Total
12312 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-33631 | 1 H3c | 2 Magic R300-2100m, Magic R300-2100m Firmware | 2025-01-10 | N/A | 7.2 HIGH |
| H3C Magic R300 version R300-2100MV100R004 was discovered to contain a stack overflow via the DelSTList interface at /goform/aspForm. | |||||
| CVE-2023-33629 | 1 H3c | 2 Magic R300-2100m, Magic R300-2100m Firmware | 2025-01-10 | N/A | 7.2 HIGH |
| H3C Magic R300 version R300-2100MV100R004 was discovered to contain a stack overflow via the DeltriggerList interface at /goform/aspForm. | |||||
| CVE-2023-33628 | 1 H3c | 2 Magic R300-2100m, Magic R300-2100m Firmware | 2025-01-10 | N/A | 7.2 HIGH |
| H3C Magic R300 version R300-2100MV100R004 was discovered to contain a stack overflow via the DelvsList interface at /goform/aspForm. | |||||
| CVE-2023-33485 | 1 Totolink | 2 X5000r, X5000r Firmware | 2025-01-10 | N/A | 8.8 HIGH |
| TOTOLINK X5000R V9.1.0u.6118_B20201102 and V9.1.0u.6369_B20230113 contains a post-authentication buffer overflow via parameter sPort/ePort in the addEffect function. | |||||
| CVE-2023-33643 | 1 H3c | 2 Magic R300-2100m, Magic R300-2100m Firmware | 2025-01-10 | N/A | 7.2 HIGH |
| H3C Magic R300 version R300-2100MV100R004 was discovered to contain a stack overflow via the AddWlanMacList interface at /goform/aspForm. | |||||
| CVE-2023-33642 | 1 H3c | 2 Magic R300-2100m, Magic R300-2100m Firmware | 2025-01-10 | N/A | 7.2 HIGH |
| H3C Magic R300 version R300-2100MV100R004 was discovered to contain a stack overflow via the Edit_BasicSSID interface at /goform/aspForm. | |||||
| CVE-2023-33641 | 1 H3c | 2 Magic R300-2100m, Magic R300-2100m Firmware | 2025-01-10 | N/A | 7.2 HIGH |
| H3C Magic R300 version R300-2100MV100R004 was discovered to contain a stack overflow via the AddMacList interface at /goform/aspForm. | |||||
| CVE-2023-33640 | 1 H3c | 2 Magic R300-2100m, Magic R300-2100m Firmware | 2025-01-10 | N/A | 7.2 HIGH |
| H3C Magic R300 version R300-2100MV100R004 was discovered to contain a stack overflow via the SetAPWifiorLedInfoById interface at /goform/aspForm. | |||||
| CVE-2023-33639 | 1 H3c | 2 Magic R300-2100m, Magic R300-2100m Firmware | 2025-01-10 | N/A | 7.2 HIGH |
| H3C Magic R300 version R300-2100MV100R004 was discovered to contain a stack overflow via the SetMobileAPInfoById interface at /goform/aspForm. | |||||
| CVE-2023-33638 | 1 H3c | 2 Magic R300-2100m, Magic R300-2100m Firmware | 2025-01-10 | N/A | 7.2 HIGH |
| H3C Magic R300 version R300-2100MV100R004 was discovered to contain a stack overflow via the Edit_BasicSSID_5G interface at /goform/aspForm. | |||||
| CVE-2023-33637 | 1 H3c | 2 Magic R300-2100m, Magic R300-2100m Firmware | 2025-01-10 | N/A | 7.2 HIGH |
| H3C Magic R300 version R300-2100MV100R004 was discovered to contain a stack overflow via the DelDNSHnList interface at /goform/aspForm. | |||||
| CVE-2023-33636 | 1 H3c | 2 Magic R300-2100m, Magic R300-2100m Firmware | 2025-01-10 | N/A | 7.2 HIGH |
| H3C Magic R300 version R300-2100MV100R004 was discovered to contain a stack overflow via the ipqos_lanip_editlist interface at /goform/aspForm. | |||||
| CVE-2023-33635 | 1 H3c | 2 Magic R300-2100m, Magic R300-2100m Firmware | 2025-01-10 | N/A | 7.2 HIGH |
| H3C Magic R300 version R300-2100MV100R004 was discovered to contain a stack overflow via the UpdateMacClone interface at /goform/aspForm. | |||||
| CVE-2023-33634 | 1 H3c | 2 Magic R300-2100m, Magic R300-2100m Firmware | 2025-01-10 | N/A | 7.2 HIGH |
| H3C Magic R300 version R300-2100MV100R004 was discovered to contain a stack overflow via the EdittriggerList interface at /goform/aspForm. | |||||
| CVE-2023-33627 | 1 H3c | 2 Magic R300-2100m, Magic R300-2100m Firmware | 2025-01-10 | N/A | 7.2 HIGH |
| H3C Magic R300 version R300-2100MV100R004 was discovered to contain a stack overflow via the UpdateSnat interface at /goform/aspForm. | |||||
| CVE-2024-56784 | 1 Linux | 1 Linux Kernel | 2025-01-09 | N/A | 7.8 HIGH |
| In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Adding array index check to prevent memory corruption [Why & How] Array indices out of bound caused memory corruption. Adding checks to ensure that array index stays in bound. | |||||
| CVE-2023-25732 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2025-01-09 | N/A | 8.8 HIGH |
| When encoding data from an <code>inputStream</code> in <code>xpcom</code> the size of the input being encoded was not correctly calculated potentially leading to an out of bounds memory write. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8. | |||||
| CVE-2017-15832 | 1 Qualcomm | 10 Mdm9206, Mdm9206 Firmware, Mdm9607 and 7 more | 2025-01-09 | N/A | 8.4 HIGH |
| Buffer overwrite in the WLAN host driver by leveraging a compromised WLAN FW | |||||
| CVE-2023-52497 | 1 Linux | 1 Linux Kernel | 2025-01-09 | N/A | 6.1 MEDIUM |
| In the Linux kernel, the following vulnerability has been resolved: erofs: fix lz4 inplace decompression Currently EROFS can map another compressed buffer for inplace decompression, that was used to handle the cases that some pages of compressed data are actually not in-place I/O. However, like most simple LZ77 algorithms, LZ4 expects the compressed data is arranged at the end of the decompressed buffer and it explicitly uses memmove() to handle overlapping: __________________________________________________________ |_ direction of decompression --> ____ |_ compressed data _| Although EROFS arranges compressed data like this, it typically maps two individual virtual buffers so the relative order is uncertain. Previously, it was hardly observed since LZ4 only uses memmove() for short overlapped literals and x86/arm64 memmove implementations seem to completely cover it up and they don't have this issue. Juhyung reported that EROFS data corruption can be found on a new Intel x86 processor. After some analysis, it seems that recent x86 processors with the new FSRM feature expose this issue with "rep movsb". Let's strictly use the decompressed buffer for lz4 inplace decompression for now. Later, as an useful improvement, we could try to tie up these two buffers together in the correct order. | |||||
| CVE-2023-25746 | 1 Mozilla | 2 Firefox Esr, Thunderbird | 2025-01-09 | N/A | 8.8 HIGH |
| Memory safety bugs present in Firefox ESR 102.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 102.8 and Firefox ESR < 102.8. | |||||