Search Results (23189 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-39349 1 Synology 4 Bc500, Bc500 Firmware, Tc500 and 1 more 2025-04-10 9.8 Critical
A vulnerability regarding buffer copy without checking size of input ('Classic Buffer Overflow') is found in the libjansson component and it does not affect the upstream library. This allows remote attackers to execute arbitrary code via unspecified vectors. The following models with Synology Camera Firmware versions before 1.0.7-0298 may be affected: BC500 and TC500.
CVE-2024-2899 1 Tenda 2 Ac7, Ac7 Firmware 2025-04-10 8.8 High
A vulnerability, which was classified as critical, has been found in Tenda AC7 15.03.06.44. Affected by this issue is the function fromSetWirelessRepeat of the file /goform/WifiExtraSet. The manipulation of the argument wpapsk_crypto leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-257942 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2024-2978 1 Tenda 2 F1203, F1203 Firmware 2025-04-10 8.8 High
A vulnerability classified as critical has been found in Tenda F1203 2.0.1.6. This affects the function formSetCfm of the file /goform/setcfm. The manipulation of the argument funcpara1 leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-258147. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2024-2983 1 Tenda 2 Fh1202, Fh1202 Firmware 2025-04-10 8.8 High
A vulnerability was found in Tenda FH1202 1.2.0.14(408) and classified as critical. Affected by this issue is the function formSetClientState of the file /goform/SetClientState. The manipulation of the argument deviceId/limitSpeed/limitSpeedUp leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-258152. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2024-2987 1 Tenda 2 Fh1202, Fh1202 Firmware 2025-04-10 8.8 High
A vulnerability classified as critical has been found in Tenda FH1202 1.2.0.14(408). Affected is the function GetParentControlInfo of the file /goform/GetParentControlInfo. The manipulation of the argument mac leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-258156. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2024-30593 1 Tenda 2 Fh1202, Fh1202 Firmware 2025-04-10 9.8 Critical
Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability located in the deviceName parameter of the formSetDeviceName function.
CVE-2024-30584 1 Tenda 2 Fh1202, Fh1202 Firmware 2025-04-10 9.8 Critical
Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the security parameter of the formWifiBasicSet function.
CVE-2024-30602 1 Tenda 2 Fh1203, Fh1203 Firmware 2025-04-10 9.8 Critical
Tenda FH1203 v2.0.1.6 has a stack overflow vulnerability in the schedStartTime parameter of the setSchedWifi function.
CVE-2025-25634 1 Tenda 2 Ac15, Ac15 Firmware 2025-04-10 6.5 Medium
A vulnerability has been found in Tenda AC15 15.03.05.19 in the function GetParentControlInfo of the file /goform/GetParentControlInfo. The manipulation of the argument src leads to stack-based buffer overflow.
CVE-2022-4801 1 Usememos 1 Memos 2025-04-10 5.3 Medium
Insufficient Granularity of Access Control in GitHub repository usememos/memos prior to 0.9.1.
CVE-2022-42270 1 Nvidia 9 Jetson Agx Xavier, Jetson Agx Xavier 16gb, Jetson Agx Xavier 32gb and 6 more 2025-04-10 7.8 High
NVIDIA distributions of Linux contain a vulnerability in nvdla_emu_task_submit, where unvalidated input may allow a local attacker to cause stack-based buffer overflow in kernel code, which may lead to escalation of privileges, compromised integrity and confidentiality, and denial of service.
CVE-2022-46360 1 Fujielectric 2 Tellus, V-sft 2025-04-10 7.8 High
Out-of-bounds read vulnerability in V-SFT v6.1.7.0 and earlier and TELLUS v4.0.12.0 and earlier allows a local attacker to obtain the information and/or execute arbitrary code by having a user to open a specially crafted image file.
CVE-2022-41645 1 Fujielectric 1 V-server 2025-04-10 7.8 High
Out-of-bounds read vulnerability in V-Server v4.0.12.0 and earlier allows a local attacker to obtain the information and/or execute arbitrary code by having a user to open a specially crafted project file.
CVE-2022-4813 1 Usememos 1 Memos 2025-04-10 4.3 Medium
Insufficient Granularity of Access Control in GitHub repository usememos/memos prior to 0.9.1.
CVE-2022-44428 2 Google, Unisoc 14 Android, S8000, Sc7731e and 11 more 2025-04-10 5.5 Medium
In wlan driver, there is a possible missing bounds check. This could lead to local denial of service in wlan services.
CVE-2022-44427 2 Google, Unisoc 14 Android, S8000, Sc7731e and 11 more 2025-04-10 5.5 Medium
In wlan driver, there is a possible missing bounds check. This could lead to local denial of service in wlan services.
CVE-2022-32641 2 Google, Mediatek 57 Android, Mt6580, Mt6731 and 54 more 2025-04-10 6.7 Medium
In meta wifi, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07453594; Issue ID: ALPS07453594.
CVE-2022-32639 2 Google, Mediatek 19 Android, Mt6739, Mt6768 and 16 more 2025-04-10 4.4 Medium
In watchdog, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07494487; Issue ID: ALPS07494487.
CVE-2024-9099 1 Lunary 1 Lunary 2025-04-10 8.1 High
In lunary-ai/lunary version v1.4.29, the GET /projects API endpoint exposes both public and private API keys for all projects to users with minimal permissions, such as Viewers or Prompt Editors. This vulnerability allows unauthorized users to retrieve sensitive credentials, which can be used to perform actions on behalf of the project, access private data, and delete resources. The private API keys are exposed in the developer tools when the endpoint is called from the frontend.
CVE-2022-4378 2 Linux, Redhat 9 Linux Kernel, Enterprise Linux, Rhel Aus and 6 more 2025-04-10 7.8 High
A stack overflow flaw was found in the Linux kernel's SYSCTL subsystem in how a user changes certain kernel parameters and variables. This flaw allows a local user to crash or potentially escalate their privileges on the system.