Export limit exceeded: 44046 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (44046 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-2708 | 1 Tenda | 2 Ac10u, Ac10u Firmware | 2024-12-12 | 8.8 High |
| A vulnerability was found in Tenda AC10U 15.03.06.49 and classified as critical. This issue affects the function formexeCommand of the file /goform/execCommand. The manipulation of the argument cmdinput leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257459. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-2706 | 1 Tenda | 2 Ac10u, Ac10u Firmware | 2024-12-12 | 8.8 High |
| A vulnerability, which was classified as critical, was found in Tenda AC10U 15.03.06.49. This affects the function formWifiWpsStart of the file /goform/WifiWpsStart. The manipulation of the argument index leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257457 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-2705 | 1 Tenda | 2 Ac10u, Ac10u Firmware | 2024-12-12 | 8.8 High |
| A vulnerability, which was classified as critical, has been found in Tenda AC10U 1.0/15.03.06.49. Affected by this issue is the function formSetQosBand of the file /goform/SetNetControlList. The manipulation of the argument list leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257456. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-2704 | 1 Tenda | 2 Ac10u, Ac10u Firmware | 2024-12-12 | 8.8 High |
| A vulnerability classified as critical was found in Tenda AC10U 15.03.06.49. Affected by this vulnerability is the function formSetFirewallCfg of the file /goform/SetFirewallCfg. The manipulation of the argument firewallEn leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257455. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-2703 | 1 Tenda | 2 Ac10u, Ac10u Firmware | 2024-12-12 | 8.8 High |
| A vulnerability classified as critical has been found in Tenda AC10U 15.03.06.49. Affected is the function formSetDeviceName of the file /goform/SetOnlineDevName. The manipulation of the argument mac leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-257454 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2023-34454 | 2 Redhat, Xerial | 3 Amq Streams, Quarkus, Snappy-java | 2024-12-12 | 5.9 Medium |
| snappy-java is a fast compressor/decompressor for Java. Due to unchecked multiplications, an integer overflow may occur in versions prior to 1.1.10.1, causing an unrecoverable fatal error. The function `compress(char[] input)` in the file `Snappy.java` receives an array of characters and compresses it. It does so by multiplying the length by 2 and passing it to the rawCompress` function. Since the length is not tested, the multiplication by two can cause an integer overflow and become negative. The rawCompress function then uses the received length and passes it to the natively compiled maxCompressedLength function, using the returned value to allocate a byte array. Since the maxCompressedLength function treats the length as an unsigned integer, it doesn’t care that it is negative, and it returns a valid value, which is casted to a signed integer by the Java engine. If the result is negative, a `java.lang.NegativeArraySizeException` exception will be raised while trying to allocate the array `buf`. On the other side, if the result is positive, the `buf` array will successfully be allocated, but its size might be too small to use for the compression, causing a fatal Access Violation error. The same issue exists also when using the `compress` functions that receive double, float, int, long and short, each using a different multiplier that may cause the same issue. The issue most likely won’t occur when using a byte array, since creating a byte array of size 0x80000000 (or any other negative value) is impossible in the first place. Version 1.1.10.1 contains a patch for this issue. | ||||
| CVE-2023-6682 | 1 Gitlab | 1 Gitlab | 2024-12-12 | 6.5 Medium |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.9 prior to 16.9.7, starting from 16.10 prior to 16.10.5, and starting from 16.11 prior to 16.11.2. A problem with the processing logic for Discord Integrations Chat Messages can lead to a regular expression DoS attack on the server. | ||||
