Total
12861 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-44555 | 1 Tenda | 2 Ax1806, Ax1806 Firmware | 2024-08-27 | 9.8 Critical |
| Tenda AX1806 v1.0.0.1 contains a stack overflow via the iptv.city.vlan parameter in the function setIptvInfo. | ||||
| CVE-2024-44553 | 1 Tenda | 2 Ax1806, Ax1806 Firmware | 2024-08-27 | 8.8 High |
| Tenda AX1806 v1.0.0.1 contains a stack overflow via the iptv.stb.mode parameter in the function formGetIptv. | ||||
| CVE-2024-44550 | 1 Tenda | 2 Ax1806, Ax1806 Firmware | 2024-08-27 | 8.8 High |
| Tenda AX1806 v1.0.0.1 contains a stack overflow via the adv.iptv.stbpvid parameter in the function formGetIptv. | ||||
| CVE-2024-44549 | 1 Tenda | 2 Ax1806, Ax1806 Firmware | 2024-08-27 | 6.6 Medium |
| Tenda AX1806 v1.0.0.1 contains a stack overflow via the iptv.stb.port parameter in the function formGetIptv. | ||||
| CVE-2024-44558 | 1 Tenda | 2 Ax1806, Ax1806 Firmware | 2024-08-27 | 8.8 High |
| Tenda AX1806 v1.0.0.1 contains a stack overflow via the adv.iptv.stbpvid parameter in the function setIptvInfo. | ||||
| CVE-2024-44556 | 1 Tenda | 2 Ax1806, Ax1806 Firmware | 2024-08-27 | 6.6 Medium |
| Tenda AX1806 v1.0.0.1 contains a stack overflow via the adv.iptv.stballvlans parameter in the function setIptvInfo. | ||||
| CVE-2024-44565 | 1 Tenda | 2 Ax1806, Ax1806 Firmware | 2024-08-27 | 8 High |
| Tenda AX1806 v1.0.0.1 contains a stack overflow via the serverName parameter in the function form_fast_setting_internet_set. | ||||
| CVE-2024-44563 | 1 Tenda | 2 Ax1806, Ax1806 Firmware | 2024-08-27 | 8 High |
| Tenda AX1806 v1.0.0.1 contains a stack overflow via the iptv.stb.port parameter in the function setIptvInfo. | ||||
| CVE-2024-7967 | 1 Google | 1 Chrome | 2024-08-27 | 8.8 High |
| Heap buffer overflow in Fonts in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2024-7966 | 1 Google | 1 Chrome | 2024-08-27 | 8.8 High |
| Out of bounds memory access in Skia in Google Chrome prior to 128.0.6613.84 allowed a remote attacker who had compromised the renderer process to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2024-43688 | 2 Openbsd, Vixie | 2 Openbsd, Cron | 2024-08-26 | 7.3 High |
| cron/entry.c in vixie cron before 9cc8ab1, as used in OpenBSD 7.4 and 7.5, allows a heap-based buffer underflow and memory corruption. NOTE: this issue was introduced during a May 2023 refactoring. | ||||
| CVE-2024-7707 | 1 Tenda | 2 Fh1206, Fh1206 Firmware | 2024-08-22 | 8.8 High |
| A vulnerability was found in Tenda FH1206 02.03.01.35 and classified as critical. Affected by this issue is the function formSafeEmailFilter of the file /goform/SafeEmailFilter of the component HTTP POST Request Handler. The manipulation of the argument page leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-39791 | 1 Vonets | 28 Vap11ac, Vap11ac Firmware, Vap11g and 25 more | 2024-08-21 | 10 Critical |
| Stack-based buffer overflow vulnerabilities affecting Vonets industrial wifi bridge relays and wifi bridge repeaters, software versions 3.3.23.6.9 and prior, enable an unauthenticated remote attacker to execute arbitrary code. | ||||
| CVE-2024-7909 | 1 Totolink | 2 Ex1200l, Ex1200l Firmware | 2024-08-21 | 8.8 High |
| A vulnerability has been found in TOTOLINK EX1200L 9.3.5u.6146_B20201023 and classified as critical. Affected by this vulnerability is the function setLanguageCfg of the file /www/cgi-bin/cstecgi.cgi. The manipulation of the argument langType leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-7614 | 1 Tenda | 2 Fh1206, Fh1206 Firmware | 2024-08-21 | 8.8 High |
| A vulnerability was found in Tenda FH1206 1.2.0.8(8155). It has been classified as critical. Affected is the function fromqossetting of the file /goform/qossetting. The manipulation of the argument page leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-7615 | 1 Tenda | 2 Fh1206, Fh1206 Firmware | 2024-08-21 | 8.8 High |
| A vulnerability was found in Tenda FH1206 1.2.0.8. It has been declared as critical. Affected by this vulnerability is the function fromSafeClientFilter/fromSafeMacFilter/fromSafeUrlFilter. The manipulation leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-7613 | 1 Tenda | 2 Fh1206, Fh1206 Firmware | 2024-08-21 | 8.8 High |
| A vulnerability was found in Tenda FH1206 1.2.0.8(8155) and classified as critical. This issue affects the function fromGstDhcpSetSer of the file /goform/GstDhcpSetSer. The manipulation of the argument dips leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-42950 | 1 Tenda | 2 Fh1201, Fh1201 Firmware | 2024-08-21 | 7.5 High |
| Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack overflow via the Go parameter in the fromSafeClientFilter function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. | ||||
| CVE-2024-30949 | 1 Newlib Project | 1 Newlib | 2024-08-21 | 9.8 Critical |
| An issue in newlib v.4.3.0 allows an attacker to execute arbitrary code via the time unit scaling in the _gettimeofday function. | ||||
| CVE-2024-7547 | 2 Ofono, Ofono Project | 2 Ofono, Ofono | 2024-08-19 | 7.8 High |
| oFono SMS Decoder Stack-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to execute arbitrary code on affected installations of oFono. An attacker must first obtain the ability to execute code on the target modem in order to exploit this vulnerability. The specific flaw exists within the parsing of SMS PDUs. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-23460. | ||||