Total
9526 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2024-4141 | 2024-04-24 | N/A | 2.9 LOW | ||
Out-of-bounds array write in Xpdf 4.05 and earlier, triggered by an invalid character code in a Type 1 font. The root problem was a bounds check that was being optimized away by modern compilers. | |||||
CVE-2024-21979 | 2024-04-24 | N/A | 5.3 MEDIUM | ||
An out of bounds write vulnerability in the AMD Radeon™ user mode driver for DirectX® 11 could allow an attacker with access to a malformed shader to potentially achieve arbitrary code execution. | |||||
CVE-2024-21972 | 2024-04-24 | N/A | 5.3 MEDIUM | ||
An out of bounds write vulnerability in the AMD Radeon™ user mode driver for DirectX® 11 could allow an attacker with access to a malformed shader to potentially achieve arbitrary code execution. | |||||
CVE-2024-32039 | 2024-04-23 | N/A | 9.8 CRITICAL | ||
FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients using a version of FreeRDP prior to 3.5.0 or 2.11.6 are vulnerable to integer overflow and out-of-bounds write. Versions 3.5.0 and 2.11.6 patch the issue. As a workaround, do not use `/gfx` options (e.g. deactivate with `/bpp:32` or `/rfx` as it is on by default). | |||||
CVE-2023-4692 | 2 Gnu, Redhat | 2 Grub2, Enterprise Linux | 2024-04-23 | N/A | 7.8 HIGH |
An out-of-bounds write flaw was found in grub2's NTFS filesystem driver. This issue may allow an attacker to present a specially crafted NTFS filesystem image, leading to grub's heap metadata corruption. In some circumstances, the attack may also corrupt the UEFI firmware heap metadata. As a result, arbitrary code execution and secure boot protection bypass may be achieved. | |||||
CVE-2023-26597 | 1 Honeywell | 2 C300, C300 Firmware | 2024-04-22 | N/A | 7.5 HIGH |
Controller DoS due to buffer overflow in the handling of a specially crafted message received by the controller. See Honeywell Security Notification for recommendations on upgrading and versioning. See Honeywell Security Notification for recommendations on upgrading and versioning. | |||||
CVE-2023-25078 | 1 Honeywell | 4 Direct Station, Engineering Station, Experion Server and 1 more | 2024-04-22 | N/A | 7.5 HIGH |
Server or Console Station DoS due to heap overflow occurring during the handling of a specially crafted message for a specific configuration operation. See Honeywell Security Notification for recommendations on upgrading and versioning. | |||||
CVE-2023-24480 | 1 Honeywell | 2 C300, C300 Firmware | 2024-04-22 | N/A | 7.5 HIGH |
Controller DoS due to stack overflow when decoding a message from the server. See Honeywell Security Notification for recommendations on upgrading and versioning. | |||||
CVE-2023-23585 | 1 Honeywell | 4 Direct Station, Engineering Station, Experion Server and 1 more | 2024-04-22 | N/A | 7.5 HIGH |
Experion server DoS due to heap overflow occurring during the handling of a specially crafted message for a specific configuration operation. See Honeywell Security Notification for recommendations on upgrading and versioning. | |||||
CVE-2024-2961 | 2024-04-20 | N/A | N/A | ||
The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable. | |||||
CVE-2023-23456 | 2 Fedoraproject, Upx Project | 2 Fedora, Upx | 2024-04-19 | N/A | 5.5 MEDIUM |
A heap-based buffer overflow issue was discovered in UPX in PackTmt::pack() in p_tmt.cpp file. The flow allows an attacker to cause a denial of service (abort) via a crafted file. | |||||
CVE-2023-0330 | 2 Debian, Qemu | 2 Debian Linux, Qemu | 2024-04-19 | N/A | 6.0 MEDIUM |
A vulnerability in the lsi53c895a device affects the latest version of qemu. A DMA-MMIO reentrancy problem may lead to memory corruption bugs like stack overflow or use-after-free. | |||||
CVE-2023-40548 | 2 Fedoraproject, Redhat | 2 Fedora, Shim | 2024-04-18 | N/A | 7.4 HIGH |
A buffer overflow was found in Shim in the 32-bit system. The overflow happens due to an addition operation involving a user-controlled value parsed from the PE binary being used by Shim. This value is further used for memory allocation operations, leading to a heap-based buffer overflow. This flaw causes memory corruption and can lead to a crash or data integrity issues during the boot phase. | |||||
CVE-2023-40547 | 1 Redhat | 2 Enterprise Linux, Shim | 2024-04-18 | N/A | 8.3 HIGH |
A remote code execution vulnerability was found in Shim. The Shim boot support trusts attacker-controlled values when parsing an HTTP response. This flaw allows an attacker to craft a specific malicious HTTP request, leading to a completely controlled out-of-bounds write primitive and complete system compromise. This flaw is only exploitable during the early boot phase, an attacker needs to perform a Man-in-the-Middle or compromise the boot server to be able to exploit this vulnerability successfully. | |||||
CVE-2023-5406 | 2024-04-17 | N/A | 5.9 MEDIUM | ||
Server communication with a controller can lead to remote code execution using a specially crafted message from the controller. See Honeywell Security Notification for recommendations on upgrading and versioning. | |||||
CVE-2023-5405 | 2024-04-17 | N/A | 5.9 MEDIUM | ||
Server information leak for the CDA Server process memory can occur when an error is generated in response to a specially crafted message. See Honeywell Security Notification for recommendations on upgrading and versioning. | |||||
CVE-2024-3900 | 2024-04-17 | N/A | 2.9 LOW | ||
Out-of-bounds array write in Xpdf 4.05 and earlier, triggered by long Unicode sequence in ActualText. | |||||
CVE-2021-26419 | 1 Microsoft | 9 Internet Explorer, Windows 10, Windows 7 and 6 more | 2024-04-16 | 7.6 HIGH | 7.5 HIGH |
Scripting Engine Memory Corruption Vulnerability | |||||
CVE-2023-33074 | 1 Qualcomm | 120 Qam8255p, Qam8255p Firmware, Qam8295p and 117 more | 2024-04-12 | N/A | 7.8 HIGH |
Memory corruption in Audio when SSR event is triggered after music playback is stopped. | |||||
CVE-2023-33059 | 1 Qualcomm | 518 315 5g Iot Modem, 315 5g Iot Modem Firmware, 8098 and 515 more | 2024-04-12 | N/A | 7.8 HIGH |
Memory corruption in Audio while processing the VOC packet data from ADSP. |