Total
11736 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-34571 | 1 Tenda | 2 Ac10, Ac10 Firmware | 2025-01-06 | N/A | 6.7 MEDIUM |
| Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via parameter shareSpeed at /goform/WifiGuestSet. | |||||
| CVE-2023-0667 | 1 Wireshark | 1 Wireshark | 2025-01-06 | N/A | 6.5 MEDIUM |
| Due to failure in validating the length provided by an attacker-crafted MSMMS packet, Wireshark version 4.0.5 and prior, in an unusual configuration, is susceptible to a heap-based buffer overflow, and possibly code execution in the context of the process running Wireshark | |||||
| CVE-2023-33658 | 1 Emqx | 1 Nanomq | 2025-01-06 | N/A | 7.5 HIGH |
| A heap buffer overflow vulnerability exists in NanoMQ 0.17.2. The vulnerability can be triggered by calling the function nni_msg_get_pub_pid() in the file message.c. An attacker could exploit this vulnerability to cause a denial of service attack. | |||||
| CVE-2023-34570 | 1 Tenda | 2 Ac10, Ac10 Firmware | 2025-01-06 | N/A | 6.7 MEDIUM |
| Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via parameter devName at /goform/SetOnlineDevName. | |||||
| CVE-2023-34567 | 1 Tenda | 2 Ac10, Ac10 Firmware | 2025-01-06 | N/A | 6.7 MEDIUM |
| Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via parameter list at /goform/SetVirtualServerCfg. | |||||
| CVE-2023-34613 | 1 Sojo Project | 1 Sojo | 2025-01-06 | N/A | 7.5 HIGH |
| An issue was discovered sojo thru 1.1.1 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies. | |||||
| CVE-2023-34611 | 1 Mjson Project | 1 Mjson | 2025-01-06 | N/A | 7.5 HIGH |
| An issue was discovered mjson thru 1.4.1 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies. | |||||
| CVE-2023-34614 | 1 Jsonij Project | 1 Jsonij | 2025-01-06 | N/A | 7.5 HIGH |
| An issue was discovered jmarsden/jsonij thru 0.5.2 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies. | |||||
| CVE-2023-34610 | 1 Json-io Project | 1 Json-io | 2025-01-06 | N/A | 7.5 HIGH |
| An issue was discovered json-io thru 4.14.0 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies. | |||||
| CVE-2023-34624 | 1 Htmlcleaner Project | 1 Htmlcleaner | 2025-01-06 | N/A | 7.5 HIGH |
| An issue was discovered htmlcleaner thru = 2.28 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies. | |||||
| CVE-2023-34612 | 1 Ph-json Project | 1 Ph-json | 2025-01-06 | N/A | 7.5 HIGH |
| An issue was discovered ph-json thru 9.5.5 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies. | |||||
| CVE-2023-34609 | 1 Flexjson Project | 1 Flexjson | 2025-01-06 | N/A | 7.5 HIGH |
| An issue was discovered flexjson thru 3.3 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies. | |||||
| CVE-2023-34364 | 1 Progress | 1 Datadirect Odbc Oracle Wire Protocol Driver | 2025-01-06 | N/A | 9.8 CRITICAL |
| A buffer overflow was discovered in Progress DataDirect Connect for ODBC before 08.02.2770 for Oracle. An overly large value for certain options of a connection string may overrun the buffer allocated to process the string value. This allows an attacker to execute code of their choice on an affected host by copying carefully selected data that will be executed as code. | |||||
| CVE-2023-28478 | 1 Tp-link | 2 Ec70, Ec70 Firmware | 2025-01-06 | N/A | 8.8 HIGH |
| TP-Link EC-70 devices through 2.3.4 Build 20220902 rel.69498 have a Buffer Overflow. | |||||
| CVE-2023-37712 | 1 Tenda | 6 Ac1206, Ac1206 Firmware, F1202 and 3 more | 2025-01-06 | N/A | 9.8 CRITICAL |
| Tenda AC1206 V15.03.06.23, F1202 V1.2.0.20(408), and FH1202 V1.2.0.20(408) were discovered to contain a stack overflow in the page parameter in the fromSetIpBind function. | |||||
| CVE-2023-26965 | 1 Libtiff | 1 Libtiff | 2025-01-06 | N/A | 5.5 MEDIUM |
| loadImage() in tools/tiffcrop.c in LibTIFF through 4.5.0 has a heap-based use after free via a crafted TIFF image. | |||||
| CVE-2023-34940 | 1 Asus | 2 Rt-n10lx, Rt-n10lx Firmware | 2025-01-06 | N/A | 7.5 HIGH |
| Asus RT-N10LX Router v2.0.0.39 was discovered to contain a stack overflow via the url parameter at /start-apply.html. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2023-48229 | 1 Contiki-ng | 1 Contiki-ng | 2025-01-06 | N/A | 7.6 HIGH |
| Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. An out-of-bounds write exists in the driver for IEEE 802.15.4 radios on nRF platforms in the Contiki-NG operating system. The problem is triggered when parsing radio frames in the `read_frame` function in the `arch/cpu/nrf/net/nrf-ieee-driver-arch.c` module. More specifically, the `read_frame` function performs an incomplete validation of the payload length of the packet, which is a value that can be set by an external party that sends radio packets to a Contiki-NG system. Although the value is validated to be in the range of the MTU length, it is not validated to fit into the given buffer into which the packet will be copied. The problem has been patched in the "develop" branch of Contiki-NG and is expected to be included in subsequent releases. Users are advised to update their develop branch or to update to a subsequent release when available. Users unable to upgrade should consider manually applying the changes in PR #2741. | |||||
| CVE-2023-29160 | 1 Fujielectric | 1 Frenic Rhc Loader | 2025-01-03 | N/A | 7.8 HIGH |
| Stack-based buffer overflow vulnerability exists in FRENIC RHC Loader v1.1.0.3. If a user opens a specially crafted FNE file, sensitive information on the system where the affected product is installed may be disclosed or arbitrary code may be executed. | |||||
| CVE-2023-29562 | 1 Tp-link | 2 Tl-wpa7510, Tl-wpa7510 Firmware | 2025-01-03 | N/A | 9.8 CRITICAL |
| TP-Link TL-WPA7510 (EU)_V2_190125 was discovered to contain a stack overflow via the operation parameter at /admin/locale. | |||||