Export limit exceeded: 21072 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (21072 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-37091 1 Stylemixthemes 2 Consulting Elementor Widgets, Masterstudy Elementor Widgets 2024-11-21 9.9 Critical
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in StylemixThemes Consulting Elementor Widgets, StylemixThemes Masterstudy Elementor Widgets allows OS Command Injection.This issue affects Consulting Elementor Widgets: from n/a through 1.3.0; Masterstudy Elementor Widgets: from n/a through 1.2.2.
CVE-2024-37077 1 Openatom 1 Openharmony 2024-11-21 8.2 High
in OpenHarmony v4.0.0 and prior versions allow a remote attacker arbitrary code execution in pre-installed apps through out-of-bounds write.
CVE-2024-37066 1 Wyze 2 Cam V4, Cam V4 Firmware 2024-11-21 6.8 Medium
A command injection vulnerability exists in Wyze V4 Pro firmware versions before 4.50.4.9222, which allows attackers to execute arbitrary commands over Bluetooth as root during the camera setup process.
CVE-2024-37036 1 Schneider-electric 7 Sage 1410, Sage 1430, Sage 1450 and 4 more 2024-11-21 9.8 Critical
CWE-787: Out-of-bounds Write vulnerability exists that could result in an authentication bypass when sending a malformed POST request and particular configuration parameters are set.
CVE-2024-37022 1 Fujielectric 1 Tellus Lite V-simulator 2024-11-21 7.8 High
Fuji Electric Tellus Lite V-Simulator is vulnerable to an out-of-bounds write, which could allow an attacker to manipulate memory, resulting in execution of arbitrary code.
CVE-2024-36501 1 Huawei 2 Emui, Harmonyos 2024-11-21 5.6 Medium
Memory management vulnerability in the boottime module Impact: Successful exploitation of this vulnerability can affect integrity.
CVE-2024-36475 1 Centurysys 35 Futurenet Nxr-1200, Futurenet Nxr-1200 Firmware, Futurenet Nxr-120\/c and 32 more 2024-11-21 7.2 High
FutureNet NXR series, VXR series and WXR series provided by Century Systems Co., Ltd. contain an active debug code vulnerability. If a user who knows how to use the debug function logs in to the product, the debug function may be used and an arbitrary OS command may be executed.
CVE-2024-36394 1 Sysaid 1 Sysaid 2024-11-21 9.1 Critical
SysAid - CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2024-36260 1 Openatom 1 Openharmony 2024-11-21 8.2 High
in OpenHarmony v4.0.0 and prior versions allow a remote attacker arbitrary code execution in pre-installed apps through out-of-bounds write.
CVE-2024-36243 1 Openatom 1 Openharmony 2024-11-21 8.2 High
in OpenHarmony v4.0.0 and prior versions allow a remote attacker arbitrary code execution in pre-installed apps through out-of-bounds read and write.
CVE-2024-35116 1 Ibm 2 Mq, Mq Appliance 2024-11-21 5.9 Medium
IBM MQ 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS, and 9.3 CD is vulnerable to a denial of service attack caused by an error applying configuration changes. IBM X-Force ID: 290335.
CVE-2024-34364 1 Envoyproxy 1 Envoy 2024-11-21 5.7 Medium
Envoy is a cloud-native, open source edge and service proxy. Envoy exposed an out-of-memory (OOM) vector from the mirror response, since async HTTP client will buffer the response with an unbounded buffer.
CVE-2024-34115 1 Adobe 1 Substance 3d Stager 2024-11-21 7.8 High
Substance3D - Stager versions 2.1.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2024-34026 1 Openplcproject 2 Openplc V3, Openplc V3 Firmware 2024-11-21 9 Critical
A stack-based buffer overflow vulnerability exists in the OpenPLC Runtime EtherNet/IP parser functionality of OpenPLC _v3 b4702061dc14d1024856f71b4543298d77007b88. A specially crafted EtherNet/IP request can lead to remote code execution. An attacker can send a series of EtherNet/IP requests to trigger this vulnerability.
CVE-2024-33182 1 Tendacn 2 Ac18, Ac18 Firmware 2024-11-21 8.3 High
Tenda AC18 V15.03.3.10_EN was discovered to contain a stack-based buffer overflow vulnerability via the deviceId parameter at ip/goform/addWifiMacFilter.
CVE-2024-33180 2 Tenda, Tendacn 3 Ac18, Ac18, Ac18 Firmware 2024-11-21 9.8 Critical
Tenda AC18 V15.03.3.10_EN was discovered to contain a stack-based buffer overflow vulnerability via the deviceId parameter at ip/goform/saveParentControlInfo.
CVE-2024-32913 1 Google 1 Android 2024-11-21 9.8 Critical
In wl_notify_rx_mgmt_frame of wl_cfg80211.c, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2024-32909 1 Google 2 Android, Pixel 2024-11-21 8.1 High
In handle_msg of main.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2024-32905 1 Google 1 Android 2024-11-21 9.8 Critical
In circ_read of link_device_memory_legacy.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2024-32903 1 Google 1 Android 2024-11-21 7.8 High
In prepare_response_locked of lwis_transaction.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.