Total
2385 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-6563 | 1 Rensas | 1 Arm-trusted-firmware | 2024-07-09 | N/A | 6.7 MEDIUM |
| Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in Renesas arm-trusted-firmware allows Local Execution of Code. This vulnerability is associated with program files https://github.Com/renesas-rcar/arm-trusted-firmware/blob/rcar_gen3_v2.5/drivers/renesas/common/io/i... https://github.Com/renesas-rcar/arm-trusted-firmware/blob/rcar_gen3_v2.5/drivers/renesas/common/io/io_rcar.C . In line 313 "addr_loaded_cnt" is checked not to be "CHECK_IMAGE_AREA_CNT" (5) or larger, this check does not halt the function. Immediately after (line 317) there will be an overflow in the buffer and the value of "dst" will be written to the area immediately after the buffer, which is "addr_loaded_cnt". This will allow an attacker to freely control the value of "addr_loaded_cnt" and thus control the destination of the write immediately after (line 318). The write in line 318 will then be fully controlled by said attacker, with whichever address and whichever value ("len") they desire. | |||||
| CVE-2024-6564 | 1 Rensas | 1 Arm-trusted-firmware | 2024-07-09 | N/A | 6.7 MEDIUM |
| Buffer overflow in "rcar_dev_init" due to using due to using untrusted data (rcar_image_number) as a loop counter before verifying it against RCAR_MAX_BL3X_IMAGE. This could lead to a full bypass of secure boot. | |||||
| CVE-2023-50821 | 2024-07-09 | N/A | 6.2 MEDIUM | ||
| A vulnerability has been identified in SIMATIC PCS 7 V9.1 (All versions < V9.1 SP2 UC04), SIMATIC WinCC Runtime Professional V17 (All versions), SIMATIC WinCC Runtime Professional V18 (All versions < V18 Update 4), SIMATIC WinCC Runtime Professional V19 (All versions < V19 Update 1), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 16), SIMATIC WinCC V8.0 (All versions < V8.0 Update 5). The affected products do not properly validate the input provided in the login dialog box. An attacker could leverage this vulnerability to cause a persistent denial of service condition. | |||||
| CVE-2024-39480 | 1 Linux | 1 Linux Kernel | 2024-07-08 | N/A | 7.8 HIGH |
| In the Linux kernel, the following vulnerability has been resolved: kdb: Fix buffer overflow during tab-complete Currently, when the user attempts symbol completion with the Tab key, kdb will use strncpy() to insert the completed symbol into the command buffer. Unfortunately it passes the size of the source buffer rather than the destination to strncpy() with predictably horrible results. Most obviously if the command buffer is already full but cp, the cursor position, is in the middle of the buffer, then we will write past the end of the supplied buffer. Fix this by replacing the dubious strncpy() calls with memmove()/memcpy() calls plus explicit boundary checks to make sure we have enough space before we start moving characters around. | |||||
| CVE-2024-1755 | 2024-07-08 | N/A | 8.8 HIGH | ||
| The NPS computy WordPress plugin through 2.7.5 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks | |||||
| CVE-2024-39134 | 2024-07-03 | N/A | 7.5 HIGH | ||
| A Stack Buffer Overflow vulnerability in zziplibv 0.13.77 allows attackers to cause a denial of service via the __zzip_fetch_disk_trailer() function at /zzip/zip.c. | |||||
| CVE-2024-38541 | 2024-07-03 | N/A | 9.8 CRITICAL | ||
| In the Linux kernel, the following vulnerability has been resolved: of: module: add buffer overflow check in of_modalias() In of_modalias(), if the buffer happens to be too small even for the 1st snprintf() call, the len parameter will become negative and str parameter (if not NULL initially) will point beyond the buffer's end. Add the buffer overflow check after the 1st snprintf() call and fix such check after the strlen() call (accounting for the terminating NUL char). | |||||
