Total
12951 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-0231 | 1 Cisco | 2 Adaptive Security Appliance Software, Firepower Threat Defense | 2024-11-29 | N/A |
| A vulnerability in the Transport Layer Security (TLS) library of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to trigger a reload of the affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a malicious TLS message to an interface enabled for Secure Layer Socket (SSL) services on an affected device. Messages using SSL Version 3 (SSLv3) or SSL Version 2 (SSLv2) cannot be be used to exploit this vulnerability. An exploit could allow the attacker to cause a buffer underflow, triggering a crash on an affected device. This vulnerability affects Cisco ASA Software and Cisco FTD Software that is running on the following Cisco products: Adaptive Security Virtual Appliance (ASAv), Firepower Threat Defense Virtual (FTDv), Firepower 2100 Series Security Appliance. Cisco Bug IDs: CSCve18902, CSCve34335, CSCve38446. | ||||
| CVE-2023-34928 | 1 H3c | 3 Magic, Magic B1st, Magic B1st Firmware | 2024-11-27 | 7.5 High |
| A stack overflow in the Edit_BasicSSID function of H3C Magic B1STV100R012 allows attackers to cause a Denial of Service (DoS) via a crafted POST request. | ||||
| CVE-2023-34929 | 1 H3c | 3 Magic, Magic B1st, Magic B1st Firmware | 2024-11-27 | 7.5 High |
| A stack overflow in the AddMacList function of H3C Magic B1STV100R012 allows attackers to cause a Denial of Service (DoS) via a crafted POST request. | ||||
| CVE-2023-34930 | 1 H3c | 3 Magic, Magic B1st, Magic B1st Firmware | 2024-11-27 | 7.5 High |
| A stack overflow in the EditMacList function of H3C Magic B1STV100R012 allows attackers to cause a Denial of Service (DoS) via a crafted POST request. | ||||
| CVE-2023-34931 | 1 H3c | 3 Magic, Magic B1st, Magic B1st Firmware | 2024-11-27 | 7.5 High |
| A stack overflow in the EditWlanMacList function of H3C Magic B1STV100R012 allows attackers to cause a Denial of Service (DoS) via a crafted POST request. | ||||
| CVE-2023-34932 | 1 H3c | 3 Magic, Magic B1st, Magic B1st Firmware | 2024-11-27 | 7.5 High |
| A stack overflow in the UpdateWanMode function of H3C Magic B1STV100R012 allows attackers to cause a Denial of Service (DoS) via a crafted POST request. | ||||
| CVE-2023-34933 | 1 H3c | 3 Magic, Magic B1st, Magic B1st Firmware | 2024-11-27 | 7.5 High |
| A stack overflow in the UpdateWanParams function of H3C Magic B1STV100R012 allows attackers to cause a Denial of Service (DoS) via a crafted POST request. | ||||
| CVE-2023-34934 | 1 H3c | 3 Magic, Magic B1st, Magic B1st Firmware | 2024-11-27 | 7.5 High |
| A stack overflow in the Edit_BasicSSID_5G function of H3C Magic B1STV100R012 allows attackers to cause a Denial of Service (DoS) via a crafted POST request. | ||||
| CVE-2023-34936 | 1 H3c | 3 Magic, Magic B1st, Magic B1st Firmware | 2024-11-27 | 7.5 High |
| A stack overflow in the UpdateMacClone function of H3C Magic B1STV100R012 allows attackers to cause a Denial of Service (DoS) via a crafted POST request. | ||||
| CVE-2023-34937 | 1 H3c | 3 Magic, Magic B1st, Magic B1st Firmware | 2024-11-27 | 7.5 High |
| A stack overflow in the UpdateSnat function of H3C Magic B1STV100R012 allows attackers to cause a Denial of Service (DoS) via a crafted POST request. | ||||
| CVE-2023-33905 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2024-11-27 | 4.4 Medium |
| In iwnpi server, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. | ||||
| CVE-2023-48315 | 1 Microsoft | 1 Azure Rtos Netx Duo | 2024-11-27 | 8.8 High |
| Azure RTOS NetX Duo is a TCP/IP network stack designed specifically for deeply embedded real-time and IoT applications. An attacker can cause remote code execution due to memory overflow vulnerabilities in Azure RTOS NETX Duo. The affected components include processes/functions related to ftp and sntp in RTOS v6.2.1 and below. The fixes have been included in NetX Duo release 6.3.0. Users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
| CVE-2023-46260 | 2 Ivanti, Microsoft | 2 Avalanche, Windows | 2024-11-27 | 9.8 Critical |
| An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution. | ||||
| CVE-2023-46217 | 2 Ivanti, Microsoft | 2 Avalanche, Windows | 2024-11-27 | 9.8 Critical |
| An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution. | ||||
| CVE-2023-29491 | 2 Gnu, Redhat | 3 Ncurses, Enterprise Linux, Rhel Eus | 2024-11-27 | 7.8 High |
| ncurses before 6.4 20230408, when used by a setuid application, allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file that is found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable. | ||||
| CVE-2023-26085 | 1 Arm | 1 Nn Android Neural Networks Driver | 2024-11-27 | 7.8 High |
| A possible out-of-bounds read and write (due to an improper length check of shared memory) was discovered in Arm NN Android-NN-Driver before 23.02. | ||||
| CVE-2020-19186 | 2 Gnu, Netapp | 2 Ncurses, Active Iq Unified Manager | 2024-11-27 | 6.5 Medium |
| Buffer Overflow vulnerability in _nc_find_entry function in tinfo/comp_hash.c:66 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command. | ||||
| CVE-2023-38857 | 1 Faad2 Project | 1 Faad2 | 2024-11-26 | 5.5 Medium |
| Buffer Overflow vulnerability infaad2 v.2.10.1 allows a remote attacker to execute arbitrary code and cause a denial of service via the stcoin function in mp4read.c. | ||||
| CVE-2024-7352 | 1 Pdf-xchange | 1 Pdf-xchange Editor | 2024-11-26 | 7.8 High |
| PDF-XChange Editor PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-23550. | ||||
| CVE-2024-9114 | 1 Faststone | 1 Image Viewer | 2024-11-26 | 7.8 High |
| FastStone Image Viewer GIF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of FastStone Image Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of GIF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25145. | ||||