Vulnerabilities > Out-of-bounds Write
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-04 | CVE-2024-9482 | Out-of-bounds Write vulnerability in multiple products An out-of-bounds write in the engine module in AVG/Avast Antivirus signature <24092400 released on 24/Sep/2024 on MacOS allows a malformed Mach-O file to crash the application during file processing. | 5.5 |
| 2024-10-04 | CVE-2024-6444 | Out-of-bounds Write vulnerability in Zephyrproject Zephyr 3.2.01 No proper validation of the length of user input in olcp_ind_handler in zephyr/subsys/bluetooth/services/ots/ots_client.c. | 6.5 |
| 2024-10-04 | CVE-2024-6442 | Out-of-bounds Write vulnerability in Zephyrproject Zephyr 3.2.01 In ascs_cp_rsp_add in /subsys/bluetooth/audio/ascs.c, an unchecked tailroom could lead to a global buffer overflow. | 6.5 |
| 2024-10-04 | CVE-2024-6443 | Out-of-bounds Write vulnerability in Zephyrproject Zephyr 3.2.01 In utf8_trunc in zephyr/lib/utils/utf8.c, last_byte_p can point to one byte before the string pointer if the string is empty. | 6.5 |
| 2024-10-03 | CVE-2024-41593 | Out-of-bounds Write vulnerability in Draytek products DrayTek Vigor310 devices through 4.3.2.6 allow a remote attacker to execute arbitrary code via the function ft_payload_dns(), because a byte sign-extension operation occurs for the length argument of a _memcpy call, leading to a heap-based Buffer Overflow. | 9.8 |
| 2024-10-03 | CVE-2024-47134 | Out-of-bounds Write vulnerability in Electronics.Jtekt Kostac PLC Programming Software Out-of-bounds write vulnerability exists in Kostac PLC Programming Software (Former name: Koyo PLC Programming Software) Version 1.6.14.0 and earlier. | 7.8 |
| 2024-10-03 | CVE-2024-47135 | Out-of-bounds Write vulnerability in Jtekt Kostac PLC 1.6.10.0/1.6.11.0/1.6.9.0 Stack-based buffer overflow vulnerability exists in Kostac PLC Programming Software (Former name: Koyo PLC Programming Software) Version 1.6.14.0 and earlier. | 7.8 |
| 2024-10-02 | CVE-2024-20499 | Out-of-bounds Write vulnerability in Cisco products Multiple vulnerabilities in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS condition in the AnyConnect service on an affected device. These vulnerabilities are due to insufficient validation of client-supplied parameters while establishing an SSL VPN session. | 7.5 |
| 2024-10-02 | CVE-2024-20501 | Out-of-bounds Write vulnerability in Cisco products Multiple vulnerabilities in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS condition in the AnyConnect service on an affected device. These vulnerabilities are due to insufficient validation of client-supplied parameters while establishing an SSL VPN session. | 7.5 |
| 2024-10-02 | CVE-2024-20516 | Out-of-bounds Write vulnerability in Cisco products A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to cause an unexpected reload of an affected device, resulting in a denial of service (DoS) condition. | 6.8 |