Total
13370 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-51635 | 1 Netgear | 2 Rax30, Rax30 Firmware | 2025-01-03 | N/A | 8.8 HIGH |
| NETGEAR RAX30 fing_dil Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RAX30 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within fing_dil service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-19843. | |||||
| CVE-2023-40478 | 1 Netgear | 2 Rax30, Rax30 Firmware | 2025-01-03 | N/A | 6.8 MEDIUM |
| NETGEAR RAX30 Telnet CLI passwd Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RAX30 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the telnet CLI service, which listens on TCP port 23. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20009. | |||||
| CVE-2023-34823 | 1 Fdkaac Project | 1 Fdkaac | 2025-01-03 | N/A | 5.5 MEDIUM |
| fdkaac before 1.0.5 was discovered to contain a stack overflow in read_callback function in src/main.c. | |||||
| CVE-2023-34623 | 1 Jtidy Project | 1 Jtidy | 2025-01-03 | N/A | 7.5 HIGH |
| An issue was discovered jtidy thru r938 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies. | |||||
| CVE-2023-34620 | 1 Hjson Project | 1 Hjson | 2025-01-03 | N/A | 7.5 HIGH |
| An issue was discovered hjson thru 3.0.0 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies. | |||||
| CVE-2023-34617 | 1 Genson Project | 1 Genson | 2025-01-03 | N/A | 7.5 HIGH |
| An issue was discovered genson thru 1.6 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies. | |||||
| CVE-2023-34616 | 1 Pbjson Project | 1 Pbjson | 2025-01-03 | N/A | 7.5 HIGH |
| An issue was discovered pbjson thru 0.4.0 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies. | |||||
| CVE-2023-34615 | 1 Pwall | 1 Jsonutil | 2025-01-03 | N/A | 7.5 HIGH |
| An issue was discovered JSONUtil thru 5.0 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies. | |||||
| CVE-2023-34824 | 1 Fdkaac Project | 1 Fdkaac | 2025-01-03 | N/A | 5.5 MEDIUM |
| fdkaac before 1.0.5 was discovered to contain a heap buffer overflow in caf_info function in caf_reader.c. | |||||
| CVE-2023-35110 | 1 Jjson Project | 1 Jjson | 2025-01-02 | N/A | 7.5 HIGH |
| An issue was discovered jjson thru 0.1.7 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies. | |||||
| CVE-2024-3758 | 1 Openatom | 1 Openharmony | 2025-01-02 | N/A | 6.5 MEDIUM |
| in OpenHarmony v4.0.0 and prior versions allow a local attacker arbitrary code execution in TCB through heap buffer overflow. | |||||
| CVE-2024-10487 | 1 Google | 1 Chrome | 2025-01-02 | N/A | 8.8 HIGH |
| Out of bounds write in Dawn in Google Chrome prior to 130.0.6723.92 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Critical) | |||||
| CVE-2024-7970 | 1 Google | 1 Chrome | 2025-01-02 | N/A | 8.8 HIGH |
| Out of bounds write in V8 in Google Chrome prior to 128.0.6613.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2024-8905 | 1 Google | 1 Chrome | 2025-01-02 | N/A | 8.8 HIGH |
| Inappropriate implementation in V8 in Google Chrome prior to 129.0.6668.58 allowed a remote attacker to potentially exploit stack corruption via a crafted HTML page. (Chromium security severity: Medium) | |||||
| CVE-2024-7018 | 1 Google | 1 Chrome | 2025-01-02 | N/A | 7.8 HIGH |
| Heap buffer overflow in PDF in Google Chrome prior to 124.0.6367.78 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: Medium) | |||||
| CVE-2024-7024 | 1 Google | 1 Chrome | 2025-01-02 | N/A | 9.6 CRITICAL |
| Inappropriate implementation in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Low) | |||||
| CVE-2024-9121 | 1 Google | 1 Chrome | 2025-01-02 | N/A | 8.8 HIGH |
| Inappropriate implementation in V8 in Google Chrome prior to 129.0.6668.70 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2024-0444 | 1 Gstreamer Project | 1 Gstreamer | 2024-12-27 | N/A | 8.8 HIGH |
| GStreamer AV1 Video Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the parsing of tile list data within AV1-encoded video files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22873. | |||||
| CVE-2024-21330 | 1 Microsoft | 8 Azure Automation, Azure Automation Update Management, Azure Security Center and 5 more | 2024-12-27 | N/A | 7.8 HIGH |
| Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability | |||||
| CVE-2024-49984 | 1 Linux | 1 Linux Kernel | 2024-12-27 | N/A | 7.8 HIGH |
| In the Linux kernel, the following vulnerability has been resolved: drm/v3d: Prevent out of bounds access in performance query extensions Check that the number of perfmons userspace is passing in the copy and reset extensions is not greater than the internal kernel storage where the ids will be copied into. | |||||