Total
3475 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-51015 | 1 Netgear | 1 R7000p Firmware | 2024-11-05 | 5.7 Medium |
| Netgear R7000P v1.3.3.154 was discovered to contain a command injection vulnerability via the device_name2 parameter at operation_mode.cgi. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request. | ||||
| CVE-2024-51014 | 1 Netgear | 1 Xr300 Firmware | 2024-11-05 | 5.7 Medium |
| Netgear XR300 v1.0.3.78 was discovered to contain a stack overflow via the ssid_an parameter in bridge_wireless_main.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. | ||||
| CVE-2024-51013 | 1 Netgear | 1 R7000p Firmware | 2024-11-05 | 5.7 Medium |
| Netgear R7000P v1.3.3.154 was discovered to contain a stack overflow via the RADIUSAddr%d_wla parameter at wireless.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. | ||||
| CVE-2024-51012 | 1 Netgear | 1 R8500 Firmware | 2024-11-05 | 5.7 Medium |
| Netgear R8500 v1.0.2.160 was discovered to contain a stack overflow via the ipv6_pri_dns parameter at ipv6_fix.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. | ||||
| CVE-2024-51011 | 1 Netgear | 3 R6400 Firmware, R7000p Firmware, Xr300 Firmware | 2024-11-05 | 5.7 Medium |
| Netgear XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 was discovered to contain a stack overflow via the pppoe_localip parameter at pppoe.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. | ||||
| CVE-2024-51007 | 1 Netgear | 1 Xr300 Firmware | 2024-11-05 | 5.7 Medium |
| Netgear XR300 v1.0.3.78 was discovered to contain a stack overflow via the passphrase parameter at wireless.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. | ||||
| CVE-2024-51003 | 1 Netgear | 4 R6400 Firmware, R7000p Firmware, R8500 Firmware and 1 more | 2024-11-05 | 5.7 Medium |
| Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to multiple stack overflow vulnerabilities in the component ap_mode.cgi via the apmode_dns1_pri and apmode_dns1_sec parameters. These vulnerabilities allow attackers to cause a Denial of Service (DoS) via a crafted POST request. | ||||
| CVE-2024-44233 | 1 Apple | 6 Ipados, Iphone Os, Macos and 3 more | 2024-11-04 | 6.5 Medium |
| The issue was addressed with improved bounds checks. This issue is fixed in macOS Sonoma 14.7.1, macOS Ventura 13.7.1, visionOS 2.1, watchOS 11.1, tvOS 18.1, iOS 17.7.1 and iPadOS 17.7.1, iOS 18.1 and iPadOS 18.1. Parsing a maliciously crafted video file may lead to unexpected system termination. | ||||
| CVE-2024-44234 | 1 Apple | 6 Ipados, Iphone Os, Macos and 3 more | 2024-11-04 | 6.5 Medium |
| The issue was addressed with improved bounds checks. This issue is fixed in macOS Sonoma 14.7.1, macOS Ventura 13.7.1, visionOS 2.1, watchOS 11.1, tvOS 18.1, iOS 17.7.1 and iPadOS 17.7.1, iOS 18.1 and iPadOS 18.1. Parsing a maliciously crafted video file may lead to unexpected system termination. | ||||
| CVE-2024-44232 | 1 Apple | 6 Ipados, Iphone Os, Macos and 3 more | 2024-11-04 | 6.5 Medium |
| The issue was addressed with improved bounds checks. This issue is fixed in macOS Sonoma 14.7.1, macOS Ventura 13.7.1, visionOS 2.1, watchOS 11.1, tvOS 18.1, iOS 17.7.1 and iPadOS 17.7.1, iOS 18.1 and iPadOS 18.1. Parsing a maliciously crafted video file may lead to unexpected system termination. | ||||
| CVE-2024-48289 | 2024-11-04 | 6.5 Medium | ||
| An issue in the Bluetooth Low Energy implementation of Cypress Bluetooth SDK v3.66 allows attackers to cause a Denial of Service (DoS) via supplying a crafted LL_PAUSE_ENC_REQ packet. | ||||
| CVE-2024-10467 | 2 Mozilla, Redhat | 9 Firefox, Firefox Esr, Thunderbird and 6 more | 2024-11-04 | 9.8 Critical |
| Memory safety bugs present in Firefox 131, Firefox ESR 128.3, and Thunderbird 128.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132. | ||||
| CVE-2024-44218 | 1 Apple | 4 Ios, Ipados, Iphone Os and 1 more | 2024-11-01 | 7.8 High |
| This issue was addressed with improved checks. This issue is fixed in iOS 17.7.1 and iPadOS 17.7.1, macOS Sonoma 14.7.1, iOS 18.1 and iPadOS 18.1. Processing a maliciously crafted file may lead to heap corruption. | ||||
| CVE-2021-46746 | 2024-10-31 | 5.2 Medium | ||
| Lack of stack protection exploit mechanisms in ASP Secure OS Trusted Execution Environment (TEE) may allow a privileged attacker with access to AMD signing keys to c006Frrupt the return address, causing a stack-based buffer overrun, potentially leading to a denial of service. | ||||
| CVE-2024-42011 | 1 Spotify | 1 Spotify App | 2024-10-30 | 7.5 High |
| The Spotify app 8.9.58 for iOS has a buffer overflow in its use of strcat. | ||||
| CVE-2024-10371 | 2 Razormist, Sourcecodester | 2 Payroll Management System, Payroll Management System | 2024-10-30 | 6.3 Medium |
| A vulnerability classified as critical has been found in SourceCodester Payroll Management System 1.0. This affects the function login of the file main. The manipulation leads to buffer overflow. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-44144 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2024-10-29 | 5.5 Medium |
| A buffer overflow was addressed with improved size validation. This issue is fixed in iOS 17.7.1 and iPadOS 17.7.1, macOS Sequoia 15, macOS Sonoma 14.7.1, tvOS 18, watchOS 11, visionOS 2, iOS 18 and iPadOS 18. Processing a maliciously crafted file may lead to unexpected app termination. | ||||
| CVE-2024-48426 | 1 Assimp | 1 Assimp | 2024-10-29 | 6.2 Medium |
| A segmentation fault (SEGV) was detected in the SortByPTypeProcess::Execute function in the Assimp library during fuzz testing with AddressSanitizer. The crash occurred due to a read access to an invalid memory address (0x1000c9714971). | ||||
| CVE-2024-48425 | 1 Assimp | 1 Assimp | 2024-10-28 | 5.5 Medium |
| A segmentation fault (SEGV) was detected in the Assimp::SplitLargeMeshesProcess_Triangle::UpdateNode function within the Assimp library during fuzz testing using AddressSanitizer. The crash occurs due to a read access violation at address 0x000000000460, which points to the zero page, indicating a null or invalid pointer dereference. | ||||
| CVE-2024-48424 | 1 Assimp | 1 Assimp | 2024-10-28 | 5.5 Medium |
| A heap-buffer-overflow vulnerability has been identified in the OpenDDLParser::parseStructure function within the Assimp library, specifically during the processing of OpenGEX files. | ||||