Total
10333 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-23121 | 2024-06-15 | N/A | N/A | ||
| A maliciously crafted MODEL file when parsed in libodxdll.dll through Autodesk applications can force an Out-of-Bound Write. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process. | |||||
| CVE-2024-23120 | 2024-06-15 | N/A | N/A | ||
| A maliciously crafted STP and STEP file when parsed in ASMIMPORT228A.dll and ASMIMPORT229A.dll and through Autodesk applications can force an Out-of-Bound Write. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process. | |||||
| CVE-2024-0446 | 2024-06-14 | N/A | N/A | ||
| A maliciously crafted STP, CATPART or MODEL file when parsed in ASMKERN228A.dll and ASMdatax229A.dll through Autodesk applications can force an Out-of-Bound Write. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process. | |||||
| CVE-2024-36501 | 2024-06-14 | N/A | 5.6 MEDIUM | ||
| Memory management vulnerability in the boottime module Impact: Successful exploitation of this vulnerability can affect integrity. | |||||
| CVE-2024-0090 | 2024-06-13 | N/A | 7.8 HIGH | ||
| NVIDIA GPU driver for Windows and Linux contains a vulnerability where a user can cause an out-of-bounds write. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering. | |||||
| CVE-2024-28970 | 2024-06-13 | N/A | 4.7 MEDIUM | ||
| Dell Client BIOS contains an Out-of-bounds Write vulnerability. A local authenticated malicious user with admin privileges could potentially exploit this vulnerability, leading to platform denial of service. | |||||
| CVE-2024-37036 | 2024-06-13 | N/A | 9.8 CRITICAL | ||
| CWE-787: Out-of-bounds Write vulnerability exists that could result in an authentication bypass when sending a malformed POST request and particular configuration parameters are set. | |||||
| CVE-2024-37022 | 2024-06-13 | N/A | 7.8 HIGH | ||
| Fuji Electric Tellus Lite V-Simulator is vulnerable to an out-of-bounds write, which could allow an attacker to manipulate memory, resulting in execution of arbitrary code. | |||||
| CVE-2024-34115 | 2024-06-13 | N/A | 7.8 HIGH | ||
| Substance3D - Stager versions 2.1.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2022-32897 | 1 Apple | 1 Macos | 2024-06-12 | N/A | 7.8 HIGH |
| A memory corruption issue was addressed with improved validation. This issue is fixed in macOS Monterey 12.5. Processing a maliciously crafted tiff file may lead to arbitrary code execution. | |||||
| CVE-2024-23214 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2024-06-12 | N/A | 8.8 HIGH |
| Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.3, iOS 16.7.5 and iPadOS 16.7.5, iOS 17.3 and iPadOS 17.3. Processing maliciously crafted web content may lead to arbitrary code execution. | |||||
| CVE-2023-42917 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2024-06-12 | N/A | 8.8 HIGH |
| A memory corruption vulnerability was addressed with improved locking. This issue is fixed in iOS 17.1.2 and iPadOS 17.1.2, macOS Sonoma 14.1.2, Safari 17.1.2. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited against versions of iOS before iOS 16.7.1. | |||||
| CVE-2024-34364 | 1 Envoyproxy | 1 Envoy | 2024-06-11 | N/A | 6.5 MEDIUM |
| Envoy is a cloud-native, open source edge and service proxy. Envoy exposed an out-of-memory (OOM) vector from the mirror response, since async HTTP client will buffer the response with an unbounded buffer. | |||||
| CVE-2021-45955 | 1 Thekelleys | 1 Dnsmasq | 2024-06-11 | 7.5 HIGH | 9.8 CRITICAL |
| Dnsmasq 2.86 has a heap-based buffer overflow in resize_packet (called from FuzzResizePacket and fuzz_rfc1035.c) because of the lack of a proper bounds check upon pseudo header re-insertion. NOTE: the vendor's position is that CVE-2021-45951 through CVE-2021-45957 "do not represent real vulnerabilities, to the best of our knowledge." However, a contributor states that a security patch (mentioned in 016162.html) is needed | |||||
| CVE-2023-38528 | 1 Siemens | 2 Parasolid, Teamcenter Visualization | 2024-06-11 | N/A | 7.8 HIGH |
| A vulnerability has been identified in Parasolid V34.1 (All versions < V34.1.258), Parasolid V35.0 (All versions < V35.0.254), Parasolid V35.1 (All versions < V35.1.197), Parasolid V35.1 (All versions < V35.1.184), Teamcenter Visualization V14.1 (All versions < V14.1.0.11), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions < V14.3.0.3). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted X_T file. This could allow an attacker to execute code in the context of the current process. | |||||
| CVE-2024-33764 | 1 Sammycage | 1 Lunasvg | 2024-06-10 | N/A | 5.5 MEDIUM |
| lunasvg v2.3.9 was discovered to contain a stack-overflow at lunasvg/source/element.h. | |||||
| CVE-2024-4761 | 1 Google | 1 Chrome | 2024-06-10 | N/A | 8.8 HIGH |
| Out of bounds write in V8 in Google Chrome prior to 124.0.6367.207 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2024-32760 | 2024-06-10 | N/A | 6.5 MEDIUM | ||
| When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 encoder instructions can cause NGINX worker processes to terminate or cause or other potential impact. | |||||
| CVE-2024-32039 | 2024-06-10 | N/A | 9.8 CRITICAL | ||
| FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients using a version of FreeRDP prior to 3.5.0 or 2.11.6 are vulnerable to integer overflow and out-of-bounds write. Versions 3.5.0 and 2.11.6 patch the issue. As a workaround, do not use `/gfx` options (e.g. deactivate with `/bpp:32` or `/rfx` as it is on by default). | |||||
| CVE-2024-2961 | 2024-06-10 | N/A | N/A | ||
| The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable. | |||||