Skip to main content
CVE-2024-41631 HIGH This Week

Buffer Overflow vulnerability in host-host NEUQ_board v.1.0 allows a remote attacker to cause a denial of service via the password.h component. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-41726 HIGH This Week

Path traversal vulnerability exists in SKYSEA Client View Ver.3.013.00 to Ver.19.210.04e. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Path Traversal Microsoft Skysea Client View
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-42093 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: net/dpaa2: Avoid explicit cpumask var allocation on stack For CONFIG_CPUMASK_OFFSTACK=y kernel, explicit allocation of cpumask. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Linux Linux Kernel
NVD
CVSS 3.1
7.3
EPSS
0.0%
CVE-2024-40821 HIGH This Week

An access issue was addressed with additional sandbox restrictions. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD VulDB
CVSS 3.1
7.1
EPSS
0.0%
CVE-2024-40799 HIGH This Week

An out-of-bounds read issue was addressed with improved input validation. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Buffer Overflow Information Disclosure Ipados Iphone Os +4
NVD VulDB
CVSS 3.1
7.1
EPSS
0.0%
CVE-2024-40814 HIGH This Week

A downgrade issue was addressed with additional code-signing restrictions. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass macOS
NVD VulDB
CVSS 3.1
7.1
EPSS
0.0%
CVE-2024-40787 HIGH This Week

This issue was addressed by adding an additional prompt for user consent. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Apple Authentication Bypass Ipados Iphone Os macOS +1
NVD VulDB
CVSS 3.1
7.1
EPSS
0.0%
CVE-2024-40805 HIGH This Week

A permissions issue was addressed with additional restrictions. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Privilege Escalation Ipados Iphone Os macOS +2
NVD VulDB
CVSS 3.1
7.1
EPSS
0.0%
CVE-2024-40774 HIGH This Week

A downgrade issue was addressed with additional code-signing restrictions. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Apple Authentication Bypass macOS Iphone Os Ipados +2
NVD VulDB
CVSS 3.1
7.1
EPSS
0.0%
CVE-2024-42094 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: net/iucv: Avoid explicit cpumask var allocation on stack For CONFIG_CPUMASK_OFFSTACK=y kernel, explicit allocation of cpumask. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Linux Linux Kernel
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2024-41059 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: hfsplus: fix uninit-value in copy_name [syzbot reported] BUG: KMSAN: uninit-value in sized_strscpy+0xc4/0x160. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. This Use of Uninitialized Resource vulnerability could allow attackers to access uninitialized memory causing crashes or information disclosure.

Information Disclosure Linux Linux Kernel
NVD
CVSS 3.1
7.1
EPSS
0.3%
CVE-2024-41091 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: tun: add missing verification for short frame The cited commit missed to check against the validity of the frame length in the. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Linux Linux Kernel
NVD
CVSS 3.1
7.1
EPSS
0.3%
CVE-2024-41090 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: tap: add missing verification for short frame The cited commit missed to check against the validity of the frame length in the. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Linux Linux Kernel
NVD
CVSS 3.1
7.1
EPSS
0.3%
CVE-2024-41014 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: xfs: add bounds checking to xlog_recover_process_data There is a lack of verification of the space occupied by fixed members of. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Linux Linux Kernel
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2024-41013 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: xfs: don't walk off the end of a directory data block This adds sanity checks for xfs_dir2_data_unused and xfs_dir2_data_entry to. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Linux Linux Kernel
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2024-41057 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: cachefiles: fix slab-use-after-free in cachefiles_withdraw_cookie() We got the following issue in our fault injection stress test:. Rated high severity (CVSS 7.0). This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Linux Code Injection Memory Corruption Linux Kernel
NVD
CVSS 3.1
7.0
EPSS
0.3%
CVE-2024-41049 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: filelock: fix potential use-after-free in posix_lock_inode Light Hsieh reported a KASAN UAF warning in trace_posix_lock_inode(). Rated high severity (CVSS 7.0). This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Linux Information Disclosure Memory Corruption Linux Kernel
NVD
CVSS 3.1
7.0
EPSS
0.3%
CVE-2024-41040 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: net/sched: Fix UAF when resolving a clash KASAN reports the following UAF: BUG: KASAN: slab-use-after-free in. Rated high severity (CVSS 7.0). This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Linux Information Disclosure Memory Corruption Linux Kernel
NVD
CVSS 3.1
7.0
EPSS
0.3%
CVE-2024-32671 MEDIUM This Month

Heap-based Buffer Overflow vulnerability in Samsung Open Source Escargot JavaScript engine allows Overflow Buffers.0.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Samsung Escargot
NVD GitHub
CVSS 4.0
6.9
EPSS
0.5%
CVE-2024-27878 MEDIUM This Month

A buffer overflow issue was addressed with improved memory handling. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

RCE Apple Buffer Overflow macOS
NVD VulDB
CVSS 3.1
6.7
EPSS
0.3%
CVE-2024-40789 MEDIUM This Month

