Total
12951 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-27361 | 1 Netgear | 2 Rax30, Rax30 Firmware | 2025-01-03 | 8.0 High |
| NETGEAR RAX30 rex_cgi JSON Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RAX30 routers. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of JSON data. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-19355. | ||||
| CVE-2023-34285 | 1 Netgear | 2 Rax30, Rax30 Firmware | 2025-01-03 | 8.8 High |
| NETGEAR RAX30 cmsCli_authenticate Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RAX30 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within a shared library used by the telnetd service, which listens on TCP port 23 by default. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-19918. | ||||
| CVE-2023-27369 | 1 Netgear | 2 Rax30, Rax30 Firmware | 2025-01-03 | 8.8 High |
| NETGEAR RAX30 soap_serverd Stack-based Buffer Overflow Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RAX30. Authentication is not required to exploit this vulnerability. The specific flaw exists within the soap_serverd binary. When parsing the request headers, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-19840. | ||||
| CVE-2023-51635 | 1 Netgear | 2 Rax30, Rax30 Firmware | 2025-01-03 | 8.8 High |
| NETGEAR RAX30 fing_dil Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RAX30 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within fing_dil service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-19843. | ||||
| CVE-2023-40478 | 1 Netgear | 2 Rax30, Rax30 Firmware | 2025-01-03 | 6.8 Medium |
| NETGEAR RAX30 Telnet CLI passwd Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RAX30 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the telnet CLI service, which listens on TCP port 23. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20009. | ||||
| CVE-2023-34823 | 1 Fdkaac Project | 1 Fdkaac | 2025-01-03 | 5.5 Medium |
| fdkaac before 1.0.5 was discovered to contain a stack overflow in read_callback function in src/main.c. | ||||
| CVE-2023-34623 | 1 Jtidy Project | 1 Jtidy | 2025-01-03 | 7.5 High |
| An issue was discovered jtidy thru r938 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies. | ||||
| CVE-2023-34620 | 1 Hjson Project | 1 Hjson | 2025-01-03 | 7.5 High |
| An issue was discovered hjson thru 3.0.0 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies. | ||||
| CVE-2023-34617 | 1 Genson Project | 1 Genson | 2025-01-03 | 7.5 High |
| An issue was discovered genson thru 1.6 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies. | ||||
| CVE-2023-34616 | 1 Pbjson Project | 1 Pbjson | 2025-01-03 | 7.5 High |
| An issue was discovered pbjson thru 0.4.0 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies. | ||||
| CVE-2023-34615 | 1 Pwall | 1 Jsonutil | 2025-01-03 | 7.5 High |
| An issue was discovered JSONUtil thru 5.0 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies. | ||||
| CVE-2023-34824 | 1 Fdkaac Project | 1 Fdkaac | 2025-01-03 | 5.5 Medium |
| fdkaac before 1.0.5 was discovered to contain a heap buffer overflow in caf_info function in caf_reader.c. | ||||
| CVE-2023-33124 | 1 Siemens | 2 Jt2go, Teamcenter Visualization | 2025-01-03 | 7.8 High |
| A vulnerability has been identified in JT2Go (All versions < V14.2.0.3), Teamcenter Visualization V13.2 (All versions < V13.2.0.13), Teamcenter Visualization V13.3 (All versions < V13.3.0.10), Teamcenter Visualization V14.0 (All versions < V14.0.0.6), Teamcenter Visualization V14.1 (All versions < V14.1.0.8), Teamcenter Visualization V14.2 (All versions < V14.2.0.3). The affected applications contain a memory corruption vulnerability while parsing specially crafted CGM files. This could allow an attacker to execute code in the context of the current process. | ||||
| CVE-2023-35110 | 1 Jjson Project | 1 Jjson | 2025-01-02 | 7.5 High |
| An issue was discovered jjson thru 0.1.7 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies. | ||||
| CVE-2023-2569 | 1 Schneider-electric | 1 Ecostruxure Foxboro Dcs Control Core Services | 2025-01-02 | 7.8 High |
| A CWE-787: Out-of-Bounds Write vulnerability exists that could cause local denial-of-service, elevation of privilege, and potentially kernel execution when a malicious actor with local user access crafts a script/program using an IOCTL call in the Foxboro.sys driver. | ||||
| CVE-2024-3758 | 1 Openatom | 1 Openharmony | 2025-01-02 | 6.5 Medium |
| in OpenHarmony v4.0.0 and prior versions allow a local attacker arbitrary code execution in TCB through heap buffer overflow. | ||||
| CVE-2022-21926 | 1 Microsoft | 1 Hevc Video Extensions | 2025-01-02 | 7.8 High |
| HEVC Video Extensions Remote Code Execution Vulnerability | ||||
| CVE-2022-21917 | 1 Microsoft | 1 Hevc Video Extensions | 2025-01-02 | 7.8 High |
| HEVC Video Extensions Remote Code Execution Vulnerability | ||||
| CVE-2024-10487 | 1 Google | 1 Chrome | 2025-01-02 | 8.8 High |
| Out of bounds write in Dawn in Google Chrome prior to 130.0.6723.92 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Critical) | ||||
| CVE-2024-7970 | 1 Google | 1 Chrome | 2025-01-02 | 8.8 High |
| Out of bounds write in V8 in Google Chrome prior to 128.0.6613.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||