Total
11294 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-0970 | 1 Silabs | 1 Z\/ip Gateway Sdk | 2024-09-25 | 7.1 High |
| Multiple buffer overflow vulnerabilities in SiLabs Z/IP Gateway SDK version 7.18.01 and earlier allow an attacker with invasive physical access to a Z-Wave controller device to overwrite global memory and potentially execute arbitrary code. | ||||
| CVE-2023-0969 | 1 Silabs | 1 Z\/ip Gateway Sdk | 2024-09-25 | 3.5 Low |
| A vulnerability in SiLabs Z/IP Gateway 7.18.01 and earlier allows an authenticated attacker within Z-Wave range to manipulate an array pointer to disclose the contents of global memory. | ||||
| CVE-2024-6259 | 2 Zephyrproject, Zephyrproject-rtos | 2 Zephyr, Zephyr | 2024-09-25 | 7.6 High |
| BT: HCI: adv_ext_report Improper discarding in adv_ext_report | ||||
| CVE-2023-2262 | 1 Rockwellautomation | 66 1756-en2f Series A, 1756-en2f Series A Firmware, 1756-en2f Series B and 63 more | 2024-09-25 | 9.8 Critical |
| A buffer overflow vulnerability exists in the Rockwell Automation select 1756-EN* communication devices. If exploited, a threat actor could potentially leverage this vulnerability to perform a remote code execution. To exploit this vulnerability, a threat actor would have to send a maliciously crafted CIP request to device. | ||||
| CVE-2024-5303 | 1 Tungstenautomation | 1 Kofax Power Pdf | 2024-09-25 | 7.8 High |
| Kofax Power PDF PSD File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PSD files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22919. | ||||
| CVE-2024-5302 | 1 Tungstenautomation | 1 Kofax Power Pdf | 2024-09-25 | 7.8 High |
| Kofax Power PDF PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22918. | ||||
| CVE-2024-5301 | 1 Tungstenautomation | 1 Kofax Power Pdf | 2024-09-25 | 7.8 High |
| Kofax Power PDF PSD File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PSD files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22917. | ||||
| CVE-2024-31570 | 1 Freeimage Project | 1 Freeimage | 2024-09-25 | 9.8 Critical |
| libfreeimage in FreeImage 3.4.0 through 3.18.0 has a stack-based buffer overflow in the PluginXPM.cpp Load function via an XPM file. | ||||
| CVE-2024-6154 | 1 Parallels | 1 Parallels Desktop | 2024-09-25 | 6.7 Medium |
| Parallels Desktop Toolgate Heap-based Buffer Overflow Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the Toolgate component. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the current user on the host system. Was ZDI-CAN-20450. | ||||
| CVE-2023-43197 | 2 D-link, Dlink | 3 Di-7200gv2.e1, Di-7200g, Di-7200g Firmware | 2024-09-25 | 9.8 Critical |
| D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a stack overflow via the fn parameter in the tgfile.asp function. | ||||
| CVE-2023-43198 | 2 D-link, Dlink | 3 Di-7200gv2.e1, Di-7200g, Di-7200g Firmware | 2024-09-25 | 9.8 Critical |
| D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a stack overflow via the popupId parameter in the H5/hi_block.asp function. | ||||
| CVE-2023-43199 | 2 D-link, Dlink | 3 Di-7200gv2.e1, Di-7200g, Di-7200g Firmware | 2024-09-25 | 9.8 Critical |
| D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a stack overflow via the prev parameter in the H5/login.cgi function. | ||||
| CVE-2023-43200 | 2 D-link, Dlink | 3 Di-7200gv2.e1, Di-7200g, Di-7200g Firmware | 2024-09-25 | 9.8 Critical |
| D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a stack overflow via the id parameter in the yyxz.data function. | ||||
| CVE-2023-43201 | 2 D-link, Dlink | 3 Di-7200gv2.e1, Di-7200g, Di-7200g Firmware | 2024-09-25 | 9.8 Critical |
| D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a stack overflow via the hi_up parameter in the qos_ext.asp function. | ||||
| CVE-2023-43196 | 2 D-link, Dlink | 3 Di-7200gv2.e1, Di-7200g, Di-7200g Firmware | 2024-09-25 | 9.8 Critical |
| D-Link DI-7200GV2.E1 v21.04.09E1 was discovered to contain a stack overflow via the zn_jb parameter in the arp_sys.asp function. | ||||
| CVE-2023-43235 | 2 D-link, Dlink | 3 Dir-823g, Dir-823g, Dir-823g Firmware | 2024-09-25 | 9.8 Critical |
| D-Link DIR-823G v1.0.2B05 was discovered to contain a stack overflow via parameter StartTime and EndTime in SetWifiDownSettings. | ||||
| CVE-2023-43240 | 2 D-link, Dlink | 3 Dir-816 A2, Dir-816 A2, Dir-816 A2 Firmware | 2024-09-25 | 9.8 Critical |
| D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack overflow via parameter sip_address in ipportFilter. | ||||
| CVE-2023-43241 | 2 D-link, Dlink | 3 Dir-823g, Dir-823g, Dir-823g Firmware | 2024-09-25 | 9.8 Critical |
| D-Link DIR-823G v1.0.2B05 was discovered to contain a stack overflow via parameter TXPower and GuardInt in SetWLanRadioSecurity. | ||||
| CVE-2024-29218 | 1 Keyence | 2 Kv Replay Viewer, Kv Studio | 2024-09-25 | 8.8 High |
| Out-of-bounds write vulnerability exists in KV STUDIO Ver.11.64 and earlier, KV REPLAY VIEWER Ver.2.64 and earlier, and VT5-WX15/WX12 Ver.6.02 and earlier, which may lead to information disclosure or arbitrary code execution by having a user of the affected product open a specially crafted file. | ||||
| CVE-2024-20017 | 1 Mediatek | 5 Mt6890, Mt7915, Mt7916 and 2 more | 2024-09-25 | 9.8 Critical |
| In wlan service, there is a possible out of bounds write due to improper input validation. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation Patch ID: WCNCR00350938; Issue ID: MSV-1132. | ||||