Total
3842 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-23302 | 1 Garmin | 1 Connect-iq | 2025-01-21 | 9.8 Critical |
| The `Toybox.GenericChannel.setDeviceConfig` API method in CIQ API version 1.2.0 through 4.1.7 does not validate its parameter, which can result in buffer overflows when copying various attributes. A malicious application could call the API method with specially crafted object and hijack the execution of the device's firmware. | ||||
| CVE-2023-23303 | 1 Garmin | 1 Connect-iq | 2025-01-21 | 9.8 Critical |
| The `Toybox.Ant.GenericChannel.enableEncryption` API method in CIQ API version 3.2.0 through 4.1.7 does not validate its parameter, which can result in buffer overflows when copying various attributes. A malicious application could call the API method with specially crafted object and hijack the execution of the device's firmware. | ||||
| CVE-2023-41913 | 1 Strongswan | 1 Strongswan | 2025-01-17 | 9.8 Critical |
| strongSwan before 5.9.12 has a buffer overflow and possible unauthenticated remote code execution via a DH public value that exceeds the internal buffer in charon-tkm's DH proxy. The earliest affected version is 5.3.0. An attack can occur via a crafted IKE_SA_INIT message. | ||||
| CVE-2022-24807 | 4 Debian, Fedoraproject, Net-snmp and 1 more | 16 Debian Linux, Fedora, Net-snmp and 13 more | 2025-01-17 | 6.5 Medium |
| net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a malformed OID in a SET request to `SNMP-VIEW-BASED-ACM-MIB::vacmAccessTable` can cause an out-of-bounds memory access. A user with read-write credentials can exploit the issue. Version 5.9.2 contains a patch. Users should use strong SNMPv3 credentials and avoid sharing the credentials. Those who must use SNMPv1 or SNMPv2c should use a complex community string and enhance the protection by restricting access to a given IP address range. | ||||
| CVE-2022-24805 | 4 Debian, Fedoraproject, Net-snmp and 1 more | 16 Debian Linux, Fedora, Net-snmp and 13 more | 2025-01-17 | 6.5 Medium |
| net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a buffer overflow in the handling of the `INDEX` of `NET-SNMP-VACM-MIB` can cause an out-of-bounds memory access. A user with read-only credentials can exploit the issue. Version 5.9.2 contains a patch. Users should use strong SNMPv3 credentials and avoid sharing the credentials. Those who must use SNMPv1 or SNMPv2c should use a complex community string and enhance the protection by restricting access to a given IP address range. | ||||
| CVE-2024-13503 | 2025-01-17 | N/A | ||
| Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in Newtec NTC2218, NTC2250, NTC2299 on Linux, PowerPC, ARM (Updating signaling process in the swdownload binary modules) allows Local Execution of Code, Remote Code Inclusion. This issue affects NTC2218, NTC2250, NTC2299: from 1.0.1.1 through 2.2.6.19. The issue is both present on the PowerPC versions of the modem and the ARM versions. A stack buffer buffer overflow in the swdownload binary allows attackers to execute arbitrary code. The parse_INFO function uses an unrestricted `sscanf` to read a string of an incoming network packet into a statically sized buffer. | ||||
| CVE-2024-48806 | 2025-01-16 | 6.8 Medium | ||
| Buffer Overflow vulnerability in Neat Board NFC v.1.20240620.0015 allows a physically proximate attackers to escalate privileges via a crafted payload to the password field | ||||
| CVE-2021-46886 | 1 Huawei | 1 Emui | 2025-01-16 | 7.5 High |
| The video framework has memory overwriting caused by addition overflow. Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2021-46885 | 1 Huawei | 1 Emui | 2025-01-16 | 7.5 High |
| The video framework has memory overwriting caused by addition overflow. Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2021-46884 | 1 Huawei | 1 Emui | 2025-01-16 | 7.5 High |
| The video framework has memory overwriting caused by addition overflow. Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2021-46883 | 1 Huawei | 1 Emui | 2025-01-16 | 7.5 High |
| The video framework has memory overwriting caused by addition overflow. Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2021-46882 | 1 Huawei | 1 Emui | 2025-01-16 | 7.5 High |
| The video framework has memory overwriting caused by addition overflow. Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2021-46881 | 1 Huawei | 1 Emui | 2025-01-16 | 7.5 High |
| The video framework has memory overwriting caused by addition overflow. Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2023-43526 | 1 Qualcomm | 76 Ar8035, Ar8035 Firmware, Fastconnect 7800 and 73 more | 2025-01-15 | 6.7 Medium |
| Memory corruption while querying module parameters from Listen Sound model client in kernel from user space. | ||||
| CVE-2023-43525 | 1 Qualcomm | 80 Ar8035, Ar8035 Firmware, Fastconnect 7800 and 77 more | 2025-01-15 | 6.7 Medium |
| Memory corruption while copying the sound model data from user to kernel buffer during sound model register. | ||||
| CVE-2023-43524 | 1 Qualcomm | 114 Ar8035, Ar8035 Firmware, Fastconnect 6800 and 111 more | 2025-01-15 | 6.7 Medium |
| Memory corruption when the bandpass filter order received from AHAL is not within the expected range. | ||||
| CVE-2024-25817 | 1 Eza.rock | 1 Eza | 2025-01-15 | 7.8 High |
| Buffer Overflow vulnerability in eza before version 0.18.2, allows local attackers to execute arbitrary code via the .git/HEAD, .git/refs, and .git/objects components. | ||||
| CVE-2023-2857 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2025-01-15 | 5.3 Medium |
| BLF file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file | ||||
| CVE-2022-22683 | 1 Synology | 3 Diskstation Manager, Media Server, Router Manager | 2025-01-14 | 10 Critical |
| Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in cgi component in Synology Media Server before 1.8.1-2876 allows remote attackers to execute arbitrary code via unspecified vectors. | ||||
| CVE-2022-22687 | 1 Synology | 2 Diskstation Manager, Diskstation Manager Unified Controller | 2025-01-14 | 9.8 Critical |
| Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in Authentication functionality in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via unspecified vectors. | ||||