Total
12951 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-7546 | 2 Ofono, Ofono Project | 2 Ofono, Ofono | 2024-08-29 | 7.8 High |
| oFono SimToolKit Heap-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to execute arbitrary code on affected installations of oFono. An attacker must first obtain the ability to execute code on the target modem in order to exploit this vulnerability. The specific flaw exists within the parsing of STK command PDUs. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-23459. | ||||
| CVE-2024-8225 | 1 Tenda | 2 G3, G3 Firmware | 2024-08-29 | 8.8 High |
| A vulnerability, which was classified as critical, was found in Tenda G3 15.11.0.20. Affected is the function formSetSysTime of the file /goform/SetSysTimeCfg. The manipulation of the argument sysTimePolicy leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-8226 | 1 Tenda | 2 O1, O1 Firmware | 2024-08-29 | 8.8 High |
| A vulnerability has been found in Tenda O1 1.0.0.7(10648) and classified as critical. Affected by this vulnerability is the function formSetCfm of the file /goform/setcfm. The manipulation of the argument funcpara1 leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-8227 | 1 Tenda | 2 O1, O1 Firmware | 2024-08-29 | 8.8 High |
| A vulnerability was found in Tenda O1 1.0.0.7(10648) and classified as critical. Affected by this issue is the function fromDhcpSetSer of the file /goform/DhcpSetSer. The manipulation of the argument dhcpStartIp/dhcpEndIp/dhcpGw/dhcpMask/dhcpLeaseTime/dhcpDns1/dhcpDns2 leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-8228 | 1 Tenda | 2 O5, O5 Firmware | 2024-08-29 | 8.8 High |
| A vulnerability was found in Tenda O5 1.0.0.8(5017). It has been classified as critical. This affects the function fromSafeSetMacFilter of the file /goform/setMacFilterList. The manipulation of the argument remark/type/time leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-8229 | 1 Tenda | 2 O6, O6 Firmware | 2024-08-29 | 8.8 High |
| A vulnerability was found in Tenda O6 1.0.0.7(2054). It has been declared as critical. This vulnerability affects the function frommacFilterModify of the file /goform/operateMacFilter. The manipulation of the argument mac leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-8230 | 1 Tenda | 2 O6, O6 Firmware | 2024-08-29 | 8.8 High |
| A vulnerability was found in Tenda O6 1.0.0.7(2054). It has been rated as critical. This issue affects the function fromSafeSetMacFilter of the file /goform/setMacFilterList. The manipulation of the argument remark/type/time leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-42438 | 1 Zoom | 6 Meeting Software Development Kit, Rooms, Rooms Controller and 3 more | 2024-08-29 | 6.5 Medium |
| Buffer overflow in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct a denial of service via network access. | ||||
| CVE-2024-41285 | 1 Fastcom | 2 Fw300r, Fw300r Firmware | 2024-08-27 | 9.8 Critical |
| A stack overflow in FAST FW300R v1.3.13 Build 141023 Rel.61347n allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via a crafted file path. | ||||
| CVE-2024-44557 | 1 Tenda | 2 Ax1806, Ax1806 Firmware | 2024-08-27 | 8 High |
| Tenda AX1806 v1.0.0.1 contains a stack overflow via the iptv.stb.mode parameter in the function setIptvInfo. | ||||
| CVE-2024-44555 | 1 Tenda | 2 Ax1806, Ax1806 Firmware | 2024-08-27 | 9.8 Critical |
| Tenda AX1806 v1.0.0.1 contains a stack overflow via the iptv.city.vlan parameter in the function setIptvInfo. | ||||
| CVE-2024-44553 | 1 Tenda | 2 Ax1806, Ax1806 Firmware | 2024-08-27 | 8.8 High |
| Tenda AX1806 v1.0.0.1 contains a stack overflow via the iptv.stb.mode parameter in the function formGetIptv. | ||||
| CVE-2024-44550 | 1 Tenda | 2 Ax1806, Ax1806 Firmware | 2024-08-27 | 8.8 High |
| Tenda AX1806 v1.0.0.1 contains a stack overflow via the adv.iptv.stbpvid parameter in the function formGetIptv. | ||||
| CVE-2024-44549 | 1 Tenda | 2 Ax1806, Ax1806 Firmware | 2024-08-27 | 6.6 Medium |
| Tenda AX1806 v1.0.0.1 contains a stack overflow via the iptv.stb.port parameter in the function formGetIptv. | ||||
| CVE-2024-44558 | 1 Tenda | 2 Ax1806, Ax1806 Firmware | 2024-08-27 | 8.8 High |
| Tenda AX1806 v1.0.0.1 contains a stack overflow via the adv.iptv.stbpvid parameter in the function setIptvInfo. | ||||
| CVE-2024-44556 | 1 Tenda | 2 Ax1806, Ax1806 Firmware | 2024-08-27 | 6.6 Medium |
| Tenda AX1806 v1.0.0.1 contains a stack overflow via the adv.iptv.stballvlans parameter in the function setIptvInfo. | ||||
| CVE-2024-44565 | 1 Tenda | 2 Ax1806, Ax1806 Firmware | 2024-08-27 | 8 High |
| Tenda AX1806 v1.0.0.1 contains a stack overflow via the serverName parameter in the function form_fast_setting_internet_set. | ||||
| CVE-2024-44563 | 1 Tenda | 2 Ax1806, Ax1806 Firmware | 2024-08-27 | 8 High |
| Tenda AX1806 v1.0.0.1 contains a stack overflow via the iptv.stb.port parameter in the function setIptvInfo. | ||||
| CVE-2024-7967 | 1 Google | 1 Chrome | 2024-08-27 | 8.8 High |
| Heap buffer overflow in Fonts in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2024-7966 | 1 Google | 1 Chrome | 2024-08-27 | 8.8 High |
| Out of bounds memory access in Skia in Google Chrome prior to 128.0.6613.84 allowed a remote attacker who had compromised the renderer process to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High) | ||||