Export limit exceeded: 21514 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (21514 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-0033 | 1 Google | 1 Android | 2024-12-16 | 7.8 High |
| In multiple functions of ashmem-dev.cpp, there is a possible missing seal due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2024-0018 | 1 Google | 1 Android | 2024-12-16 | 7.8 High |
| In convertYUV420Planar16ToY410 of ColorConverter.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2024-31140 | 1 Jetbrains | 1 Teamcity | 2024-12-16 | 4.1 Medium |
| In JetBrains TeamCity before 2024.03 server administrators could remove arbitrary files from the server by installing tools | ||||
| CVE-2024-31136 | 1 Jetbrains | 1 Teamcity | 2024-12-16 | 7.4 High |
| In JetBrains TeamCity before 2024.03 2FA could be bypassed by providing a special URL parameter | ||||
| CVE-2023-40085 | 1 Google | 1 Android | 2024-12-16 | 3.3 Low |
| In convertSubgraphFromHAL of ShimConverter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2024-0016 | 1 Google | 1 Android | 2024-12-16 | 6.5 Medium |
| In multiple locations, there is a possible out of bounds read due to a missing bounds check. This could lead to paired device information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2023-40112 | 1 Google | 1 Android | 2024-12-13 | 5.1 Medium |
| In ippSetValueTag of ipp.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure of past print jobs or other print-related information, with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2023-40124 | 1 Google | 1 Android | 2024-12-13 | 5.5 Medium |
| In multiple locations, there is a possible cross-user read due to a confused deputy. This could lead to local information disclosure of photos or other images with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2022-1949 | 2 Fedoraproject, Redhat | 4 Fedora, 389 Directory Server, Directory Server and 1 more | 2024-12-13 | 7.5 High |
| An access control bypass vulnerability found in 389-ds-base. That mishandling of the filter that would yield incorrect results, but as that has progressed, can be determined that it actually is an access control bypass. This may allow any remote unauthenticated user to issue a filter that allows searching for database items they do not have access to, including but not limited to potentially userPassword hashes and other sensitive data. | ||||
| CVE-2024-53957 | 1 Adobe | 1 Substance 3d Painter | 2024-12-13 | 7.8 High |
| Substance3D - Painter versions 10.1.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2023-31307 | 1 Amd | 32 Radeon Pro W6300, Radeon Pro W6400, Radeon Pro W6600 and 29 more | 2024-12-13 | 2.3 Low |
| Improper validation of array index in Power Management Firmware (PMFW) may allow a privileged attacker to cause an out-of-bounds memory read within PMFW, potentially leading to a denial of service. | ||||
| CVE-2024-6343 | 1 Zyxel | 16 Atp100, Atp100w, Atp200 and 13 more | 2024-12-13 | 4.9 Medium |
| A buffer overflow vulnerability in the CGI program of Zyxel ATP series firmware versions from V4.32 through V5.38, USG FLEX series firmware versions from V4.50 through V5.38, USG FLEX 50(W) series firmware versions from V4.16 through V5.38, and USG20(W)-VPN series firmware versions from V4.16 through V5.38 could allow an authenticated attacker with administrator privileges to cause denial of service (DoS) conditions by sending a crafted HTTP request to a vulnerable device. | ||||
| CVE-2024-8224 | 2 Tenda, Tendacn | 3 G3 Firmware, G3, G3 Firmware | 2024-12-13 | 8.8 High |
| A vulnerability, which was classified as critical, has been found in Tenda G3 15.11.0.20. This issue affects the function formSetDebugCfg of the file /goform/setDebugCfg. The manipulation of the argument enable/level/module leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-44387 | 1 Tenda | 2 Fh1206, Fh1206 Firmware | 2024-12-13 | 6.5 Medium |
| Tenda FH1206 V1.2.0.8(8155)_EN contains a Buffer Overflow vulnerability via the functino formWrlExtraGet. | ||||
| CVE-2024-44390 | 1 Tenda | 2 Fh1206, Fh1206 Firmware | 2024-12-13 | 8 High |
| Tenda FH1206 V1.2.0.8(8155)_EN contains a Buffer Overflow vulnerability via the function formWrlsafeset. | ||||
| CVE-2024-8079 | 1 Totolink | 3 Ac1200 T8 Firmware, T8, T8 Firmware | 2024-12-13 | 8.8 High |
| A vulnerability was found in TOTOLINK AC1200 T8 4.1.5cu.862_B20230228. It has been rated as critical. This issue affects the function exportOvpn. The manipulation leads to buffer overflow. The attack may be initiated remotely. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-8078 | 1 Totolink | 3 Ac1200 T8, T8, T8 Firmware | 2024-12-13 | 8.8 High |
| A vulnerability was found in TOTOLINK AC1200 T8 4.1.5cu.862_B20230228. It has been declared as critical. This vulnerability affects the function setTracerouteCfg. The manipulation leads to buffer overflow. The attack can be initiated remotely. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-8076 | 1 Totolink | 3 Ac1200 T8, T8, T8 Firmware | 2024-12-13 | 8.8 High |
| A vulnerability was found in TOTOLINK AC1200 T8 4.1.5cu.862_B20230228 and classified as critical. Affected by this issue is the function setDiagnosisCfg. The manipulation leads to buffer overflow. The attack may be launched remotely. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-30281 | 1 Adobe | 1 Substance 3d Designer | 2024-12-12 | 5.5 Medium |
| Substance3D - Designer versions 13.1.1 and earlier Answer: are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2024-54116 | 1 Huawei | 1 Harmonyos | 2024-12-12 | 4.3 Medium |
| Out-of-bounds read vulnerability in the M3U8 module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally. | ||||