Export limit exceeded: 19405 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (19405 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-10283 | 1 Tenda | 3 Rx9, Rx9 Pro, Rx9 Pro Firmware | 2024-11-01 | 8.8 High |
| A vulnerability, which was classified as critical, has been found in Tenda RX9 and RX9 Pro 22.03.02.20. Affected by this issue is the function sub_4337EC of the file /goform/SetNetControlList. The manipulation of the argument list leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-10281 | 1 Tenda | 3 Rx9, Rx9 Pro, Rx9 Pro Firmware | 2024-11-01 | 8.8 High |
| A vulnerability classified as critical has been found in Tenda RX9 and RX9 Pro 22.03.02.10/22.03.02.20. Affected is the function sub_42EEE0 of the file /goform/SetStaticRouteCfg. The manipulation of the argument list leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-10282 | 1 Tenda | 3 Rx9, Rx9 Pro, Rx9 Pro Firmware | 2024-11-01 | 8.8 High |
| A vulnerability classified as critical was found in Tenda RX9 and RX9 Pro 22.03.02.10/22.03.02.20. Affected by this vulnerability is the function sub_42EA38 of the file /goform/SetVirtualServerCfg. The manipulation of the argument list leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-36060 | 1 Engeniustech | 1 Enstation5-ac Firmware | 2024-11-01 | 8.8 High |
| EnGenius EnStation5-AC A8J-ENS500AC 1.0.0 devices allow blind OS command injection via shell metacharacters in the Ping and Speed Test parameters. | ||||
| CVE-2024-8934 | 1 Beckhoff | 1 Twincat Packet Manager | 2024-11-01 | 6.5 Medium |
| A local user with administrative access rights can enter specialy crafted values for settings at the user interface (UI) of the TwinCAT Package Manager which then causes arbitrary OS commands to be executed. | ||||
| CVE-2024-40680 | 1 Ibm | 2 Mq Appliance, Mq Operator | 2024-10-31 | 5.5 Medium |
| IBM MQ 9.3 CD and 9.4 LTS/CD could allow a local user to cause a denial of service due to improper memory allocation causing a segmentation fault. | ||||
| CVE-2024-47035 | 1 Google | 2 Android, Pixel | 2024-10-31 | 7.4 High |
| In vring_init of external/headers/include/virtio/virtio_ring.h, there is a possible out of bounds write due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2024-47901 | 1 Siemens | 4 Intermesh 7177 Hybrid2.0 Subscriber, Intermesh 7177 Hybrid 2.0 Subscriber, Intermesh 7707 Fire Subscriber and 1 more | 2024-10-30 | 10 Critical |
| A vulnerability has been identified in InterMesh 7177 Hybrid 2.0 Subscriber (All versions < V8.2.12), InterMesh 7707 Fire Subscriber (All versions < V7.2.12 only if the IP interface is enabled (which is not the default configuration)). The web server of affected devices does not sanitize the input parameters in specific GET requests that allow for code execution on operating system level. In combination with other vulnerabilities (CVE-2024-47902, CVE-2024-47903, CVE-2024-47904) this could allow an unauthenticated remote attacker to execute arbitrary code with root privileges. | ||||
| CVE-2024-48963 | 1 Snyk | 2 Snyk Cli, Snyk Php Plugin | 2024-10-30 | 7.5 High |
| The package Snyk CLI before 1.1294.0 is vulnerable to Code Injection when scanning an untrusted PHP project. The vulnerability can be triggered if Snyk test is run inside the untrusted project due to the improper handling of the current working directory name. Snyk recommends only scanning trusted projects. | ||||
| CVE-2024-34668 | 2 Samsung, Samsung Mobile | 2 Android, Samsung Mobile Devices | 2024-10-30 | 7.5 High |
| Out-of-bounds write in parsing h.263 format in librtppayload.so prior to SMR Oct-2024 Release 1 allows remote attackers to execute arbitrary code with system privilege. User interaction is required for triggering this vulnerability. | ||||
| CVE-2024-34667 | 2 Samsung, Samsung Mobile | 2 Android, Samsung Mobile Devices | 2024-10-30 | 7.5 High |
