Total
2730 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-28014 | 1 Nec | 59 Aterm Cr2500p Firmware, Aterm Mr01ln Firmware, Aterm Mr02ln Firmware and 56 more | 2025-01-14 | 9.8 Critical |
| Stack-based Buffer Overflow vulnerability in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX(-MS), WG1200HS, WG1200HP, WF300HP2, W300P, WF800HP, WR8165N, WG2200HP, WF1200HP2, WG1800HP2, WF1200HP, WG600HP, WG300HP, WF300HP, WG1800HP, WG1400HP, WR8175N, WR9300N, WR8750N, WR8160N, WR9500N, WR8600N, WR8370N, WR8170N, WR8700N, WR8300N, WR8150N, WR4100N, WR4500N, WR8100N, WR8500N, CR2500P, WR8400N, WR8200N, WR1200H, WR7870S, WR6670S, WR7850S, WR6650S, WR6600H, WR7800H, WM3400RN, WM3450RN, WM3500R, WM3600R, WM3800R, WR8166N, MR01LN MR02LN, WG1810HP(JE) and WG1810HP(MF) all versions allows a attacker to execute an arbitrary command via the internet. | ||||
| CVE-2020-9253 | 1 Huawei | 2 Lion-al00c, Lion-al00c Firmware | 2025-01-13 | 6.3 Medium |
| There is a stack overflow vulnerability in some Huawei smart phone. An attacker can craft specific packet to exploit this vulnerability. Due to insufficient verification, this could be exploited to tamper with the information to affect the availability. (Vulnerability ID: HWPSIRT-2019-11030) This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2020-9253. | ||||
| CVE-2023-43549 | 1 Qualcomm | 278 Ar8035, Ar8035 Firmware, Csr8811 and 275 more | 2025-01-10 | 8.4 High |
| Memory corruption while processing TPC target power table in FTM TPC. | ||||
| CVE-2018-5996 | 2 7-zip, Debian | 3 7-zip, P7zip, Debian Linux | 2025-01-10 | N/A |
| Insufficient exception handling in the method NCompress::NRar3::CDecoder::Code of 7-Zip before 18.00 and p7zip can lead to multiple memory corruptions within the PPMd code, allows remote attackers to cause a denial of service (segmentation fault) or execute arbitrary code via a crafted RAR archive. | ||||
| CVE-2023-28703 | 1 Asus | 2 Rt-ac86u, Rt-ac86u Firmware | 2025-01-08 | 7.2 High |
| ASUS RT-AC86U’s specific cgi function has a stack-based buffer overflow vulnerability due to insufficient validation for network packet header length. A remote attacker with administrator privileges can exploit this vulnerability to execute arbitrary system commands, disrupt system or terminate service. | ||||
| CVE-2024-20154 | 2025-01-08 | 8.1 High | ||
| In Modem, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00720348; Issue ID: MSV-2392. | ||||
| CVE-2023-29503 | 1 Hornerautomation | 2 Cscape, Cscape Envisionrv | 2025-01-07 | 7.8 High |
| The affected application lacks proper validation of user-supplied data when parsing project files (e.g., CSP). This could lead to a stack-based buffer overflow. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process. | ||||
| CVE-2023-25177 | 1 Deltaww | 1 Cncsoft-b | 2025-01-06 | 7.8 High |
| Delta Electronics' CNCSoft-B DOPSoft versions 1.0.0.4 and prior are vulnerable to stack-based buffer overflow, which could allow an attacker to execute arbitrary code. | ||||
| CVE-2023-1709 | 1 Siemens | 2 Jt2go, Teamcenter Visualization | 2025-01-06 | 5.5 Medium |
| Datalogics Library APDFLThe v18.0.4PlusP1e and prior contains a stack-based buffer overflow due to documents containing corrupted fonts, which could allow an attack that causes an unhandled crash during the rendering process. | ||||
| CVE-2024-11578 | 1 Luxion | 1 Keyshot | 2025-01-03 | 7.8 High |
| Luxion KeyShot 3DS File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxion KeyShot. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of 3DS files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-23693. | ||||
| CVE-2023-27368 | 1 Netgear | 2 Rax30, Rax30 Firmware | 2025-01-03 | 8.8 High |
| NETGEAR RAX30 soap_serverd Stack-based Buffer Overflow Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RAX30 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the soap_serverd binary. When parsing SOAP message headers, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-19839. | ||||
| CVE-2023-27361 | 1 Netgear | 2 Rax30, Rax30 Firmware | 2025-01-03 | 8.0 High |
| NETGEAR RAX30 rex_cgi JSON Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RAX30 routers. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of JSON data. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-19355. | ||||
| CVE-2023-34285 | 1 Netgear | 2 Rax30, Rax30 Firmware | 2025-01-03 | 8.8 High |
| NETGEAR RAX30 cmsCli_authenticate Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RAX30 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within a shared library used by the telnetd service, which listens on TCP port 23 by default. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-19918. | ||||
| CVE-2023-27369 | 1 Netgear | 2 Rax30, Rax30 Firmware | 2025-01-03 | 8.8 High |
| NETGEAR RAX30 soap_serverd Stack-based Buffer Overflow Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RAX30. Authentication is not required to exploit this vulnerability. The specific flaw exists within the soap_serverd binary. When parsing the request headers, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-19840. | ||||
| CVE-2023-51635 | 1 Netgear | 2 Rax30, Rax30 Firmware | 2025-01-03 | 8.8 High |
| NETGEAR RAX30 fing_dil Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RAX30 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within fing_dil service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-19843. | ||||
| CVE-2023-40478 | 1 Netgear | 2 Rax30, Rax30 Firmware | 2025-01-03 | 6.8 Medium |
| NETGEAR RAX30 Telnet CLI passwd Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RAX30 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the telnet CLI service, which listens on TCP port 23. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20009. | ||||
| CVE-2023-35634 | 1 Microsoft | 3 Windows 11 21h2, Windows 11 22h2, Windows 11 23h2 | 2025-01-01 | 8 High |
| Windows Bluetooth Driver Remote Code Execution Vulnerability | ||||
| CVE-2023-36006 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2025-01-01 | 8.8 High |
| Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | ||||
| CVE-2023-35322 | 1 Microsoft | 5 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 2 more | 2025-01-01 | 8.8 High |
| Windows Deployment Services Remote Code Execution Vulnerability | ||||
| CVE-2023-21538 | 3 Fedoraproject, Microsoft, Redhat | 5 Fedora, .net, Powershell and 2 more | 2025-01-01 | 7.5 High |
| .NET Denial of Service Vulnerability | ||||