Total
2602 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-31504 | 1 Embedded-solutions | 1 Freemodbus | 2024-07-11 | N/A | 7.5 HIGH |
| Buffer Overflow vulnerability in SILA Embedded Solutions GmbH freemodbus v.2018-09-12 allows a remtoe attacker to cause a denial of service via the LINUXTCP server component. | |||||
| CVE-2024-32907 | 1 Google | 1 Android | 2024-07-11 | N/A | 7.8 HIGH |
| In memcall_add of memlog.c, there is a possible buffer overflow due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2024-23368 | 1 Qualcomm | 686 Apq8064au, Apq8064au Firmware, Aqt1000 and 683 more | 2024-07-02 | N/A | 7.8 HIGH |
| Memory corruption when allocating and accessing an entry in an SMEM partition. | |||||
| CVE-2021-3711 | 5 Debian, Netapp, Openssl and 2 more | 31 Debian Linux, Active Iq Unified Manager, Clustered Data Ontap and 28 more | 2024-06-21 | 7.5 HIGH | 9.8 CRITICAL |
| In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt(). Typically an application will call this function twice. The first time, on entry, the "out" parameter can be NULL and, on exit, the "outlen" parameter is populated with the buffer size required to hold the decrypted plaintext. The application can then allocate a sufficiently sized buffer and call EVP_PKEY_decrypt() again, but this time passing a non-NULL value for the "out" parameter. A bug in the implementation of the SM2 decryption code means that the calculation of the buffer size required to hold the plaintext returned by the first call to EVP_PKEY_decrypt() can be smaller than the actual size required by the second call. This can lead to a buffer overflow when EVP_PKEY_decrypt() is called by the application a second time with a buffer that is too small. A malicious attacker who is able present SM2 content for decryption to an application could cause attacker chosen data to overflow the buffer by up to a maximum of 62 bytes altering the contents of other data held after the buffer, possibly changing application behaviour or causing the application to crash. The location of the buffer is application dependent but is typically heap allocated. Fixed in OpenSSL 1.1.1l (Affected 1.1.1-1.1.1k). | |||||
| CVE-2024-4511 | 2024-06-04 | N/A | N/A | ||
| A vulnerability classified as critical has been found in Shanghai Sunfull Automation BACnet Server HMI1002-ARM 2.0.4. This affects an unknown part of the component Message Handler. The manipulation leads to buffer overflow. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-263115. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-0731 | 1 Pcman Ftp Server Project | 1 Pcman Ftp Server | 2024-05-17 | N/A | 7.5 HIGH |
| A vulnerability has been found in PCMan FTP Server 2.0.7 and classified as problematic. This vulnerability affects unknown code of the component PUT Command Handler. The manipulation leads to denial of service. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-251554 is the identifier assigned to this vulnerability. | |||||
| CVE-2023-7221 | 1 Totolink | 2 T6, T6 Firmware | 2024-05-17 | N/A | 9.8 CRITICAL |
| A vulnerability was found in Totolink T6 4.1.9cu.5241_B20210923. It has been classified as critical. This affects the function main of the file /cgi-bin/cstecgi.cgi?action=login of the component HTTP POST Request Handler. The manipulation of the argument v41 leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249855. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-7095 | 1 Totolink | 2 A7100ru, A7100ru Firmware | 2024-05-17 | N/A | 9.8 CRITICAL |
| A vulnerability, which was classified as critical, has been found in Totolink A7100RU 7.4cu.2313_B20191024. Affected by this issue is the function main of the file /cgi-bin/cstecgi.cgi?action=login of the component HTTP POST Request Handler. The manipulation of the argument flag leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-248942 is the identifier assigned to this vulnerability. | |||||
| CVE-2024-0732 | 1 Pcman Ftp Server Project | 1 Pcman Ftp Server | 2024-05-17 | N/A | 7.5 HIGH |
| A vulnerability was found in PCMan FTP Server 2.0.7 and classified as problematic. This issue affects some unknown processing of the component STOR Command Handler. The manipulation leads to denial of service. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-251555. | |||||
| CVE-2023-6906 | 1 Totolink | 2 A7100ru, A7100ru Firmware | 2024-05-17 | N/A | 9.8 CRITICAL |
