libgit2 is a portable C implementation of the Git core methods provided as a linkable library with a solid API, allowing to build Git functionality into your application. Using well-crafted inputs to `git_index_add` can cause heap corruption that could be leveraged for arbitrary code execution. There is an issue in the `has_dir_name` function in `src/libgit2/index.c`, which frees an entry that should not be freed. The freed entry is later used and overwritten with potentially bad actor-controlled data leading to controlled heap corruption. Depending on the application that uses libgit2, this could lead to arbitrary code execution. This issue has been patched in version 1.6.5 and 1.7.2.
Max CVSS
9.8
EPSS Score
0.23%
Published
2024-02-06
Updated
2024-02-27
Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. In versions 0.3.10 and earlier, the bounds check for slices does not account for the ability for start + length to overflow when the values aren't literals. If a slice() function uses a non-literal argument for the start or length variable, this creates the ability for an attacker to overflow the bounds check. This issue can be used to do OOB access to storage, memory or calldata addresses. It can also be used to corrupt the length slot of the respective array.
Max CVSS
9.8
EPSS Score
0.07%
Published
2024-02-01
Updated
2024-02-09
A buffer overflow vulnerability exists in Symantec Data Loss Prevention version 14.0.2 and before. A remote, unauthenticated attacker can exploit this vulnerability by enticing a user to open a crafted document to achieve code execution.
Max CVSS
9.6
EPSS Score
0.21%
Published
2024-01-26
Updated
2024-01-31
A buffer overflow vulnerability exists in Symantec Server Management Suite version 7.9 and before. A remote, anonymous attacker can exploit this vulnerability to achieve remote code execution as SYSTEM.
Max CVSS
10.0
EPSS Score
0.21%
Published
2024-01-26
Updated
2024-01-31
A buffer overflow vulnerability exists in Symantec Messaging Gateway versions 10.5 and before. A remote, anonymous attacker can exploit this vulnerability to achieve remote code execution as root.
Max CVSS
10.0
EPSS Score
0.21%
Published
2024-01-26
Updated
2024-01-31
A buffer overflow vulnerability exists in Symantec Messaging Gateway versions 9.5 and before. A remote, anonymous attacker can exploit this vulnerability to achieve remote code execution as root.
Max CVSS
10.0
EPSS Score
0.21%
Published
2024-01-26
Updated
2024-01-31
A buffer overflow vulnerability exists in Symantec Deployment Solution version 7.9 when parsing UpdateComputer tokens. A remote, anonymous attacker can exploit this vulnerability to achieve remote code execution as SYSTEM.
Max CVSS
10.0
EPSS Score
0.18%
Published
2024-01-26
Updated
2024-01-31
In alac decoder, there is a possible information disclosure due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08441146; Issue ID: ALPS08441146.
Max CVSS
9.8
EPSS Score
0.09%
Published
2024-02-05
Updated
2024-02-09
Heap-based buffer overflow vulnerability in Resource Hacker, developed by Angus Johnson, affecting version 3.6.0.92. This vulnerability could allow an attacker to execute arbitrary code via a long filename argument.
Max CVSS
9.8
EPSS Score
0.13%
Published
2024-01-31
Updated
2024-02-09
A buffer overflow vulnerability has been found in XAMPP affecting version 8.2.4 and earlier. An attacker could execute arbitrary code through a long file debug argument that controls the Structured Exception Handler (SEH).
Max CVSS
9.8
EPSS Score
0.13%
Published
2024-02-02
Updated
2024-02-09
Memory Corruption in SIM management while USIMPhase2init
Max CVSS
9.8
EPSS Score
0.09%
Published
2023-11-30
Updated
2023-12-05
Tenda AC10U v1.0 US_AC10UV1.0RTL_V15.03.06.49_multi_TDE01 was discovered to contain a stack overflow via the ssid parameter in the form_fast_setting_wifi_set function.
Max CVSS
9.8
EPSS Score
0.09%
Published
2023-09-27
Updated
2023-09-27
Tenda AC10U v1.0 US_AC10UV1.0RTL_V15.03.06.49_multi_TDE01 was discovered to contain a stack overflow via the speed_dir parameter in the formSetSpeedWan function.
