Export limit exceeded: 44145 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (44145 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-27382 | 1 Samsung | 10 Exynos 1280, Exynos 1280 Firmware, Exynos 1330 and 7 more | 2025-03-18 | 6 Medium |
| An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos 850, Exynos 1280, Exynos 1380, and Exynos 1330. In the function slsi_send_action_frame(), there is no input validation check on len coming from userspace, which can lead to a heap over-read. | ||||
| CVE-2023-20948 | 1 Google | 1 Android | 2025-03-18 | 7.5 High |
| In dropFramesUntilIframe of AAVCAssembler.cpp, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12L Android-13Android ID: A-230630526 | ||||
| CVE-2022-48339 | 2 Gnu, Redhat | 3 Emacs, Enterprise Linux, Rhel Eus | 2025-03-18 | 7.8 High |
| An issue was discovered in GNU Emacs through 28.2. htmlfontify.el has a command injection vulnerability. In the hfy-istext-command function, the parameter file and parameter srcdir come from external input, and parameters are not escaped. If a file name or directory name contains shell metacharacters, code may be executed. | ||||
| CVE-2021-22484 | 1 Huawei | 1 Harmonyos | 2025-03-18 | 7.5 High |
| Some Huawei wearables have a vulnerability of not verifying the actual data size when reading data. Successful exploitation of this vulnerability may cause a server out of memory (OOM). | ||||
| CVE-2023-0880 | 1 Phpmyfaq | 1 Phpmyfaq | 2025-03-18 | 8.3 High |
| Misinterpretation of Input in GitHub repository thorsten/phpmyfaq prior to 3.1.11. | ||||
| CVE-2023-0866 | 1 Gpac | 1 Gpac | 2025-03-18 | 7.8 High |
| Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.3.0-DEV. | ||||
| CVE-2024-46598 | 1 Draytek | 2 Vigor3910, Vigor3910 Firmware | 2025-03-18 | 7.5 High |
| Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the iprofileidx parameter at dialin.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. | ||||
| CVE-2024-46590 | 1 Draytek | 2 Vigor3910, Vigor3910 Firmware | 2025-03-18 | 7.5 High |
| Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the ssidencrypt%d parameter at v2x00.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. | ||||
| CVE-2024-46583 | 1 Draytek | 2 Vigor3910, Vigor3910 Firmware | 2025-03-18 | 7.5 High |
| Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the extRadSrv2 parameter at cgiapp.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. | ||||
| CVE-2024-46556 | 1 Draytek | 2 Vigor3910, Vigor3910 Firmware | 2025-03-18 | 7.5 High |
| Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sInRCSecret0 parameter at v2x00.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. | ||||
| CVE-2024-46555 | 1 Draytek | 2 Vigor3910, Vigor3910 Firmware | 2025-03-18 | 7.5 High |
| Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the pb parameter at v2x00.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. | ||||
| CVE-2023-0568 | 2 Php, Redhat | 2 Php, Enterprise Linux | 2025-03-18 | 7.5 High |
| In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, core path resolution function allocate buffer one byte too small. When resolving paths with lengths close to system MAXPATHLEN setting, this may lead to the byte after the allocated buffer being overwritten with NUL value, which might lead to unauthorized data access or modification. | ||||
| CVE-2024-46582 | 1 Draytek | 2 Vigor3910, Vigor3910 Firmware | 2025-03-18 | 7.5 High |
| Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sSrvAddr parameter at v2x00.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. | ||||
| CVE-2024-20941 | 1 Oracle | 1 Installed Base | 2025-03-18 | 6.1 Medium |
| Vulnerability in the Oracle Installed Base product of Oracle E-Business Suite (component: HTML UI). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Installed Base. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Installed Base, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Installed Base accessible data as well as unauthorized read access to a subset of Oracle Installed Base accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). | ||||
| CVE-2024-44912 | 1 Nasa | 1 Cryptolib | 2025-03-17 | 7.5 High |
| NASA CryptoLib v1.3.0 was discovered to contain an Out-of-Bounds read via the TM subsystem (crypto_tm.c). | ||||
| CVE-2024-46552 | 1 Draytek | 2 Vigor3910, Vigor3910 Firmware | 2025-03-17 | 7.5 High |
| Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sStRtMskShow parameter at ipstrt.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. | ||||
| CVE-2025-29387 | 1 Tenda | 2 Ac9, Ac9 Firmware | 2025-03-17 | 7.1 High |
| In Tenda AC9 v1.0 V15.03.05.14_multi, the wanSpeed parameter of /goform/AdvSetMacMtuWan has a stack overflow vulnerability, which can lead to remote arbitrary code execution. | ||||
| CVE-2024-46550 | 1 Draytek | 2 Vigor3910, Vigor3910 Firmware | 2025-03-17 | 7.5 High |
| Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the CGIbyFieldName parameter at chglog.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. | ||||
| CVE-2023-20662 | 4 Google, Linux, Mediatek and 1 more | 29 Android, Linux Kernel, Mt5221 and 26 more | 2025-03-17 | 6.7 Medium |
| In wlan, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07560765; Issue ID: ALPS07560765. | ||||
| CVE-2023-20661 | 4 Google, Linux, Mediatek and 1 more | 29 Android, Linux Kernel, Mt5221 and 26 more | 2025-03-17 | 6.7 Medium |
| In wlan, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07560782; Issue ID: ALPS07560782. | ||||