Total
3017 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-30584 | 2024-08-02 | 9.8 Critical | ||
| Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the security parameter of the formWifiBasicSet function. | ||||
| CVE-2024-30635 | 2024-08-02 | 9.8 Critical | ||
| Tenda F1202 v1.2.0.20(408) has a stack overflow vulnerability located in the funcpara1 parameter in the formSetCfm function. | ||||
| CVE-2024-30259 | 2024-08-02 | 8.2 High | ||
| FastDDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group). Prior to versions 2.14.1, 2.13.5, 2.10.4, and 2.6.8, when a publisher serves malformed `RTPS` packet, heap buffer overflow occurs on the subscriber. This can remotely crash any Fast-DDS process, potentially leading to a DOS attack. Versions 2.14.1, 2.13.5, 2.10.4, and 2.6.8 contain a patch for the issue. | ||||
| CVE-2024-30164 | 2024-08-02 | 6.7 Medium | ||
| Amazon AWS Client VPN has a buffer overflow that could potentially allow a local actor to execute arbitrary commands with elevated permissions. This is resolved in 3.11.1 on Windows, 3.9.1 on macOS, and 3.12.1 on Linux. NOTE: although the macOS resolution is the same as for CVE-2024-30165, this vulnerability on macOS is not the same as CVE-2024-30165. | ||||
| CVE-2024-30165 | 2024-08-02 | 7.1 High | ||
| Amazon AWS Client VPN before 3.9.1 on macOS has a buffer overflow that could potentially allow a local actor to execute arbitrary commands with elevated permissions, a different vulnerability than CVE-2024-30164. | ||||
| CVE-2024-27908 | 2024-08-02 | 4.9 Medium | ||
| A buffer overflow vulnerability was reported in the HTTPS service of some Lenovo Printers that could result in denial of service. | ||||
| CVE-2024-27628 | 1 Offis | 1 Dcmtk | 2024-08-02 | 8.1 High |
| Buffer Overflow vulnerability in DCMTK v.3.6.8 allows an attacker to execute arbitrary code via the EctEnhancedCT method component. | ||||
| CVE-2024-27572 | 1 Szlbt | 1 Lbt-t300-t390 Firmware | 2024-08-02 | 7.5 High |
| LBT T300-T390 v2.2.1.8 were discovered to contain a stack overflow via the ApCliSsid parameter in the updateCurAPlist function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. | ||||
| CVE-2024-27280 | 1 Redhat | 1 Enterprise Linux | 2024-08-02 | 9.8 Critical |
| A buffer-overread issue was discovered in StringIO 3.0.1, as distributed in Ruby 3.0.x through 3.0.6 and 3.1.x through 3.1.4. The ungetbyte and ungetc methods on a StringIO can read past the end of a string, and a subsequent call to StringIO.gets may return the memory value. 3.0.3 is the main fixed version; however, for Ruby 3.0 users, a fixed version is stringio 3.0.1.1, and for Ruby 3.1 users, a fixed version is stringio 3.0.1.2. | ||||
| CVE-2024-26327 | 2 Qemu, Redhat | 2 Qemu, Enterprise Linux | 2024-08-02 | 5.3 Medium |
| An issue was discovered in QEMU 7.1.0 through 8.2.1. register_vfs in hw/pci/pcie_sriov.c mishandles the situation where a guest writes NumVFs greater than TotalVFs, leading to a buffer overflow in VF implementations. | ||||
| CVE-2024-25724 | 2024-08-01 | 7.3 High | ||
| In RTI Connext Professional 5.3.1 through 6.1.0 before 6.1.1, a buffer overflow in XML parsing from Routing Service, Recording Service, Queuing Service, and Cloud Discovery Service allows attackers to execute code with the affected service's privileges, compromise the service's integrity, leak sensitive information, or crash the service. These attacks could be done via a remote malicious RTPS message; a compromised call with malicious parameters to the RTI_RoutingService_new, rti::recording::Service, RTI_QueuingService_new, or RTI_CDS_Service_new public APIs; or a compromised local file system containing a malicious XML file. | ||||
| CVE-2024-25395 | 2024-08-01 | 8.8 High | ||
| A buffer overflow occurs in utilities/rt-link/src/rtlink.c in RT-Thread through 5.0.2. | ||||
| CVE-2024-25394 | 2024-08-01 | N/A | ||
| A buffer overflow occurs in utilities/ymodem/ry_sy.c in RT-Thread through 5.0.2 because of an incorrect sprintf call or a missing '\0' character. | ||||
| CVE-2024-25115 | 2024-08-01 | 7 High | ||
| RedisBloom adds a set of probabilistic data structures to Redis. Starting in version 2.0.0 and prior to version 2.4.7 and 2.6.10, specially crafted `CF.LOADCHUNK` commands may be used by authenticated users to perform heap overflow, which may lead to remote code execution. The problem is fixed in RedisBloom 2.4.7 and 2.6.10. | ||||
| CVE-2024-25076 | 2024-08-01 | 6.8 Medium | ||
| An issue was discovered on Renesas SmartBond DA14691, DA14695, DA14697, and DA14699 devices. The bootrom function responsible for validating the Flash Product Header directly uses a user-controllable size value (Length of Flash Config Section) to control a read from the QSPI device into a fixed sized buffer, resulting in a buffer overflow and execution of arbitrary code. | ||||
| CVE-2024-23615 | 1 Broadcom | 1 Symantec Messaging Gateway | 2024-08-01 | 10 Critical |
| A buffer overflow vulnerability exists in Symantec Messaging Gateway versions 10.5 and before. A remote, anonymous attacker can exploit this vulnerability to achieve remote code execution as root. | ||||
| CVE-2024-23613 | 1 Broadcom | 1 Symantec Deployment Solutions | 2024-08-01 | 10 Critical |
| A buffer overflow vulnerability exists in Symantec Deployment Solution version 7.9 when parsing UpdateComputer tokens. A remote, anonymous attacker can exploit this vulnerability to achieve remote code execution as SYSTEM. | ||||
| CVE-2024-23621 | 1 Ibm | 1 Merge Efilm Workstation | 2024-08-01 | 10 Critical |
| A buffer overflow exists in IBM Merge Healthcare eFilm Workstation license server. A remote, unauthenticated attacker can exploit this vulnerability to achieve remote code execution. | ||||
| CVE-2024-23368 | 1 Qualcomm | 686 Apq8064au, Apq8064au Firmware, Aqt1000 and 683 more | 2024-08-01 | 7.8 High |
| Memory corruption when allocating and accessing an entry in an SMEM partition. | ||||
| CVE-2024-23286 | 2024-08-01 | 9.8 Critical | ||
| A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.7.4, macOS Ventura 13.6.5, macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, iOS 16.7.6 and iPadOS 16.7.6, tvOS 17.4. Processing an image may lead to arbitrary code execution. | ||||