Total
1436 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-41459 | 1 Tendacn | 2 Fh1201, Fh1201 Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| Tenda FH1201 v1.2.0.14 was discovered to contain a stack-based buffer overflow vulnerability via the PPPOEPassword parameter at ip/goform/QuickIndex. | |||||
| CVE-2024-41281 | 2024-11-21 | N/A | 8.8 HIGH | ||
| Linksys WRT54G v4.21.5 has a stack overflow vulnerability in get_merge_mac function. | |||||
| CVE-2024-40902 | 1 Linux | 1 Linux Kernel | 2024-11-21 | N/A | 7.8 HIGH |
| In the Linux kernel, the following vulnerability has been resolved: jfs: xattr: fix buffer overflow for invalid xattr When an xattr size is not what is expected, it is printed out to the kernel log in hex format as a form of debugging. But when that xattr size is bigger than the expected size, printing it out can cause an access off the end of the buffer. Fix this all up by properly restricting the size of the debug hex dump in the kernel log. | |||||
| CVE-2024-40897 | 1 Gstreamer | 1 Orc | 2024-11-21 | N/A | 6.7 MEDIUM |
| Stack-based buffer overflow vulnerability exists in orcparse.c of ORC versions prior to 0.4.39. If a developer is tricked to process a specially crafted file with the affected ORC compiler, an arbitrary code may be executed on the developer's build environment. This may lead to compromise of developer machines or CI build environments. | |||||
| CVE-2024-40535 | 2024-11-21 | N/A | 9.8 CRITICAL | ||
| Shenzhen Libituo Technology Co., Ltd LBT-T300-T400 v3.2 was discovered to contain a stack overflow via the apn_name_3g parameter in the config_3g_para function. | |||||
| CVE-2024-40416 | 1 Tenda | 2 Ax1806, Ax1806 Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| A vulnerability in /goform/SetVirtualServerCfg in the sub_6320C function in Tenda AX1806 1.0.0.1 firmware leads to stack-based buffer overflow. | |||||
| CVE-2024-40414 | 1 Tenda | 2 Ax1806, Ax1806 Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| A vulnerability in /goform/SetNetControlList in the sub_656BC function in Tenda AX1806 1.0.0.1 firmware leads to stack-based buffer overflow. | |||||
| CVE-2024-40412 | 2024-11-21 | N/A | 6.8 MEDIUM | ||
| Tenda AX12 v1.0 v22.03.01.46 contains a stack overflow in the deviceList parameter of the sub_42E410 function. | |||||
| CVE-2024-3874 | 2024-11-21 | 9.0 HIGH | 8.8 HIGH | ||
| A vulnerability was found in Tenda W20E 15.11.0.6. It has been declared as critical. This vulnerability affects the function formSetRemoteWebManage of the file /goform/SetRemoteWebManage. The manipulation of the argument remoteIP leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-260908. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-3286 | 2024-11-21 | N/A | 7.5 HIGH | ||
| A buffer overflow vulnerability was identified in some Lenovo printers that could allow an unauthenticated user to trigger a device restart by sending a specially crafted web request. | |||||
| CVE-2024-3079 | 2024-11-21 | N/A | 7.2 HIGH | ||
| Certain models of ASUS routers have buffer overflow vulnerabilities, allowing remote attackers with administrative privileges to execute arbitrary commands on the device. | |||||
| CVE-2024-39880 | 1 Deltaww | 1 Cncsoft-g2 | 2024-11-21 | N/A | 7.8 HIGH |
| Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. If a target visits a malicious page or opens a malicious file an attacker can leverage this vulnerability to execute code in the context of the current process. | |||||
| CVE-2024-39480 | 1 Linux | 1 Linux Kernel | 2024-11-21 | N/A | 7.8 HIGH |
| In the Linux kernel, the following vulnerability has been resolved: kdb: Fix buffer overflow during tab-complete Currently, when the user attempts symbol completion with the Tab key, kdb will use strncpy() to insert the completed symbol into the command buffer. Unfortunately it passes the size of the source buffer rather than the destination to strncpy() with predictably horrible results. Most obviously if the command buffer is already full but cp, the cursor position, is in the middle of the buffer, then we will write past the end of the supplied buffer. Fix this by replacing the dubious strncpy() calls with memmove()/memcpy() calls plus explicit boundary checks to make sure we have enough space before we start moving characters around. | |||||
| CVE-2024-38509 | 2024-11-21 | N/A | 7.2 HIGH | ||
| A privilege escalation vulnerability was discovered in XCC that could allow an authenticated XCC user with elevated privileges to execute arbitrary code via a specially crafted IPMI command. | |||||
| CVE-2024-38443 | 2024-11-21 | N/A | 6.2 MEDIUM | ||
| C/sorting/binary_insertion_sort.c in The Algorithms - C through e5dad3f has a segmentation fault for deep recursion, which may affect common use cases such as sorting an array of 50 elements. | |||||
| CVE-2024-37997 | 2024-11-21 | N/A | 7.8 HIGH | ||
| A vulnerability has been identified in JT Open (All versions < V11.5), JT2Go (All versions < V2406.0003), PLM XML SDK (All versions < V7.1.0.014), Teamcenter Visualization V14.2 (All versions < V14.2.0.13), Teamcenter Visualization V14.3 (All versions < V14.3.0.11), Teamcenter Visualization V2312 (All versions < V2312.0008), Teamcenter Visualization V2406 (All versions < V2406.0003). The affected applications contain a stack based overflow vulnerability while parsing specially crafted XML files. This could allow an attacker to execute code in the context of the current process. | |||||
| CVE-2024-37984 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2024-11-21 | N/A | 8.4 HIGH |
| Secure Boot Security Feature Bypass Vulnerability | |||||
| CVE-2024-37978 | 1 Microsoft | 3 Windows 11 22h2, Windows 11 23h2, Windows Server 2022 23h2 | 2024-11-21 | N/A | 8.0 HIGH |
| Secure Boot Security Feature Bypass Vulnerability | |||||
| CVE-2024-37972 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2024-11-21 | N/A | 8.0 HIGH |
| Secure Boot Security Feature Bypass Vulnerability | |||||
| CVE-2024-37971 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2024-11-21 | N/A | 8.0 HIGH |
| Secure Boot Security Feature Bypass Vulnerability | |||||