Export limit exceeded: 80076 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (80076 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-24158 | 1 Tenda | 2 Ax3, Ax3 Firmware | 2024-11-21 | 7.5 High |
| Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function fromSetIpMacBind. This vulnerability allows attackers to cause a Denial of Service (DoS) via the list parameter. | ||||
| CVE-2022-24157 | 1 Tenda | 2 Ax3, Ax3 Firmware | 2024-11-21 | 7.5 High |
| Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function formSetMacFilterCfg. This vulnerability allows attackers to cause a Denial of Service (DoS) via the deviceList parameter. | ||||
| CVE-2022-24156 | 1 Tenda | 2 Ax3, Ax3 Firmware | 2024-11-21 | 7.5 High |
| Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function formSetVirtualSer. This vulnerability allows attackers to cause a Denial of Service (DoS) via the list parameter. | ||||
| CVE-2022-24155 | 1 Tenda | 2 Ax3, Ax3 Firmware | 2024-11-21 | 7.5 High |
| Tenda AX3 v16.03.12.10_CN was discovered to contain a heap overflow in the function setSchedWifi. This vulnerability allows attackers to cause a Denial of Service (DoS) via the schedStartTime and schedEndTime parameters. | ||||
| CVE-2022-24154 | 1 Tenda | 2 Ax3, Ax3 Firmware | 2024-11-21 | 7.5 High |
| Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function formSetRebootTimer. This vulnerability allows attackers to cause a Denial of Service (DoS) via the rebootTime parameter. | ||||
| CVE-2022-24153 | 1 Tenda | 2 Ax3, Ax3 Firmware | 2024-11-21 | 7.5 High |
| Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function formAddMacfilterRule. This vulnerability allows attackers to cause a Denial of Service (DoS) via the devName parameter. | ||||
| CVE-2022-24152 | 1 Tenda | 2 Ax3, Ax3 Firmware | 2024-11-21 | 7.5 High |
| Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function fromSetRouteStatic. This vulnerability allows attackers to cause a Denial of Service (DoS) via the list parameter. | ||||
| CVE-2022-24151 | 1 Tenda | 2 Ax3, Ax3 Firmware | 2024-11-21 | 7.5 High |
| Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function fromSetWifiGusetBasic. This vulnerability allows attackers to cause a Denial of Service (DoS) via the shareSpeed parameter. | ||||
| CVE-2022-24149 | 1 Tenda | 2 Ax3, Ax3 Firmware | 2024-11-21 | 7.5 High |
| Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function fromSetWirelessRepeat. This vulnerability allows attackers to cause a Denial of Service (DoS) via the wpapsk_crypto parameter. | ||||
| CVE-2022-24147 | 1 Tenda | 2 Ax3, Ax3 Firmware | 2024-11-21 | 7.5 High |
| Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function fromAdvSetMacMtuWan. This vulnerability allows attackers to cause a Denial of Service (DoS) via the wanMTU, wanSpeed, cloneType, mac, and serviceName parameters. | ||||
| CVE-2022-24146 | 1 Tenda | 2 Ax3, Ax3 Firmware | 2024-11-21 | 7.5 High |
| Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function formSetQosBand. This vulnerability allows attackers to cause a Denial of Service (DoS) via the list parameter. | ||||
| CVE-2022-24145 | 1 Tenda | 2 Ax3, Ax3 Firmware | 2024-11-21 | 7.5 High |
| Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function formWifiBasicSet. This vulnerability allows attackers to cause a Denial of Service (DoS) via the security and security_5g parameters. | ||||
| CVE-2022-24143 | 1 Tenda | 4 Ax12, Ax12 Firmware, Ax3 and 1 more | 2024-11-21 | 7.5 High |
| Tenda AX3 v16.03.12.10_CN and AX12 22.03.01.2_CN was discovered to contain a stack overflow in the function form_fast_setting_wifi_set. This vulnerability allows attackers to cause a Denial of Service (DoS) via the timeZone parameter. | ||||
| CVE-2022-24142 | 1 Tenda | 2 Ax3, Ax3 Firmware | 2024-11-21 | 7.5 High |
| Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function formSetFirewallCfg. This vulnerability allows attackers to cause a Denial of Service (DoS) via the firewallEn parameter. | ||||
| CVE-2022-24139 | 1 Iobit | 1 Advanced System Care | 2024-11-21 | 7.8 High |
| In IOBit Advanced System Care (AscService.exe) 15, an attacker with SEImpersonatePrivilege can create a named pipe with the same name as one of ASCService's named pipes. ASCService first tries to connect before trying to create the named pipes, because of that during login the service will try to connect to the attacker which will lead to either escalation of privileges (through token manipulation and ImpersonateNamedPipeClient() ) from ADMIN -> SYSTEM or from Local ADMIN-> Domain ADMIN depending on the user and named pipe that is used. | ||||
| CVE-2022-24138 | 1 Iobit | 1 Advanced Systemcare | 2024-11-21 | 7.8 High |
| IOBit Advanced System Care (Asc.exe) 15 and Action Download Center both download components of IOBit suite into ProgramData folder, ProgramData folder has "rwx" permissions for unprivileged users. Low privilege users can use SetOpLock to wait for CreateProcess and switch the genuine component with a malicious executable thus gaining code execution as a high privilege user (Low Privilege -> high integrity ADMIN). | ||||
| CVE-2022-24132 | 1 Phpshe | 1 Phpshe | 2024-11-21 | 7.5 High |
| phpshe V1.8 is affected by a denial of service (DoS) attack in the registry's verification code, which can paralyze the target service. | ||||
| CVE-2022-24129 | 1 Shibboleth | 1 Oidc Op | 2024-11-21 | 8.2 High |
| The OIDC OP plugin before 3.0.4 for Shibboleth Identity Provider allows server-side request forgery (SSRF) due to insufficient restriction of the request_uri parameter. This allows attackers to interact with arbitrary third-party HTTP services. | ||||
| CVE-2022-24128 | 1 Timescale | 1 Timescaledb | 2024-11-21 | 8.0 High |
| Timescale TimescaleDB 1.x and 2.x before 2.5.2 may allow privilege escalation during extension installation. The installation process uses commands such as CREATE x IF NOT EXIST that allow an unprivileged user to precreate objects. These objects will be used by the installer (which executes as Superuser), leading to privilege escalation. In order to be able to take advantage of this, an unprivileged user would need to be able to create objects in a database and then get a Superuser to install TimescaleDB into their database. (In the fixed versions, the installation aborts when it finds that an object already exists.) | ||||
| CVE-2022-24125 | 1 Fromsoftware | 1 Dark Souls Iii | 2024-11-21 | 8.8 High |
| The matchmaking servers of Bandai Namco FromSoftware Dark Souls III through 2022-03-19 allow remote attackers to send arbitrary push requests to clients via a RequestSendMessageToPlayers request. For example, ability to send a push message to hundreds of thousands of machines is only restricted on the client side, and can thus be bypassed with a modified client. | ||||