Total
12209 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-39880 | 1 Deltaww | 1 Cncsoft-g2 | 2024-11-21 | 7.8 High |
| Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. If a target visits a malicious page or opens a malicious file an attacker can leverage this vulnerability to execute code in the context of the current process. | ||||
| CVE-2024-39840 | 2024-11-21 | 8.8 High | ||
| Factorio before 1.1.101 allows a crafted server to execute arbitrary code on clients via a custom map that leverages the ability of certain Lua base module functions to execute bytecode and generate fake objects. | ||||
| CVE-2024-39430 | 2 Google, Unisoc | 10 Android, Sc7731e, Sc9832e and 7 more | 2024-11-21 | 5.1 Medium |
| In faceid servive, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with no additional execution privileges needed | ||||
| CVE-2024-39429 | 2 Google, Unisoc | 10 Android, Sc7731e, Sc9832e and 7 more | 2024-11-21 | 5.1 Medium |
| In faceid servive, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with no additional execution privileges needed | ||||
| CVE-2024-39428 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2024-11-21 | 6.8 Medium |
| In trusty service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed | ||||
| CVE-2024-39427 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2024-11-21 | 5.1 Medium |
| In trusty service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed | ||||
| CVE-2024-38533 | 1 Matter-labs | 1 Era-compiler-vyper | 2024-11-21 | 6.5 Medium |
| ZKsync Era is a layer 2 rollup that uses zero-knowledge proofs to scale Ethereum. There is possible invalid stack access due to the addresses used to access the stack not properly being converted to cells. This issue has been patched in version 1.5.0. | ||||
| CVE-2024-38439 | 1 Netatalk | 1 Netatalk | 2024-11-21 | 9.8 Critical |
| Netatalk before 3.2.1 has an off-by-one error and resultant heap-based buffer overflow because of setting ibuf[PASSWDLEN] to '\0' in FPLoginExt in login in etc/uams/uams_pam.c. 2.4.1 and 3.1.19 are also fixed versions. | ||||
| CVE-2024-37676 | 1 Htop | 1 Htop | 2024-11-21 | 8.4 High |
| An issue in htop-dev htop v.2.20 allows a local attacker to cause an out-of-bounds access in the Header_populateFromSettings function. | ||||
| CVE-2024-37280 | 1 Elastic | 1 Elasticsearch | 2024-11-21 | 4.9 Medium |
| A flaw was discovered in Elasticsearch, affecting document ingestion when an index template contains a dynamic field mapping of “passthrough” type. Under certain circumstances, ingesting documents in this index would cause a StackOverflow exception to be thrown and ultimately lead to a Denial of Service. Note that passthrough fields is an experimental feature. | ||||
| CVE-2024-37185 | 1 Openatom | 1 Openharmony | 2024-11-21 | 8.2 High |
| in OpenHarmony v4.0.0 and prior versions allow a remote attacker arbitrary code execution in pre-installed apps through out-of-bounds write. | ||||
| CVE-2024-37077 | 1 Openatom | 1 Openharmony | 2024-11-21 | 8.2 High |
| in OpenHarmony v4.0.0 and prior versions allow a remote attacker arbitrary code execution in pre-installed apps through out-of-bounds write. | ||||
| CVE-2024-37036 | 1 Schneider-electric | 7 Sage 1410, Sage 1430, Sage 1450 and 4 more | 2024-11-21 | 9.8 Critical |
| CWE-787: Out-of-bounds Write vulnerability exists that could result in an authentication bypass when sending a malformed POST request and particular configuration parameters are set. | ||||
| CVE-2024-37022 | 1 Fujielectric | 1 Tellus Lite V-simulator | 2024-11-21 | 7.8 High |
| Fuji Electric Tellus Lite V-Simulator is vulnerable to an out-of-bounds write, which could allow an attacker to manipulate memory, resulting in execution of arbitrary code. | ||||
| CVE-2024-36501 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | 5.6 Medium |
| Memory management vulnerability in the boottime module Impact: Successful exploitation of this vulnerability can affect integrity. | ||||
| CVE-2024-36260 | 1 Openatom | 1 Openharmony | 2024-11-21 | 8.2 High |
| in OpenHarmony v4.0.0 and prior versions allow a remote attacker arbitrary code execution in pre-installed apps through out-of-bounds write. | ||||
| CVE-2024-36243 | 1 Openatom | 1 Openharmony | 2024-11-21 | 8.2 High |
| in OpenHarmony v4.0.0 and prior versions allow a remote attacker arbitrary code execution in pre-installed apps through out-of-bounds read and write. | ||||
| CVE-2024-36114 | 2024-11-21 | 8.6 High | ||
| Aircompressor is a library with ports of the Snappy, LZO, LZ4, and Zstandard compression algorithms to Java. All decompressor implementations of Aircompressor (LZ4, LZO, Snappy, Zstandard) can crash the JVM for certain input, and in some cases also leak the content of other memory of the Java process (which could contain sensitive information). When decompressing certain data, the decompressors try to access memory outside the bounds of the given byte arrays or byte buffers. Because Aircompressor uses the JDK class `sun.misc.Unsafe` to speed up memory access, no additional bounds checks are performed and this has similar security consequences as out-of-bounds access in C or C++, namely it can lead to non-deterministic behavior or crash the JVM. Users should update to Aircompressor 0.27 or newer where these issues have been fixed. When decompressing data from untrusted users, this can be exploited for a denial-of-service attack by crashing the JVM, or to leak other sensitive information from the Java process. There are no known workarounds for this issue. | ||||
| CVE-2024-34364 | 1 Envoyproxy | 1 Envoy | 2024-11-21 | 5.7 Medium |
| Envoy is a cloud-native, open source edge and service proxy. Envoy exposed an out-of-memory (OOM) vector from the mirror response, since async HTTP client will buffer the response with an unbounded buffer. | ||||
| CVE-2024-34115 | 1 Adobe | 1 Substance 3d Stager | 2024-11-21 | 7.8 High |
| Substance3D - Stager versions 2.1.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||