Total
2073 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-22532 | 2024-08-01 | 6.5 Medium | ||
| Buffer Overflow vulnerability in XNSoft NConvert 7.163 (for Windows x86) allows attackers to cause a denial of service via crafted xwd file. | ||||
| CVE-2024-22453 | 2024-08-01 | 7.2 High | ||
| Dell PowerEdge Server BIOS contains a heap-based buffer overflow vulnerability. A local high privileged attacker could potentially exploit this vulnerability to write to otherwise unauthorized memory. | ||||
| CVE-2024-22211 | 2 Freerdp, Redhat | 2 Freerdp, Enterprise Linux | 2024-08-01 | 3.7 Low |
| FreeRDP is a set of free and open source remote desktop protocol library and clients. In affected versions an integer overflow in `freerdp_bitmap_planar_context_reset` leads to heap-buffer overflow. This affects FreeRDP based clients. FreeRDP based server implementations and proxy are not affected. A malicious server could prepare a `RDPGFX_RESET_GRAPHICS_PDU` to allocate too small buffers, possibly triggering later out of bound read/write. Data extraction over network is not possible, the buffers are used to display an image. This issue has been addressed in version 2.11.5 and 3.2.0. Users are advised to upgrade. there are no know workarounds for this vulnerability. | ||||
| CVE-2024-21778 | 2 Level1, Realtek | 3 Wbr-6013, Wbr-6013 Firmware, Rtl819x Jungle Software Development Kit | 2024-08-01 | 7.2 High |
| A heap-based buffer overflow vulnerability exists in the configuration file mib_init_value_array functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted .dat file can lead to arbitrary code execution. An attacker can upload a malicious file to trigger this vulnerability. | ||||
| CVE-2024-21795 | 2024-08-01 | 9.8 Critical | ||
| A heap-based buffer overflow vulnerability exists in the .egi parsing functionality of The Biosig Project libbiosig 2.5.0 and Master Branch (ab0ee111). A specially crafted .egi file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability. | ||||
| CVE-2024-21594 | 1 Juniper | 1 Junos | 2024-08-01 | 5.5 Medium |
| A Heap-based Buffer Overflow vulnerability in the Network Services Daemon (NSD) of Juniper Networks Junos OS allows authenticated, low privileged, local attacker to cause a Denial of Service (DoS). On an SRX 5000 Series device, when executing a specific command repeatedly, memory is corrupted, which leads to a Flow Processing Daemon (flowd) crash. The NSD process has to be restarted to restore services. If this issue occurs, it can be checked with the following command: user@host> request security policies check The following log message can also be observed: Error: policies are out of sync for PFE node<number>.fpc<number>.pic<number>. This issue affects: Juniper Networks Junos OS on SRX 5000 Series * All versions earlier than 20.4R3-S6; * 21.1 versions earlier than 21.1R3-S5; * 21.2 versions earlier than 21.2R3-S4; * 21.3 versions earlier than 21.3R3-S3; * 21.4 versions earlier than 21.4R3-S3; * 22.1 versions earlier than 22.1R3-S1; * 22.2 versions earlier than 22.2R3; * 22.3 versions earlier than 22.3R2. | ||||
| CVE-2024-21330 | 1 Microsoft | 10 Azure Automation, Azure Automation Update Management, Azure Hdinsights and 7 more | 2024-08-01 | 7.8 High |
| Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability | ||||
| CVE-2024-20745 | 2024-08-01 | 7.8 High | ||
| Premiere Pro versions 24.1, 23.6.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2024-20755 | 2024-08-01 | 7.8 High | ||
| Bridge versions 13.0.5, 14.0.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2024-5493 | 2024-08-01 | 7.5 High | ||
| Heap buffer overflow in WebRTC in Google Chrome prior to 125.0.6422.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2024-5228 | 2024-08-01 | N/A | ||
| TP-Link Omada ER605 Comexe DDNS Response Handling Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Omada ER605 routers. Authentication is not required to exploit this vulnerability. However, devices are vulnerable only if configured to use the Comexe DDNS service. The specific flaw exists within the handling of DNS responses. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-22383. | ||||
| CVE-2024-5160 | 1 Google | 1 Chrome | 2024-08-01 | 8.8 High |
| Heap buffer overflow in Dawn in Google Chrome prior to 125.0.6422.76 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2024-4559 | 2024-08-01 | 7.5 High | ||
| Heap buffer overflow in WebAudio in Google Chrome prior to 124.0.6367.155 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2024-2824 | 2024-08-01 | 6.3 Medium | ||
| A vulnerability was found in Matthias-Wandel jhead 3.08 and classified as critical. This issue affects the function PrintFormatNumber of the file exif.c. The manipulation leads to heap-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257711. | ||||
| CVE-2024-3758 | 2024-08-01 | 6.5 Medium | ||
| in OpenHarmony v4.0.0 and prior versions allow a local attacker arbitrary code execution in TCB through heap buffer overflow. | ||||
| CVE-2024-3204 | 2024-08-01 | 7.3 High | ||
| A vulnerability has been found in c-blosc2 up to 2.13.2 and classified as critical. Affected by this vulnerability is the function ndlz4_decompress of the file /src/c-blosc2/plugins/codecs/ndlz/ndlz4x4.c. The manipulation leads to heap-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 2.14.3 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-259051. | ||||
| CVE-2024-3209 | 2024-08-01 | 5.5 Medium | ||
| A vulnerability was found in UPX up to 4.2.2. It has been rated as critical. This issue affects the function get_ne64 of the file bele.h. The manipulation leads to heap-based buffer overflow. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-259055. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-3203 | 2024-08-01 | 7.3 High | ||
| A vulnerability, which was classified as critical, was found in c-blosc2 up to 2.13.2. Affected is the function ndlz8_decompress of the file /src/c-blosc2/plugins/codecs/ndlz/ndlz8x8.c. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 2.14.3 is able to address this issue. It is recommended to upgrade the affected component. VDB-259050 is the identifier assigned to this vulnerability. | ||||
| CVE-2024-3024 | 2024-08-01 | 5.3 Medium | ||
| A vulnerability was found in appneta tcpreplay up to 4.4.4. It has been classified as problematic. This affects the function get_layer4_v6 of the file /tcpreplay/src/common/get.c. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The identifier VDB-258333 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-2212 | 2024-08-01 | 7.3 High | ||
| In Eclipse ThreadX before 6.4.0, xQueueCreate() and xQueueCreateSet() functions from the FreeRTOS compatibility API (utility/rtos_compatibility_layers/FreeRTOS/tx_freertos.c) were missing parameter checks. This could lead to integer wraparound, under-allocations and heap buffer overflows. | ||||