Export limit exceeded: 334784 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 19212 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (19212 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-47134 | 2 Electronics.jtekt, Jtekt | 2 Kostac Plc Programming Software, Kostac Plc Programming Software | 2024-10-16 | 7.8 High |
| Out-of-bounds write vulnerability exists in Kostac PLC Programming Software (Former name: Koyo PLC Programming Software) Version 1.6.14.0 and earlier. Having a user open a specially crafted project file which was saved using Kostac PLC Programming Software Version 1.6.9.0 and earlier may cause a denial-of-service (DoS) condition, arbitrary code execution, and/or information disclosure because the issues exist in parsing of KPP project files. | ||||
| CVE-2024-47135 | 1 Jtekt | 2 Kostac Plc, Kostac Plc Programming Software | 2024-10-15 | 7.8 High |
| Stack-based buffer overflow vulnerability exists in Kostac PLC Programming Software (Former name: Koyo PLC Programming Software) Version 1.6.14.0 and earlier. Having a user open a specially crafted project file which was saved using Kostac PLC Programming Software Version 1.6.9.0 and earlier may cause a denial-of-service (DoS) condition, arbitrary code execution, and/or information disclosure because the issues exist in parsing of KPP project files. | ||||
| CVE-2024-8198 | 1 Google | 1 Chrome | 2024-10-15 | 7.5 High |
| Heap buffer overflow in Skia in Google Chrome prior to 128.0.6613.113 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2024-7534 | 1 Google | 1 Chrome | 2024-10-15 | 8.8 High |
| Heap buffer overflow in Layout in Google Chrome prior to 127.0.6533.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2024-46045 | 1 Tenda | 2 Ch22, Ch22 Firmware | 2024-10-15 | 5.7 Medium |
| Tenda CH22 V1.0.0.6(468) has a stack overflow vulnerability located in the frmL7PlotForm function. | ||||
| CVE-2024-44095 | 1 Google | 1 Android | 2024-10-15 | 7.4 High |
| In ppmp_protect_mfcfw_buf of code/drm_fw.c, there is a possible corrupt memory due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2024-46044 | 1 Tenda | 2 Ch22, Ch22 Firmware | 2024-10-15 | 5.7 Medium |
| CH22 V1.0.0.6(468) has a stack overflow vulnerability located in the fromqossetting function. | ||||
| CVE-2024-46049 | 1 Tenda | 2 O6, O6 Firmware | 2024-10-15 | 5.7 Medium |
| Tenda O6 V3.0 firmware V1.0.0.7(2054) contains a stack overflow vulnerability in the formexeCommand function. | ||||
| CVE-2024-47417 | 3 Adobe, Apple, Microsoft | 3 Animate, Macos, Windows | 2024-10-10 | 7.8 High |
| Animate versions 23.0.7, 24.0.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2024-47410 | 3 Adobe, Apple, Microsoft | 3 Animate, Macos, Windows | 2024-10-10 | 7.8 High |
| Animate versions 23.0.7, 24.0.4 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2024-21532 | 1 Bahmutov | 1 Ggit | 2024-10-10 | 7.3 High |
| All versions of the package ggit are vulnerable to Command Injection via the fetchTags(branch) API, which allows user input to specify the branch to be fetched and then concatenates this string along with a git command which is then passed to the unsafe exec() Node.js child process API. | ||||
| CVE-2024-45880 | 1 Motorola | 1 Cx2l Firmware | 2024-10-10 | 8 High |
| A command injection vulnerability exists in Motorola CX2L router v1.0.2 and below. The vulnerability is present in the SetStationSettings function. The system directly invokes the system function to execute commands for setting parameters such as MAC address without proper input filtering. This allows malicious users to inject and execute arbitrary commands. | ||||
| CVE-2022-49039 | 1 Synology | 2 Drive, Drive Client | 2024-10-08 | 6.7 Medium |
| Out-of-bounds write vulnerability in backup task management functionality in Synology Drive Client before 3.4.0-15721 allows local users with administrator privileges to execute arbitrary commands via unspecified vectors. | ||||
| CVE-2024-20520 | 1 Cisco | 9 Rv042, Rv042 Firmware, Rv042g and 6 more | 2024-10-08 | 6.5 Medium |
| A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to execute arbitrary code as the root user. To exploit this vulnerability, an attacker would need to have valid Administrator credentials on the affected device. This vulnerability is due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system as the root user. | ||||
| CVE-2024-20519 | 1 Cisco | 9 Rv042, Rv042 Firmware, Rv042g and 6 more | 2024-10-08 | 6.5 Medium |
| A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to execute arbitrary code as the root user. To exploit this vulnerability, an attacker would need to have valid Administrator credentials on the affected device. This vulnerability is due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system as the root user. | ||||
| CVE-2024-20518 | 1 Cisco | 9 Rv042, Rv042 Firmware, Rv042g and 6 more | 2024-10-08 | 6.5 Medium |
| A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to execute arbitrary code as the root user. To exploit this vulnerability, an attacker would need to have valid Administrator credentials on the affected device. This vulnerability is due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system as the root user. | ||||
| CVE-2024-20524 | 1 Cisco | 8 Rv042, Rv042 Firmware, Rv042g and 5 more | 2024-10-08 | 6.8 Medium |
| A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to cause an unexpected reload of an affected device, resulting in a denial of service (DoS) condition. To exploit this vulnerability, an attacker would need to have valid Administrator credentials on the affected device. This vulnerability is due to improper validation of user input that is in incoming HTTP packets. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web-based management interface of the affected device. A successful exploit could allow the attacker to cause an unexpected reload of the device, resulting in a DoS condition. | ||||
| CVE-2024-20523 | 1 Cisco | 8 Rv042, Rv042 Firmware, Rv042g and 5 more | 2024-10-08 | 6.8 Medium |
| A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to cause an unexpected reload of an affected device, resulting in a denial of service (DoS) condition. To exploit this vulnerability, an attacker would need to have valid Administrator credentials on the affected device. This vulnerability is due to improper validation of user input that is in incoming HTTP packets. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web-based management interface of the affected device. A successful exploit could allow the attacker to cause an unexpected reload of the device, resulting in a DoS condition. | ||||
| CVE-2024-20522 | 1 Cisco | 9 Rv042, Rv042 Firmware, Rv042g and 6 more | 2024-10-08 | 6.5 Medium |
| A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to cause an unexpected reload of an affected device, resulting in a denial of service (DoS) condition. To exploit this vulnerability, an attacker would need to have valid Administrator credentials on the affected device. This vulnerability is due to improper validation of user input that is in incoming HTTP packets. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web-based management interface of the affected device. A successful exploit could allow the attacker to cause an unexpected reload of the device, resulting in a DoS condition. | ||||
| CVE-2024-20517 | 1 Cisco | 8 Rv042, Rv042 Firmware, Rv042g and 5 more | 2024-10-08 | 6.8 Medium |
| A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to cause an unexpected reload of an affected device, resulting in a denial of service (DoS) condition. To exploit this vulnerability, an attacker would need to have valid Administrator credentials on the affected device. This vulnerability is due to improper validation of user input that is in incoming HTTP packets. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web-based management interface of the affected device. A successful exploit could allow the attacker to cause an unexpected reload of the device, resulting in a DoS condition. | ||||