Total
369 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2024-21347 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2024-04-11 | N/A | 7.5 HIGH |
Microsoft ODBC Driver Remote Code Execution Vulnerability | |||||
CVE-2024-21345 | 1 Microsoft | 1 Windows Server 2022 23h2 | 2024-04-11 | N/A | 8.8 HIGH |
Windows Kernel Elevation of Privilege Vulnerability | |||||
CVE-2024-21341 | 1 Microsoft | 9 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 6 more | 2024-04-11 | N/A | 6.8 MEDIUM |
Windows Kernel Remote Code Execution Vulnerability | |||||
CVE-2024-21337 | 1 Microsoft | 1 Edge Chromium | 2024-04-11 | N/A | 5.2 MEDIUM |
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | |||||
CVE-2024-21330 | 2024-04-11 | N/A | 7.8 HIGH | ||
Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability | |||||
CVE-2024-20697 | 1 Microsoft | 3 Windows 11 22h2, Windows 11 23h2, Windows Server 2022 23h2 | 2024-04-11 | N/A | 7.3 HIGH |
Windows Libarchive Remote Code Execution Vulnerability | |||||
CVE-2024-20696 | 1 Microsoft | 9 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 6 more | 2024-04-11 | N/A | 7.3 HIGH |
Windows Libarchive Remote Code Execution Vulnerability | |||||
CVE-2024-20677 | 1 Microsoft | 3 365 Apps, Office, Office Long Term Servicing Channel | 2024-04-11 | N/A | 7.8 HIGH |
A security vulnerability exists in FBX that could lead to remote code execution. To mitigate this vulnerability, the ability to insert FBX files has been disabled in Word, Excel, PowerPoint and Outlook for Windows and Mac. Versions of Office that had this feature enabled will no longer have access to it. This includes Office 2019, Office 2021, Office LTSC for Mac 2021, and Microsoft 365. As of February 13, 2024, the ability to insert FBX files has also been disabled in 3D Viewer. 3D models in Office documents that were previously inserted from a FBX file will continue to work as expected unless the Link to File option was chosen at insert time. This change is effective as of the January 9, 2024 security update. | |||||
CVE-2024-3207 | 2024-04-11 | 5.2 MEDIUM | 5.5 MEDIUM | ||
A vulnerability was found in ermig1979 Simd up to 6.0.134. It has been declared as critical. This vulnerability affects the function ReadUnsigned of the file src/Simd/SimdMemoryStream.h. The manipulation leads to heap-based buffer overflow. The exploit has been disclosed to the public and may be used. VDB-259054 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
CVE-2024-3205 | 2024-04-11 | 7.5 HIGH | 7.3 HIGH | ||
A vulnerability was found in yaml libyaml up to 0.2.5 and classified as critical. Affected by this issue is the function yaml_emitter_emit_flow_sequence_item of the file /src/libyaml/src/emitter.c. The manipulation leads to heap-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259052. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
CVE-2024-3204 | 2024-04-11 | 7.5 HIGH | 7.3 HIGH | ||
A vulnerability has been found in c-blosc2 up to 2.13.2 and classified as critical. Affected by this vulnerability is the function ndlz4_decompress of the file /src/c-blosc2/plugins/codecs/ndlz/ndlz4x4.c. The manipulation leads to heap-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 2.14.3 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-259051. | |||||
CVE-2024-3203 | 2024-04-11 | 7.5 HIGH | 7.3 HIGH | ||
A vulnerability, which was classified as critical, was found in c-blosc2 up to 2.13.2. Affected is the function ndlz8_decompress of the file /src/c-blosc2/plugins/codecs/ndlz/ndlz8x8.c. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 2.14.3 is able to address this issue. It is recommended to upgrade the affected component. VDB-259050 is the identifier assigned to this vulnerability. | |||||
CVE-2024-3024 | 2024-04-11 | 4.3 MEDIUM | 5.3 MEDIUM | ||
A vulnerability was found in appneta tcpreplay up to 4.4.4. It has been classified as problematic. This affects the function get_layer4_v6 of the file /tcpreplay/src/common/get.c. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The identifier VDB-258333 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
CVE-2024-2824 | 2024-04-11 | 7.5 HIGH | 6.3 MEDIUM | ||
A vulnerability was found in Matthias-Wandel jhead 3.08 and classified as critical. This issue affects the function PrintFormatNumber of the file exif.c. The manipulation leads to heap-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257711. | |||||
CVE-2023-7158 | 1 Micropython | 1 Micropython | 2024-04-11 | 7.5 HIGH | 9.8 CRITICAL |
A vulnerability was found in MicroPython up to 1.21.0. It has been classified as critical. Affected is the function slice_indices of the file objslice.c. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.22.0 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-249180. | |||||
CVE-2023-7104 | 2 Fedoraproject, Sqlite | 2 Fedora, Sqlite | 2024-04-11 | 5.2 MEDIUM | 7.3 HIGH |
A vulnerability was found in SQLite SQLite3 up to 3.43.0 and classified as critical. This issue affects the function sessionReadRecord of the file ext/session/sqlite3session.c of the component make alltest Handler. The manipulation leads to heap-based buffer overflow. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-248999. | |||||
CVE-2023-5460 | 1 Deltaww | 1 Wplsoft | 2024-04-11 | 2.7 LOW | 5.7 MEDIUM |
A vulnerability was found in Delta Electronics WPLSoft up to 2.51 and classified as problematic. This issue affects some unknown processing of the component Modbus Data Packet Handler. The manipulation leads to heap-based buffer overflow. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-241583. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
CVE-2023-1570 | 1 Tinydng Project | 1 Tinydng | 2024-04-11 | 1.7 LOW | 5.5 MEDIUM |
A vulnerability, which was classified as problematic, has been found in syoyo tinydng. Affected by this issue is the function __interceptor_memcpy of the file tiny_dng_loader.h. The manipulation leads to heap-based buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. It is recommended to apply a patch to fix this issue. VDB-223562 is the identifier assigned to this vulnerability. | |||||
CVE-2023-1448 | 1 Gpac | 1 Gpac | 2024-04-11 | 4.3 MEDIUM | 7.8 HIGH |
A vulnerability, which was classified as problematic, was found in GPAC 2.3-DEV-rev35-gbbca86917-master. This affects the function gf_m2ts_process_sdt of the file media_tools/mpegts.c. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The identifier VDB-223293 was assigned to this vulnerability. | |||||
CVE-2023-1010 | 1 Vox2png Project | 1 Vox2png | 2024-04-11 | 4.3 MEDIUM | 5.5 MEDIUM |
A vulnerability classified as critical was found in vox2png 1.0. Affected by this vulnerability is an unknown functionality of the file vox2png.c. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-221743. |