbitrary code with Samsung Notes privilege.
CVE-2024-40723 1 Changingtec 1 Hwatai Servisign 2024-08-09 N/A 4.3 MEDIUM
The specific API in HWATAIServiSign Windows Version from CHANGING Information Technology does not properly validate the length of server-side inputs. When a user visits a spoofed website, unauthenticated remote attackers can cause a stack-based buffer overflow in the HWATAIServiSign, temporarily disrupting its service.
CVE-2024-40722 1 Changingtec 1 Tcb Servisign 2024-08-09 N/A 4.3 MEDIUM
The specific API in TCBServiSign Windows Version from CHANGING Information Technology does does not properly validate the length of server-side input. When a user visits a spoofed website, unauthenticated remote attackers can cause a stack-based buffer overflow in the TCBServiSign, temporarily disrupting its service.
CVE-2024-7582 1 Tenda 2 I22, I22 Firmware 2024-08-08 9.0 HIGH 9.8 CRITICAL
A vulnerability classified as critical was found in Tenda i22 1.0.0.3(4687). This vulnerability affects the function formApPortalAccessCodeAuth of the file /goform/apPortalAccessCodeAuth. The manipulation of the argument accessCode/data/acceInfo leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2024-7583 1 Tenda 2 I22, I22 Firmware 2024-08-08 9.0 HIGH 9.8 CRITICAL
A vulnerability, which was classified as critical, has been found in Tenda i22 1.0.0.3(4687). This issue affects the function formApPortalOneKeyAuth of the file /goform/apPortalOneKeyAuth. The manipulation of the argument data leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2024-42236 1 Linux 1 Linux Kernel 2024-08-08 N/A 5.5 MEDIUM
In the Linux kernel, the following vulnerability has been resolved: usb: gadget: configfs: Prevent OOB read/write in usb_string_copy() Userspace provided string 's' could trivially have the length zero. Left unchecked this will firstly result in an OOB read in the form `if (str[0 - 1] == '\n') followed closely by an OOB write in the form `str[0 - 1] = '\0'`. There is already a validating check to catch strings that are too long. Let's supply an additional check for invalid strings that are too short.
CVE-2024-6994 1 Google 1 Chrome 2024-08-07 N/A 8.8 HIGH
Heap buffer overflow in Layout in Google Chrome prior to 127.0.6533.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
CVE-2024-7581 1 Tendacn 2 A301, A301 Firmware 2024-08-07 9.0 HIGH 9.8 CRITICAL
A vulnerability classified as critical has been found in Tenda A301 15.13.08.12. This affects the function formWifiBasicSet of the file /goform/WifiBasicSet. The manipulation of the argument security leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2024-25948 1 Dell 1 Emc Idrac Service Module 2024-08-02 N/A 4.4 MEDIUM
Dell iDRAC Service Module version 5.3.0.0 and prior, contain a Out of bound Write Vulnerability. A privileged local attacker could execute arbitrary code potentially resulting in a denial of service event.
CVE-2024-25947 1 Dell 1 Emc Idrac Service Module 2024-08-02 N/A 4.4 MEDIUM
Dell iDRAC Service Module version 5.3.0.0 and prior, contain an Out of bound Read Vulnerability. A privileged local attacker could execute arbitrary code potentially resulting in a denial of service event.
CVE-2024-38489 1 Dell 1 Emc Idrac Service Module 2024-08-02 N/A 4.4 MEDIUM
Dell iDRAC Service Module version 5.3.0.0 and prior contains Out of bound write Vulnerability. A privileged local attacker could execute arbitrary code potentially resulting in a denial of service (partial) event.
CVE-2024-38490 1 Dell 1 Emc Idrac Service Module 2024-08-02 N/A 4.4 MEDIUM
Dell iDRAC Service Module version 5.3.0.0 and prior, contain a Out of bound Write Vulnerability. A privileged local attacker could execute arbitrary code potentially resulting in a denial of service event.