Export limit exceeded: 21075 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (21075 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-47116 | 1 Tenda | 2 A15, A15 Firmware | 2025-04-10 | 7.5 High |
| Tenda A15 V15.13.07.13 was discovered to contain a stack overflow via the SYSPS parameter at /goform/SysToolChangePwd. | ||||
| CVE-2022-43448 | 1 Fujielectric | 2 Tellus, V-sft | 2025-04-10 | 7.8 High |
| Out-of-bounds write vulnerability in V-SFT v6.1.7.0 and earlier and TELLUS v4.0.12.0 and earlier allows a local attacker to obtain the information and/or execute arbitrary code by having a user to open a specially crafted image file. | ||||
| CVE-2022-40740 | 1 Realtek | 2 Usdk, Xpon Software Development Kit | 2025-04-10 | 7.2 High |
| Realtek GPON router has insufficient filtering for special characters. A remote attacker authenticated as an administrator can exploit this vulnerability to perform command injection attacks, to execute arbitrary system command, manipulate system or disrupt service. | ||||
| CVE-2022-42270 | 1 Nvidia | 9 Jetson Agx Xavier, Jetson Agx Xavier 16gb, Jetson Agx Xavier 32gb and 6 more | 2025-04-10 | 7.8 High |
| NVIDIA distributions of Linux contain a vulnerability in nvdla_emu_task_submit, where unvalidated input may allow a local attacker to cause stack-based buffer overflow in kernel code, which may lead to escalation of privileges, compromised integrity and confidentiality, and denial of service. | ||||
| CVE-2022-46304 | 1 Changingtec | 1 Servisign | 2025-04-10 | 8.8 High |
| ChangingTec ServiSign component has insufficient filtering for special characters in the connection response parameter. An unauthenticated remote attacker can host a malicious website for the component user to access, which triggers command injection and allows the attacker to execute arbitrary system command to perform arbitrary system operation or disrupt service. | ||||
| CVE-2022-32637 | 2 Google, Mediatek | 12 Android, Mt6781, Mt6785 and 9 more | 2025-04-10 | 6.7 Medium |
| In hevc decoder, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07491374; Issue ID: ALPS07491374. | ||||
| CVE-2022-32636 | 2 Google, Mediatek | 51 Android, Mt6580, Mt6731 and 48 more | 2025-04-10 | 6.7 Medium |
| In keyinstall, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07510064; Issue ID: ALPS07510064. | ||||
| CVE-2022-47908 | 1 Fujielectric | 1 V-server | 2025-04-10 | 7.8 High |
| Stack-based buffer overflow vulnerability in V-Server v4.0.12.0 and earlier allows a local attacker to obtain the information and/or execute arbitrary code by having a user to open a specially crafted project file. | ||||
| CVE-2022-44428 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-04-10 | 5.5 Medium |
| In wlan driver, there is a possible missing bounds check. This could lead to local denial of service in wlan services. | ||||
| CVE-2022-44427 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-04-10 | 5.5 Medium |
| In wlan driver, there is a possible missing bounds check. This could lead to local denial of service in wlan services. | ||||
| CVE-2022-43538 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2025-04-10 | 7.2 High |
| Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. Successful exploits could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x: 6.10.7 and below and ClearPass Policy Manager 6.9.x: 6.9.12 and below. | ||||
| CVE-2022-43537 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2025-04-10 | 7.2 High |
| Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. Successful exploits could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x: 6.10.7 and below and ClearPass Policy Manager 6.9.x: 6.9.12 and below. | ||||
| CVE-2022-43536 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2025-04-10 | 7.2 High |
| Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. Successful exploits could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x: 6.10.7 and below and ClearPass Policy Manager 6.9.x: 6.9.12 and below. | ||||
| CVE-2022-32647 | 2 Google, Mediatek | 4 Android, Mt6879, Mt6895 and 1 more | 2025-04-10 | 6.7 Medium |
| In ccu, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07554646; Issue ID: ALPS07554646. | ||||
| CVE-2022-32646 | 2 Google, Mediatek | 24 Android, Mt6761, Mt6765 and 21 more | 2025-04-10 | 6.7 Medium |
| In gpu drm, there is a possible stack overflow due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07363501; Issue ID: ALPS07363501. | ||||
| CVE-2022-32640 | 2 Google, Mediatek | 57 Android, Mt6580, Mt6731 and 54 more | 2025-04-10 | 6.7 Medium |
| In meta wifi, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07441652; Issue ID: ALPS07441652. | ||||
| CVE-2024-51251 | 1 Draytek | 2 Vigor3900, Vigor3900 Firmware | 2025-04-10 | 8 High |
| In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the backup function. | ||||
| CVE-2024-51253 | 1 Draytek | 2 Vigor3900, Vigor3900 Firmware | 2025-04-10 | 8 High |
| In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doL2TP function. | ||||
| CVE-2024-45882 | 1 Draytek | 2 Vigor3900, Vigor3900 Firmware | 2025-04-10 | 8 High |
| DrayTek Vigor3900 1.5.1.3 contains a command injection vulnerability. This vulnerability occurs when the `action` parameter in `cgi-bin/mainfunction.cgi` is set to `delete_map_profile.` | ||||
| CVE-2024-45884 | 1 Draytek | 2 Vigor3900, Vigor3900 Firmware | 2025-04-10 | 8 High |
| DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. This vulnerability occurs when the `action` parameter in `cgi-bin/mainfunction.cgi` is set to `setSWMGroup.` | ||||