Total
11285 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-9602 | 1 Google | 1 Chrome | 2024-10-10 | 8.8 High |
| Type Confusion in V8 in Google Chrome prior to 129.0.6668.100 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2023-1529 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2024-10-09 | 9.8 Critical |
| Out of bounds memory access in WebHID in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a malicious HID device. (Chromium security severity: High) | ||||
| CVE-2023-37557 | 1 Codesys | 16 Control For Beaglebone Sl, Control For Empc-a\/imx6 Sl, Control For Iot2000 Sl and 13 more | 2024-10-09 | 6.5 Medium |
| After successful authentication as a user in multiple Codesys products in multiple versions, specific crafted remote communication requests can cause the CmpAppBP component to overwrite a heap-based buffer, which can lead to a denial-of-service condition. | ||||
| CVE-2024-22419 | 1 Vyperlang | 1 Vyper | 2024-10-09 | 7.3 High |
| Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine. The `concat` built-in can write over the bounds of the memory buffer that was allocated for it and thus overwrite existing valid data. The root cause is that the `build_IR` for `concat` doesn't properly adhere to the API of copy functions (for `>=0.3.2` the `copy_bytes` function). A contract search was performed and no vulnerable contracts were found in production. The buffer overflow can result in the change of semantics of the contract. The overflow is length-dependent and thus it might go unnoticed during contract testing. However, certainly not all usages of concat will result in overwritten valid data as we require it to be in an internal function and close to the return statement where other memory allocations don't occur. This issue has been addressed in 0.4.0. | ||||
| CVE-2023-30699 | 1 Samsung | 1 Android | 2024-10-09 | 7.5 High |
| Out-of-bounds write vulnerability in parser_hvcC function of libsimba library prior to SMR Aug-2023 Release 1 allows code execution by remote attackers. | ||||
| CVE-2023-36532 | 1 Zoom | 3 Rooms, Virtual Desktop Infrastructure, Zoom | 2024-10-09 | 5.9 Medium |
| Buffer overflow in Zoom Clients before 5.14.5 may allow an unauthenticated user to enable a denial of service via network access. | ||||
| CVE-2023-30187 | 1 Onlyoffice | 1 Document Server | 2024-10-09 | 9.8 Critical |
| An out of bounds memory access vulnerability in ONLYOFFICE DocumentServer 4.0.3 through 7.3.2 allows remote attackers to run arbitrary code via crafted JavaScript file. | ||||
| CVE-2023-39827 | 1 Tenda | 2 A18, A18 Firmware | 2024-10-09 | 7.5 High |
| Tenda A18 V15.13.07.09 was discovered to contain a stack overflow via the rule_info parameter in the formAddMacfilterRule function. | ||||
| CVE-2023-40294 | 1 0branch | 1 Boron | 2024-10-09 | 6.5 Medium |
| libboron in Boron 2.0.8 has a heap-based buffer overflow in ur_parseBlockI at i_parse_blk.c. | ||||
| CVE-2023-49355 | 1 Jqlang | 1 Jq | 2024-10-09 | 7.5 High |
| decToString in decNumber/decNumber.c in jq 88f01a7 has a one-byte out-of-bounds write via the " []-1.2e-1111111111" input. NOTE: this is not the same as CVE-2023-50246. The CVE-2023-50246 71c2ab5 reference mentions -10E-1000010001, which is not in normalized scientific notation. | ||||
| CVE-2023-21273 | 1 Google | 1 Android | 2024-10-09 | 8.8 High |
| In SDP_AddAttribute of sdp_db.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2023-39828 | 1 Tenda | 2 A18, A18 Firmware | 2024-10-09 | 7.5 High |
| Tenda A18 V15.13.07.09 was discovered to contain a stack overflow via the security parameter in the formWifiBasicSet function. | ||||
| CVE-2023-39829 | 1 Tenda | 2 A18, A18 Firmware | 2024-10-09 | 7.5 High |
| Tenda A18 V15.13.07.09 was discovered to contain a stack overflow via the wpapsk_crypto2_4g parameter in the fromSetWirelessRepeat function. | ||||
| CVE-2023-40295 | 1 0branch | 1 Boron | 2024-10-09 | 8.8 High |
| libboron in Boron 2.0.8 has a heap-based buffer overflow in ur_strInitUtf8 at string.c. | ||||
| CVE-2023-40296 | 1 Eminfedar | 1 Async-sockets-cpp | 2024-10-09 | 7.5 High |
| async-sockets-cpp through 0.3.1 has a stack-based buffer overflow in ReceiveFrom and Receive in udpsocket.hpp when processing malformed UDP packets. | ||||
| CVE-2023-40305 | 1 Gnu | 1 Indent | 2024-10-09 | 5.5 Medium |
| GNU indent 2.2.13 has a heap-based buffer overflow in search_brace in indent.c via a crafted file. | ||||
| CVE-2023-21282 | 1 Google | 1 Android | 2024-10-09 | 8.8 High |
| In TRANSPOSER_SETTINGS of lpp_tran.h, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. | ||||
| CVE-2023-42903 | 1 Apple | 1 Macos | 2024-10-09 | 7.8 High |
| Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Sonoma 14.2. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution. | ||||
| CVE-2022-31696 | 1 Vmware | 2 Cloud Foundation, Esxi | 2024-10-09 | 8.8 High |
| VMware ESXi contains a memory corruption vulnerability that exists in the way it handles a network socket. A malicious actor with local access to ESXi may exploit this issue to corrupt memory leading to an escape of the ESXi sandbox. | ||||
| CVE-2024-29061 | 1 Microsoft | 19 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 16 more | 2024-10-09 | 7.8 High |
| Secure Boot Security Feature Bypass Vulnerability | ||||