Total
12209 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-22009 | 2024-11-21 | 7.1 High | ||
| In init_data of , there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2024-22005 | 2024-11-21 | 8.4 High | ||
| there is a possible Authentication Bypass due to improperly used crypto. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2024-21979 | 2024-11-21 | 5.3 Medium | ||
| An out of bounds write vulnerability in the AMD Radeon™ user mode driver for DirectX® 11 could allow an attacker with access to a malformed shader to potentially achieve arbitrary code execution. | ||||
| CVE-2024-21972 | 2024-11-21 | 5.3 Medium | ||
| An out of bounds write vulnerability in the AMD Radeon™ user mode driver for DirectX® 11 could allow an attacker with access to a malformed shader to potentially achieve arbitrary code execution. | ||||
| CVE-2024-21894 | 1 Ivanti | 2 Connect Secure, Policy Secure | 2024-11-21 | 9.8 Critical |
| A heap overflow vulnerability in IPSec component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure allows an unauthenticated malicious user to send specially crafted requests in-order-to crash the service thereby causing a DoS attack. In certain conditions this may lead to execution of arbitrary code | ||||
| CVE-2024-21780 | 1 Kddi | 2 Home Spot Cube 2, Home Spot Cube 2 Firmware | 2024-11-21 | 7.5 High |
| Stack-based buffer overflow vulnerability exists in HOME SPOT CUBE2 V102 and earlier. Processing a specially crafted command may result in a denial of service (DoS) condition. Note that the affected products are no longer supported. | ||||
| CVE-2024-21778 | 2 Level1, Realtek | 3 Wbr-6013, Wbr-6013 Firmware, Rtl819x Jungle Software Development Kit | 2024-11-21 | 7.2 High |
| A heap-based buffer overflow vulnerability exists in the configuration file mib_init_value_array functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted .dat file can lead to arbitrary code execution. An attacker can upload a malicious file to trigger this vulnerability. | ||||
| CVE-2024-21596 | 1 Juniper | 2 Junos, Junos Os Evolved | 2024-11-21 | 5.3 Medium |
| A Heap-based Buffer Overflow vulnerability in the Routing Protocol Daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network based attacker to cause a Denial of Service (DoS). If an attacker sends a specific BGP UPDATE message to the device, this will cause a memory overwrite and therefore an RPD crash and restart in the backup Routing Engine (RE). Continued receipt of these packets will cause a sustained Denial of Service (DoS) condition in the backup RE. The primary RE is not impacted by this issue and there is no impact on traffic. This issue only affects devices with NSR enabled. Note: NSR is not supported on the SRX Series and is therefore not affected by this vulnerability. This issue requires an attacker to have an established BGP session to a system affected by the issue. This issue affects both eBGP and iBGP implementations. This issue affects: Juniper Networks Junos OS * All versions earlier than 20.4R3-S9; * 21.2 versions earlier than 21.2R3-S7; * 21.3 versions earlier than 21.3R3-S5; * 21.4 versions earlier than 21.4R3-S5; * 22.1 versions earlier than 22.1R3-S4; * 22.2 versions earlier than 22.2R3-S2; * 22.3 versions earlier than 22.3R3-S1; * 22.4 versions earlier than 22.4R2-S2, 22.4R3; * 23.1 versions earlier than 23.1R2; * 23.2 versions earlier than 23.2R1-S2, 23.2R2. Juniper Networks Junos OS Evolved * All versions earlier than 21.3R3-S5-EVO; * 21.4-EVO versions earlier than 21.4R3-S5-EVO; * 22.1-EVO versions earlier than 22.1R3-S4-EVO; * 22.2-EVO versions earlier than 22.2R3-S2-EVO; * 22.3-EVO versions later than 22.3R1-EVO; * 22.4-EVO versions earlier than 22.4R2-S2-EVO, 22.4R3-EVO; * 23.1-EVO versions earlier than 23.1R2-EVO; * 23.2-EVO versions earlier than 23.2R1-S2-EVO, 23.2R2-EVO. | ||||
| CVE-2024-21594 | 1 Juniper | 1 Junos | 2024-11-21 | 5.5 Medium |
| A Heap-based Buffer Overflow vulnerability in the Network Services Daemon (NSD) of Juniper Networks Junos OS allows authenticated, low privileged, local attacker to cause a Denial of Service (DoS). On an SRX 5000 Series device, when executing a specific command repeatedly, memory is corrupted, which leads to a Flow Processing Daemon (flowd) crash. The NSD process has to be restarted to restore services. If this issue occurs, it can be checked with the following command: user@host> request security policies check The following log message can also be observed: Error: policies are out of sync for PFE node<number>.fpc<number>.pic<number>. This issue affects: Juniper Networks Junos OS on SRX 5000 Series * All versions earlier than 20.4R3-S6; * 21.1 versions earlier than 21.1R3-S5; * 21.2 versions earlier than 21.2R3-S4; * 21.3 versions earlier than 21.3R3-S3; * 21.4 versions earlier than 21.4R3-S3; * 22.1 versions earlier than 22.1R3-S1; * 22.2 versions earlier than 22.2R3; * 22.3 versions earlier than 22.3R2. | ||||
| CVE-2024-21591 | 1 Juniper | 1 Junos | 2024-11-21 | 9.8 Critical |
| An Out-of-bounds Write vulnerability in J-Web of Juniper Networks Junos OS on SRX Series and EX Series allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS), or Remote Code Execution (RCE) and obtain root privileges on the device. This issue is caused by use of an insecure function allowing an attacker to overwrite arbitrary memory. This issue affects Juniper Networks Junos OS SRX Series and EX Series: * Junos OS versions earlier than 20.4R3-S9; * Junos OS 21.2 versions earlier than 21.2R3-S7; * Junos OS 21.3 versions earlier than 21.3R3-S5; * Junos OS 21.4 versions earlier than 21.4R3-S5; * Junos OS 22.1 versions earlier than 22.1R3-S4; * Junos OS 22.2 versions earlier than 22.2R3-S3; * Junos OS 22.3 versions earlier than 22.3R3-S2; * Junos OS 22.4 versions earlier than 22.4R2-S2, 22.4R3. | ||||
| CVE-2024-21469 | 1 Qualcomm | 450 9205 Lte Modem, 9205 Lte Modem Firmware, Aqt1000 and 447 more | 2024-11-21 | 7.3 High |
| Memory corruption when an invoke call and a TEE call are bound for the same trusted application. | ||||
| CVE-2024-20901 | 1 Samsung | 1 Android | 2024-11-21 | 5.9 Medium |
| Improper input validation in copying data to buffer cache in libsaped prior to SMR Jul-2024 Release 1 allows local attackers to write out-of-bounds memory. | ||||
| CVE-2024-20893 | 1 Samsung | 1 Android | 2024-11-21 | 6.1 Medium |
| Improper input validation in libmediaextractorservice.so prior to SMR Jul-2024 Release 1 allows local attackers to trigger memory corruption. | ||||
| CVE-2024-20819 | 1 Samsung | 1 Android | 2024-11-21 | 6.6 Medium |
| Out-of-bounds Write vulnerabilities in svc1td_vld_plh_ap of libsthmbc.so prior to SMR Feb-2024 Release 1 allows local attackers to trigger buffer overflow. | ||||
| CVE-2024-20818 | 1 Samsung | 1 Android | 2024-11-21 | 6.6 Medium |
| Out-of-bounds Write vulnerabilities in svc1td_vld_elh of libsthmbc.so prior to SMR Feb-2024 Release 1 allows local attackers to trigger buffer overflow. | ||||
| CVE-2024-20817 | 1 Samsung | 1 Android | 2024-11-21 | 6.6 Medium |
| Out-of-bounds Write vulnerabilities in svc1td_vld_slh of libsthmbc.so prior to SMR Feb-2024 Release 1 allows local attackers to trigger buffer overflow. | ||||
| CVE-2024-20813 | 1 Samsung | 1 Android | 2024-11-21 | 8.4 High |
| Out-of-bounds Write in padmd_vld_qtbl of libpadm.so prior to SMR Feb-2024 Release 1 allows local attacker to execute arbitrary code. | ||||
| CVE-2024-20812 | 1 Samsung | 1 Android | 2024-11-21 | 8.4 High |
| Out-of-bounds Write in padmd_vld_htbl of libpadm.so prior to SMR Feb-2024 Release 1 allows local attacker to execute arbitrary code. | ||||
| CVE-2024-20785 | 3 Adobe, Apple, Microsoft | 3 Indesign, Macos, Windows | 2024-11-21 | 7.8 High |
| InDesign Desktop versions ID19.3, ID18.5.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2024-20783 | 3 Adobe, Apple, Microsoft | 3 Indesign, Macos, Windows | 2024-11-21 | 7.8 High |
| InDesign Desktop versions ID19.3, ID18.5.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||