Total
1274 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-39480 | 1 Linux | 1 Linux Kernel | 2024-11-21 | N/A | 7.8 HIGH |
| In the Linux kernel, the following vulnerability has been resolved: kdb: Fix buffer overflow during tab-complete Currently, when the user attempts symbol completion with the Tab key, kdb will use strncpy() to insert the completed symbol into the command buffer. Unfortunately it passes the size of the source buffer rather than the destination to strncpy() with predictably horrible results. Most obviously if the command buffer is already full but cp, the cursor position, is in the middle of the buffer, then we will write past the end of the supplied buffer. Fix this by replacing the dubious strncpy() calls with memmove()/memcpy() calls plus explicit boundary checks to make sure we have enough space before we start moving characters around. | |||||
| CVE-2024-38509 | 2024-11-21 | N/A | 7.2 HIGH | ||
| A privilege escalation vulnerability was discovered in XCC that could allow an authenticated XCC user with elevated privileges to execute arbitrary code via a specially crafted IPMI command. | |||||
| CVE-2024-38443 | 2024-11-21 | N/A | 6.2 MEDIUM | ||
| C/sorting/binary_insertion_sort.c in The Algorithms - C through e5dad3f has a segmentation fault for deep recursion, which may affect common use cases such as sorting an array of 50 elements. | |||||
| CVE-2024-37997 | 2024-11-21 | N/A | 7.8 HIGH | ||
| A vulnerability has been identified in JT Open (All versions < V11.5), JT2Go (All versions < V2406.0003), PLM XML SDK (All versions < V7.1.0.014), Teamcenter Visualization V14.2 (All versions < V14.2.0.13), Teamcenter Visualization V14.3 (All versions < V14.3.0.11), Teamcenter Visualization V2312 (All versions < V2312.0008), Teamcenter Visualization V2406 (All versions < V2406.0003). The affected applications contain a stack based overflow vulnerability while parsing specially crafted XML files. This could allow an attacker to execute code in the context of the current process. | |||||
| CVE-2024-37984 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2024-11-21 | N/A | 8.4 HIGH |
| Secure Boot Security Feature Bypass Vulnerability | |||||
| CVE-2024-37978 | 1 Microsoft | 3 Windows 11 22h2, Windows 11 23h2, Windows Server 2022 23h2 | 2024-11-21 | N/A | 8.0 HIGH |
| Secure Boot Security Feature Bypass Vulnerability | |||||
| CVE-2024-37972 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2024-11-21 | N/A | 8.0 HIGH |
| Secure Boot Security Feature Bypass Vulnerability | |||||
| CVE-2024-37971 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2024-11-21 | N/A | 8.0 HIGH |
| Secure Boot Security Feature Bypass Vulnerability | |||||
| CVE-2024-37970 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2024-11-21 | N/A | 8.0 HIGH |
| Secure Boot Security Feature Bypass Vulnerability | |||||
| CVE-2024-37645 | 2024-11-21 | N/A | 8.8 HIGH | ||
| TRENDnet TEW-814DAP v1_(FW1.01B01) was discovered to contain a stack overflow vulnerability via the submit-url parameter at /formSysLog . | |||||
| CVE-2024-37643 | 2024-11-21 | N/A | 8.8 HIGH | ||
| TRENDnet TEW-814DAP v1_(FW1.01B01) was discovered to contain a stack overflow vulnerability via the submit-url parameter at /formPasswordAuth . | |||||
| CVE-2024-37641 | 2024-11-21 | N/A | 8.8 HIGH | ||
| TRENDnet TEW-814DAP v1_(FW1.01B01) was discovered to contain a stack overflow via the submit-url parameter at /formNewSchedule | |||||
| CVE-2024-37635 | 1 Totolink | 2 A3700r, A3700r Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stack overflow via ssid in the function setWiFiBasicCfg | |||||
| CVE-2024-37029 | 1 Fujielectric | 1 Tellus Lite V-simulator | 2024-11-21 | N/A | 7.8 HIGH |
| Fuji Electric Tellus Lite V-Simulator is vulnerable to a stack-based buffer overflow, which could allow an attacker to execute arbitrary code. | |||||
| CVE-2024-36600 | 2024-11-21 | N/A | 8.4 HIGH | ||
| Buffer Overflow Vulnerability in libcdio v2.1.0 allows an attacker to execute arbitrary code via a crafted ISO 9660 image file. | |||||
| CVE-2024-36435 | 2024-11-21 | N/A | 9.8 CRITICAL | ||
| An issue was discovered on Supermicro BMC firmware in select X11, X12, H12, B12, X13, H13, and B13 motherboards (and CMM6 modules). An unauthenticated user can post crafted data to the interface that triggers a stack buffer overflow, and may lead to arbitrary remote code execution on a BMC. | |||||
| CVE-2024-35388 | 2024-11-21 | N/A | 8.8 HIGH | ||
| TOTOLINK NR1800X v9.1.0u.6681_B20230703 was discovered to contain a stack overflow via the password parameter in the function urldecode | |||||
| CVE-2024-35333 | 2024-11-21 | N/A | 8.4 HIGH | ||
| A stack-buffer-overflow vulnerability exists in the read_charset_decl function of html2xhtml 1.3. This vulnerability occurs due to improper bounds checking when copying data into a fixed-size stack buffer. An attacker can exploit this vulnerability by providing a specially crafted input to the vulnerable function, causing a buffer overflow and potentially leading to arbitrary code execution, denial of service, or data corruption. | |||||
| CVE-2024-34773 | 2024-11-21 | N/A | 7.8 HIGH | ||
| A vulnerability has been identified in Solid Edge (All versions < V224.0 Update 2). The affected applications contain a stack overflow vulnerability while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process. | |||||
| CVE-2024-34171 | 2024-11-21 | N/A | 7.8 HIGH | ||
| Fuji Electric Monitouch V-SFT is vulnerable to a stack-based buffer overflow, which could allow an attacker to execute arbitrary code. | |||||