| CVE-2024-38441 | 2024-07-03 | N/A | 9.8 CRITICAL | ||
| Netatalk before 3.2.1 has an off-by-one error and resultant heap-based buffer overflow because of setting ibuf[len] to '\0' in FPMapName in afp_mapname in etc/afpd/directory.c. 2.4.1 and 3.1.19 are also fixed versions. | |||||
| CVE-2024-37637 | 2024-07-03 | N/A | 9.8 CRITICAL | ||
| TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stack overflow via ssid5g in the function setWizardCfg. | |||||
| CVE-2024-37017 | 2024-07-03 | N/A | 8.1 HIGH | ||
| asdcplib (aka AS-DCP Lib) 2.13.1 has a heap-based buffer over-read in ASDCP::TimedText::MXFReader::h__Reader::MD_to_TimedText_TDesc in AS_DCP_TimedText.cpp in libasdcp.so. | |||||
| CVE-2024-36760 | 2024-07-03 | N/A | 7.5 HIGH | ||
| A stack overflow vulnerability was found in version 1.18.0 of rhai. The flaw position is: (/ SRC/rhai/SRC/eval/STMT. Rs in rhai: : eval: : STMT: : _ $LT $impl $u20 $rhai.. engine.. Engine$GT$::eval_stmt::h3f1d68ce37fc6e96). Due to the stack overflow is a recursive call/SRC/rhai/SRC/eval/STMT. Rs file eval_stmt_block function. | |||||
| CVE-2024-36650 | 2024-07-03 | N/A | 7.5 HIGH | ||
| TOTOLINK AC1200 Wireless Dual Band Gigabit Router firmware A3100R V4.1.2cu.5247_B20211129, in the cgi function `setNoticeCfg` of the file `/lib/cste_modules/system.so`, the length of the user input string `NoticeUrl` is not checked. This can lead to a buffer overflow, allowing attackers to construct malicious HTTP or MQTT requests to cause a denial-of-service attack. | |||||
| CVE-2024-35571 | 2024-07-03 | N/A | 9.8 CRITICAL | ||
| Tenda AX1806 v1.0.0.1 contains a stack overflow via the iptv.stb.mode parameter in the function formSetIptv. | |||||
| CVE-2024-35398 | 2024-07-03 | N/A | 9.8 CRITICAL | ||
| TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a stack overflow via the desc parameter in the function setMacFilterRules. | |||||
| CVE-2024-34945 | 2024-07-03 | N/A | 9.8 CRITICAL | ||
| Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based buffer overflow vulnerability via the PPW parameter at ip/goform/WizardHandle. | |||||
| CVE-2024-34244 | 2024-07-03 | N/A | 7.5 HIGH | ||
| libmodbus v3.1.10 is vulnerable to Buffer Overflow via the modbus_write_bits function. This issue can be triggered when the function is fed with specially crafted input, which leads to out-of-bounds read and can potentially cause a crash or other unintended behaviors. | |||||
| CVE-2024-33874 | 2024-07-03 | N/A | 9.8 CRITICAL | ||
| HDF5 Library through 1.14.3 has a heap buffer overflow in H5O__mtime_new_encode in H5Omtime.c. | |||||
| CVE-2024-33820 | 2024-07-03 | N/A | 7.5 HIGH | ||
| Totolink AC1200 Wireless Dual Band Gigabit Router A3002R_V4 Firmware V4.0.0-B20230531.1404 is vulnerable to Buffer Overflow via the formWlEncrypt function of the boa server. Specifically, they exploit the length of the wlan_ssid field triggers the overflow. | |||||
| CVE-2024-33783 | 2024-07-03 | N/A | 6.5 MEDIUM | ||
| MP-SPDZ v0.3.8 was discovered to contain a segmentation violation via the function osuCrypto::SilentMultiPprfReceiver::expand in /Tools/SilentPprf.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted message. | |||||
| CVE-2024-33780 | 2024-07-03 | N/A | 6.5 MEDIUM | ||
| MP-SPDZ v0.3.8 was discovered to contain a segmentation violation via the function osuCrypto::copyOut at /Tools/SilentPprf.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted message. | |||||