Export limit exceeded: 21542 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (21542 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-27459 | 1 Openvpn | 1 Openvpn | 2024-11-21 | 7.8 High |
| The interactive service in OpenVPN 2.6.9 and earlier allows an attacker to send data causing a stack overflow which can be used to execute arbitrary code with more privileges. | ||||
| CVE-2024-27130 | 1 Qnap | 2 Qts, Quts Hero | 2024-11-21 | 7.2 High |
| A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute code via a network. We have already fixed the vulnerability in the following version: QTS 5.1.7.2770 build 20240520 and later QuTS hero h5.1.7.2770 build 20240520 and later | ||||
| CVE-2024-27129 | 1 Qnap | 2 Qts, Quts Hero | 2024-11-21 | 6.4 Medium |
| A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to execute code via a network. We have already fixed the vulnerability in the following version: QTS 5.1.7.2770 build 20240520 and later QuTS hero h5.1.7.2770 build 20240520 and later | ||||
| CVE-2024-27128 | 1 Qnap | 2 Qts, Quts Hero | 2024-11-21 | 6.4 Medium |
| A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to execute code via a network. We have already fixed the vulnerability in the following version: QTS 5.1.7.2770 build 20240520 and later QuTS hero h5.1.7.2770 build 20240520 and later | ||||
| CVE-2024-25714 | 2 Debian, Rhonabwy Project | 2 Debian Linux, Rhonabwy | 2024-11-21 | 9.1 Critical |
| In Rhonabwy through 1.1.13, HMAC signature verification uses a strcmp function that is vulnerable to side-channel attacks, because it stops the comparison when the first difference is spotted in the two signatures. (The fix uses gnutls_memcmp, which has constant-time execution.) | ||||
| CVE-2024-25448 | 1 Enlightenment | 1 Imlib2 | 2024-11-21 | 8.8 High |
| An issue in the imlib_free_image_and_decache function of imlib2 v1.9.1 allows attackers to cause a heap buffer overflow via parsing a crafted image. | ||||
| CVE-2024-25007 | 1 Ericsson | 1 Network Manager | 2024-11-21 | 7.1 High |
| Ericsson Network Manager (ENM), versions prior to 23.1, contains a vulnerability in the export function of application log where Improper Neutralization of Formula Elements in a CSV File can lead to code execution or information disclosure. There is limited impact to integrity and availability. The attacker on the adjacent network with administration access can exploit the vulnerability. | ||||
| CVE-2024-24826 | 1 Exiv2 | 1 Exiv2 | 2024-11-21 | 5.5 Medium |
| Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An out-of-bounds read was found in Exiv2 version v0.28.1. The vulnerable function, `QuickTimeVideo::NikonTagsDecoder`, was new in v0.28.0, so Exiv2 versions before v0.28 are _not_ affected. The out-of-bounds read is triggered when Exiv2 is used to read the metadata of a crafted video file. In most cases this out of bounds read will result in a crash. This bug is fixed in version v0.28.2. Users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
| CVE-2024-24690 | 1 Zoom | 5 Meeting Software Development Kit, Rooms, Vdi Windows Meeting Clients and 2 more | 2024-11-21 | 5.4 Medium |
| Improper input validation in some Zoom clients may allow an authenticated user to conduct a denial of service via network access. | ||||
| CVE-2024-24320 | 1 Mgt-commerce | 1 Cloudpanel | 2024-11-21 | 8.8 High |
| Directory Traversal vulnerability in Mgt-commerce CloudPanel v.2.0.0 thru v.2.4.0 allows a remote attacker to obtain sensitive information and execute arbitrary code via the service parameter of the load-logfiles function. | ||||
| CVE-2024-23804 | 1 Siemens | 1 Tecnomatix Plant Simulation | 2024-11-21 | 7.8 High |
| A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0012), Tecnomatix Plant Simulation V2302 (All versions < V2302.0006). The affected applications contain a stack overflow vulnerability while parsing specially crafted PSOBJ files. This could allow an attacker to execute code in the context of the current process. | ||||
| CVE-2024-23798 | 1 Siemens | 1 Tecnomatix Plant Simulation | 2024-11-21 | 7.8 High |
| A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0012), Tecnomatix Plant Simulation V2302 (All versions < V2302.0006). The affected applications contain a stack overflow vulnerability while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process. | ||||
| CVE-2024-23797 | 1 Siemens | 1 Tecnomatix Plant Simulation | 2024-11-21 | 7.8 High |
| A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0012), Tecnomatix Plant Simulation V2302 (All versions < V2302.0006). The affected applications contain a stack overflow vulnerability while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process. | ||||
| CVE-2024-23796 | 1 Siemens | 1 Tecnomatix Plant Simulation | 2024-11-21 | 7.8 High |
| A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0012), Tecnomatix Plant Simulation V2302 (All versions < V2302.0006). The affected application is vulnerable to heap-based buffer overflow while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process. | ||||
| CVE-2024-23617 | 1 Broadcom | 1 Symantec Data Center Security Server | 2024-11-21 | 9.6 Critical |
| A buffer overflow vulnerability exists in Symantec Data Loss Prevention version 14.0.2 and before. A remote, unauthenticated attacker can exploit this vulnerability by enticing a user to open a crafted document to achieve code execution. | ||||
| CVE-2024-23616 | 1 Broadcom | 1 Symantec Server Management Suite | 2024-11-21 | 10 Critical |
| A buffer overflow vulnerability exists in Symantec Server Management Suite version 7.9 and before. A remote, anonymous attacker can exploit this vulnerability to achieve remote code execution as SYSTEM. | ||||
| CVE-2024-23614 | 1 Broadcom | 1 Symantec Messaging Gateway | 2024-11-21 | 10 Critical |
| A buffer overflow vulnerability exists in Symantec Messaging Gateway versions 9.5 and before. A remote, anonymous attacker can exploit this vulnerability to achieve remote code execution as root. | ||||
| CVE-2024-23612 | 1 Ni | 1 Labview | 2024-11-21 | 7.8 High |
| An improper error handling vulnerability in LabVIEW may result in remote code execution. Successful exploitation requires an attacker to provide a user with a specially crafted VI. This vulnerability affects LabVIEW 2024 Q1 and prior versions. | ||||
| CVE-2024-23368 | 1 Qualcomm | 686 Apq8064au, Apq8064au Firmware, Aqt1000 and 683 more | 2024-11-21 | 7.8 High |
| Memory corruption when allocating and accessing an entry in an SMEM partition. | ||||
| CVE-2024-23110 | 1 Fortinet | 1 Fortios | 2024-11-21 | 7.4 High |
| A stack-based buffer overflow in Fortinet FortiOS version 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, 6.0 all versions allows attacker to execute unauthorized code or commands via specially crafted commands | ||||