Total
3789 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-48681 | 1 Huawei | 2 Egrt-00, Egrt-00 Firmware | 2025-01-14 | 7.2 High |
| Some Huawei smart speakers have a memory overflow vulnerability. Successful exploitation of this vulnerability may cause certain functions to fail. | ||||
| CVE-2024-39774 | 2025-01-14 | 9.1 Critical | ||
| A buffer overflow vulnerability exists in the adm.cgi set_sys_adm() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger this vulnerability. | ||||
| CVE-2024-39370 | 2025-01-14 | 9.1 Critical | ||
| An arbitrary code execution vulnerability exists in the adm.cgi set_MeshAp() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability. | ||||
| CVE-2024-39299 | 2025-01-14 | 9.1 Critical | ||
| A buffer overflow vulnerability exists in the qos.cgi qos_sta_settings() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger this vulnerability. | ||||
| CVE-2024-37357 | 2025-01-14 | 9.1 Critical | ||
| A buffer overflow vulnerability exists in the adm.cgi set_TR069() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger this vulnerability. | ||||
| CVE-2024-36290 | 2025-01-14 | 10 Critical | ||
| A buffer overflow vulnerability exists in the login.cgi Goto_chidx() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an unauthenticated HTTP request to trigger this vulnerability. | ||||
| CVE-2024-36272 | 2025-01-14 | 9.1 Critical | ||
| A buffer overflow vulnerability exists in the usbip.cgi set_info() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger this vulnerability. | ||||
| CVE-2024-12147 | 1 Netgear | 1 R6900 Firmware | 2025-01-14 | 6.5 Medium |
| A vulnerability was found in Netgear R6900 1.0.1.26_1.0.20. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file upgrade_check.cgi of the component HTTP Header Handler. The manipulation of the argument Content-Length leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. | ||||
| CVE-2023-46284 | 1 Siemens | 4 Opcenter Quality, Simatic Pcs Neo, Sinumerik Integrate Runmyhmi \/automotive and 1 more | 2025-01-14 | 7.5 High |
| A vulnerability has been identified in Opcenter Execution Foundation (All versions < V2407), Opcenter Quality (All versions < V2312), SIMATIC PCS neo (All versions < V4.1), SINEC NMS (All versions < V2.0 SP1), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 8), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 3). The affected application contains an out of bounds write past the end of an allocated buffer when handling specific requests on port 4002/tcp and 4004/tcp. This could allow an attacker to crash the application. The corresponding service is auto-restarted after the crash. | ||||
| CVE-2023-46283 | 1 Siemens | 4 Opcenter Quality, Simatic Pcs Neo, Sinumerik Integrate Runmyhmi \/automotive and 1 more | 2025-01-14 | 7.5 High |
| A vulnerability has been identified in Opcenter Execution Foundation (All versions < V2407), Opcenter Quality (All versions < V2312), SIMATIC PCS neo (All versions < V4.1), SINEC NMS (All versions < V2.0 SP1), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 8), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 3). The affected application contains an out of bounds write past the end of an allocated buffer when handling specific requests on port 4002/tcp. This could allow an attacker to crash the application. The corresponding service is auto-restarted after the crash. | ||||
| CVE-2024-21463 | 1 Qualcomm | 218 Ar8035, Ar8035 Firmware, Fastconnect 6200 and 215 more | 2025-01-13 | 7.3 High |
| Memory corruption while processing Codec2 during v13k decoder pitch synthesis. | ||||
| CVE-2023-43515 | 1 Qualcomm | 12 Fastconnect 6900, Fastconnect 6900 Firmware, Fastconnect 7800 and 9 more | 2025-01-13 | 6.6 Medium |
| Memory corruption in HLOS while running kernel address sanitizers (syzkaller) on tmecom with DEBUG_FS enabled. | ||||
| CVE-2024-45547 | 1 Qualcomm | 20 Fastconnect 6900, Fastconnect 6900 Firmware, Fastconnect 7800 and 17 more | 2025-01-13 | 7.8 High |
| Memory corruption while processing IOCTL call invoked from user-space to verify non extension FIPS encryption and decryption functionality. | ||||
| CVE-2024-56456 | 1 Huawei | 1 Harmonyos | 2025-01-13 | 6.8 Medium |
| Vulnerability of input parameters not being verified during glTF model loading in the 3D engine module Impact: Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2024-56455 | 1 Huawei | 1 Harmonyos | 2025-01-13 | 5.5 Medium |
| Vulnerability of input parameters not being verified during glTF model loading in the 3D engine module Impact: Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2024-56454 | 1 Huawei | 1 Harmonyos | 2025-01-13 | 5.5 Medium |
| Vulnerability of input parameters not being verified during glTF model loading in the 3D engine module Impact: Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2024-56453 | 1 Huawei | 1 Harmonyos | 2025-01-13 | 6.8 Medium |
| Vulnerability of input parameters not being verified during glTF model loading in the 3D engine module Impact: Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2024-56452 | 1 Huawei | 1 Harmonyos | 2025-01-13 | 5.5 Medium |
| Vulnerability of input parameters not being verified during glTF model loading in the 3D engine module Impact: Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2024-56450 | 1 Huawei | 2 Emui, Harmonyos | 2025-01-13 | 6.3 Medium |
| Buffer overflow vulnerability in the component driver module Impact: Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2024-6352 | 2025-01-13 | 4.3 Medium | ||
| A malformed packet can cause a buffer overflow in the APS layer of the Ember ZNet stack and lead to an assert | ||||