Export limit exceeded: 342446 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 14001 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (14001 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-31922 | 1 Quickjs Project | 1 Quickjs | 2025-01-24 | 7.5 High |
| QuickJS commit 2788d71 was discovered to contain a stack-overflow via the component js_proxy_isArray at quickjs.c. | ||||
| CVE-2023-31146 | 1 Vyperlang | 1 Vyper | 2025-01-24 | 7.5 High |
| Vyper is a Pythonic smart contract language for the Ethereum virtual machine. Prior to version 0.3.8, during codegen, the length word of a dynarray is written before the data, which can result in out-of-bounds array access in the case where the dynarray is on both the lhs and rhs of an assignment. The issue can cause data corruption across call frames. The expected behavior is to revert due to out-of-bounds array access. Version 0.3.8 contains a patch for this issue. | ||||
| CVE-2023-30763 | 1 Intel | 3 Battery Life Diagnostic Tool, Oneapi Base Toolkit, Soc Watch | 2025-01-24 | 7.2 High |
| Heap-based overflow in Intel(R) SoC Watch based software before version 2021.1 may allow a privileged user to potentially enable escalation of privilege via local access. | ||||
| CVE-2023-20721 | 3 Google, Mediatek, Yoctoproject | 8 Android, Mt6879, Mt6895 and 5 more | 2025-01-24 | 8.4 High |
| In isp, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07162155; Issue ID: ALPS07162155. | ||||
| CVE-2023-20720 | 2 Google, Mediatek | 7 Android, Mt6895, Mt6983 and 4 more | 2025-01-24 | 6.7 Medium |
| In pqframework, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07629586; Issue ID: ALPS07629586. | ||||
| CVE-2024-26001 | 1 Phoenixcontact | 12 Charx Sec-3000, Charx Sec-3000 Firmware, Charx Sec-3050 and 9 more | 2025-01-24 | 7.4 High |
| An unauthenticated remote attacker can write memory out of bounds due to improper input validation in the MQTT stack. The brute force attack is not always successful because of memory randomization. | ||||
| CVE-2023-20700 | 2 Google, Mediatek | 28 Android, Mt6762, Mt6765 and 25 more | 2025-01-23 | 6.7 Medium |
| In widevine, there is a possible out of bounds write due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07643304; Issue ID: ALPS07643304. | ||||
| CVE-2023-20699 | 2 Google, Mediatek | 7 Android, Mt6895, Mt6983 and 4 more | 2025-01-23 | 6.7 Medium |
| In adsp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07696073; Issue ID: ALPS07696073. | ||||
| CVE-2023-20696 | 3 Google, Mediatek, Openwrt | 26 Android, Mt6880, Mt6890 and 23 more | 2025-01-23 | 6.7 Medium |
| In preloader, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07856356 / ALPS07874388 (For MT6880 and MT6890 only); Issue ID: ALPS07856356 / ALPS07874388 (For MT6880 and MT6890 only). | ||||
| CVE-2023-20695 | 3 Google, Mediatek, Openwrt | 31 Android, Mt6835, Mt6880 and 28 more | 2025-01-23 | 6.7 Medium |
| In preloader, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07734012 / ALPS07874363 (For MT6880, MT6890, MT6980 and MT6990 only); Issue ID: ALPS07734012 / ALPS07874363 (For MT6880, MT6890, MT6980 and MT6990 only). | ||||
| CVE-2023-20694 | 3 Google, Mediatek, Openwrt | 43 Android, Mt6580, Mt6739 and 40 more | 2025-01-23 | 6.7 Medium |
| In preloader, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07733998 / ALPS07874388 (For MT6880 and MT6890 only); Issue ID: ALPS07733998 / ALPS07874388 (For MT6880 and MT6890 only). | ||||
| CVE-2023-32981 | 2 Jenkins, Redhat | 3 Pipeline Utility Steps, Ocp Tools, Openshift | 2025-01-23 | 8.8 High |
| An arbitrary file write vulnerability in Jenkins Pipeline Utility Steps Plugin 2.15.2 and earlier allows attackers able to provide crafted archives as parameters to create or replace arbitrary files on the agent file system with attacker-specified content. | ||||
| CVE-2023-29961 | 1 Dlink | 2 Dir-605l, Dir-605l Firmware | 2025-01-23 | 9.8 Critical |
| D-Link DIR-605L firmware version 1.17B01 BETA is vulnerable to stack overflow via /goform/formTcpipSetup, | ||||
| CVE-2023-1972 | 1 Gnu | 1 Binutils | 2025-01-22 | 6.5 Medium |
| A potential heap based buffer overflow was found in _bfd_elf_slurp_version_tables() in bfd/elf.c. This may lead to loss of availability. | ||||
| CVE-2023-31722 | 1 Nasm | 1 Netwide Assembler | 2025-01-22 | 7.8 High |
| There exists a heap buffer overflow in nasm 2.16.02rc1 (GitHub commit: b952891). | ||||
| CVE-2024-2992 | 1 Tenda | 2 Fh1203, Fh1203 Firmware | 2025-01-22 | 8.8 High |
| A vulnerability was found in Tenda FH1203 2.0.1.6 and classified as critical. This issue affects the function formSetCfm of the file /goform/setcfm. The manipulation of the argument funcpara1 leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-258161 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-2892 | 1 Tenda | 2 Ac7, Ac7 Firmware | 2025-01-22 | 8.8 High |
| A vulnerability has been found in Tenda AC7 15.03.06.44 and classified as critical. Affected by this vulnerability is the function formSetCfm of the file /goform/setcfm. The manipulation of the argument funcpara1 leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257935. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-2893 | 1 Tenda | 2 Ac7, Ac7 Firmware | 2025-01-22 | 8.8 High |
| A vulnerability was found in Tenda AC7 15.03.06.44 and classified as critical. Affected by this issue is the function formSetDeviceName of the file /goform/SetOnlineDevName. The manipulation of the argument devName leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257936. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-2894 | 1 Tenda | 2 Ac7, Ac7 Firmware | 2025-01-22 | 8.8 High |
| A vulnerability was found in Tenda AC7 15.03.06.44. It has been classified as critical. This affects the function formSetQosBand of the file /goform/SetNetControlList. The manipulation of the argument list leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257937 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-2895 | 1 Tenda | 2 Ac7, Ac7 Firmware | 2025-01-22 | 8.8 High |
| A vulnerability was found in Tenda AC7 15.03.06.44. It has been declared as critical. This vulnerability affects the function formWifiWpsOOB of the file /goform/WifiWpsOOB. The manipulation of the argument index leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-257938 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||