Export limit exceeded: 41531 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (41531 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-47962 | 2 Delta Electronics, Deltaww | 2 Cncsoft-g2, Cncsoft-g2 | 2024-10-17 | 7.8 High |
| Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can manipulate an insider to visit a malicious page or file to leverage this vulnerability to execute code in the context of the current process. | ||||
| CVE-2024-47964 | 2 Delta Electronics, Deltaww | 2 Cncsoft-g2, Cncsoft-g2 | 2024-10-17 | 7.8 High |
| Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can manipulate users to visit a malicious page or file to leverage this vulnerability to execute code in the context of the current process. | ||||
| CVE-2024-47965 | 2 Delta Electronics, Deltaww | 2 Cncsoft-g2, Cncsoft-g2 | 2024-10-17 | 7.8 High |
| Delta Electronics CNCSoft-G2 lacks proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can manipulate users to visit a malicious page or file to leverage this vulnerability to execute code in the context of the current process. | ||||
| CVE-2024-9348 | 1 Docker | 1 Desktop | 2024-10-17 | N/A |
| Docker Desktop before v4.34.3 allows RCE via unsanitized GitHub source link in Build view. | ||||
| CVE-2024-23374 | 1 Qualcomm | 52 Fastconnect 6900, Fastconnect 6900 Firmware, Fastconnect 7800 and 49 more | 2024-10-16 | 6.7 Medium |
| Memory corruption is possible when an attempt is made from userspace or console to write some haptics effects pattern to the haptics debugfs file. | ||||
| CVE-2024-23375 | 1 Qualcomm | 28 Sa4150p, Sa4150p Firmware, Sa4155p and 25 more | 2024-10-16 | 6.7 Medium |
| Memory corruption during the network scan request. | ||||
| CVE-2024-8231 | 1 Tenda | 2 O6, O6 Firmware | 2024-10-16 | 8.8 High |
| A vulnerability classified as critical has been found in Tenda O6 1.0.0.7(2054). Affected is the function fromVirtualSet of the file /goform/setPortForward. The manipulation of the argument ip/localPort/publicPort/app leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-23378 | 1 Qualcomm | 36 Qam8255p, Qam8255p Firmware, Qam8650p and 33 more | 2024-10-16 | 6.7 Medium |
| Memory corruption while invoking IOCTL calls for MSM module from the user space during audio playback and record. | ||||
| CVE-2024-33064 | 1 Qualcomm | 10 Mdm9628, Mdm9628 Firmware, Qca6564a and 7 more | 2024-10-16 | 8.2 High |
| Information disclosure while parsing the multiple MBSSID IEs from the beacon. | ||||
| CVE-2024-33070 | 1 Qualcomm | 10 Mdm9628, Mdm9628 Firmware, Qca6564a and 7 more | 2024-10-16 | 7.5 High |
| Transient DOS while parsing ESP IE from beacon/probe response frame. | ||||
| CVE-2024-33071 | 1 Qualcomm | 10 Mdm9628, Mdm9628 Firmware, Qca6564a and 7 more | 2024-10-16 | 7.5 High |
| Transient DOS while parsing the MBSSID IE from the beacons when IE length is 0. | ||||
| CVE-2023-32188 | 1 Neuvector | 1 Neuvector | 2024-10-16 | N/A |
| A user can reverse engineer the JWT token (JSON Web Token) used in authentication for Manager and API access, forging a valid NeuVector Token to perform malicious activity in NeuVector. This can lead to an RCE. | ||||
| CVE-2024-39806 | 1 Openatom | 1 Openharmony | 2024-10-16 | 5.5 Medium |
| in OpenHarmony v4.1.0 and prior versions allow a local attacker cause information leak through out-of-bounds Read. | ||||
| CVE-2024-9782 | 2 D-link, Dlink | 3 Dir-619l B1, Dir-619l, Dir-619l Firmware | 2024-10-16 | 8.8 High |
| A vulnerability was found in D-Link DIR-619L B1 2.06. It has been declared as critical. This vulnerability affects the function formEasySetupWWConfig of the file /goform/formEasySetupWWConfig. The manipulation of the argument curTime leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-9783 | 2 D-link, Dlink | 3 Dir-619l B1, Dir-619l, Dir-619l Firmware | 2024-10-16 | 8.8 High |
| A vulnerability was found in D-Link DIR-619L B1 2.06. It has been rated as critical. This issue affects the function formLogDnsquery of the file /goform/formLogDnsquery. The manipulation of the argument curTime leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-9506 | 2024-10-16 | 3.7 Low | ||
| Improper regular expression in Vue's parseHTML function leads to a potential regular expression denial of service vulnerability. | ||||
| CVE-2024-48042 | 1 Supsystic | 1 Contact Form | 2024-10-16 | 9.1 Critical |
| Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Supsystic Contact Form by Supsystic allows Command Injection.This issue affects Contact Form by Supsystic: from n/a through 1.7.28. | ||||
| CVE-2024-47833 | 1 Avaiga | 1 Taipy | 2024-10-16 | 6.5 Medium |
| Taipy is an open-source Python library for easy, end-to-end application development for data scientists and machine learning engineers. In affected versions session cookies are served without Secure and HTTPOnly flags. This issue has been addressed in release version 4.0.0 and all users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
| CVE-2024-9785 | 2 D-link, Dlink | 3 Dir-619l B1, Dir-619l, Dir-619l Firmware | 2024-10-16 | 8.8 High |
| A vulnerability classified as critical was found in D-Link DIR-619L B1 2.06. Affected by this vulnerability is the function formSetDDNS of the file /goform/formSetDDNS. The manipulation of the argument curTime leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-9786 | 2 D-link, Dlink | 3 Dir-619l B1, Dir-619l, Dir-619l Firmware | 2024-10-16 | 8.8 High |
| A vulnerability, which was classified as critical, has been found in D-Link DIR-619L B1 2.06. Affected by this issue is the function formSetLog of the file /goform/formSetLog. The manipulation of the argument curTime leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||