Total
10481 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-6102 | 1 Google | 1 Chrome | 2024-07-03 | N/A | 8.8 HIGH |
| Out of bounds memory access in Dawn in Google Chrome prior to 126.0.6478.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2024-5844 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2024-07-03 | N/A | 8.8 HIGH |
| Heap buffer overflow in Tab Strip in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium) | |||||
| CVE-2024-5835 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2024-07-03 | N/A | 8.8 HIGH |
| Heap buffer overflow in Tab Groups in Google Chrome prior to 126.0.6478.54 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2024-5499 | 2024-07-03 | N/A | 8.8 HIGH | ||
| Out of bounds write in Streams API in Google Chrome prior to 125.0.6422.141 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2024-4761 | 1 Google | 1 Chrome | 2024-07-03 | N/A | 8.8 HIGH |
| Out of bounds write in V8 in Google Chrome prior to 124.0.6367.207 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2024-39840 | 2024-07-03 | N/A | 8.8 HIGH | ||
| Factorio before 1.1.101 allows a crafted server to execute arbitrary code on clients via a custom map that leverages the ability of certain Lua base module functions to execute bytecode and generate fake objects. | |||||
| CVE-2024-36999 | 2024-07-03 | N/A | 7.0 HIGH | ||
| A maliciously crafted 3DM file, when parsed in opennurbs.dll through Autodesk applications, can force an Out-of-Bounds Write. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process. | |||||
| CVE-2024-29740 | 2024-07-03 | N/A | 7.4 HIGH | ||
| In tmu_set_table of tmu.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2024-29218 | 2024-07-03 | N/A | 8.8 HIGH | ||
| Out-of-bounds write vulnerability exists in KV STUDIO Ver.11.64 and earlier and KV REPLAY VIEWER Ver.2.64 and earlier, which may lead to information disclosure or arbitrary code execution by having a user of the affected product open a specially crafted file. | |||||
| CVE-2024-27831 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2024-07-03 | N/A | 7.8 HIGH |
| An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in macOS Ventura 13.6.7, macOS Monterey 12.7.5, iOS 16.7.8 and iPadOS 16.7.8, tvOS 17.5, visionOS 1.2, iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5. Processing a file may lead to unexpected app termination or arbitrary code execution. | |||||
| CVE-2024-27815 | 1 Apple | 6 Ipados, Iphone Os, Macos and 3 more | 2024-07-03 | N/A | 7.8 HIGH |
| An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in tvOS 17.5, visionOS 1.2, iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. An app may be able to execute arbitrary code with kernel privileges. | |||||
| CVE-2024-27374 | 1 Samsung | 10 Exynos 1280, Exynos 1280 Firmware, Exynos 1330 and 7 more | 2024-07-03 | N/A | 7.8 HIGH |
| An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos 850, Exynos 1280, Exynos 1380, and Exynos 1330. In the function slsi_nan_publish_get_nl_params(), there is no input validation check on hal_req->service_specific_info_len coming from userspace, which can lead to a heap overwrite. | |||||
| CVE-2024-27050 | 2024-07-03 | N/A | 5.5 MEDIUM | ||
| In the Linux kernel, the following vulnerability has been resolved: libbpf: Use OPTS_SET() macro in bpf_xdp_query() When the feature_flags and xdp_zc_max_segs fields were added to the libbpf bpf_xdp_query_opts, the code writing them did not use the OPTS_SET() macro. This causes libbpf to write to those fields unconditionally, which means that programs compiled against an older version of libbpf (with a smaller size of the bpf_xdp_query_opts struct) will have its stack corrupted by libbpf writing out of bounds. The patch adding the feature_flags field has an early bail out if the feature_flags field is not part of the opts struct (via the OPTS_HAS) macro, but the patch adding xdp_zc_max_segs does not. For consistency, this fix just changes the assignments to both fields to use the OPTS_SET() macro. | |||||
| CVE-2024-25423 | 2024-07-03 | N/A | 7.0 HIGH | ||
| An issue in MAXON CINEMA 4D R2024.2.0 allows a local attacker to execute arbitrary code via a crafted c4d_base.xdl64 file. | |||||
| CVE-2024-23225 | 1 Apple | 6 Ipad Os, Iphone Os, Macos and 3 more | 2024-07-03 | N/A | 7.8 HIGH |
| A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 16.7.6 and iPadOS 16.7.6, iOS 17.4 and iPadOS 17.4. An attacker with arbitrary kernel read and write capability may be able to bypass kernel memory protections. Apple is aware of a report that this issue may have been exploited. | |||||
| CVE-2024-23150 | 2024-07-03 | N/A | 8.8 HIGH | ||
| A maliciously crafted PRT file, when parsed in odxug_dll.dll through Autodesk applications, can force an Out-of-Bounds Write. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process. | |||||
| CVE-2024-23146 | 2024-07-03 | N/A | 8.8 HIGH | ||
| A maliciously crafted X_B and X_T file, when parsed in pskernel.DLL through Autodesk applications, can force an Out-of-Bound Write. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process. | |||||
| CVE-2024-23144 | 2024-07-03 | N/A | 8.8 HIGH | ||
| A maliciously crafted CATPART file, when parsed in CC5Dll.dll and ASMBASE228A.dll through Autodesk applications, can force an Out-of-Bound Write. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process. | |||||
| CVE-2024-23143 | 2024-07-03 | N/A | 8.8 HIGH | ||
| A maliciously crafted 3DM, MODEL and X_B file, when parsed in ASMkern229A.dll and ASMBASE229A.dll through Autodesk applications, can force an Out-of-Bound Read and/or Out-of-Bound Write. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process. | |||||
| CVE-2024-22053 | 1 Ivanti | 2 Connect Secure, Policy Secure | 2024-07-03 | N/A | 8.2 HIGH |
| A heap overflow vulnerability in IPSec component of Ivanti Connect Secure (9.x 22.x) and Ivanti Policy Secure allows an unauthenticated malicious user to send specially crafted requests in-order-to crash the service thereby causing a DoS attack or in certain conditions read contents from memory. | |||||