Total
2175 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-7272 | 1 Ffmpeg | 1 Ffmpeg | 2024-08-13 | 6.3 Medium |
| A vulnerability, which was classified as critical, was found in FFmpeg up to 5.1.5. This affects the function fill_audiodata of the file /libswresample/swresample.c. The manipulation leads to heap-based buffer overflow. It is possible to initiate the attack remotely. This issue was fixed in version 6.0 by 9903ba28c28ab18dc7b7b6fb8571cc8b5caae1a6 but a backport for 5.1 was forgotten. The exploit has been disclosed to the public and may be used. Upgrading to version 5.1.6 and 6.0 9903ba28c28ab18dc7b7b6fb8571cc8b5caae1a6 is able to address this issue. It is recommended to upgrade the affected component. | ||||
| CVE-2024-7055 | 2024-08-08 | 6.3 Medium | ||
| A vulnerability was found in FFmpeg up to 7.0.1. It has been classified as critical. This affects the function pnm_decode_frame in the library /libavcodec/pnmdec.c. The manipulation leads to heap-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 7.0.2 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-273651. | ||||
| CVE-2024-6994 | 1 Google | 1 Chrome | 2024-08-07 | 8.8 High |
| Heap buffer overflow in Layout in Google Chrome prior to 127.0.6533.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2024-6873 | 2024-08-02 | 8.1 High | ||
| It is possible to crash or redirect the execution flow of the ClickHouse server process from an unauthenticated vector by sending a specially crafted request to the ClickHouse server native interface. This redirection is limited to what is available within a 256-byte range of memory at the time of execution, and no known remote code execution (RCE) code has been produced or exploited. Fixes have been merged to all currently supported version of ClickHouse. If you are maintaining your own forked version of ClickHouse or using an older version and cannot upgrade, the fix for this vulnerability can be found in this commit https://github.com/ClickHouse/ClickHouse/pull/64024 . | ||||
| CVE-2024-3205 | 2024-05-27 | 0.0 Low | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: The maintainer identified an error in the libyaml fuzzers. It is not possible to reproduce nor exploit the issue. | ||||
| CVE-2023-20577 | 2024-02-13 | 7.4 High | ||
| A vulnerability was found in AMD hardware due to a heap overflow in the SMM module. This issue could allow a local unauthenticated attacker to enable writing to SPI flash to execute arbitrary code. | ||||
| CVE-2023-5129 | 1 Redhat | 5 Enterprise Linux, Rhel Aus, Rhel E4s and 2 more | 2023-11-07 | 0.0 Low |
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. Duplicate of CVE-2023-4863. | ||||
| CVE-2020-24979 | 2023-11-07 | 5.5 Medium | ||
| DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none | ||||
| CVE-2019-20509 | 2023-11-07 | 6.5 Medium | ||
| DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it only affected a development version. Notes: none | ||||
| CVE-2018-11125 | 2023-11-07 | N/A | ||
| DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none | ||||
| CVE-2016-8881 | 2023-11-07 | N/A | ||
| DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2011-4517. Reason: This candidate is a duplicate of CVE-2011-4517. Notes: All CVE users should reference CVE-2011-4517 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage | ||||
| CVE-2016-8880 | 2023-11-07 | N/A | ||
| DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2011-4516. Reason: This candidate is a duplicate of CVE-2011-4516. Notes: All CVE users should reference CVE-2011-4516 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage | ||||
| CVE-2016-5875 | 2023-11-07 | N/A | ||
| DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-5314. Reason: This candidate is a reservation duplicate of CVE-2016-5314. Notes: All CVE users should reference CVE-2016-5314 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage | ||||
| CVE-2009-1563 | 1 Redhat | 1 Enterprise Linux | 2023-11-07 | N/A |
| DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2009-0689. Reason: This candidate is a duplicate of CVE-2009-0689. Certain codebase relationships were not originally clear. Notes: All CVE users should reference CVE-2009-0689 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage | ||||
| CVE-2019-15690 | 1 Redhat | 2 Enterprise Linux, Rhel E4s | 2019-12-20 | 9.8 Critical |
| A flaw was found in libvncserver. An integer overflow within the HandleCursorShape() function can be exploited to cause a heap-based buffer overflow by tricking a user or application using libvncserver to connect to an unstrusted server and subsequently send cursor shapes with specially crafted dimensions. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | ||||