Total
10481 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-24345 | 1 Jerryscript | 1 Jerryscript | 2024-05-17 | 6.8 MEDIUM | 7.8 HIGH |
| JerryScript through 2.3.0 allows stack consumption via function a(){new new Proxy(a,{})}JSON.parse("[]",a). NOTE: the vendor states that the problem is the lack of the --stack-limit option | |||||
| CVE-2020-23904 | 1 Xiph | 1 Speex | 2024-05-17 | 4.3 MEDIUM | 5.5 MEDIUM |
| A stack buffer overflow in speexenc.c of Speex v1.2 allows attackers to cause a denial of service (DoS) via a crafted WAV file. NOTE: the vendor states "I cannot reproduce it" and it "is a demo program. | |||||
| CVE-2019-9719 | 1 Libav | 1 Libav | 2024-05-17 | 6.8 MEDIUM | 8.8 HIGH |
| A stack-based buffer overflow in the subtitle decoder in Libav 12.3 allows attackers to corrupt the stack via a crafted video file in Matroska format, because srt_to_ass in libavcodec/srtdec.c misuses snprintf. NOTE: Third parties dispute that this is a vulnerability because “no evidence of a vulnerability is provided” and only “a generic warning from a static code analysis” is provided | |||||
| CVE-2019-25042 | 2 Debian, Nlnetlabs | 2 Debian Linux, Unbound | 2024-05-17 | 7.5 HIGH | 9.8 CRITICAL |
| Unbound before 1.9.5 allows an out-of-bounds write via a compressed name in rdata_copy. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited | |||||
| CVE-2019-25035 | 2 Debian, Nlnetlabs | 2 Debian Linux, Unbound | 2024-05-17 | 7.5 HIGH | 9.8 CRITICAL |
| Unbound before 1.9.5 allows an out-of-bounds write in sldns_bget_token_par. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited | |||||
| CVE-2018-5282 | 1 Kentico | 1 Kentico Cms | 2024-05-17 | 7.2 HIGH | 7.8 HIGH |
| Kentico 9.0 through 11.0 has a stack-based buffer overflow via the SqlName, SqlPswd, Database, UserName, or Password field in a SilentInstall XML document. NOTE: the vendor disputes this issue because neither a buffer overflow nor a crash can be reproduced; also, reading XML documents is implemented exclusively with managed code within the Microsoft .NET Framework | |||||
| CVE-2018-14496 | 1 Vivotek | 2 Fd8136, Fd8136 Firmware | 2024-05-17 | 7.5 HIGH | 9.8 CRITICAL |
| Vivotek FD8136 devices allow remote memory corruption and remote code execution because of a stack-based buffer overflow, related to sprintf, vlocal_buff_4326, and set_getparam.cgi. NOTE: The vendor has disputed this as a vulnerability and states that the issue does not cause a web server crash or have any other affect on it's performance | |||||
| CVE-2018-11556 | 1 Littlecms | 1 Little Cms | 2024-05-17 | 6.8 MEDIUM | 7.8 HIGH |
| tificc in Little CMS 2.9 has an out-of-bounds write in the cmsPipelineCheckAndRetreiveStages function in cmslut.c in liblcms2.a via a crafted TIFF file. NOTE: Little CMS developers do consider this a vulnerability because the issue is based on an sample program using LIBTIFF and do not apply to the lcms2 library, lcms2 does not depends on LIBTIFF other than to build sample programs, and the issue cannot be reproduced on the lcms2 library.” | |||||
| CVE-2016-20009 | 2 Siemens, Windriver | 15 Sgt-100, Sgt-100 Firmware, Sgt-200 and 12 more | 2024-05-17 | 7.5 HIGH | 9.8 CRITICAL |
| A DNS client stack-based buffer overflow in ipdnsc_decode_name() affects Wind River VxWorks 6.5 through 7. NOTE: This vulnerability only affects products that are no longer supported by the maintainer | |||||
| CVE-2023-25952 | 2 Intel, Microsoft | 3 Arc A Graphics, Iris Xe Graphics, Windows | 2024-05-16 | N/A | 5.5 MEDIUM |
| Out-of-bounds write in some Intel(R) Arc(TM) Control software before version 1.73.5335.2 may allow an authenticated user to potentially enable denial of service via local access. | |||||
| CVE-2024-30051 | 1 Microsoft | 11 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 8 more | 2024-05-16 | N/A | 7.8 HIGH |
| Windows DWM Core Library Elevation of Privilege Vulnerability | |||||
| CVE-2024-30296 | 2024-05-16 | N/A | 7.8 HIGH | ||
| Animate versions 24.0.2, 23.0.5 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2024-30292 | 2024-05-16 | N/A | 7.8 HIGH | ||
| Adobe Framemaker versions 2020.5, 2022.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2024-30307 | 2024-05-16 | N/A | 7.8 HIGH | ||
| Substance3D - Painter versions 9.1.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2024-30274 | 2024-05-16 | N/A | 7.8 HIGH | ||
| Substance3D - Painter versions 9.1.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2024-30282 | 2024-05-16 | N/A | 7.8 HIGH | ||
| Animate versions 24.0.2, 23.0.5 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2024-4976 | 2024-05-16 | N/A | N/A | ||
| Out-of-bounds array write in Xpdf 4.05 and earlier, due to missing object type check in AcroForm field reference. | |||||
| CVE-2024-30291 | 2024-05-16 | N/A | 7.8 HIGH | ||
| Adobe Framemaker versions 2020.5, 2022.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2024-30297 | 2024-05-16 | N/A | 7.8 HIGH | ||
| Animate versions 24.0.2, 23.0.5 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2024-30290 | 2024-05-16 | N/A | 7.8 HIGH | ||
| Adobe Framemaker versions 2020.5, 2022.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||