Total
12418 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-40897 | 1 Gstreamer | 1 Orc | 2024-11-21 | N/A | 6.7 MEDIUM |
| Stack-based buffer overflow vulnerability exists in orcparse.c of ORC versions prior to 0.4.39. If a developer is tricked to process a specially crafted file with the affected ORC compiler, an arbitrary code may be executed on the developer's build environment. This may lead to compromise of developer machines or CI build environments. | |||||
| CVE-2024-40764 | 1 Sonicwall | 32 Nsa 2700, Nsa 3700, Nsa 4700 and 29 more | 2024-11-21 | N/A | 7.5 HIGH |
| Heap-based buffer overflow vulnerability in the SonicOS IPSec VPN allows an unauthenticated remote attacker to cause Denial of Service (DoS). | |||||
| CVE-2024-40416 | 1 Tenda | 2 Ax1806, Ax1806 Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| A vulnerability in /goform/SetVirtualServerCfg in the sub_6320C function in Tenda AX1806 1.0.0.1 firmware leads to stack-based buffer overflow. | |||||
| CVE-2024-40415 | 1 Tenda | 2 Ax1806, Ax1806 Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| A vulnerability in /goform/SetStaticRouteCfg in the sub_519F4 function in Tenda AX1806 1.0.0.1 firmware leads to stack-based buffer overflow. | |||||
| CVE-2024-40414 | 1 Tenda | 2 Ax1806, Ax1806 Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| A vulnerability in /goform/SetNetControlList in the sub_656BC function in Tenda AX1806 1.0.0.1 firmware leads to stack-based buffer overflow. | |||||
| CVE-2024-40130 | 1 Open5gs | 1 Open5gs | 2024-11-21 | N/A | 9.8 CRITICAL |
| open5gs v2.6.4 is vulnerable to Buffer Overflow. via /lib/core/abts.c. | |||||
| CVE-2024-40129 | 1 Open5gs | 1 Open5gs | 2024-11-21 | N/A | 9.8 CRITICAL |
| Open5GS v2.6.4 is vulnerable to Buffer Overflow. via /lib/pfcp/context.c. | |||||
| CVE-2024-39927 | 2024-11-21 | N/A | 8.2 HIGH | ||
| Out-of-bounds write vulnerability exists in Ricoh MFPs and printers. If a remote attacker sends a specially crafted request to the affected products, the products may be able to cause a denial-of-service (DoS) condition and/or user's data may be destroyed. | |||||
| CVE-2024-39883 | 1 Deltaww | 1 Cncsoft-g2 | 2024-11-21 | N/A | 8.8 HIGH |
| Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. If a target visits a malicious page or opens a malicious file an attacker can leverage this vulnerability to execute code in the context of the current process. | |||||
| CVE-2024-39881 | 1 Deltaww | 1 Cncsoft-g2 | 2024-11-21 | N/A | 8.8 HIGH |
| Delta Electronics CNCSoft-G2 lacks proper validation of user-supplied data, which can result in a memory corruption condition. If a target visits a malicious page or opens a malicious file an attacker can leverage this vulnerability to execute code in the context of the current process. | |||||
| CVE-2024-39880 | 1 Deltaww | 1 Cncsoft-g2 | 2024-11-21 | N/A | 7.8 HIGH |
| Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. If a target visits a malicious page or opens a malicious file an attacker can leverage this vulnerability to execute code in the context of the current process. | |||||
| CVE-2024-39840 | 2024-11-21 | N/A | 8.8 HIGH | ||
| Factorio before 1.1.101 allows a crafted server to execute arbitrary code on clients via a custom map that leverages the ability of certain Lua base module functions to execute bytecode and generate fake objects. | |||||
| CVE-2024-39430 | 2 Google, Unisoc | 10 Android, Sc7731e, Sc9832e and 7 more | 2024-11-21 | N/A | 5.1 MEDIUM |
| In faceid servive, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with no additional execution privileges needed | |||||
| CVE-2024-39429 | 2 Google, Unisoc | 10 Android, Sc7731e, Sc9832e and 7 more | 2024-11-21 | N/A | 5.1 MEDIUM |
| In faceid servive, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with no additional execution privileges needed | |||||
| CVE-2024-39428 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2024-11-21 | N/A | 6.8 MEDIUM |
| In trusty service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed | |||||
| CVE-2024-39427 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2024-11-21 | N/A | 5.1 MEDIUM |
| In trusty service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed | |||||
| CVE-2024-38533 | 2024-11-21 | N/A | 6.5 MEDIUM | ||
| ZKsync Era is a layer 2 rollup that uses zero-knowledge proofs to scale Ethereum. There is possible invalid stack access due to the addresses used to access the stack not properly being converted to cells. This issue has been patched in version 1.5.0. | |||||
| CVE-2024-38439 | 1 Netatalk | 1 Netatalk | 2024-11-21 | N/A | 9.8 CRITICAL |
| Netatalk before 3.2.1 has an off-by-one error and resultant heap-based buffer overflow because of setting ibuf[PASSWDLEN] to '\0' in FPLoginExt in login in etc/uams/uams_pam.c. 2.4.1 and 3.1.19 are also fixed versions. | |||||
| CVE-2024-38065 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2024-11-21 | N/A | 6.8 MEDIUM |
| Secure Boot Security Feature Bypass Vulnerability | |||||
| CVE-2024-38060 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2024-11-21 | N/A | 8.8 HIGH |
| Windows Imaging Component Remote Code Execution Vulnerability | |||||