Total
3308 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-41588 | 1 Draytek | 1 Vigor3910 Firmware | 2024-10-07 | 8 High |
| The CGI endpoints v2x00.cgi and cgiwcg.cgi of DrayTek Vigor3910 devices through 4.3.2.6 are vulnerable to buffer overflows, by authenticated users, because of missing bounds checking on parameters passed through POST requests to the strncpy function. | ||||
| CVE-2024-9403 | 2 Mozilla, Redhat | 8 Firefox, Thunderbird, Enterprise Linux and 5 more | 2024-10-04 | 7.3 High |
| Memory safety bugs present in Firefox 130. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 131 and Thunderbird < 131. | ||||
| CVE-2024-9401 | 2 Mozilla, Redhat | 9 Firefox, Firefox Esr, Thunderbird and 6 more | 2024-10-04 | 9.8 Critical |
| Memory safety bugs present in Firefox 130, Firefox ESR 115.15, Firefox ESR 128.2, and Thunderbird 128.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Firefox ESR < 115.16, Thunderbird < 128.3, and Thunderbird < 131. | ||||
| CVE-2024-9402 | 2 Mozilla, Redhat | 9 Firefox, Firefox Esr, Thunderbird and 6 more | 2024-10-04 | 9.8 Critical |
| Memory safety bugs present in Firefox 130, Firefox ESR 128.2, and Thunderbird 128.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Thunderbird < 128.3, and Thunderbird < 131. | ||||
| CVE-2024-41596 | 1 Draytek | 1 Vigor3910 Firmware | 2024-10-04 | 8 High |
| Buffer Overflow vulnerabilities exist in DrayTek Vigor310 devices through 4.3.2.6 (in the Vigor management UI) because of improper retrieval and handling of the CGI form parameters. | ||||
| CVE-2024-41433 | 1 Pingcap | 1 Tidb | 2024-10-01 | 9.8 Critical |
| PingCAP TiDB v8.1.0 was discovered to contain a buffer overflow via the component expression.ExplainExpressionList. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. NOTE: PingCAP maintains that the actual reproduction of this issue did not cause the security impact of service interruption to other users. They argue that this is a complex query bug and not a DoS vulnerability. | ||||
| CVE-2024-41176 | 1 Beckhoff | 2 Mdp Package, Twincat\/bsd | 2024-10-01 | 7.3 High |
| The MPD package included in TwinCAT/BSD allows an authenticated, low-privileged local attacker to induce a Denial-of-Service (DoS) condition on the daemon and execute code in the context of user “root” via a crafted HTTP request. | ||||
| CVE-2024-23972 | 1 Sony | 2 Xav-ax5500, Xav-ax5500 Firmware | 2024-09-30 | 6.8 Medium |
| Sony XAV-AX5500 USB Configuration Descriptor Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Sony XAV-AX5500 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the USB host driver. A crafted USB configuration descriptor can trigger an overflow of a fixed-length buffer. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-23185 | ||||
| CVE-2024-9088 | 2 Razormist, Sourcecodester | 2 Telecom Billing Management System, Telecom Billing Management System | 2024-09-26 | 6.3 Medium |
| A vulnerability has been found in SourceCodester Telecom Billing Management System 1.0 and classified as critical. This vulnerability affects the function login. The manipulation of the argument uname leads to buffer overflow. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-46652 | 1 Tenda | 1 Ac8v4 Firmware | 2024-09-26 | 9.8 Critical |
| Tenda AC8v4 V16.03.34.06 has a stack overflow vulnerability in the fromAdvSetMacMtuWan function. | ||||
| CVE-2024-23934 | 1 Sony | 1 Xav-ax5500 | 2024-09-26 | 8.8 High |
| Sony XAV-AX5500 WMV/ASF Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sony XAV-AX5500 devices. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of WMV/ASF files. A crafted Extended Content Description Object in a WMV media file can trigger an overflow of a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the device. . Was ZDI-CAN-22994. | ||||
| CVE-2024-23933 | 1 Sony | 1 Xav-ax5500 | 2024-09-26 | 6.8 Medium |
| Sony XAV-AX5500 CarPlay TLV Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Sony XAV-AX5500 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the Apple CarPlay protocol. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-23238 | ||||
| CVE-2024-34057 | 2 Siemens, Trianglemicroworks | 10 Sicam A8000, Sicam A8000 Firmware, Sicam Egs and 7 more | 2024-09-25 | 8.2 High |
| Triangle Microworks TMW IEC 61850 Client source code libraries before 12.2.0 lack a buffer size check when processing received messages. The resulting buffer overflow can cause a crash, resulting in a denial of service. | ||||
| CVE-2024-46550 | 1 Draytek | 2 Vigor3910, Vigor3910 Firmware | 2024-09-24 | 7.5 High |
| Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the CGIbyFieldName parameter at chglog.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. | ||||
| CVE-2024-46580 | 1 Draytek | 2 Vigor3910, Vigor3910 Firmware | 2024-09-24 | 7.5 High |
| Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the fid parameter at v2x00.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. | ||||
| CVE-2024-46571 | 1 Draytek | 2 Vigor3910, Vigor3910 Firmware | 2024-09-24 | 7.5 High |
| Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sPPPSrvNm parameter at fwuser.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. | ||||
| CVE-2024-46568 | 1 Draytek | 2 Vigor3910, Vigor3910 Firmware | 2024-09-24 | 7.5 High |
| Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sPeerId parameter at vpn.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. | ||||
| CVE-2024-46567 | 1 Draytek | 2 Vigor3910, Vigor3910 Firmware | 2024-09-24 | 7.5 High |
| Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the iProfileIdx parameter at v2x00.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. | ||||
| CVE-2024-46566 | 1 Draytek | 2 Vigor3910, Vigor3910 Firmware | 2024-09-24 | 7.5 High |
| Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sAppName parameter at sslapp.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. | ||||
| CVE-2024-46565 | 1 Draytek | 2 Vigor3910, Vigor3910 Firmware | 2024-09-24 | 7.5 High |
| Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sSrvName parameter at service.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. | ||||