Total
710 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2024-6352 | 2025-01-13 | N/A | 4.3 MEDIUM | ||
A malformed packet can cause a buffer overflow in the APS layer of the Ember ZNet stack and lead to an assert | |||||
CVE-2024-6350 | 2025-01-08 | N/A | 6.5 MEDIUM | ||
A malformed 802.15.4 packet causes a buffer overflow to occur leading to an assert and a denial of service. A watchdog reset clears the error condition automatically. | |||||
CVE-2022-48439 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-01-07 | N/A | 4.4 MEDIUM |
In cp_dump driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. | |||||
CVE-2024-47864 | 2024-12-23 | N/A | 5.3 MEDIUM | ||
home 5G HR02, Wi-Fi STATION SH-52B, and Wi-Fi STATION SH-54C contain a buffer overflow vulnerability in the hidden debug function. A remote unauthenticated attacker may get the web console of the product down. | |||||
CVE-2024-32664 | 1 Oisf | 1 Suricata | 2024-12-19 | N/A | 5.3 MEDIUM |
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.5 and 6.0.19, specially crafted traffic or datasets can cause a limited buffer overflow. This vulnerability is fixed in 7.0.5 and 6.0.19. Workarounds include not use rules with `base64_decode` keyword with `bytes` option with value 1, 2 or 5 and for 7.0.x, setting `app-layer.protocols.smtp.mime.body-md5` to false. | |||||
CVE-2020-6923 | 2024-12-19 | N/A | 5.7 MEDIUM | ||
The HP Linux Imaging and Printing (HPLIP) software may potentially be affected by memory buffer overflow. | |||||
CVE-2017-13308 | 1 Google | 1 Android | 2024-12-19 | N/A | 6.7 MEDIUM |
In tscpu_write_GPIO_out and mtkts_Abts_write of mtk_ts_Abts.c, there is a possible buffer overflow in an sscanf due to improper input validation. This could lead to a local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. | |||||
CVE-2018-9386 | 1 Google | 1 Android | 2024-12-19 | N/A | 6.7 MEDIUM |
In reboot_block_command of htc reboot_block driver, there is a possible stack buffer overflow due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. | |||||
CVE-2018-9403 | 1 Google | 1 Android | 2024-12-19 | N/A | 6.7 MEDIUM |
In the MTK_FLP_MSG_HAL_DIAG_REPORT_DATA_NTF handler of flp2hal_- interface.c, there is a possible stack buffer overflow due to a missing bounds check. This could lead to local escalation of privilege in a privileged process with System execution privileges needed. User interaction is not needed for exploitation. | |||||
CVE-2024-40659 | 1 Google | 1 Android | 2024-12-17 | N/A | 5.5 MEDIUM |
In getRegistration of RemoteProvisioningService.java, there is a possible way to permanently disable the AndroidKeyStore key generation feature by updating the attestation keys of all installed apps due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
CVE-2024-31670 | 2024-12-13 | N/A | 6.3 MEDIUM | ||
rizin before v0.6.3 is vulnerable to Buffer Overflow via create_cache_bins, read_cache_accel, and rz_dyldcache_new_buf functions in librz/bin/format/mach0/dyldcache.c. | |||||
CVE-2024-6343 | 1 Zyxel | 16 Atp100, Atp100w, Atp200 and 13 more | 2024-12-13 | N/A | 4.9 MEDIUM |
A buffer overflow vulnerability in the CGI program of Zyxel ATP series firmware versions from V4.32 through V5.38, USG FLEX series firmware versions from V4.50 through V5.38, USG FLEX 50(W) series firmware versions from V4.16 through V5.38, and USG20(W)-VPN series firmware versions from V4.16 through V5.38 could allow an authenticated attacker with administrator privileges to cause denial of service (DoS) conditions by sending a crafted HTTP request to a vulnerable device. | |||||
CVE-2024-54105 | 1 Huawei | 1 Harmonyos | 2024-12-12 | N/A | 5.1 MEDIUM |
Read/Write vulnerability in the image decoding module Impact: Successful exploitation of this vulnerability will affect availability. | |||||
CVE-2024-44157 | 1 Apple | 2 Apple Tv, Itunes | 2024-12-12 | N/A | 5.5 MEDIUM |
A stack buffer overflow was addressed through improved input validation. This issue is fixed in Apple TV 1.5.0.152 for Windows, iTunes 12.13.3 for Windows. Parsing a maliciously crafted video file may lead to unexpected system termination. | |||||
CVE-2022-29974 | 2024-12-12 | N/A | 4.3 MEDIUM | ||
AMI (aka American Megatrends) NTFS driver 1.0.0 (fixed in late 2021 or early 2022) has a buffer overflow. This driver is, for example, used in certain ASUS devices. | |||||
CVE-2024-46657 | 2024-12-11 | N/A | 5.5 MEDIUM | ||
Artifex Software mupdf v1.24.9 was discovered to contain a segmentation fault via the component /tools/pdfextract.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted PDF file. | |||||
CVE-2024-44160 | 1 Apple | 1 Macos | 2024-12-11 | N/A | 5.5 MEDIUM |
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.7, macOS Sonoma 14.7, macOS Sequoia 15. Processing a maliciously crafted texture may lead to unexpected app termination. | |||||
CVE-2024-12354 | 1 Razormist | 1 Phone Contact Manager System | 2024-12-10 | 4.3 MEDIUM | 5.3 MEDIUM |
A vulnerability, which was classified as critical, was found in SourceCodester Phone Contact Manager System 1.0. Affected is the function UserInterface::MenuDisplayStart of the component User Menu. The manipulation leads to buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. | |||||
CVE-2024-12343 | 1 Tp-link | 2 Vn020 F3v, Vn020 F3v Firmware | 2024-12-10 | 6.1 MEDIUM | 6.5 MEDIUM |
A vulnerability classified as critical has been found in TP-Link VN020 F3v(T) TT_V6.2.1021. Affected is an unknown function of the file /control/WANIPConnection of the component SOAP Request Handler. The manipulation of the argument NewConnectionType leads to buffer overflow. The attack needs to be done within the local network. The exploit has been disclosed to the public and may be used. | |||||
CVE-2024-40536 | 2024-12-06 | N/A | 5.3 MEDIUM | ||
Shenzhen Libituo Technology Co., Ltd LBT-T300-T400 v3.2 were discovered to contain a stack overflow via the pin_3g_code parameter in the config_3g_para function. |