Total
12209 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-1016 | 2 Mozilla, Redhat | 8 Firefox, Thunderbird, Enterprise Linux and 5 more | 2025-03-10 | 9.8 Critical |
| Memory safety bugs present in Firefox 134, Thunderbird 134, Firefox ESR 115.19, Firefox ESR 128.6, Thunderbird 115.19, and Thunderbird 128.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 135, Firefox ESR < 115.20, Firefox ESR < 128.7, Thunderbird < 128.7, and Thunderbird < 135. | ||||
| CVE-2023-25235 | 1 Tenda | 2 Ac500, Ac500 Firmware | 2025-03-10 | 7.5 High |
| Tenda AC500 V2.0.1.9(1307) is vulnerable to Buffer Overflow in function formOneSsidCfgSet via parameter ssid. | ||||
| CVE-2023-25234 | 1 Tenda | 2 Ac500, Ac500 Firmware | 2025-03-10 | 9.8 Critical |
| Tenda AC500 V2.0.1.9(1307) is vulnerable to Buffer Overflow in function fromAddressNat via parameters entrys and mitInterface. | ||||
| CVE-2023-25231 | 1 Tenda | 2 W30e, W30e Firmware | 2025-03-10 | 9.8 Critical |
| Tenda Router W30E V1.0.1.25(633) is vulnerable to Buffer Overflow in function fromRouteStatic via parameters entrys and mitInterface. | ||||
| CVE-2023-24118 | 1 Heimgardtechnologies | 2 Eagle 1200ac, Eagle 1200ac Firmware | 2025-03-10 | 6.5 Medium |
| Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via the security parameter at /goform/WifiBasicSet. | ||||
| CVE-2023-50209 | 1 Dlink | 2 G416, G416 Firmware | 2025-03-10 | 8.8 High |
| D-Link G416 cfgsave Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link G416 wireless routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HTTP service listening on TCP port 80. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-21442. | ||||
| CVE-2023-50208 | 1 Dlink | 2 G416, G416 Firmware | 2025-03-10 | 8.8 High |
| D-Link G416 ovpncfg Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link G416 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HTTP service listening on TCP port 80. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-21441. | ||||
| CVE-2023-50210 | 1 Dlink | 2 G416, G416 Firmware | 2025-03-10 | 8.8 High |
| D-Link G416 httpd API-AUTH Digest Processing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link G416 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HTTP service listening on TCP port 80. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-21662. | ||||
| CVE-2023-50211 | 1 Dlink | 2 G416, G416 Firmware | 2025-03-10 | 8.8 High |
| D-Link G416 httpd API-AUTH Timestamp Processing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link G416 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HTTP service listening on TCP port 80. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-21663. | ||||
| CVE-2023-25233 | 1 Tenda | 2 Ac500, Ac500 Firmware | 2025-03-10 | 9.8 Critical |
| Tenda AC500 V2.0.1.9(1307) is vulnerable to Buffer Overflow in function fromRouteStatic via parameters entrys and mitInterface. | ||||
| CVE-2023-24126 | 1 Heimgardtechnologies | 2 Eagle 1200ac, Eagle 1200ac Firmware | 2025-03-07 | 6.5 Medium |
| Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via the wepkey4_5g parameter at /goform/WifiBasicSet. | ||||
| CVE-2023-24125 | 1 Heimgardtechnologies | 2 Eagle 1200ac, Eagle 1200ac Firmware | 2025-03-07 | 6.5 Medium |
| Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via the wepkey2_5g parameter at /goform/WifiBasicSet. | ||||
| CVE-2023-24121 | 1 Heimgardtechnologies | 2 Eagle 1200ac, Eagle 1200ac Firmware | 2025-03-07 | 6.5 Medium |
| Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via the security_5g parameter at /goform/WifiBasicSet. | ||||
| CVE-2023-24120 | 1 Heimgardtechnologies | 2 Eagle 1200ac, Eagle 1200ac Firmware | 2025-03-07 | 6.5 Medium |
| Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via the wrlEn_5g parameter at /goform/WifiBasicSet. | ||||
| CVE-2023-24119 | 1 Heimgardtechnologies | 2 Eagle 1200ac, Eagle 1200ac Firmware | 2025-03-07 | 6.5 Medium |
| Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via the ssid parameter at /goform/WifiBasicSet. | ||||
| CVE-2023-22751 | 1 Arubanetworks | 2 Arubaos, Sd-wan | 2025-03-07 | 9.8 Critical |
| There are stack-based buffer overflow vulnerabilities that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system. | ||||
| CVE-2023-34970 | 1 Arm | 2 Mali Gpu Kernel Driver, Valhall Gpu Kernel Driver | 2025-03-07 | 4.7 Medium |
| A local non-privileged user can make improper GPU processing operations to access a limited amount outside of buffer bounds or to exploit a software race condition. If the system’s memory is carefully prepared by the user, then this in turn could give them access to already freed memory | ||||
| CVE-2024-38638 | 2025-03-07 | N/A | ||
| An out-of-bounds write vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to modify or corrupt memory. QTS 5.2.x/QuTS hero h5.2.x are not affected. We have already fixed the vulnerability in the following versions: QTS 5.1.9.2954 build 20241120 and later QuTS hero h5.1.9.2954 build 20241120 and later | ||||
| CVE-2024-53697 | 2025-03-07 | N/A | ||
| An out-of-bounds write vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to modify or corrupt memory. We have already fixed the vulnerability in the following versions: QTS 5.2.3.3006 build 20250108 and later QuTS hero h5.2.3.3006 build 20250108 and later | ||||
| CVE-2024-53699 | 2025-03-07 | N/A | ||
| An out-of-bounds write vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to modify or corrupt memory. We have already fixed the vulnerability in the following versions: QTS 5.2.3.3006 build 20250108 and later QuTS hero h5.2.3.3006 build 20250108 and later | ||||