Total
11282 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-39840 | 2024-08-02 | 8.8 High | ||
| Factorio before 1.1.101 allows a crafted server to execute arbitrary code on clients via a custom map that leverages the ability of certain Lua base module functions to execute bytecode and generate fake objects. | ||||
| CVE-2024-38533 | 1 Matter-labs | 1 Era-compiler-vyper | 2024-08-02 | 6.5 Medium |
| ZKsync Era is a layer 2 rollup that uses zero-knowledge proofs to scale Ethereum. There is possible invalid stack access due to the addresses used to access the stack not properly being converted to cells. This issue has been patched in version 1.5.0. | ||||
| CVE-2024-37894 | 1 Redhat | 2 Enterprise Linux, Rhel Eus | 2024-08-02 | 6.3 Medium |
| Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to an Out-of-bounds Write error when assigning ESI variables, Squid is susceptible to a Memory Corruption error. This error can lead to a Denial of Service attack. | ||||
| CVE-2024-37676 | 1 Htop | 1 Htop | 2024-08-02 | 8.4 High |
| An issue in htop-dev htop v.2.20 allows a local attacker to cause an out-of-bounds access in the Header_populateFromSettings function. | ||||
| CVE-2024-36999 | 2024-08-02 | 7.0 High | ||
| A maliciously crafted 3DM file, when parsed in opennurbs.dll through Autodesk applications, can force an Out-of-Bounds Write. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process. | ||||
| CVE-2024-36501 | 1 Huawei | 2 Emui, Harmonyos | 2024-08-02 | 5.6 Medium |
| Memory management vulnerability in the boottime module Impact: Successful exploitation of this vulnerability can affect integrity. | ||||
| CVE-2024-36114 | 2024-08-02 | 8.6 High | ||
| Aircompressor is a library with ports of the Snappy, LZO, LZ4, and Zstandard compression algorithms to Java. All decompressor implementations of Aircompressor (LZ4, LZO, Snappy, Zstandard) can crash the JVM for certain input, and in some cases also leak the content of other memory of the Java process (which could contain sensitive information). When decompressing certain data, the decompressors try to access memory outside the bounds of the given byte arrays or byte buffers. Because Aircompressor uses the JDK class `sun.misc.Unsafe` to speed up memory access, no additional bounds checks are performed and this has similar security consequences as out-of-bounds access in C or C++, namely it can lead to non-deterministic behavior or crash the JVM. Users should update to Aircompressor 0.27 or newer where these issues have been fixed. When decompressing data from untrusted users, this can be exploited for a denial-of-service attack by crashing the JVM, or to leak other sensitive information from the Java process. There are no known workarounds for this issue. | ||||
| CVE-2024-34364 | 1 Envoyproxy | 1 Envoy | 2024-08-02 | 5.7 Medium |
| Envoy is a cloud-native, open source edge and service proxy. Envoy exposed an out-of-memory (OOM) vector from the mirror response, since async HTTP client will buffer the response with an unbounded buffer. | ||||
| CVE-2024-34115 | 1 Adobe | 1 Substance 3d Stager | 2024-08-02 | 7.8 High |
| Substance3D - Stager versions 2.1.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2024-34086 | 2024-08-02 | 7.8 High | ||
| A vulnerability has been identified in JT2Go (All versions < V2312.0001), Teamcenter Visualization V14.1 (All versions < V14.1.0.13), Teamcenter Visualization V14.2 (All versions < V14.2.0.10), Teamcenter Visualization V14.3 (All versions < V14.3.0.7), Teamcenter Visualization V2312 (All versions < V2312.0001). The affected applications contain an out of bounds write vulnerability when parsing a specially crafted CGM file. This could allow an attacker to execute code in the context of the current process. | ||||
| CVE-2024-33764 | 1 Sammycage | 1 Lunasvg | 2024-08-02 | 5.5 Medium |
| lunasvg v2.3.9 was discovered to contain a stack-overflow at lunasvg/source/element.h. | ||||
| CVE-2024-33180 | 2 Tenda, Tendacn | 3 Ac18, Ac18, Ac18 Firmware | 2024-08-02 | 9.8 Critical |
| Tenda AC18 V15.03.3.10_EN was discovered to contain a stack-based buffer overflow vulnerability via the deviceId parameter at ip/goform/saveParentControlInfo. | ||||
| CVE-2024-33182 | 1 Tendacn | 2 Ac18, Ac18 Firmware | 2024-08-02 | 8.3 High |
| Tenda AC18 V15.03.3.10_EN was discovered to contain a stack-based buffer overflow vulnerability via the deviceId parameter at ip/goform/addWifiMacFilter. | ||||
| CVE-2024-32855 | 2024-08-02 | 3.8 Low | ||
| Dell Client Platform BIOS contains an Out-of-bounds Write vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Information tampering. | ||||
| CVE-2024-32905 | 1 Google | 1 Android | 2024-08-02 | 9.8 Critical |
| In circ_read of link_device_memory_legacy.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2024-32909 | 1 Google | 2 Android, Pixel | 2024-08-02 | 8.1 High |
| In handle_msg of main.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2024-32760 | 2024-08-02 | 6.5 Medium | ||
| When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 encoder instructions can cause NGINX worker processes to terminate or cause or other potential impact. | ||||
| CVE-2024-32672 | 2024-08-02 | 5.3 Medium | ||
| A Segmentation Fault issue discovered in Samsung Open Source Escargot JavaScript engine allows remote attackers to cause a denial of service via crafted input. This issue affects Escargot: 4.0.0. | ||||
| CVE-2024-32639 | 1 Siemens | 1 Tecnomatix Plant Simulation | 2024-08-02 | 7.8 High |
| A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0011). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted MODEL file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-22974) | ||||
| CVE-2024-32669 | 1 Samsung Open Source | 1 Escargot | 2024-08-02 | 5.3 Medium |
| Improper Input Validation vulnerability in Samsung Open Source escargot JavaScript engine allows Overflow Buffers. However, it occurs in the test code and does not include in the release. This issue affects escargot: 4.0.0. | ||||