Total
13454 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-34937 | 1 H3c | 3 Magic, Magic B1st, Magic B1st Firmware | 2024-11-27 | 7.5 High |
| A stack overflow in the UpdateSnat function of H3C Magic B1STV100R012 allows attackers to cause a Denial of Service (DoS) via a crafted POST request. | ||||
| CVE-2023-33905 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2024-11-27 | 4.4 Medium |
| In iwnpi server, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. | ||||
| CVE-2023-48315 | 1 Microsoft | 1 Azure Rtos Netx Duo | 2024-11-27 | 8.8 High |
| Azure RTOS NetX Duo is a TCP/IP network stack designed specifically for deeply embedded real-time and IoT applications. An attacker can cause remote code execution due to memory overflow vulnerabilities in Azure RTOS NETX Duo. The affected components include processes/functions related to ftp and sntp in RTOS v6.2.1 and below. The fixes have been included in NetX Duo release 6.3.0. Users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
| CVE-2023-46260 | 2 Ivanti, Microsoft | 2 Avalanche, Windows | 2024-11-27 | 9.8 Critical |
| An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution. | ||||
| CVE-2023-46217 | 2 Ivanti, Microsoft | 2 Avalanche, Windows | 2024-11-27 | 9.8 Critical |
| An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution. | ||||
| CVE-2023-26085 | 1 Arm | 1 Nn Android Neural Networks Driver | 2024-11-27 | 7.8 High |
| A possible out-of-bounds read and write (due to an improper length check of shared memory) was discovered in Arm NN Android-NN-Driver before 23.02. | ||||
| CVE-2020-19186 | 2 Gnu, Netapp | 2 Ncurses, Active Iq Unified Manager | 2024-11-27 | 6.5 Medium |
| Buffer Overflow vulnerability in _nc_find_entry function in tinfo/comp_hash.c:66 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command. | ||||
| CVE-2023-38857 | 1 Faad2 Project | 1 Faad2 | 2024-11-26 | 5.5 Medium |
| Buffer Overflow vulnerability infaad2 v.2.10.1 allows a remote attacker to execute arbitrary code and cause a denial of service via the stcoin function in mp4read.c. | ||||
| CVE-2024-7352 | 1 Pdf-xchange | 1 Pdf-xchange Editor | 2024-11-26 | 7.8 High |
| PDF-XChange Editor PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-23550. | ||||
| CVE-2024-9114 | 1 Faststone | 1 Image Viewer | 2024-11-26 | 7.8 High |
| FastStone Image Viewer GIF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of FastStone Image Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of GIF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25145. | ||||
| CVE-2023-48105 | 1 Bytecodealliance | 1 Webassembly Micro Runtime | 2024-11-26 | 7.5 High |
| An heap overflow vulnerability was discovered in Bytecode alliance wasm-micro-runtime v.1.2.3 allows a remote attacker to cause a denial of service via the wasm_loader_prepare_bytecode function in core/iwasm/interpreter/wasm_loader.c. | ||||
| CVE-2023-49046 | 1 Tenda | 2 Ax1803, Ax1803 Firmware | 2024-11-26 | 9.8 Critical |
| Stack Overflow vulnerability in Tenda AX1803 v.1.0.0.1 allows a remote attacker to execute arbitrary code via the devName parameter in the function formAddMacfilterRule. | ||||
| CVE-2024-21980 | 1 Amd | 174 Epyc 7003 Firmware, Epyc 7203, Epyc 7203 Firmware and 171 more | 2024-11-26 | 7.9 High |
| Improper restriction of write operations in SNP firmware could allow a malicious hypervisor to potentially overwrite a guest's memory or UMC seed resulting in loss of confidentiality and integrity. | ||||
| CVE-2023-31355 | 1 Amd | 172 Epyc 7203, Epyc 7203 Firmware, Epyc 7203p and 169 more | 2024-11-26 | 6 Medium |
| Improper restriction of write operations in SNP firmware could allow a malicious hypervisor to overwrite a guest's UMC seed potentially allowing reading of memory from a decommissioned guest. | ||||
| CVE-2023-20760 | 2 Google, Mediatek | 5 Android, Mt6879, Mt6895 and 2 more | 2024-11-26 | 6.7 Medium |
| In apu, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07629578; Issue ID: ALPS07629578. | ||||
| CVE-2023-21640 | 1 Qualcomm | 13 Fastconnect 6900, Fastconnect 6900 Firmware, Fastconnect 7800 and 10 more | 2024-11-26 | 6.7 Medium |
| Memory corruption in Linux when the file upload API is called with parameters having large buffer. | ||||
| CVE-2024-23356 | 1 Qualcomm | 422 Aqt1000, Aqt1000 Firmware, Ar8031 and 419 more | 2024-11-26 | 7.8 High |
| Memory corruption during session sign renewal request calls in HLOS. | ||||
| CVE-2019-15992 | 1 Cisco | 4 Adaptive Security Appliance, Adaptive Security Appliance Software, Firepower Threat Defense and 1 more | 2024-11-26 | 7.2 High |
| A vulnerability in the implementation of the Lua interpreter integrated in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to execute arbitrary code with root privileges on the underlying Linux operating system of an affected device. The vulnerability is due to insufficient restrictions on the allowed Lua function calls within the context of user-supplied Lua scripts. A successful exploit could allow the attacker to trigger a heap overflow condition and execute arbitrary code with root privileges on the underlying Linux operating system of an affected device. | ||||
| CVE-2023-49432 | 1 Tenda | 2 Ax9, Ax9 Firmware | 2024-11-26 | 9.8 Critical |
| Tenda AX9 V22.03.01.46 has been found to contain a stack overflow vulnerability in the 'deviceList' parameter at /goform/setMacFilterCfg. | ||||
| CVE-2024-23355 | 1 Qualcomm | 286 Ar8035, Ar8035 Firmware, Fastconnect 6200 and 283 more | 2024-11-26 | 7.8 High |
| Memory corruption when keymaster operation imports a shared key. | ||||