Export limit exceeded: 348749 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 21833 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 20241 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (20241 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-31956 | 1 Samsung | 6 Exynos 1480, Exynos 1480 Firmware, Exynos 2200 and 3 more | 2025-03-14 | 8.4 High |
| An issue was discovered in Samsung Mobile Processor Exynos 2200, Exynos 1480, Exynos 2400. It lacks proper buffer length checking, which can result in an Out-of-Bounds Write. | ||||
| CVE-2024-27365 | 1 Samsung | 18 Exynos 1080, Exynos 1080 Firmware, Exynos 1280 and 15 more | 2025-03-14 | 4.4 Medium |
| An issue was discovered in Samsung Mobile Processor Exynos Exynos 980, Exynos 850, Exynos 1080, Exynos 1280, Exynos 1380, Exynos 1330, Exynos 1480, Exynos W920, Exynos W930. In the function slsi_rx_blockack_ind(), there is no input validation check on a length coming from userspace, which can lead to a potential heap over-read. | ||||
| CVE-2024-57012 | 1 Totolink | 2 X5000r, X5000r Firmware | 2025-03-14 | 8.8 High |
| TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "week" parameter in setScheduleCfg. | ||||
| CVE-2024-46258 | 2 Cute Png, Randygaul | 2 Cute Png, Cute Png | 2025-03-14 | 7.8 High |
| cute_png v1.05 was discovered to contain a heap buffer overflow via the cp_load_png_mem() function at cute_png.h. | ||||
| CVE-2024-2615 | 1 Mozilla | 1 Firefox | 2025-03-14 | 9.8 Critical |
| Memory safety bugs present in Firefox 123. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 124. | ||||
| CVE-2024-46276 | 2 Cute Png, Randygaul | 2 Cute Png, Cute Png | 2025-03-14 | 7.8 High |
| cute_png v1.05 was discovered to contain a heap buffer overflow via the cp_chunk() function at cute_png.h. | ||||
| CVE-2023-32873 | 2 Google, Mediatek | 25 Android, Mt6761, Mt6765 and 22 more | 2025-03-13 | 6.4 Medium |
| In keyInstall, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08583919; Issue ID: ALPS08304227. | ||||
| CVE-2023-34281 | 1 Dlink | 2 Dir-2150, Dir-2150 Firmware | 2025-03-13 | 8.0 High |
| D-Link DIR-2150 GetFirmwareStatus Target Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-2150 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the SOAP API interface, which listens on TCP port 80 by default. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20561. | ||||
| CVE-2023-34280 | 1 Dlink | 2 Dir-2150, Dir-2150 Firmware | 2025-03-13 | 8.0 High |
| D-Link DIR-2150 SetSysEmailSettings EmailTo Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-2150 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the SOAP API interface, which listens on TCP port 80 by default. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20559. | ||||
| CVE-2023-34279 | 1 Dlink | 2 Dir-2150, Dir-2150 Firmware | 2025-03-13 | 8.8 High |
| D-Link DIR-2150 GetDeviceSettings Target Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-2150 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SOAP API interface, which listens on TCP port 80 by default. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20558. | ||||
| CVE-2023-34278 | 1 Dlink | 2 Dir-2150, Dir-2150 Firmware | 2025-03-13 | 8.0 High |
| D-Link DIR-2150 SetSysEmailSettings EmailFrom Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-2150 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the SOAP API interface, which listens on TCP port 80 by default. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20556. | ||||
| CVE-2023-34277 | 1 Dlink | 2 Dir-2150, Dir-2150 Firmware | 2025-03-13 | 8.0 High |
| D-Link DIR-2150 SetSysEmailSettings AccountName Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-2150 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the SOAP API interface, which listens on TCP port 80 by default. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20555. | ||||
| CVE-2023-34276 | 1 Dlink | 2 Dir-2150, Dir-2150 Firmware | 2025-03-13 | 8.0 High |
| D-Link DIR-2150 SetTriggerPPPoEValidate Username Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-2150 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the SOAP API interface, which listens on TCP port 80 by default. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20554. | ||||
| CVE-2023-34275 | 1 Dlink | 2 Dir-2150, Dir-2150 Firmware | 2025-03-13 | 8.0 High |
| D-Link DIR-2150 SetNTPServerSettings Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-2150 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the SOAP API interface, which listens on TCP port 80 by default. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20553. | ||||
| CVE-2025-20635 | 5 Google, Linuxfoundation, Mediatek and 2 more | 23 Android, Yocto, Mt2737 and 20 more | 2025-03-13 | 6.6 Medium |
| In V6 DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09403752; Issue ID: MSV-2434. | ||||
| CVE-2024-5844 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2025-03-13 | 8.8 High |
| Heap buffer overflow in Tab Strip in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2022-36231 | 1 Newspaperclub | 1 Pdf Info | 2025-03-13 | 9.8 Critical |
| pdf_info 0.5.3 is vulnerable to Command Execution because the Ruby code uses backticks instead of Open3. | ||||
| CVE-2024-41593 | 1 Draytek | 48 Vigor1000b, Vigor1000b Firmware, Vigor165 and 45 more | 2025-03-13 | 9.8 Critical |
| DrayTek Vigor310 devices through 4.3.2.6 allow a remote attacker to execute arbitrary code via the function ft_payload_dns(), because a byte sign-extension operation occurs for the length argument of a _memcpy call, leading to a heap-based Buffer Overflow. | ||||
| CVE-2024-41437 | 1 Dbohdan | 1 Hicolor | 2025-03-13 | 5.5 Medium |
| A heap buffer overflow in the function cp_unfilter() (/vendor/cute_png.h) of hicolor v0.5.0 allows attackers to cause a Denial of Service (DoS) via a crafted PNG file. | ||||
| CVE-2024-20081 | 5 Google, Linuxfoundation, Mediatek and 2 more | 39 Android, Yocto, Mt2735 and 36 more | 2025-03-13 | 9.8 Critical |
| In gnss service, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08719602; Issue ID: MSV-1412. | ||||