Export limit exceeded: 20214 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (20214 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-2978 | 1 Tenda | 2 F1203, F1203 Firmware | 2025-04-10 | 8.8 High |
| A vulnerability classified as critical has been found in Tenda F1203 2.0.1.6. This affects the function formSetCfm of the file /goform/setcfm. The manipulation of the argument funcpara1 leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-258147. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-2983 | 1 Tenda | 2 Fh1202, Fh1202 Firmware | 2025-04-10 | 8.8 High |
| A vulnerability was found in Tenda FH1202 1.2.0.14(408) and classified as critical. Affected by this issue is the function formSetClientState of the file /goform/SetClientState. The manipulation of the argument deviceId/limitSpeed/limitSpeedUp leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-258152. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-2987 | 1 Tenda | 2 Fh1202, Fh1202 Firmware | 2025-04-10 | 8.8 High |
| A vulnerability classified as critical has been found in Tenda FH1202 1.2.0.14(408). Affected is the function GetParentControlInfo of the file /goform/GetParentControlInfo. The manipulation of the argument mac leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-258156. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2022-47116 | 1 Tenda | 2 A15, A15 Firmware | 2025-04-10 | 7.5 High |
| Tenda A15 V15.13.07.13 was discovered to contain a stack overflow via the SYSPS parameter at /goform/SysToolChangePwd. | ||||
| CVE-2022-43448 | 1 Fujielectric | 2 Tellus, V-sft | 2025-04-10 | 7.8 High |
| Out-of-bounds write vulnerability in V-SFT v6.1.7.0 and earlier and TELLUS v4.0.12.0 and earlier allows a local attacker to obtain the information and/or execute arbitrary code by having a user to open a specially crafted image file. | ||||
| CVE-2022-40740 | 1 Realtek | 2 Usdk, Xpon Software Development Kit | 2025-04-10 | 7.2 High |
| Realtek GPON router has insufficient filtering for special characters. A remote attacker authenticated as an administrator can exploit this vulnerability to perform command injection attacks, to execute arbitrary system command, manipulate system or disrupt service. | ||||
| CVE-2022-42270 | 1 Nvidia | 9 Jetson Agx Xavier, Jetson Agx Xavier 16gb, Jetson Agx Xavier 32gb and 6 more | 2025-04-10 | 7.8 High |
| NVIDIA distributions of Linux contain a vulnerability in nvdla_emu_task_submit, where unvalidated input may allow a local attacker to cause stack-based buffer overflow in kernel code, which may lead to escalation of privileges, compromised integrity and confidentiality, and denial of service. | ||||
| CVE-2022-46304 | 1 Changingtec | 1 Servisign | 2025-04-10 | 8.8 High |
| ChangingTec ServiSign component has insufficient filtering for special characters in the connection response parameter. An unauthenticated remote attacker can host a malicious website for the component user to access, which triggers command injection and allows the attacker to execute arbitrary system command to perform arbitrary system operation or disrupt service. | ||||
| CVE-2022-32637 | 2 Google, Mediatek | 12 Android, Mt6781, Mt6785 and 9 more | 2025-04-10 | 6.7 Medium |
| In hevc decoder, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07491374; Issue ID: ALPS07491374. | ||||
| CVE-2022-32636 | 2 Google, Mediatek | 51 Android, Mt6580, Mt6731 and 48 more | 2025-04-10 | 6.7 Medium |
| In keyinstall, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07510064; Issue ID: ALPS07510064. | ||||
| CVE-2022-47908 | 1 Fujielectric | 1 V-server | 2025-04-10 | 7.8 High |
| Stack-based buffer overflow vulnerability in V-Server v4.0.12.0 and earlier allows a local attacker to obtain the information and/or execute arbitrary code by having a user to open a specially crafted project file. | ||||
| CVE-2022-44428 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-04-10 | 5.5 Medium |
| In wlan driver, there is a possible missing bounds check. This could lead to local denial of service in wlan services. | ||||
| CVE-2022-44427 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-04-10 | 5.5 Medium |
| In wlan driver, there is a possible missing bounds check. This could lead to local denial of service in wlan services. | ||||
| CVE-2022-43538 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2025-04-10 | 7.2 High |
| Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. Successful exploits could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x: 6.10.7 and below and ClearPass Policy Manager 6.9.x: 6.9.12 and below. | ||||
| CVE-2022-43537 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2025-04-10 | 7.2 High |
| Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. Successful exploits could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x: 6.10.7 and below and ClearPass Policy Manager 6.9.x: 6.9.12 and below. | ||||
| CVE-2022-43536 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2025-04-10 | 7.2 High |
| Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. Successful exploits could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x: 6.10.7 and below and ClearPass Policy Manager 6.9.x: 6.9.12 and below. | ||||
| CVE-2022-32647 | 2 Google, Mediatek | 4 Android, Mt6879, Mt6895 and 1 more | 2025-04-10 | 6.7 Medium |
| In ccu, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07554646; Issue ID: ALPS07554646. | ||||
| CVE-2022-32646 | 2 Google, Mediatek | 24 Android, Mt6761, Mt6765 and 21 more | 2025-04-10 | 6.7 Medium |
| In gpu drm, there is a possible stack overflow due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07363501; Issue ID: ALPS07363501. | ||||
| CVE-2022-32640 | 2 Google, Mediatek | 57 Android, Mt6580, Mt6731 and 54 more | 2025-04-10 | 6.7 Medium |
| In meta wifi, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07441652; Issue ID: ALPS07441652. | ||||
| CVE-2024-51251 | 1 Draytek | 2 Vigor3900, Vigor3900 Firmware | 2025-04-10 | 8 High |
| In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the backup function. | ||||