Total
12957 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-4559 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2025-02-13 | 7.5 High |
| Heap buffer overflow in WebAudio in Google Chrome prior to 124.0.6367.155 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2024-40897 | 2 Gstreamer, Redhat | 6 Orc, Enterprise Linux, Rhel Aus and 3 more | 2025-02-13 | 7 High |
| Stack-based buffer overflow vulnerability exists in orcparse.c of ORC versions prior to 0.4.39. If a developer is tricked to process a specially crafted file with the affected ORC compiler, an arbitrary code may be executed on the developer's build environment. This may lead to compromise of developer machines or CI build environments. | ||||
| CVE-2024-32760 | 2 F5, Fedoraproject | 4 Nginx, Nginx Open Source, Nginx Plus and 1 more | 2025-02-13 | 6.5 Medium |
| When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 encoder instructions can cause NGINX worker processes to terminate or cause or other potential impact. | ||||
| CVE-2024-32039 | 3 Fedoraproject, Freerdp, Redhat | 3 Fedora, Freerdp, Enterprise Linux | 2025-02-13 | 9.8 Critical |
| FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients using a version of FreeRDP prior to 3.5.0 or 2.11.6 are vulnerable to integer overflow and out-of-bounds write. Versions 3.5.0 and 2.11.6 patch the issue. As a workaround, do not use `/gfx` options (e.g. deactivate with `/bpp:32` or `/rfx` as it is on by default). | ||||
| CVE-2024-31079 | 2 F5, Fedoraproject | 3 Nginx Open Source, Nginx Plus, Fedora | 2025-02-13 | 4.8 Medium |
| When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 requests can cause NGINX worker processes to terminate or causeĀ other potential impact. This attack requires that a request be specifically timed during the connection draining process, which the attacker has no visibility and limited influence over. | ||||
| CVE-2024-27836 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2025-02-13 | 7.8 High |
| The issue was addressed with improved checks. This issue is fixed in visionOS 1.2, macOS Sonoma 14.5, iOS 17.5 and iPadOS 17.5. Processing a maliciously crafted image may lead to arbitrary code execution. | ||||
| CVE-2024-27831 | 1 Apple | 6 Ipad Os, Ipados, Iphone Os and 3 more | 2025-02-13 | 7.5 High |
| An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in macOS Ventura 13.6.7, macOS Monterey 12.7.5, iOS 16.7.8 and iPadOS 16.7.8, tvOS 17.5, visionOS 1.2, iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5. Processing a file may lead to unexpected app termination or arbitrary code execution. | ||||
| CVE-2024-27815 | 1 Apple | 7 Ios, Ipados, Iphone Os and 4 more | 2025-02-13 | 5.9 Medium |
| An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in tvOS 17.5, visionOS 1.2, iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. An app may be able to execute arbitrary code with kernel privileges. | ||||
| CVE-2024-27802 | 1 Apple | 7 Ipad Os, Ipados, Iphone Os and 4 more | 2025-02-13 | 7.8 High |
| An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Ventura 13.6.7, macOS Monterey 12.7.5, iOS 16.7.8 and iPadOS 16.7.8, tvOS 17.5, visionOS 1.2, iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution. | ||||
| CVE-2024-24963 | 1 Automationdirect | 12 P1-540, P1-540 Firmware, P1-550 and 9 more | 2025-02-13 | 9.8 Critical |
| A stack-based buffer overflow vulnerability exists in the Programming Software Connection FileSelect functionality of AutomationDirect P3-550E 1.2.10.9. A specially crafted network packet can lead to stack-based buffer overflow. An attacker can send an unauthenticated packet to trigger this vulnerability.This CVE tracks the stack-based buffer overflow that occurs at offset `0xb6e84` of v1.2.10.9 of the P3-550E firmware. | ||||
| CVE-2024-24962 | 1 Automationdirect | 12 P1-540, P1-540 Firmware, P1-550 and 9 more | 2025-02-13 | 9.8 Critical |
| A stack-based buffer overflow vulnerability exists in the Programming Software Connection FileSelect functionality of AutomationDirect P3-550E 1.2.10.9. A specially crafted network packet can lead to stack-based buffer overflow. An attacker can send an unauthenticated packet to trigger this vulnerability.This CVE tracks the stack-based buffer overflow that occurs at offset `0xb6e98` of v1.2.10.9 of the P3-550E firmware. | ||||
| CVE-2024-24959 | 1 Automationdirect | 2 P3-550e, P3-550e Firmware | 2025-02-13 | 8.2 High |
