Export limit exceeded: 335034 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 20458 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (20458 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-47029 | 1 Google | 2 Android, Pixel | 2024-10-28 | 5.1 Medium |
| In TrustySharedMemoryManager::GetSharedMemory of ondevice/trusty/trusty_shared_memory_manager.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2024-47034 | 1 Google | 2 Android, Pixel | 2024-10-28 | 5.1 Medium |
| there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2024-10130 | 1 Tenda | 2 Ac8, Ac8 Firmware | 2024-10-28 | 8.8 High |
| A vulnerability classified as critical was found in Tenda AC8 16.03.34.06. This vulnerability affects the function formSetRebootTimer of the file /goform/SetSysAutoRebbotCfg. The manipulation of the argument rebootTime leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-10123 | 1 Tenda | 2 Ac8, Ac8 Firmware | 2024-10-28 | 8.8 High |
| A vulnerability was found in Tenda AC8 16.03.34.06. It has been declared as critical. Affected by this vulnerability is the function compare_parentcontrol_time of the file /goform/saveParentControlInfo. The manipulation of the argument time leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This is not the same issue like CVE-2023-33671. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-20097 | 2 Google, Mediatek | 14 Android, Mt6761, Mt6765 and 11 more | 2024-10-27 | 4.4 Medium |
| In vdec, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09028313; Issue ID: MSV-1630. | ||||
| CVE-2024-20096 | 2 Google, Mediatek | 27 Android, Mt6580, Mt6739 and 24 more | 2024-10-27 | 4.4 Medium |
| In m4u, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08996900; Issue ID: MSV-1635. | ||||
| CVE-2024-20095 | 2 Google, Mediatek | 27 Android, Mt6580, Mt6739 and 24 more | 2024-10-27 | 4.4 Medium |
| In m4u, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08996894; Issue ID: MSV-1636. | ||||
| CVE-2024-20093 | 2 Google, Mediatek | 17 Android, Mt6761, Mt6765 and 14 more | 2024-10-27 | 4.4 Medium |
| In vdec, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09028313; Issue ID: MSV-1699. | ||||
| CVE-2024-20091 | 2 Google, Mediatek | 17 Android, Mt6761, Mt6765 and 14 more | 2024-10-27 | 4.4 Medium |
| In vdec, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09028313; Issue ID: MSV-1701. | ||||
| CVE-2024-20085 | 5 Google, Linuxfoundation, Mediatek and 2 more | 43 Android, Yocto, Mt6580 and 40 more | 2024-10-27 | 4.4 Medium |
| In power, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08944204; Issue ID: MSV-1560. | ||||
| CVE-2024-20084 | 5 Google, Linuxfoundation, Mediatek and 2 more | 43 Android, Yocto, Mt6580 and 40 more | 2024-10-27 | 4.4 Medium |
| In power, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08944210; Issue ID: MSV-1561. | ||||
| CVE-2024-43173 | 1 Ibm | 1 Concert | 2024-10-25 | 3.7 Low |
| IBM Concert 1.0.0 and 1.0.1 vulnerable to attacks that rely on the use of cookies without the SameSite attribute. | ||||
| CVE-2024-7973 | 1 Google | 1 Chrome | 2024-10-24 | 8.8 High |
| Heap buffer overflow in PDFium in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file. (Chromium security severity: Medium) | ||||
| CVE-2024-44331 | 1 Gstreamer Project | 1 Gst-rtsp-server | 2024-10-23 | 7.5 High |
| Incorrect Access Control in GStreamer RTSP server 1.25.0 in gst-rtsp-server/rtsp-media.c allows remote attackers to cause a denial of service via a series of specially crafted hexstream requests. | ||||
| CVE-2024-10194 | 1 Wavlink | 6 Wn530h4, Wn530h4 Firmware, Wn530hg4 and 3 more | 2024-10-23 | 8.8 High |
| A vulnerability was found in WAVLINK WN530H4, WN530HG4 and WN572HG3 up to 20221028. It has been classified as critical. Affected is the function Goto_chidx of the file login.cgi of the component Front-End Authentication Page. The manipulation of the argument wlanUrl leads to stack-based buffer overflow. The attack can only be initiated within the local network. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-40083 | 1 Viloliving | 1 Vilo 5 Mesh Wifi System Firmware | 2024-10-23 | 9.6 Critical |
| A Buffer Overflow vulnerabilty in the local_app_set_router_token function of Vilo 5 Mesh WiFi System <= 5.16.1.33 allows remote, unauthenticated attackers to execute arbitrary code via sscanf reading the token and timezone JSON fields into a fixed-length buffer. | ||||
| CVE-2024-40086 | 1 Viloliving | 1 Vilo 5 Mesh Wifi System Firmware | 2024-10-23 | 9.6 Critical |
| A Buffer Overflow vulnerability in the local_app_set_router_wifi_SSID_PWD function of Vilo 5 Mesh WiFi System <= 5.16.1.33 allows remote, unauthenticated attackers to execute arbitrary code via a password field larger than 64 bytes in length. | ||||
| CVE-2024-31007 | 1 Irfanview | 1 Irfanview | 2024-10-23 | 5.5 Medium |
| Buffer Overflow vulnerability in IrfanView 32bit v.4.66 allows a local attacker to cause a denial of service via a crafted file. Affected component is IrfanView 32bit 4.66 with plugin formats.dll. | ||||
| CVE-2024-40085 | 1 Viloliving | 1 Vilo 5 Mesh Wifi System Firmware | 2024-10-23 | 9.6 Critical |
| A Buffer Overflow vulnerability in the local_app_set_router_wan function of Vilo 5 Mesh WiFi System <= 5.16.1.33 allows remote, unauthenticated attackers to execute arbitrary code via pppoe_username and pppoe_password fields being larger than 128 bytes in length. | ||||
| CVE-2024-41902 | 1 Siemens | 1 Jt2go | 2024-10-23 | 7.8 High |
| A vulnerability has been identified in JT2Go (All versions < V2406.0003). The affected application contains a stack-based buffer overflow vulnerability that could be triggered while parsing specially crafted PDF files. This could allow an attacker to execute code in the context of the current process. | ||||