An out-of-bounds access issue was addressed with improved bounds checking. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Buffer Overflow Information Disclosure Safari Ipados +5
NVD VulDB
CVSS 3.1
6.5
EPSS
0.8%
CVE-2024-40782 MEDIUM This Month

A use-after-free issue was addressed with improved memory management. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Denial Of Service Use After Free Memory Corruption Safari +6
NVD VulDB
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-41624 MEDIUM This Month

Incorrect access control in Himalaya Xiaoya nano smart speaker rom_version 1.6.96 allows a remote attacker to have an unspecified impact. Rated medium severity (CVSS 6.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
0.3%
CVE-2024-40785 MEDIUM This Month

This issue was addressed with improved checks. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple XSS Iphone Os Ipados Safari +4
NVD VulDB
CVSS 3.1
6.1
EPSS
0.6%
CVE-2024-40817 MEDIUM This Month

The issue was addressed with improved UI handling. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple XSS Safari macOS
NVD VulDB
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-27877 MEDIUM This Month

The issue was addressed with improved memory handling. Rated medium severity (CVSS 6.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD VulDB
CVSS 3.1
6.1
EPSS
0.0%
CVE-2024-41640 MEDIUM This Month

Cross Site Scripting (XSS) vulnerability in AML Surety Eco up to 3.5 allows an attacker to run arbitrary code via crafted GET request using the id parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE XSS
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2024-27823 MEDIUM This Month

A race condition was addressed with improved locking. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Race Condition Apple Information Disclosure Ipados Iphone Os +4
NVD VulDB
CVSS 3.1
5.9
EPSS
0.3%
CVE-2024-40777 MEDIUM This Month

An out-of-bounds access issue was addressed with improved bounds checking. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Memory Corruption Buffer Overflow Ipados Iphone Os +4
NVD VulDB
CVSS 3.1
5.5
EPSS
0.3%
CVE-2024-40836 MEDIUM This Month

A logic issue was addressed with improved checks. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure Ipados Iphone Os macOS +1
NVD VulDB
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-40804 MEDIUM This Month

The issue was addressed with improved checks. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD VulDB
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-40780 MEDIUM This Month

An out-of-bounds read was addressed with improved bounds checking. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Buffer Overflow Information Disclosure Iphone Os Ipados +5
NVD VulDB
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-27886 MEDIUM This Month

A logic issue was addressed with improved restrictions. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD VulDB
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-27872 MEDIUM This Month

This issue was addressed with improved validation of symlinks. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD VulDB
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-40811 MEDIUM This Month

The issue was addressed with improved checks. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD VulDB
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-40835 MEDIUM This Month

A logic issue was addressed with improved checks. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure Ipados Iphone Os macOS +1
NVD VulDB
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-42079 MEDIUM PATCH This Month

This is a null pointer dereference vulnerability in the Linux kernel's GFS2 (Global File System 2) subsystem that occurs during the log flush operation when a race condition exists between glock work and filesystem unmount. An unprivileged local attacker can trigger this vulnerability to cause a kernel panic and denial of service by timing glock operations to race with unmount, exploiting the fact that sdp->sd_jdesc is dereferenced without null checks. The vulnerability has patches available from the Linux kernel development team across multiple stable branches, and while the EPSS score is very low (0.05%), the impact is a complete system availability disruption through kernel crash.

Linux Null Pointer Dereference Denial Of Service
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-40806 MEDIUM This Month

An out-of-bounds read issue was addressed with improved input validation. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Buffer Overflow Information Disclosure Ipados Iphone Os +4
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-40833 MEDIUM This Month

A logic issue was addressed with improved checks. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure Ipados Iphone Os macOS
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-40823 MEDIUM This Month

The issue was addressed with improved checks. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-27809 MEDIUM This Month

A privacy issue was addressed with improved private data redaction for log entries. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-27871 MEDIUM This Month

A path handling issue was addressed with improved validation. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Path Traversal Apple Ipados Iphone Os macOS
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-27887 MEDIUM This Month

A path handling issue was addressed with improved validation. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Path Traversal Apple Information Disclosure macOS
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-40807 MEDIUM This Month

A logic issue was addressed with improved checks. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Apple Authentication Bypass Information Disclosure macOS
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-40779 MEDIUM This Month

An out-of-bounds read was addressed with improved bounds checking. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Buffer Overflow Information Disclosure Iphone Os Ipados +5
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-40816 MEDIUM This Month

An out-of-bounds read was addressed with improved input validation. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Apple Buffer Overflow Information Disclosure macOS
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-40788 MEDIUM This Month

A type confusion issue was addressed with improved memory handling. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Apple Memory Corruption Information Disclosure Ipados Iphone Os +4
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-40827 MEDIUM This Month

The issue was addressed with improved checks. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-40800 MEDIUM This Month

An input validation issue was addressed with improved input validation. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-40775 MEDIUM This Month

A downgrade issue was addressed with additional code-signing restrictions. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
Prev Page 3 of 6 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy