Search Results (21073 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-45306 1 Vim 1 Vim 2024-11-21 4.5 Medium
Vim is an open source, command line text editor. Patch v9.1.0038 optimized how the cursor position is calculated and removed a loop, that verified that the cursor position always points inside a line and does not become invalid by pointing beyond the end of a line. Back then we assumed this loop is unnecessary. However, this change made it possible that the cursor position stays invalid and points beyond the end of a line, which would eventually cause a heap-buffer-overflow when trying to access the line pointer at the specified cursor position. It's not quite clear yet, what can lead to this situation that the cursor points to an invalid position. That's why patch v9.1.0707 does not include a test case. The only observed impact has been a program crash. This issue has been addressed in with the patch v9.1.0707. All users are advised to upgrade.
CVE-2024-41815 1 Starship 1 Starship 2024-11-21 7.4 High
Starship is a cross-shell prompt. Starting in version 1.0.0 and prior to version 1.20.0, undocumented and unpredictable shell expansion and/or quoting rules make it easily to accidentally cause shell injection when using custom commands with starship in bash. This issue only affects users with custom commands, so the scope is limited, and without knowledge of others' commands, it could be hard to successfully target someone. Version 1.20.0 fixes the vulnerability.
CVE-2024-41473 2 Tenda, Tendacn 3 Fh1201 Firmware, Fh1201, Fh1201 Firmware 2024-11-21 8 High
Tenda FH1201 v1.2.0.14 was discovered to contain a command injection vulnerability via the mac parameter at ip/goform/WriteFacMac
CVE-2024-41468 2 Tenda, Tendacn 3 Fh1201, Fh1201, Fh1201 Firmware 2024-11-21 9.8 Critical
Tenda FH1201 v1.2.0.14 was discovered to contain a command injection vulnerability via the cmdinput parameter at /goform/exeCommand
CVE-2024-41466 2 Tenda, Tendacn 3 Fh1201 Firmware, Fh1201, Fh1201 Firmware 2024-11-21 7.5 High
Tenda FH1201 v1.2.0.14 was discovered to contain a stack-based buffer overflow vulnerability via the page parameter at ip/goform/NatStaticSetting.
CVE-2024-41465 2 Tenda, Tendacn 3 Fh1201 Firmware, Fh1201, Fh1201 Firmware 2024-11-21 7.5 High
Tenda FH1201 v1.2.0.14 was discovered to contain a stack-based buffer overflow vulnerability via the funcpara1 parameter at ip/goform/setcfm.
CVE-2024-41464 2 Tenda, Tendacn 3 Fh1201, Fh1201, Fh1201 Firmware 2024-11-21 9.8 Critical
Tenda FH1201 v1.2.0.14 was discovered to contain a stack-based buffer overflow vulnerability via the mitInterface parameter in ip/goform/RouteStatic
CVE-2024-41463 2 Tenda, Tendacn 3 Fh1201 Firmware, Fh1201, Fh1201 Firmware 2024-11-21 4.3 Medium
Tenda FH1201 v1.2.0.14 was discovered to contain a stack-based buffer overflow vulnerability via the entrys parameter at ip/goform/addressNat.
CVE-2024-41462 2 Tenda, Tendacn 3 Fh1201 Firmware, Fh1201, Fh1201 Firmware 2024-11-21 4.3 Medium
Tenda FH1201 v1.2.0.14 was discovered to contain a stack-based buffer overflow vulnerability via the page parameter at ip/goform/DhcpListClient.
CVE-2024-41461 2 Tenda, Tendacn 3 Fh1201, Fh1201, Fh1201 Firmware 2024-11-21 9.8 Critical
Tenda FH1201 v1.2.0.14 was discovered to contain a stack-based buffer overflow vulnerability via the list1 parameter at ip/goform/DhcpListClient.
CVE-2024-41460 2 Tenda, Tendacn 3 Fh1201 Firmware, Fh1201, Fh1201 Firmware 2024-11-21 6.5 Medium
Tenda FH1201 v1.2.0.14 was discovered to contain a stack-based buffer overflow vulnerability via the entrys parameter at ip/goform/RouteStatic.
CVE-2024-41459 2 Tenda, Tendacn 3 Fh1201 Firmware, Fh1201, Fh1201 Firmware 2024-11-21 8.8 High
Tenda FH1201 v1.2.0.14 was discovered to contain a stack-based buffer overflow vulnerability via the PPPOEPassword parameter at ip/goform/QuickIndex.
CVE-2024-41439 1 Dbohdan 1 Hicolor 2024-11-21 5.5 Medium
A heap buffer overflow in the function cp_block() (/vendor/cute_png.h) of hicolor v0.5.0 allows attackers to cause a Denial of Service (DoS) via a crafted PNG file.
CVE-2024-41136 1 Arubanetworks 1 Edgeconnect Sd-wan Orchestrator 2024-11-21 6.8 Medium
An authenticated command injection vulnerability exists in the HPE Aruba Networking EdgeConnect SD-WAN gateways Command Line Interface. Successful exploitation of this vulnerability results in the ability to execute arbitrary commands as a privileged user on the underlying operating system.
CVE-2024-41132 1 Sixlabors 1 Imagesharp 2024-11-21 5.3 Medium
ImageSharp is a 2D graphics API. A vulnerability discovered in the ImageSharp library, where the processing of specially crafted files can lead to excessive memory usage in the Gif decoder. The vulnerability is triggered when ImageSharp attempts to process image files that are designed to exploit this flaw. All users are advised to upgrade to v3.1.5 or v2.1.9.
CVE-2024-41131 1 Sixlabors 1 Imagesharp 2024-11-21 7.5 High
ImageSharp is a 2D graphics API. An Out-of-bounds Write vulnerability has been found in the ImageSharp gif decoder, allowing attackers to cause a crash using a specially crafted gif. This can potentially lead to denial of service. All users are advised to upgrade to v3.1.5 or v2.1.9.
CVE-2024-40764 1 Sonicwall 32 Nsa 2700, Nsa 3700, Nsa 4700 and 29 more 2024-11-21 7.5 High
Heap-based buffer overflow vulnerability in the SonicOS IPSec VPN allows an unauthenticated remote attacker to cause Denial of Service (DoS).
CVE-2024-40416 1 Tenda 2 Ax1806, Ax1806 Firmware 2024-11-21 6.5 Medium
A vulnerability in /goform/SetVirtualServerCfg in the sub_6320C function in Tenda AX1806 1.0.0.1 firmware leads to stack-based buffer overflow.
CVE-2024-40415 1 Tenda 2 Ax1806, Ax1806 Firmware 2024-11-21 9.8 Critical
A vulnerability in /goform/SetStaticRouteCfg in the sub_519F4 function in Tenda AX1806 1.0.0.1 firmware leads to stack-based buffer overflow.
CVE-2024-40414 1 Tenda 2 Ax1806, Ax1806 Firmware 2024-11-21 9.6 Critical
A vulnerability in /goform/SetNetControlList in the sub_656BC function in Tenda AX1806 1.0.0.1 firmware leads to stack-based buffer overflow.