Vulnerabilities (CVE)

Filtered by CWE-787
Total 9523 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-4692 2 Gnu, Redhat 2 Grub2, Enterprise Linux 2024-04-23 N/A 7.8 HIGH
An out-of-bounds write flaw was found in grub2's NTFS filesystem driver. This issue may allow an attacker to present a specially crafted NTFS filesystem image, leading to grub's heap metadata corruption. In some circumstances, the attack may also corrupt the UEFI firmware heap metadata. As a result, arbitrary code execution and secure boot protection bypass may be achieved.
CVE-2024-32039 2024-04-22 N/A 9.8 CRITICAL
FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients using a version of FreeRDP prior to 3.5.0 or 2.11.6 are vulnerable to integer overflow and out-of-bounds write. Versions 3.5.0 and 2.11.6 patch the issue. As a workaround, do not use `/gfx` options (e.g. deactivate with `/bpp:32` or `/rfx` as it is on by default).
CVE-2023-26597 1 Honeywell 2 C300, C300 Firmware 2024-04-22 N/A 7.5 HIGH
Controller DoS due to buffer overflow in the handling of a specially crafted message received by the controller. See Honeywell Security Notification for recommendations on upgrading and versioning. See Honeywell Security Notification for recommendations on upgrading and versioning.
CVE-2023-25078 1 Honeywell 4 Direct Station, Engineering Station, Experion Server and 1 more 2024-04-22 N/A 7.5 HIGH
Server or Console Station DoS due to heap overflow occurring during the handling of a specially crafted message for a specific configuration operation.  See Honeywell Security Notification for recommendations on upgrading and versioning.
CVE-2023-24480 1 Honeywell 2 C300, C300 Firmware 2024-04-22 N/A 7.5 HIGH
Controller DoS due to stack overflow when decoding a message from the server.  See Honeywell Security Notification for recommendations on upgrading and versioning.
CVE-2023-23585 1 Honeywell 4 Direct Station, Engineering Station, Experion Server and 1 more 2024-04-22 N/A 7.5 HIGH
Experion server DoS due to heap overflow occurring during the handling of a specially crafted message for a specific configuration operation.  See Honeywell Security Notification for recommendations on upgrading and versioning.
CVE-2024-2961 2024-04-20 N/A N/A
The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable.
CVE-2023-23456 2 Fedoraproject, Upx Project 2 Fedora, Upx 2024-04-19 N/A 5.5 MEDIUM
A heap-based buffer overflow issue was discovered in UPX in PackTmt::pack() in p_tmt.cpp file. The flow allows an attacker to cause a denial of service (abort) via a crafted file.
CVE-2023-0330 2 Debian, Qemu 2 Debian Linux, Qemu 2024-04-19 N/A 6.0 MEDIUM
A vulnerability in the lsi53c895a device affects the latest version of qemu. A DMA-MMIO reentrancy problem may lead to memory corruption bugs like stack overflow or use-after-free.
CVE-2023-40548 2 Fedoraproject, Redhat 2 Fedora, Shim 2024-04-18 N/A 7.4 HIGH
A buffer overflow was found in Shim in the 32-bit system. The overflow happens due to an addition operation involving a user-controlled value parsed from the PE binary being used by Shim. This value is further used for memory allocation operations, leading to a heap-based buffer overflow. This flaw causes memory corruption and can lead to a crash or data integrity issues during the boot phase.
CVE-2023-40547 1 Redhat 2 Enterprise Linux, Shim 2024-04-18 N/A 8.3 HIGH
A remote code execution vulnerability was found in Shim. The Shim boot support trusts attacker-controlled values when parsing an HTTP response. This flaw allows an attacker to craft a specific malicious HTTP request, leading to a completely controlled out-of-bounds write primitive and complete system compromise. This flaw is only exploitable during the early boot phase, an attacker needs to perform a Man-in-the-Middle or compromise the boot server to be able to exploit this vulnerability successfully.
CVE-2023-5406 2024-04-17 N/A 5.9 MEDIUM
Server communication with a controller can lead to remote code execution using a specially crafted message from the controller. See Honeywell Security Notification for recommendations on upgrading and versioning.
CVE-2023-5405 2024-04-17 N/A 5.9 MEDIUM
Server information leak for the CDA Server process memory can occur when an error is generated in response to a specially crafted message. See Honeywell Security Notification for recommendations on upgrading and versioning.
CVE-2024-3900 2024-04-17 N/A 2.9 LOW
Out-of-bounds array write in Xpdf 4.05 and earlier, triggered by long Unicode sequence in ActualText.
CVE-2021-26419 1 Microsoft 9 Internet Explorer, Windows 10, Windows 7 and 6 more 2024-04-16 7.6 HIGH 7.5 HIGH
Scripting Engine Memory Corruption Vulnerability
CVE-2023-33074 1 Qualcomm 120 Qam8255p, Qam8255p Firmware, Qam8295p and 117 more 2024-04-12 N/A 7.8 HIGH
Memory corruption in Audio when SSR event is triggered after music playback is stopped.
CVE-2023-33059 1 Qualcomm 518 315 5g Iot Modem, 315 5g Iot Modem Firmware, 8098 and 515 more 2024-04-12 N/A 7.8 HIGH
Memory corruption in Audio while processing the VOC packet data from ADSP.
CVE-2023-33055 1 Qualcomm 304 Apq5053-aa, Apq5053-aa Firmware, Aqt1000 and 301 more 2024-04-12 N/A 7.8 HIGH
Memory Corruption in Audio while invoking callback function in driver from ADSP.
CVE-2023-33045 1 Qualcomm 258 Ar8035, Ar8035 Firmware, Csr8811 and 255 more 2024-04-12 N/A 9.8 CRITICAL
Memory corruption in WLAN Firmware while parsing a NAN management frame carrying a S3 attribute.
CVE-2023-33034 1 Qualcomm 128 Apq5053-aa, Apq5053-aa Firmware, Csra6620 and 125 more 2024-04-12 N/A 7.8 HIGH
Memory corruption while parsing the ADSP response command.