| CVE-2023-32229 | 1 Bosch | 17 Autodome 7000i, Autodome 7100 Ir, Autodome Inteox 7000i and 14 more | 2024-12-12 | 4.9 Medium |
| Due to an error in the software interface to the secure element chip on Bosch IP cameras of family CPP13 and CPP14, the chip can be permanently damaged when enabling the Stream security option (signing of the video stream) with option MD5, SHA-1 or SHA-256. | ||||
| CVE-2023-34453 | 2 Redhat, Xerial | 3 Amq Streams, Quarkus, Snappy-java | 2024-12-12 | 5.9 Medium |
| snappy-java is a fast compressor/decompressor for Java. Due to unchecked multiplications, an integer overflow may occur in versions prior to 1.1.10.1, causing a fatal error. The function `shuffle(int[] input)` in the file `BitShuffle.java` receives an array of integers and applies a bit shuffle on it. It does so by multiplying the length by 4 and passing it to the natively compiled shuffle function. Since the length is not tested, the multiplication by four can cause an integer overflow and become a smaller value than the true size, or even zero or negative. In the case of a negative value, a `java.lang.NegativeArraySizeException` exception will raise, which can crash the program. In a case of a value that is zero or too small, the code that afterwards references the shuffled array will assume a bigger size of the array, which might cause exceptions such as `java.lang.ArrayIndexOutOfBoundsException`. The same issue exists also when using the `shuffle` functions that receive a double, float, long and short, each using a different multiplier that may cause the same issue. Version 1.1.10.1 contains a patch for this vulnerability. | ||||
| CVE-2023-6688 | 1 Gitlab | 1 Gitlab | 2024-12-12 | 6.5 Medium |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.11 prior to 16.11.2. A problem with the processing logic for Google Chat Messages integration may lead to a regular expression DoS attack on the server. | ||||
| CVE-2023-2686 | 1 Silabs | 1 Gecko Software Development Kit | 2024-12-12 | 9.8 Critical |
| Buffer overflow in Wi-Fi Commissioning MicriumOS example in Silicon Labs Gecko SDK v4.2.3 or earlier allows connected device to write payload onto the stack. | ||||
| CVE-2024-50089 | 2024-12-12 | 5.5 Medium | ||
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | ||||
| CVE-2024-50018 | 1 Redhat | 1 Enterprise Linux | 2024-12-12 | 4.4 Medium |
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | ||||
| CVE-2024-43053 | 1 Qualcomm | 40 Fastconnect 6700, Fastconnect 6700 Firmware, Fastconnect 6900 and 37 more | 2024-12-12 | 7.8 High |
| Memory corruption while invoking IOCTL calls from user space to read WLAN target diagnostic information. | ||||
| CVE-2024-43050 | 1 Qualcomm | 109 Aqt1000, Aqt1000 Firmware, Fastconnect 6200 and 106 more | 2024-12-12 | 7.8 High |
| Memory corruption while invoking IOCTL calls from user space to issue factory test command inside WLAN driver. | ||||
| CVE-2024-43049 | 1 Qualcomm | 38 Fastconnect 6700, Fastconnect 6700 Firmware, Fastconnect 6900 and 35 more | 2024-12-12 | 7.8 High |
| Memory corruption while invoking IOCTL calls from user space to set generic private command inside WLAN driver. | ||||
| CVE-2024-43048 | 1 Qualcomm | 104 Fastconnect 6200, Fastconnect 6200 Firmware, Fastconnect 6900 and 101 more | 2024-12-12 | 7.8 High |
| Memory corruption when invalid input is passed to invoke GPU Headroom API call. | ||||
| CVE-2024-33063 | 1 Qualcomm | 250 Ar8035, Ar8035 Firmware, Fastconnect 6900 and 247 more | 2024-12-12 | 7.5 High |
| Transient DOS while parsing the ML IE when a beacon with common info length of the ML IE greater than the ML IE inside which this element is present. | ||||
| CVE-2024-33056 | 1 Qualcomm | 662 205 Mobile Platform, 205 Mobile Platform Firmware, 315 5g Iot Modem and 659 more | 2024-12-12 | 8.4 High |
| Memory corruption when allocating and accessing an entry in an SMEM partition continuously. | ||||
| CVE-2024-33044 | 1 Qualcomm | 425 315 5g Iot Modem, 315 5g Iot Modem Firmware, Aqt1000 and 422 more | 2024-12-12 | 8.4 High |
| Memory corruption while Configuring the SMR/S2CR register in Bypass mode. | ||||