Total
3282 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-48426 | 1 Assimp | 1 Assimp | 2024-10-29 | 6.2 Medium |
| A segmentation fault (SEGV) was detected in the SortByPTypeProcess::Execute function in the Assimp library during fuzz testing with AddressSanitizer. The crash occurred due to a read access to an invalid memory address (0x1000c9714971). | ||||
| CVE-2024-48425 | 1 Assimp | 1 Assimp | 2024-10-28 | 5.5 Medium |
| A segmentation fault (SEGV) was detected in the Assimp::SplitLargeMeshesProcess_Triangle::UpdateNode function within the Assimp library during fuzz testing using AddressSanitizer. The crash occurs due to a read access violation at address 0x000000000460, which points to the zero page, indicating a null or invalid pointer dereference. | ||||
| CVE-2024-48424 | 1 Assimp | 1 Assimp | 2024-10-28 | 5.5 Medium |
| A heap-buffer-overflow vulnerability has been identified in the OpenDDLParser::parseStructure function within the Assimp library, specifically during the processing of OpenGEX files. | ||||
| CVE-2024-46478 | 1 Htmldoc Project | 1 Htmldoc | 2024-10-25 | 9.8 Critical |
| HTMLDOC v1.9.18 contains a buffer overflow in parse_pre function,ps-pdf.cxx:5681. | ||||
| CVE-2024-44331 | 1 Gstreamer Project | 1 Gst-rtsp-server | 2024-10-23 | 7.5 High |
| Incorrect Access Control in GStreamer RTSP server 1.25.0 in gst-rtsp-server/rtsp-media.c allows remote attackers to cause a denial of service via a series of specially crafted hexstream requests. | ||||
| CVE-2024-40494 | 1 Keithcullen | 1 Freecoap | 2024-10-23 | 9.8 Critical |
| Buffer Overflow in coap_msg.c in FreeCoAP allows remote attackers to execute arbitrary code or cause a denial of service (stack buffer overflow) via a crafted packet. | ||||
| CVE-2024-40086 | 1 Viloliving | 1 Vilo 5 Mesh Wifi System Firmware | 2024-10-23 | 9.6 Critical |
| A Buffer Overflow vulnerability in the local_app_set_router_wifi_SSID_PWD function of Vilo 5 Mesh WiFi System <= 5.16.1.33 allows remote, unauthenticated attackers to execute arbitrary code via a password field larger than 64 bytes in length. | ||||
| CVE-2024-40085 | 1 Viloliving | 1 Vilo 5 Mesh Wifi System Firmware | 2024-10-23 | 9.6 Critical |
| A Buffer Overflow vulnerability in the local_app_set_router_wan function of Vilo 5 Mesh WiFi System <= 5.16.1.33 allows remote, unauthenticated attackers to execute arbitrary code via pppoe_username and pppoe_password fields being larger than 128 bytes in length. | ||||
| CVE-2024-40084 | 1 Viloliving | 1 Vilo 5 Mesh Wifi System Firmware | 2024-10-23 | 9.6 Critical |
| A Buffer Overflow in the Boa webserver of Vilo 5 Mesh WiFi System <= 5.16.1.33 allows remote, unauthenticated attackers to execute arbitrary code via exceptionally long HTTP methods or paths. | ||||
| CVE-2024-40083 | 1 Viloliving | 1 Vilo 5 Mesh Wifi System Firmware | 2024-10-23 | 9.6 Critical |
| A Buffer Overflow vulnerabilty in the local_app_set_router_token function of Vilo 5 Mesh WiFi System <= 5.16.1.33 allows remote, unauthenticated attackers to execute arbitrary code via sscanf reading the token and timezone JSON fields into a fixed-length buffer. | ||||
| CVE-2024-31007 | 1 Irfanview | 1 Irfanview | 2024-10-23 | 5.5 Medium |
| Buffer Overflow vulnerability in IrfanView 32bit v.4.66 allows a local attacker to cause a denial of service via a crafted file. Affected component is IrfanView 32bit 4.66 with plugin formats.dll. | ||||
| CVE-2024-46292 | 1 Modsecurity | 1 Modsecurity | 2024-10-21 | 7.5 High |
| A buffer overflow in modsecurity v3.0.12 allows attackers to cause a Denial of Service (DoS) via a crafted input inserted into the name parameter. NOTE: this is disputed by the Supplier because it cannot be reproduced. Also, the product's documentation indicates that it is not guaranteed to be usable with very large values of SecRequestBodyNoFilesLimit (which are required by the claimed issue). | ||||
| CVE-2024-33453 | 1 Espressif | 1 Esp-idf | 2024-10-18 | 8.1 High |
| Buffer Overflow vulnerability in esp-idf v.5.1 allows a remote attacker to obtain sensitive information via the externalId component. | ||||
| CVE-2024-21274 | 1 Oracle | 1 Weblogic Server | 2024-10-18 | 7.5 High |
| Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebLogic Server. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). | ||||
| CVE-2024-23375 | 1 Qualcomm | 28 Sa4150p, Sa4150p Firmware, Sa4155p and 25 more | 2024-10-16 | 6.7 Medium |
| Memory corruption during the network scan request. | ||||
| CVE-2024-23378 | 1 Qualcomm | 36 Qam8255p, Qam8255p Firmware, Qam8650p and 33 more | 2024-10-16 | 6.7 Medium |
| Memory corruption while invoking IOCTL calls for MSM module from the user space during audio playback and record. | ||||
| CVE-2024-48714 | 1 Tp-link | 1 Tl-wdr7660 Firmware | 2024-10-16 | 6.5 Medium |
| In TP-Link TL-WDR7660 v1.0, the guestRuleJsonToBin function handles the parameter string name without checking it, which can lead to stack overflow vulnerabilities. | ||||
| CVE-2024-48713 | 1 Tp-link | 1 Tl-wdr7660 Firmware | 2024-10-16 | 6.5 Medium |
| In TP-Link TL-WDR7660 1.0, the wacWhitelistJsonToBin function handles the parameter string name without checking it, which can lead to stack overflow vulnerabilities. | ||||
| CVE-2024-48712 | 1 Tp-link | 1 Tl-wdr7660 Firmware | 2024-10-16 | 6.5 Medium |
| In TP-Link TL-WDR7660 1.0, the rtRuleJsonToBin function handles the parameter string name without checking it, which can lead to stack overflow vulnerabilities. | ||||
| CVE-2024-48710 | 1 Tp-link | 1 Tl-wdr7660 Firmware | 2024-10-16 | 6.5 Medium |
| In TP-Link TL-WDR7660 1.0, the wlanTimerRuleJsonToBin function handles the parameter string name without checking it, which can lead to stack overflow vulnerabilities. | ||||