CVE-2024-37601

MEDIUM Year: 2024
CVSS v3 Score
4.6
Medium
Weakness Type
CWE-122
View all →

Vulnerability Description

An issue was discovered in Mercedes Benz NTG (New Telematics Generation) 6. A possible heap buffer overflow exists in the user data import/export function of NTG 6 head units. To perform this attack, local access to the USB interface of the car is needed. With prepared data, an attacker can cause the User-Data service to fail. The failed service instance will restart automatically.

Related Vulnerabilities

CVE-2023-32157

MEDIUM
CVSS:4.6(Medium)

Tesla Model 3 bsa_server BIP Heap-based Buffer Overflow Arbitrary Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected Tesla Model 3...

CWE-1222023

CVE-2024-43790

MEDIUM
CVSS:4.5(Medium)

Vim is an open source command line text editor. When performing a search and displaying the search-count message is disabled (:set shm+=S), the search pattern is displayed at the bottom of the screen ...

CWE-1222024

CVE-2024-43802

MEDIUM
CVSS:4.5(Medium)

Vim is an improved version of the unix vi text editor. When flushing the typeahead buffer, Vim moves the current position in the typeahead buffer but does not check whether there is enough space left ...

CWE-1222024

CVE-2025-47814

MEDIUM
CVSS:4.5(Medium)

libpspp-core.a in GNU PSPP through 2.0.1 allows attackers to cause a heap-based buffer overflow in inflate_read (called indirectly from spv_read_xml_member) in zip-reader.c.

CWE-1222025

CVE-2025-47815

MEDIUM
CVSS:4.5(Medium)

libpspp-core.a in GNU PSPP through 2.0.1 allows attackers to cause a heap-based buffer overflow in inflate_read (called indirectly from zip_member_read_all) in zip-reader.c.

CWE-1222025

CVE-2024-10253

MEDIUM
CVSS:4.7(Medium)

A potential TOCTOU vulnerability was reported in PC Manager, Lenovo Browser, and Lenovo App Store that could allow a local attacker to cause a system crash.

CWE-1222024