Total
4436 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-23300 | 1 Garmin | 1 Connect-iq | 2025-01-21 | 9.8 Critical |
| The `Toybox.Cryptography.Cipher.initialize` API method in CIQ API version 3.0.0 through 4.1.7 does not validate its parameters, which can result in buffer overflows when copying data. A malicious application could call the API method with specially crafted parameters and hijack the execution of the device's firmware. | ||||
| CVE-2023-23302 | 1 Garmin | 1 Connect-iq | 2025-01-21 | 9.8 Critical |
| The `Toybox.GenericChannel.setDeviceConfig` API method in CIQ API version 1.2.0 through 4.1.7 does not validate its parameter, which can result in buffer overflows when copying various attributes. A malicious application could call the API method with specially crafted object and hijack the execution of the device's firmware. | ||||
| CVE-2023-23303 | 1 Garmin | 1 Connect-iq | 2025-01-21 | 9.8 Critical |
| The `Toybox.Ant.GenericChannel.enableEncryption` API method in CIQ API version 3.2.0 through 4.1.7 does not validate its parameter, which can result in buffer overflows when copying various attributes. A malicious application could call the API method with specially crafted object and hijack the execution of the device's firmware. | ||||
| CVE-2022-24807 | 4 Debian, Fedoraproject, Net-snmp and 1 more | 16 Debian Linux, Fedora, Net-snmp and 13 more | 2025-01-17 | 6.5 Medium |
| net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a malformed OID in a SET request to `SNMP-VIEW-BASED-ACM-MIB::vacmAccessTable` can cause an out-of-bounds memory access. A user with read-write credentials can exploit the issue. Version 5.9.2 contains a patch. Users should use strong SNMPv3 credentials and avoid sharing the credentials. Those who must use SNMPv1 or SNMPv2c should use a complex community string and enhance the protection by restricting access to a given IP address range. | ||||
| CVE-2022-24805 | 4 Debian, Fedoraproject, Net-snmp and 1 more | 16 Debian Linux, Fedora, Net-snmp and 13 more | 2025-01-17 | 6.5 Medium |
| net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a buffer overflow in the handling of the `INDEX` of `NET-SNMP-VACM-MIB` can cause an out-of-bounds memory access. A user with read-only credentials can exploit the issue. Version 5.9.2 contains a patch. Users should use strong SNMPv3 credentials and avoid sharing the credentials. Those who must use SNMPv1 or SNMPv2c should use a complex community string and enhance the protection by restricting access to a given IP address range. | ||||
| CVE-2021-46886 | 1 Huawei | 1 Emui | 2025-01-16 | 7.5 High |
| The video framework has memory overwriting caused by addition overflow. Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2021-46885 | 1 Huawei | 1 Emui | 2025-01-16 | 7.5 High |
| The video framework has memory overwriting caused by addition overflow. Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2021-46884 | 1 Huawei | 1 Emui | 2025-01-16 | 7.5 High |
| The video framework has memory overwriting caused by addition overflow. Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2021-46883 | 1 Huawei | 1 Emui | 2025-01-16 | 7.5 High |
| The video framework has memory overwriting caused by addition overflow. Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2021-46882 | 1 Huawei | 1 Emui | 2025-01-16 | 7.5 High |
| The video framework has memory overwriting caused by addition overflow. Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2021-46881 | 1 Huawei | 1 Emui | 2025-01-16 | 7.5 High |
| The video framework has memory overwriting caused by addition overflow. Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2023-43526 | 1 Qualcomm | 76 Ar8035, Ar8035 Firmware, Fastconnect 7800 and 73 more | 2025-01-15 | 6.7 Medium |
| Memory corruption while querying module parameters from Listen Sound model client in kernel from user space. | ||||
| CVE-2023-43524 | 1 Qualcomm | 114 Ar8035, Ar8035 Firmware, Fastconnect 6800 and 111 more | 2025-01-15 | 6.7 Medium |
| Memory corruption when the bandpass filter order received from AHAL is not within the expected range. | ||||
| CVE-2024-25817 | 1 Eza.rock | 1 Eza | 2025-01-15 | 7.8 High |
| Buffer Overflow vulnerability in eza before version 0.18.2, allows local attackers to execute arbitrary code via the .git/HEAD, .git/refs, and .git/objects components. | ||||
| CVE-2023-2857 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2025-01-15 | 5.3 Medium |
| BLF file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file | ||||
| CVE-2022-22683 | 1 Synology | 3 Diskstation Manager, Media Server, Router Manager | 2025-01-14 | 10 Critical |
| Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in cgi component in Synology Media Server before 1.8.1-2876 allows remote attackers to execute arbitrary code via unspecified vectors. | ||||
| CVE-2022-22687 | 1 Synology | 2 Diskstation Manager, Diskstation Manager Unified Controller | 2025-01-14 | 9.8 Critical |
| Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in Authentication functionality in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via unspecified vectors. | ||||
| CVE-2022-48681 | 1 Huawei | 2 Egrt-00, Egrt-00 Firmware | 2025-01-14 | 7.2 High |
| Some Huawei smart speakers have a memory overflow vulnerability. Successful exploitation of this vulnerability may cause certain functions to fail. | ||||
| CVE-2023-46283 | 1 Siemens | 4 Opcenter Quality, Simatic Pcs Neo, Sinumerik Integrate Runmyhmi \/automotive and 1 more | 2025-01-14 | 7.5 High |
| A vulnerability has been identified in Opcenter Execution Foundation (All versions < V2407), Opcenter Quality (All versions < V2312), SIMATIC PCS neo (All versions < V4.1), SINEC NMS (All versions < V2.0 SP1), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 8), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 3). The affected application contains an out of bounds write past the end of an allocated buffer when handling specific requests on port 4002/tcp. This could allow an attacker to crash the application. The corresponding service is auto-restarted after the crash. | ||||
| CVE-2024-21463 | 1 Qualcomm | 218 Ar8035, Ar8035 Firmware, Fastconnect 6200 and 215 more | 2025-01-13 | 7.3 High |
| Memory corruption while processing Codec2 during v13k decoder pitch synthesis. | ||||