| A vulnerability, which was classified as critical, was found in Totolink A7100RU 7.4cu.2313_B20191024. Affected is the function main of the file /cgi-bin/cstecgi.cgi?action=login of the component HTTP POST Request Handler. The manipulation of the argument flag with the input ie8 leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-248268. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-1560 | 1 Tinytiff Project | 1 Tinytiff | 2024-05-17 | N/A | 5.5 MEDIUM |
| A vulnerability, which was classified as problematic, has been found in TinyTIFF 3.0.0.0. This issue affects some unknown processing of the file tinytiffreader.c of the component File Handler. The manipulation leads to buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The identifier VDB-223553 was assigned to this vulnerability. | |||||
| CVE-2023-1452 | 1 Gpac | 1 Gpac | 2024-05-17 | N/A | 7.8 HIGH |
| A vulnerability was found in GPAC 2.3-DEV-rev35-gbbca86917-master. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file filters/load_text.c. The manipulation leads to buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The identifier VDB-223297 was assigned to this vulnerability. | |||||
| CVE-2023-1190 | 1 Imageinfo Project | 1 Imageinfo | 2024-05-17 | N/A | 7.8 HIGH |
| A vulnerability was found in xiaozhuai imageinfo up to 3.0.3. It has been rated as problematic. Affected by this issue is some unknown functionality of the file imageinfo.hpp. The manipulation leads to buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. VDB-222362 is the identifier assigned to this vulnerability. | |||||
| CVE-2023-0612 | 1 Trendnet | 2 Tew-811dru, Tew-811dru Firmware | 2024-05-17 | N/A | 7.5 HIGH |
| A vulnerability, which was classified as critical, was found in TRENDnet TEW-811DRU 1.0.10.0. Affected is an unknown function of the file /wireless/basic.asp of the component httpd. The manipulation leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-219936. | |||||
| CVE-2023-0617 | 1 Trendnet | 2 Tew-811dru, Tew-811dru Firmware | 2024-05-17 | N/A | 7.5 HIGH |
| A vulnerability was found in TRENDNet TEW-811DRU 1.0.10.0. It has been classified as critical. This affects an unknown part of the file /wireless/guestnetwork.asp of the component httpd. The manipulation leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-219957 was assigned to this vulnerability. | |||||
| CVE-2022-4856 | 1 Modbustools | 1 Modbus Slave | 2024-05-17 | N/A | 7.8 HIGH |
| A vulnerability has been found in Modbus Tools Modbus Slave up to 7.5.1 and classified as critical. Affected by this vulnerability is an unknown functionality of the file mbslave.exe of the component mbs File Handler. The manipulation leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-217021 was assigned to this vulnerability. | |||||
| CVE-2022-4857 | 1 Modbustools | 1 Modbus Poll | 2024-05-17 | N/A | 7.8 HIGH |
| A vulnerability was found in Modbus Tools Modbus Poll up to 9.10.0 and classified as critical. Affected by this issue is some unknown functionality of the file mbpoll.exe of the component mbp File Handler. The manipulation leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-217022 is the identifier assigned to this vulnerability. | |||||
| CVE-2015-10065 | 1 Find Project | 1 Find | 2024-05-17 | N/A | 9.8 CRITICAL |
| A vulnerability classified as critical was found in AenBleidd FiND. This vulnerability affects the function init_result of the file validator/my_validator.cpp. The manipulation leads to buffer overflow. The patch is identified as ee2eef34a83644f286c9adcaf30437f92e9c48f1. It is recommended to apply a patch to fix this issue. VDB-218458 is the identifier assigned to this vulnerability. | |||||
| CVE-2011-10005 | 1 Easyftp Server Project | 1 Easyftp Server | 2024-05-17 | N/A | 8.8 HIGH |
| A vulnerability, which was classified as critical, was found in EasyFTP 1.7.0.2. Affected is an unknown function of the component MKD Command Handler. The manipulation leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250716. | |||||
| CVE-2022-48657 | 1 Linux | 1 Linux Kernel | 2024-05-16 | N/A | 7.8 HIGH |
| In the Linux kernel, the following vulnerability has been resolved: arm64: topology: fix possible overflow in amu_fie_setup() cpufreq_get_hw_max_freq() returns max frequency in kHz as *unsigned int*, while freq_inv_set_max_ratio() gets passed this frequency in Hz as 'u64'. Multiplying max frequency by 1000 can potentially result in overflow -- multiplying by 1000ULL instead should avoid that... Found by Linux Verification Center (linuxtesting.org) with the SVACE static analysis tool. | |||||