Max CVSS
9.8
EPSS Score
0.09%
Published
2023-09-27
Updated
2023-09-27
Tenda AC10U v1.0 US_AC10UV1.0RTL_V15.03.06.49_multi_TDE01 was discovered to contain a stack overflow via the formSetClientState function.
Max CVSS
9.8
EPSS Score
0.09%
Published
2023-09-27
Updated
2023-09-27
Tenda AC10U v1.0 US_AC10UV1.0RTL_V15.03.06.49_multi_TDE01 was discovered to contain a stack overflow via the security parameter in the formWifiBasicSet function.
Max CVSS
9.8
EPSS Score
0.09%
Published
2023-09-27
Updated
2023-09-27
Tenda AC10U v1.0 US_AC10UV1.0RTL_V15.03.06.49_multi_TDE01 was discovered to contain a stack overflow via the mac parameter in the GetParentControlInfo function.
Max CVSS
9.8
EPSS Score
0.09%
Published
2023-09-27
Updated
2023-09-27
Tenda AC10U v1.0 US_AC10UV1.0RTL_V15.03.06.49_multi_TDE01 was discovered to contain a stack overflow via the domain parameter in the add_white_node function.
Max CVSS
9.8
EPSS Score
0.09%
Published
2023-09-27
Updated
2023-09-27
Tenda AC10U v1.0 US_AC10UV1.0RTL_V15.03.06.49_multi_TDE01 was discovered to contain a stack overflow via the timeZone parameter in the fromSetSysTime function.
Max CVSS
9.8
EPSS Score
0.09%
Published
2023-09-27
Updated
2023-09-27
Tenda AC10U v1.0 US_AC10UV1.0RTL_V15.03.06.49_multi_TDE01 was discovered to contain a stack overflow via the deviceId parameter in the addWifiMacFilter function.
Max CVSS
9.8
EPSS Score
0.09%
Published
2023-09-27
Updated
2023-09-27
Tenda AC10U v1.0 US_AC10UV1.0RTL_V15.03.06.49_multi_TDE01 was discovered to contain a stack overflow via the schedEndTime parameter in the setSchedWifi function.
Max CVSS
9.8
EPSS Score
0.09%
Published
2023-09-27
Updated
2023-09-27
Tenda AC10U v1.0 US_AC10UV1.0RTL_V15.03.06.49_multi_TDE01 was discovered to contain multiple stack overflows in the formSetMacFilterCfg function via the macFilterType and deviceList parameters.
Max CVSS
9.8
EPSS Score
0.09%
Published
2023-09-27
Updated
2023-09-27
Tenda AC10U v1.0 US_AC10UV1.0RTL_V15.03.06.49_multi_TDE01 was discovered to contain a stack overflow via the list parameter in the fromSetIpMacBind function.
Max CVSS
9.8
EPSS Score
0.09%
Published
2023-09-27
Updated
2023-09-27
Memory corruption while validating the TID to Link Mapping action request frame, when a station connects to an access point.
Max CVSS
9.8
EPSS Score
0.08%
Published
2024-02-06
Updated
2024-02-08
The SAP Web Dispatcher - versions WEBDISP 7.53, WEBDISP 7.54, WEBDISP 7.77, WEBDISP 7.85, WEBDISP 7.89, WEBDISP 7.91, WEBDISP 7.92, WEBDISP 7.93, KERNEL 7.53, KERNEL 7.54 KERNEL 7.77, KERNEL 7.85, KERNEL 7.89, KERNEL 7.91, KERNEL 7.92, KERNEL 7.93, KRNL64UC 7.53, HDB 2.00, XS_ADVANCED_RUNTIME 1.00, SAP_EXTENDED_APP_SERVICES 1, has a vulnerability that can be exploited by an unauthenticated attacker to cause memory corruption through logical errors in memory management this may leads to information disclosure or system crashes, which can have low impact on confidentiality and high impact on the integrity and availability of the system.
Max CVSS
9.4
EPSS Score
0.06%
Published
2023-07-11
Updated
2023-08-14
A heap-based buffer overflow vulnerability exists in the pictwread functionality of Accusoft ImageGear 20.1. A specially crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.
Max CVSS
9.8
EPSS Score
0.12%
Published
2023-09-25
Updated
2023-09-26
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!