Total
3192 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-40659 | 1 Google | 1 Android | 2024-12-17 | N/A | 5.5 MEDIUM |
| In getRegistration of RemoteProvisioningService.java, there is a possible way to permanently disable the AndroidKeyStore key generation feature by updating the attestation keys of all installed apps due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2022-48497 | 1 Huawei | 1 Emui | 2024-12-17 | N/A | 7.5 HIGH |
| Configuration defects in the secure OS module.Successful exploitation of this vulnerability will affect availability. | |||||
| CVE-2022-48490 | 1 Huawei | 1 Emui | 2024-12-17 | N/A | 7.5 HIGH |
| Configuration defects in the secure OS module.Successful exploitation of this vulnerability will affect availability. | |||||
| CVE-2024-29671 | 2024-12-17 | N/A | 9.8 CRITICAL | ||
| Buffer Overflow vulnerability in NEXTU FLATA AX1500 Router v.1.0.2 allows a remote attacker to execute arbitrary code via the POST request handler component. | |||||
| CVE-2024-52063 | 2024-12-16 | N/A | 8.6 HIGH | ||
| Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in RTI Connext Professional (Core Libraries, Routing Service) allows Overflow Variables and Tags.This issue affects Connext Professional: from 7.0.0 before 7.3.0.5, from 6.1.0 before 6.1.2.21, from 6.0.0 before 6.0.1.40, from 5.0.0 before 5.3.1.45. | |||||
| CVE-2024-49996 | 1 Linux | 1 Linux Kernel | 2024-12-14 | N/A | 7.8 HIGH |
| In the Linux kernel, the following vulnerability has been resolved: cifs: Fix buffer overflow when parsing NFS reparse points ReparseDataLength is sum of the InodeType size and DataBuffer size. So to get DataBuffer size it is needed to subtract InodeType's size from ReparseDataLength. Function cifs_strndup_from_utf16() is currentlly accessing buf->DataBuffer at position after the end of the buffer because it does not subtract InodeType size from the length. Fix this problem and correctly subtract variable len. Member InodeType is present only when reparse buffer is large enough. Check for ReparseDataLength before accessing InodeType to prevent another invalid memory access. Major and minor rdev values are present also only when reparse buffer is large enough. Check for reparse buffer size before calling reparse_mkdev(). | |||||
| CVE-2024-6343 | 1 Zyxel | 16 Atp100, Atp100w, Atp200 and 13 more | 2024-12-13 | N/A | 4.9 MEDIUM |
| A buffer overflow vulnerability in the CGI program of Zyxel ATP series firmware versions from V4.32 through V5.38, USG FLEX series firmware versions from V4.50 through V5.38, USG FLEX 50(W) series firmware versions from V4.16 through V5.38, and USG20(W)-VPN series firmware versions from V4.16 through V5.38 could allow an authenticated attacker with administrator privileges to cause denial of service (DoS) conditions by sending a crafted HTTP request to a vulnerable device. | |||||
| CVE-2024-8079 | 1 Totolink | 2 T8, T8 Firmware | 2024-12-13 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was found in TOTOLINK AC1200 T8 4.1.5cu.862_B20230228. It has been rated as critical. This issue affects the function exportOvpn. The manipulation leads to buffer overflow. The attack may be initiated remotely. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-8078 | 1 Totolink | 2 T8, T8 Firmware | 2024-12-13 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was found in TOTOLINK AC1200 T8 4.1.5cu.862_B20230228. It has been declared as critical. This vulnerability affects the function setTracerouteCfg. The manipulation leads to buffer overflow. The attack can be initiated remotely. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-8076 | 1 Totolink | 2 T8, T8 Firmware | 2024-12-13 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was found in TOTOLINK AC1200 T8 4.1.5cu.862_B20230228 and classified as critical. Affected by this issue is the function setDiagnosisCfg. The manipulation leads to buffer overflow. The attack may be launched remotely. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-52066 | 2024-12-13 | N/A | N/A | ||
| Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in RTI Connext Professional (Routing Service) allows Overflow Variables and Tags.This issue affects Connext Professional: from 7.4.0 before 7.5.0, from 7.0.0 before 7.3.0.5, from 6.1.0 before 6.1.2.21, from 6.0.0 before 6.0.1.40. | |||||
| CVE-2024-52065 | 2024-12-13 | N/A | N/A | ||
| Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in RTI Connext Professional on non-Windows (Persistence Service) allows Buffer Overflow via Environment Variables.This issue affects Connext Professional: from 7.0.0 before 7.3.0.2, from 6.1.1.2 before 6.1.2.21, from 5.3.1.40 before 5.3.1.41. | |||||
| CVE-2024-52064 | 2024-12-13 | N/A | N/A | ||
| Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in RTI Connext Professional (Core Libraries) allows Overflow Variables and Tags.This issue affects Connext Professional: from 7.0.0 before 7.3.0.2, from 6.1.0 before 6.1.2.21, from 6.0.0 before 6.0.1.40, from 5.0.0 before 5.3.1.45. | |||||
| CVE-2024-52062 | 2024-12-13 | N/A | N/A | ||
| Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in RTI Connext Professional (Core Libraries) allows Overflow Variables and Tags.This issue affects Connext Professional: from 7.0.0 before 7.3.0.5, from 6.1.0 before 6.1.2.21, from 6.0.0 before 6.0.1.40, from 5.0.0 before 5.3.1.45. | |||||
| CVE-2024-52061 | 2024-12-13 | N/A | N/A | ||
| Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in RTI Connext Professional (Core Libraries, Queuing Service, Recording Service, Routing Service) allows Overflow Variables and Tags.This issue affects Connext Professional: from 7.4.0 before 7.5.0, from 7.0.0 before 7.3.0.5, from 6.1.0 before 6.1.2.21, from 6.0.0 before 6.0.1.40, from 5.0.0 before 5.3.1.45. | |||||
| CVE-2024-52060 | 2024-12-13 | N/A | N/A | ||
| Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in RTI Connext Professional (Routing Service, Recording Service, Queuing Service, Observability Collector Service, Cloud Discovery Service) allows Buffer Overflow via Environment Variables.This issue affects Connext Professional: from 7.0.0 before 7.3.0.5, from 6.1.0 before 6.1.2.21, from 6.0.0 before 6.0.*, from 5.3.0 before 5.3.1.45. | |||||
| CVE-2024-52059 | 2024-12-13 | N/A | N/A | ||
| Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in RTI Connext Professional (Security Plugins) allows Overflow Variables and Tags.This issue affects Connext Professional: from 7.0.0 before 7.3.0.2, from 6.1.0 before 6.1.2.17. | |||||
| CVE-2024-54105 | 1 Huawei | 1 Harmonyos | 2024-12-12 | N/A | 5.1 MEDIUM |
| Read/Write vulnerability in the image decoding module Impact: Successful exploitation of this vulnerability will affect availability. | |||||
| CVE-2024-44157 | 1 Apple | 2 Apple Tv, Itunes | 2024-12-12 | N/A | 5.5 MEDIUM |
| A stack buffer overflow was addressed through improved input validation. This issue is fixed in Apple TV 1.5.0.152 for Windows, iTunes 12.13.3 for Windows. Parsing a maliciously crafted video file may lead to unexpected system termination. | |||||
| CVE-2022-29974 | 2024-12-12 | N/A | 4.3 MEDIUM | ||
| AMI (aka American Megatrends) NTFS driver 1.0.0 (fixed in late 2021 or early 2022) has a buffer overflow. This driver is, for example, used in certain ASUS devices. | |||||