Total
2219 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-30004 | 2024-05-14 | N/A | 6.8 MEDIUM | ||
| Windows Mobile Broadband Driver Remote Code Execution Vulnerability | |||||
| CVE-2024-30000 | 2024-05-14 | N/A | 6.8 MEDIUM | ||
| Windows Mobile Broadband Driver Remote Code Execution Vulnerability | |||||
| CVE-2024-30021 | 2024-05-14 | N/A | 6.8 MEDIUM | ||
| Windows Mobile Broadband Driver Remote Code Execution Vulnerability | |||||
| CVE-2024-30003 | 2024-05-14 | N/A | 6.8 MEDIUM | ||
| Windows Mobile Broadband Driver Remote Code Execution Vulnerability | |||||
| CVE-2024-29999 | 2024-05-14 | N/A | 6.8 MEDIUM | ||
| Windows Mobile Broadband Driver Remote Code Execution Vulnerability | |||||
| CVE-2024-30012 | 2024-05-14 | N/A | 6.8 MEDIUM | ||
| Windows Mobile Broadband Driver Remote Code Execution Vulnerability | |||||
| CVE-2024-30001 | 2024-05-14 | N/A | 6.8 MEDIUM | ||
| Windows Mobile Broadband Driver Remote Code Execution Vulnerability | |||||
| CVE-2024-29997 | 2024-05-14 | N/A | 6.8 MEDIUM | ||
| Windows Mobile Broadband Driver Remote Code Execution Vulnerability | |||||
| CVE-2024-32655 | 2024-05-14 | N/A | 8.1 HIGH | ||
| Npgsql is the .NET data provider for PostgreSQL. The `WriteBind()` method in `src/Npgsql/Internal/NpgsqlConnector.FrontendMessages.cs` uses `int` variables to store the message length and the sum of parameter lengths. Both variables overflow when the sum of parameter lengths becomes too large. This causes Npgsql to write a message size that is too small when constructing a Postgres protocol message to send it over the network to the database. When parsing the message, the database will only read a small number of bytes and treat any following bytes as new messages while they belong to the old message. Attackers can abuse this to inject arbitrary Postgres protocol messages into the connection, leading to the execution of arbitrary SQL statements on the application's behalf. This vulnerability is fixed in 4.0.14, 4.1.13, 5.0.18, 6.0.11, 7.0.7, and 8.0.3. | |||||
| CVE-2023-40548 | 2 Fedoraproject, Redhat | 2 Fedora, Shim | 2024-05-08 | N/A | 7.4 HIGH |
| A buffer overflow was found in Shim in the 32-bit system. The overflow happens due to an addition operation involving a user-controlled value parsed from the PE binary being used by Shim. This value is further used for memory allocation operations, leading to a heap-based buffer overflow. This flaw causes memory corruption and can lead to a crash or data integrity issues during the boot phase. | |||||
| CVE-2024-3757 | 2024-05-07 | N/A | 3.3 LOW | ||
| in OpenHarmony v4.0.0 and prior versions allow a local attacker cause service crash through integer overflow. | |||||
| CVE-2023-43530 | 2024-05-06 | N/A | 5.9 MEDIUM | ||
| Memory corruption in HLOS while checking for the storage type. | |||||
| CVE-2023-40474 | 2024-05-03 | N/A | 8.8 HIGH | ||
| GStreamer MXF File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the parsing of MXF video files. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-21660. | |||||
| CVE-2023-38103 | 2024-05-03 | N/A | 8.8 HIGH | ||
| GStreamer RealMedia File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the parsing of MDPR chunks. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-21443. | |||||
| CVE-2023-38104 | 2024-05-03 | N/A | 8.8 HIGH | ||
| GStreamer RealMedia File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the parsing of MDPR chunks. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-21444. | |||||
| CVE-2023-40475 | 2024-05-03 | N/A | 8.8 HIGH | ||
| GStreamer MXF File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the parsing of MXF video files. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-21661. | |||||
| CVE-2023-37327 | 2024-05-03 | N/A | 7.6 HIGH | ||
| GStreamer FLAC File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the parsing of FLAC audio files. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-20775. | |||||
| CVE-2023-41185 | 2024-05-03 | N/A | 8.6 HIGH | ||
| Unified Automation UaGateway Certificate Parsing Integer Overflow Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Unified Automation UaGateway. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of client certificates. When parsing the certificate length field, the process does not properly validate user-supplied data, which can result in an integer overflow. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-20353. | |||||
| CVE-2023-44443 | 2024-05-03 | N/A | 7.8 HIGH | ||
| GIMP PSP File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PSP files. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before writing to memory. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22096. | |||||
| CVE-2023-47212 | 2024-05-01 | N/A | 9.8 CRITICAL | ||
| A heap-based buffer overflow vulnerability exists in the comment functionality of stb _vorbis.c v1.22. A specially crafted .ogg file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability. | |||||