| Several out-of-bounds write vulnerabilities exist in the Programming Software Connection FileSystem API functionality of AutomationDirect P3-550E 1.2.10.9. Specially crafted network packets can lead to heap-based memory corruption. An attacker can send malicious packets to trigger these vulnerabilities.This CVE tracks the arbitrary null-byte write vulnerability located in firmware 1.2.10.9 of the P3-550E at offset `0xb6c18`. | ||||
| CVE-2024-24958 | 1 Automationdirect | 2 P3-550e, P3-550e Firmware | 2025-02-13 | 8.2 High |
| Several out-of-bounds write vulnerabilities exist in the Programming Software Connection FileSystem API functionality of AutomationDirect P3-550E 1.2.10.9. Specially crafted network packets can lead to heap-based memory corruption. An attacker can send malicious packets to trigger these vulnerabilities.This CVE tracks the arbitrary null-byte write vulnerability located in firmware 1.2.10.9 of the P3-550E at offset `0xb6bdc`. | ||||
| CVE-2024-24957 | 1 Automationdirect | 2 P3-550e, P3-550e Firmware | 2025-02-13 | 8.2 High |
| Several out-of-bounds write vulnerabilities exist in the Programming Software Connection FileSystem API functionality of AutomationDirect P3-550E 1.2.10.9. Specially crafted network packets can lead to heap-based memory corruption. An attacker can send malicious packets to trigger these vulnerabilities.This CVE tracks the arbitrary null-byte write vulnerability located in firmware 1.2.10.9 of the P3-550E at offset `0xb6aa4`. | ||||
| CVE-2024-24956 | 1 Automationdirect | 2 P3-550e, P3-550e Firmware | 2025-02-13 | 8.2 High |
| Several out-of-bounds write vulnerabilities exist in the Programming Software Connection FileSystem API functionality of AutomationDirect P3-550E 1.2.10.9. Specially crafted network packets can lead to heap-based memory corruption. An attacker can send malicious packets to trigger these vulnerabilities.This CVE tracks the arbitrary null-byte write vulnerability located in firmware 1.2.10.9 of the P3-550E at offset `0xb6a38`. | ||||
| CVE-2024-24955 | 1 Automationdirect | 2 P3-550e, P3-550e Firmware | 2025-02-13 | 8.2 High |
| Several out-of-bounds write vulnerabilities exist in the Programming Software Connection FileSystem API functionality of AutomationDirect P3-550E 1.2.10.9. Specially crafted network packets can lead to heap-based memory corruption. An attacker can send malicious packets to trigger these vulnerabilities.This CVE tracks the arbitrary null-byte write vulnerability located in firmware 1.2.10.9 of the P3-550E at offset `0xb69fc`. | ||||
| CVE-2024-24954 | 1 Automationdirect | 2 P3-550e, P3-550e Firmware | 2025-02-13 | 8.2 High |
| Several out-of-bounds write vulnerabilities exist in the Programming Software Connection FileSystem API functionality of AutomationDirect P3-550E 1.2.10.9. Specially crafted network packets can lead to heap-based memory corruption. An attacker can send malicious packets to trigger these vulnerabilities.This CVE tracks the arbitrary null-byte write vulnerability located in firmware 1.2.10.9 of the P3-550E at offset `0xb69c8`. | ||||
| CVE-2024-24947 | 1 Automationdirect | 12 P1-540, P1-540 Firmware, P1-550 and 9 more | 2025-02-13 | 8.2 High |
| A heap-based buffer overflow vulnerability exists in the Programming Software Connection CurrDir functionality of AutomationDirect P3-550E 1.2.10.9. A specially crafted network packet can lead to denial of service. An attacker can send an unauthenticated packet to trigger these vulnerability.This CVE tracks the heap corruption that occurs at offset `0xb68c4` of version 1.2.10.9 of the P3-550E firmware, which occurs when a call to `memset` relies on an attacker-controlled length value and corrupts any trailing heap allocations. | ||||
| CVE-2024-24946 | 1 Automationdirect | 12 P1-540, P1-540 Firmware, P1-550 and 9 more | 2025-02-13 | 8.2 High |
| A heap-based buffer overflow vulnerability exists in the Programming Software Connection CurrDir functionality of AutomationDirect P3-550E 1.2.10.9. A specially crafted network packet can lead to denial of service. An attacker can send an unauthenticated packet to trigger these vulnerability.This CVE tracks the heap corruption that occurs at offset `0xb686c` of version 1.2.10.9 of the P3-550E firmware, which occurs when a call to `memset` relies on an attacker-controlled length value and corrupts any trailing heap allocations. | ||||
| CVE-2024-24851 | 1 Automationdirect | 12 P1-540, P1-540 Firmware, P1-550 and 9 more | 2025-02-13 | 7.5 High |
| A heap-based buffer overflow vulnerability exists in the Programming Software Connection FiBurn functionality of AutomationDirect P3-550E 1.2.10.9. A specially crafted network packet can lead to a buffer overflow. An attacker can send an unauthenticated packet to trigger this vulnerability. | ||||