| Out-of-bounds write in parsing h.265 format in librtppayload.so prior to SMR Oct-2024 Release 1 allows remote attackers to execute arbitrary code with system privilege. User interaction is required for triggering this vulnerability. | ||||
| CVE-2024-34666 | 2 Samsung, Samsung Mobile | 2 Android, Samsung Mobile Devices | 2024-10-30 | 7.5 High |
| Out-of-bounds write in parsing h.264 format in a specific mode in librtppayload.so prior to SMR Oct-2024 Release 1 allows remote attackers to execute arbitrary code with system privilege. User interaction is required for triggering this vulnerability. | ||||
| CVE-2024-34665 | 2 Samsung, Samsung Mobile | 2 Android, Samsung Mobile Devices | 2024-10-30 | 7.5 High |
| Out-of-bounds write in parsing h.264 format in librtppayload.so prior to SMR Oct-2024 Release 1 allows remote attackers to execute arbitrary code with system privilege. User interaction is required for triggering this vulnerability. | ||||
| CVE-2024-48964 | 1 Snyk | 2 Snyk Cli, Snyk Gradle Plugin | 2024-10-30 | 7.5 High |
| The package Snyk CLI before 1.1294.0 is vulnerable to Code Injection when scanning an untrusted Gradle project. The vulnerability can be triggered if Snyk test is run inside the untrusted project due to the improper handling of the current working directory name. Snyk recommends only scanning trusted projects. | ||||
| CVE-2024-40810 | 1 Apple | 1 Macos | 2024-10-29 | 5.5 Medium |
| An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in macOS Sonoma 14.6. An app may be able to cause a coprocessor crash. | ||||
| CVE-2024-48459 | 1 Tenda | 1 Ax2 Pro Firmware | 2024-10-29 | 7.3 High |
| A command execution vulnerability exists in the AX2 Pro home router produced by Shenzhen Tenda Technology Co., Ltd. (Jixiang Tenda) v.DI_7003G-19.12.24A1V16.03.29.50;V16.03.29.50;V16.03.29.50. An attacker can exploit this vulnerability by constructing a malicious payload to execute commands and further obtain shell access to the router's file system with the highest privileges. | ||||
| CVE-2023-20513 | 2024-10-29 | 3.3 Low | ||
| An insufficient bounds check in PMFW (Power Management Firmware) may allow an attacker to utilize a malicious VF (virtualization function) to send a malformed message, potentially resulting in a denial of service. | ||||
| CVE-2024-47821 | 1 Pyload | 1 Pyload | 2024-10-28 | 9.1 Critical |
| pyLoad is a free and open-source Download Manager. The folder `/.pyload/scripts` has scripts which are run when certain actions are completed, for e.g. a download is finished. By downloading a executable file to a folder in /scripts and performing the respective action, remote code execution can be achieved in versions prior to 0.5.0b3.dev87. A file can be downloaded to such a folder by changing the download folder to a folder in `/scripts` path and using the `/flashgot` API to download the file. This vulnerability allows an attacker with access to change the settings on a pyload server to execute arbitrary code and completely compromise the system. Version 0.5.0b3.dev87 fixes this issue. | ||||
| CVE-2024-45242 | 1 Engeniustech | 1 Enh1350ext Firmware | 2024-10-28 | 7.8 High |
| EnGenius ENH1350EXT A8J-ENH1350EXT devices through 3.9.3.2_c1.9.51 allow (blind) OS Command Injection via shell metacharacters to the Ping or Speed Test utility. During the time of initial setup, the device creates an open unsecured network whose admin panel is configured with the default credentials of admin/admin. An unauthorized attacker in proximity to the Wi-Fi network can exploit this window of time to execute arbitrary OS commands with root-level permissions. | ||||
| CVE-2024-47024 | 1 Google | 2 Android, Pixel | 2024-10-28 | 7.4 High |
| In vring_size of external/headers/include/virtio/virtio_ring.h, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||