Export limit exceeded: 21014 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (21014 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-26613 | 2 D-link, Dlink | 3 Dir-823g, Dir-823g, Dir-823g Firmware | 2024-11-27 | 9.8 Critical |
| An OS command injection vulnerability in D-Link DIR-823G firmware version 1.02B05 allows unauthorized attackers to execute arbitrary operating system commands via a crafted GET request to EXCU_SHELL. | ||||
| CVE-2023-36143 | 1 Maxprintisp | 2 Maxlink 1200g, Maxlink 1200g Firmware | 2024-11-27 | 8.8 High |
| Maxprint Maxlink 1200G v3.4.11E has an OS command injection vulnerability in the "Diagnostic tool" functionality of the device. | ||||
| CVE-2023-46260 | 2 Ivanti, Microsoft | 2 Avalanche, Windows | 2024-11-27 | 9.8 Critical |
| An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution. | ||||
| CVE-2023-46217 | 2 Ivanti, Microsoft | 2 Avalanche, Windows | 2024-11-27 | 9.8 Critical |
| An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution. | ||||
| CVE-2023-26134 | 1 Git-commit-info Project | 1 Git-commit-info | 2024-11-27 | 9.8 Critical |
| Versions of the package git-commit-info before 2.0.2 are vulnerable to Command Injection such that the package-exported method gitCommitInfo () fails to sanitize its parameter commit, which later flows into a sensitive command execution API. As a result, attackers may inject malicious commands once they control the hash content. | ||||
| CVE-2022-44720 | 1 Ucopia | 3 Weblib, Wireless Appliance, Wireless Appliance Firmware | 2024-11-27 | 9.8 Critical |
| An issue was discovered in Weblib Ucopia before 6.0.13. OS Command Injection injection can occur, related to chroot. | ||||
| CVE-2023-26085 | 1 Arm | 1 Nn Android Neural Networks Driver | 2024-11-27 | 7.8 High |
| A possible out-of-bounds read and write (due to an improper length check of shared memory) was discovered in Arm NN Android-NN-Driver before 23.02. | ||||
| CVE-2020-19186 | 2 Gnu, Netapp | 2 Ncurses, Active Iq Unified Manager | 2024-11-27 | 6.5 Medium |
| Buffer Overflow vulnerability in _nc_find_entry function in tinfo/comp_hash.c:66 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command. | ||||
| CVE-2023-38857 | 1 Faad2 Project | 1 Faad2 | 2024-11-26 | 5.5 Medium |
| Buffer Overflow vulnerability infaad2 v.2.10.1 allows a remote attacker to execute arbitrary code and cause a denial of service via the stcoin function in mp4read.c. | ||||
| CVE-2024-7352 | 1 Pdf-xchange | 1 Pdf-xchange Editor | 2024-11-26 | 7.8 High |
| PDF-XChange Editor PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-23550. | ||||
| CVE-2024-9114 | 1 Faststone | 1 Image Viewer | 2024-11-26 | 7.8 High |
| FastStone Image Viewer GIF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of FastStone Image Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of GIF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25145. | ||||
| CVE-2023-23325 | 1 Zumtobel | 2 Netlink Ccd, Netlink Ccd Firmware | 2024-11-26 | 9.8 Critical |
| Zumtobel Netlink CCD Onboard 3.74 - Firmware 3.80 was discovered to contain a command injection vulnerability via the NetHostname parameter. | ||||
| CVE-2023-48105 | 1 Bytecodealliance | 1 Webassembly Micro Runtime | 2024-11-26 | 7.5 High |
| An heap overflow vulnerability was discovered in Bytecode alliance wasm-micro-runtime v.1.2.3 allows a remote attacker to cause a denial of service via the wasm_loader_prepare_bytecode function in core/iwasm/interpreter/wasm_loader.c. | ||||
| CVE-2023-49046 | 1 Tenda | 2 Ax1803, Ax1803 Firmware | 2024-11-26 | 9.8 Critical |
| Stack Overflow vulnerability in Tenda AX1803 v.1.0.0.1 allows a remote attacker to execute arbitrary code via the devName parameter in the function formAddMacfilterRule. | ||||
| CVE-2024-21980 | 1 Amd | 174 Epyc 7003 Firmware, Epyc 7203, Epyc 7203 Firmware and 171 more | 2024-11-26 | 7.9 High |
| Improper restriction of write operations in SNP firmware could allow a malicious hypervisor to potentially overwrite a guest's memory or UMC seed resulting in loss of confidentiality and integrity. | ||||
| CVE-2023-31355 | 1 Amd | 172 Epyc 7203, Epyc 7203 Firmware, Epyc 7203p and 169 more | 2024-11-26 | 6 Medium |
| Improper restriction of write operations in SNP firmware could allow a malicious hypervisor to overwrite a guest's UMC seed potentially allowing reading of memory from a decommissioned guest. | ||||
| CVE-2023-46157 | 1 Mgt-commerce | 1 Cloudpanel | 2024-11-26 | 8.8 High |
| File-Manager in MGT CloudPanel 2.0.0 through 2.3.2 allows the lowest privilege user to achieve OS command injection by changing file ownership and changing file permissions to 4755. | ||||
| CVE-2023-20760 | 2 Google, Mediatek | 5 Android, Mt6879, Mt6895 and 2 more | 2024-11-26 | 6.7 Medium |
| In apu, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07629578; Issue ID: ALPS07629578. | ||||
| CVE-2023-21640 | 1 Qualcomm | 13 Fastconnect 6900, Fastconnect 6900 Firmware, Fastconnect 7800 and 10 more | 2024-11-26 | 6.7 Medium |
| Memory corruption in Linux when the file upload API is called with parameters having large buffer. | ||||
| CVE-2024-23356 | 1 Qualcomm | 422 Aqt1000, Aqt1000 Firmware, Ar8031 and 419 more | 2024-11-26 | 7.8 High |
| Memory corruption during session sign renewal request calls in HLOS. | ||||