Total
2278 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-46461 | 1 Videolan | 1 Vlc Media Player | 2024-09-26 | 8 High |
| VLC media player 3.0.20 and earlier is vulnerable to denial of service through an integer overflow which could be triggered with a maliciously crafted mms stream (heap based overflow). If successful, a malicious third party could trigger either a crash of VLC or an arbitrary code execution with the target user's privileges. | ||||
| CVE-2024-6259 | 2 Zephyrproject, Zephyrproject-rtos | 2 Zephyr, Zephyr | 2024-09-25 | 7.6 High |
| BT: HCI: adv_ext_report Improper discarding in adv_ext_report | ||||
| CVE-2024-8946 | 1 Micropython | 1 Micropython | 2024-09-24 | 7.3 High |
| A vulnerability was found in MicroPython 1.23.0. It has been classified as critical. Affected is the function mp_vfs_umount of the file extmod/vfs.c of the component VFS Unmount Handler. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 29943546343c92334e8518695a11fc0e2ceea68b. It is recommended to apply a patch to fix this issue. In the VFS unmount process, the comparison between the mounted path string and the unmount requested string is based solely on the length of the unmount string, which can lead to a heap buffer overflow read. | ||||
| CVE-2024-8948 | 1 Micropython | 1 Micropython | 2024-09-23 | 7.3 High |
| A vulnerability was found in MicroPython 1.23.0. It has been rated as critical. Affected by this issue is the function mpz_as_bytes of the file py/objint.c. The manipulation leads to heap-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The patch is identified as 908ab1ceca15ee6fd0ef82ca4cba770a3ec41894. It is recommended to apply a patch to fix this issue. In micropython objint component, converting zero from int to bytes leads to heap buffer-overflow-write at mpz_as_bytes. | ||||
| CVE-2024-32763 | 1 Qnap | 2 Qts, Quts Hero | 2024-09-20 | 8.8 High |
| A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.8.2823 build 20240712 and later QuTS hero h5.1.8.2823 build 20240712 and later | ||||
| CVE-2024-45679 | 1 Assimp | 1 Assimp | 2024-09-20 | 8.4 High |
| Heap-based buffer overflow vulnerability in Assimp versions prior to 5.4.3 allows a local attacker to execute arbitrary code by importing a specially crafted file into the product. | ||||
| CVE-2024-6258 | 2 Zephyrproject, Zephyrproject-rtos | 2 Zephyr, Zephyr | 2024-09-19 | 6.8 Medium |
| BT: Missing length checks of net_buf in rfcomm_handle_data | ||||
| CVE-2024-6135 | 2 Zephyrproject, Zephyrproject-rtos | 2 Zephyr, Zephyr | 2024-09-19 | 7.6 High |
| BT:Classic: Multiple missing buf length checks | ||||
| CVE-2024-40754 | 1 Samsung Open Source | 1 Escargot | 2024-09-18 | 9.8 Critical |
| Heap-based Buffer Overflow vulnerability in Samsung Open Source Escargot JavaScript engine allows Overflow Buffers.This issue affects Escargot: 4.0.0. | ||||
| CVE-2024-43756 | 3 Adobe, Apple, Microsoft | 3 Photoshop, Macos, Windows | 2024-09-18 | 7.8 High |
| Photoshop Desktop versions 24.7.4, 25.11 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2024-39380 | 3 Adobe, Apple, Microsoft | 3 After Effects, Macos, Windows | 2024-09-13 | 7.8 High |
| After Effects versions 23.6.6, 24.5 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2024-8636 | 1 Google | 1 Chrome | 2024-09-13 | 8.8 High |
| Heap buffer overflow in Skia in Google Chrome prior to 128.0.6613.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2024-8193 | 1 Google | 1 Chrome | 2024-09-05 | 8.8 High |
| Heap buffer overflow in Skia in Google Chrome prior to 128.0.6613.113 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2024-42437 | 1 Zoom | 6 Meeting Software Development Kit, Rooms, Rooms Controller and 3 more | 2024-09-04 | 6.5 Medium |
| Buffer overflow in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct a denial of service via network access. | ||||
| CVE-2024-42436 | 1 Zoom | 6 Meeting Software Development Kit, Rooms, Rooms Controller and 3 more | 2024-09-04 | 6.5 Medium |
| Buffer overflow in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct a denial of service via network access. | ||||
| CVE-2024-39825 | 1 Zoom | 6 Rooms, Vdi Windows Meeting Client, Workplace and 3 more | 2024-09-04 | 8.5 High |
| Buffer overflow in some Zoom Workplace Apps and Rooms Clients may allow an authenticated user to conduct an escalation of privilege via network access. | ||||
| CVE-2024-42851 | 1 Aertherwide | 1 Exiftags | 2024-08-30 | 8.4 High |
| Buffer Overflow vulnerability in open source exiftags v.1.01 allows a local attacker to execute arbitrary code via the paresetag function. | ||||
| CVE-2024-7546 | 2 Ofono, Ofono Project | 2 Ofono, Ofono | 2024-08-29 | 7.8 High |
| oFono SimToolKit Heap-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to execute arbitrary code on affected installations of oFono. An attacker must first obtain the ability to execute code on the target modem in order to exploit this vulnerability. The specific flaw exists within the parsing of STK command PDUs. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-23459. | ||||
| CVE-2024-42438 | 1 Zoom | 6 Meeting Software Development Kit, Rooms, Rooms Controller and 3 more | 2024-08-29 | 6.5 Medium |
| Buffer overflow in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct a denial of service via network access. | ||||
| CVE-2024-7967 | 1 Google | 1 Chrome | 2024-08-27 | 8.8 High |
| Heap buffer overflow in Fonts in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||