Total
12951 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-48105 | 1 Bytecodealliance | 1 Webassembly Micro Runtime | 2024-11-26 | 7.5 High |
| An heap overflow vulnerability was discovered in Bytecode alliance wasm-micro-runtime v.1.2.3 allows a remote attacker to cause a denial of service via the wasm_loader_prepare_bytecode function in core/iwasm/interpreter/wasm_loader.c. | ||||
| CVE-2023-49046 | 1 Tenda | 2 Ax1803, Ax1803 Firmware | 2024-11-26 | 9.8 Critical |
| Stack Overflow vulnerability in Tenda AX1803 v.1.0.0.1 allows a remote attacker to execute arbitrary code via the devName parameter in the function formAddMacfilterRule. | ||||
| CVE-2024-21980 | 1 Amd | 174 Epyc 7003 Firmware, Epyc 7203, Epyc 7203 Firmware and 171 more | 2024-11-26 | 7.9 High |
| Improper restriction of write operations in SNP firmware could allow a malicious hypervisor to potentially overwrite a guest's memory or UMC seed resulting in loss of confidentiality and integrity. | ||||
| CVE-2023-31355 | 1 Amd | 172 Epyc 7203, Epyc 7203 Firmware, Epyc 7203p and 169 more | 2024-11-26 | 6 Medium |
| Improper restriction of write operations in SNP firmware could allow a malicious hypervisor to overwrite a guest's UMC seed potentially allowing reading of memory from a decommissioned guest. | ||||
| CVE-2023-20760 | 2 Google, Mediatek | 5 Android, Mt6879, Mt6895 and 2 more | 2024-11-26 | 6.7 Medium |
| In apu, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07629578; Issue ID: ALPS07629578. | ||||
| CVE-2023-21640 | 1 Qualcomm | 13 Fastconnect 6900, Fastconnect 6900 Firmware, Fastconnect 7800 and 10 more | 2024-11-26 | 6.7 Medium |
| Memory corruption in Linux when the file upload API is called with parameters having large buffer. | ||||
| CVE-2024-11236 | 2 Php, Php Group | 2 Php, Php | 2024-11-26 | 9.8 Critical |
| In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, uncontrolled long string inputs to ldap_escape() function on 32-bit systems can cause an integer overflow, resulting in an out-of-bounds write. | ||||
| CVE-2024-11233 | 3 Php, Php Group, Redhat | 3 Php, Php, Enterprise Linux | 2024-11-26 | 4.8 Medium |
| In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, due to an error in convert.quoted-printable-decode filter certain data can lead to buffer overread by one byte, which can in certain circumstances lead to crashes or disclose content of other memory areas. | ||||
| CVE-2023-49991 | 1 Espeak-ng | 1 Espeak-ng | 2024-11-26 | 5.3 Medium |
| Espeak-ng 1.52-dev was discovered to contain a Stack Buffer Underflow via the function CountVowelPosition at synthdata.c. | ||||
| CVE-2024-23356 | 1 Qualcomm | 422 Aqt1000, Aqt1000 Firmware, Ar8031 and 419 more | 2024-11-26 | 7.8 High |
| Memory corruption during session sign renewal request calls in HLOS. | ||||
| CVE-2019-15992 | 1 Cisco | 4 Adaptive Security Appliance, Adaptive Security Appliance Software, Firepower Threat Defense and 1 more | 2024-11-26 | 7.2 High |
| A vulnerability in the implementation of the Lua interpreter integrated in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to execute arbitrary code with root privileges on the underlying Linux operating system of an affected device. The vulnerability is due to insufficient restrictions on the allowed Lua function calls within the context of user-supplied Lua scripts. A successful exploit could allow the attacker to trigger a heap overflow condition and execute arbitrary code with root privileges on the underlying Linux operating system of an affected device. | ||||
| CVE-2023-49432 | 1 Tenda | 2 Ax9, Ax9 Firmware | 2024-11-26 | 9.8 Critical |
| Tenda AX9 V22.03.01.46 has been found to contain a stack overflow vulnerability in the 'deviceList' parameter at /goform/setMacFilterCfg. | ||||
| CVE-2024-23355 | 1 Qualcomm | 286 Ar8035, Ar8035 Firmware, Fastconnect 6200 and 283 more | 2024-11-26 | 7.8 High |
| Memory corruption when keymaster operation imports a shared key. | ||||
| CVE-2023-49999 | 1 Tenda | 2 W30e, W30e Firmware | 2024-11-26 | 9.8 Critical |
| Tenda W30E V16.01.0.12(4843) was discovered to contain a command injection vulnerability via the function setUmountUSBPartition. | ||||
| CVE-2023-51097 | 1 Tenda | 2 W9, W9 Firmware | 2024-11-26 | 9.8 Critical |
| Tenda W9 V1.0.0.7(4456)_CN was discovered to contain a stack overflow via the function formSetAutoPing. | ||||
| CVE-2018-15419 | 1 Cisco | 4 Webex Business Suite 32, Webex Business Suite 33, Webex Meetings Online and 1 more | 2024-11-26 | 7.8 High |
| A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file via a link or an email attachment and persuading the user to open the file by using the affected software. A successful exploit could allow the attacker to execute arbitrary code on the affected system. | ||||
| CVE-2018-15421 | 1 Cisco | 4 Webex Business Suite 32, Webex Business Suite 33, Webex Meetings Online and 1 more | 2024-11-26 | 7.8 High |
| A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file via a link or an email attachment and persuading the user to open the file by using the affected software. A successful exploit could allow the attacker to execute arbitrary code on the affected system. | ||||
| CVE-2018-15422 | 1 Cisco | 4 Webex Business Suite 32, Webex Business Suite 33, Webex Meetings Online and 1 more | 2024-11-26 | 7.8 High |
| A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file via a link or an email attachment and persuading the user to open the file by using the affected software. A successful exploit could allow the attacker to execute arbitrary code on the affected system. | ||||
| CVE-2018-15431 | 1 Cisco | 3 Webex Business Suite 32, Webex Meetings Online, Webex Meetings Server | 2024-11-26 | 7.3 High |
| A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file via a link or an email attachment and persuading the user to open the file by using the affected software. A successful exploit could allow the attacker to execute arbitrary code on the affected system. | ||||
| CVE-2024-11513 | 1 Irfanview | 1 Irfanview | 2024-11-26 | 7.8 High |
| IrfanView ECW File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of ECW files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-23971. | ||||