| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| util/JSONTokener.java in JSON-lib before 3.1.0 mishandles an unbalanced comment string. |
| Transient DOS while parsing BTM ML IE when per STA profile is not included. |
| Transient DOS while processing the CU information from RNR IE. |
| Vulnerability of improper device information processing in the device management module
Impact: Successful exploitation of this vulnerability may affect availability. |
| Memory corruption while processing GPU page table switch. |
| Use of Default Credentials vulnerability in Maruti Suzuki SmartPlay on Linux (Infotainment Hub modules) allows attacker to try common or default usernames and passwords.The issue was detected on a 2022 Maruti Suzuki Brezza in India Market.
This issue affects SmartPlay: 66T0.05.50. |
| prepareUnique index may cause secondaries to crash due to incorrect enforcement of index constraints on secondaries, where in extreme cases may cause multiple secondaries crashing leading to no primaries. This issue affects MongoDB Server v6.0 versions prior to 6.0.17, MongoDB Server v7.0 versions prior to 7.0.13 and MongoDB Server v7.3 versions prior to 7.3.4 |
| Vulnerability of improper memory access in the phone service module
Impact: Successful exploitation of this vulnerability may affect availability. |
| in OpenHarmony v4.0.0 and prior versions allow a local attacker cause DOS through out-of-bounds read. |
| A vulnerability, which was classified as problematic, has been found in Cosmote Greece What's Up App 4.47.3 on Android. This issue affects some unknown processing of the file gr/desquared/kmmsharedmodule/db/RealmDB.java of the component Realm Database Handler. The manipulation of the argument defaultRealmKey leads to use of default cryptographic key. Local access is required to approach this attack. The complexity of an attack is rather high. The exploitation is known to be difficult. The vendor was contacted early about this disclosure but did not respond in any way. |
| Insufficient input validation in the ABL may allow a privileged
attacker with access to the BIOS menu or UEFI shell to tamper with the
structure headers in SPI ROM causing an out of bounds memory read and write,
potentially resulting in memory corruption or denial of service. |
| CVE-2024-10387 IMPACT
A Denial-of-Service
vulnerability exists in the affected product. The vulnerability could allow a
threat actor with network access to send crafted messages to the device,
potentially resulting in Denial-of-Service. |
| Sharp and Toshiba Tec MFPs improperly process query parameters in HTTP requests, which may allow contamination of unintended data to HTTP response headers.
Accessing a crafted URL which points to an affected product may cause malicious script executed on the web browser. |
| Sharp and Toshiba Tec MFPs improperly process HTTP request headers, resulting in an Out-of-bounds Read vulnerability.
Crafted HTTP requests may cause affected products crashed. |
| Sharp and Toshiba Tec MFPs contain multiple Out-of-bounds Read vulnerabilities, due to improper processing of keyword search input and improper processing of SOAP messages.
Crafted HTTP requests may cause affected products crashed. |
| Sharp and Toshiba Tec MFPs provide the web page to download data, where query parameters in HTTP requests are improperly processed and resulting in an Out-of-bounds Read vulnerability.
Crafted HTTP requests may cause affected products crashed. |
| libsndfile through 1.2.2 has an ogg_vorbis.c vorbis_analysis_wrote out-of-bounds read. |
| A vulnerability has been found in Tenda AC15 15.03.05.19 and classified as critical. This vulnerability affects the function SetDlnaCfg of the file /goform/SetDlnaCfg. The manipulation of the argument scanList leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. |
| A vulnerability was found in Tenda AC15 15.03.05.19 and classified as critical. This issue affects the function formSetDeviceName of the file /goform/SetOnlineDevName. The manipulation of the argument devName leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. |
| A vulnerability was found in Tenda AC6 15.03.05.19 and classified as critical. Affected by this issue is the function formSetDeviceName of the file /goform/SetOnlineDevName. The manipulation of the argument devName leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. |
