Total
8576 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-3933 | 1 Eclipse | 1 Openj9 | 2025-01-09 | 5.3 Medium |
| In Eclipse OpenJ9 release versions prior to 0.44.0 and after 0.13.0, when running with JVM option -Xgc:concurrentScavenge, the sequence generated for System.arrayCopy on the IBM Z platform with hardware and software support for guarded storage [1], could allow access to a buffer with an incorrect length value when executing an arraycopy sequence while the Concurrent Scavenge Garbage Collection cycle is active and the source and destination memory regions for arraycopy overlap. This allows read and write to addresses beyond the end of the array range. | ||||
| CVE-2023-25752 | 2 Mozilla, Redhat | 8 Firefox, Firefox Esr, Thunderbird and 5 more | 2025-01-09 | 6.5 Medium |
| When accessing throttled streams, the count of available bytes needed to be checked in the calling function to be within bounds. This may have lead future code to be incorrect and vulnerable. This vulnerability affects Firefox < 111, Firefox ESR < 102.9, and Thunderbird < 102.9. | ||||
| CVE-2024-35532 | 2025-01-08 | 9.1 Critical | ||
| An XML External Entity (XXE) injection vulnerability in Intersec Geosafe-ea 2022.12, 2022.13, and 2022.14 allows attackers to perform arbitrary file reading under the privileges of the running process, make SSRF requests, or cause a Denial of Service (DoS) via unspecified vectors. | ||||
| CVE-2023-20731 | 3 Google, Linuxfoundation, Mediatek | 46 Android, Yocto, Mt6761 and 43 more | 2025-01-08 | 4.4 Medium |
| In wlan, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07573495; Issue ID: ALPS07573495. | ||||
| CVE-2023-20730 | 3 Google, Linuxfoundation, Mediatek | 8 Android, Yocto, Mt6985 and 5 more | 2025-01-08 | 4.4 Medium |
| In wlan, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07573552; Issue ID: ALPS07573552. | ||||
| CVE-2023-20729 | 3 Google, Linuxfoundation, Mediatek | 8 Android, Yocto, Mt6985 and 5 more | 2025-01-08 | 4.4 Medium |
| In wlan, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07573552; Issue ID: ALPS07573575. | ||||
| CVE-2023-20727 | 3 Google, Linuxfoundation, Mediatek | 20 Android, Yocto, Mt6789 and 17 more | 2025-01-08 | 4.4 Medium |
| In wlan, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07588531; Issue ID: ALPS07588531. | ||||
| CVE-2023-20742 | 2 Google, Mediatek | 48 Android, Mt6735, Mt6737 and 45 more | 2025-01-07 | 4.4 Medium |
| In ril, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628591; Issue ID: ALPS07628540. | ||||
| CVE-2023-20741 | 2 Google, Mediatek | 48 Android, Mt6735, Mt6737 and 45 more | 2025-01-07 | 4.4 Medium |
| In ril, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628591; Issue ID: ALPS07628606. | ||||
| CVE-2023-20728 | 3 Google, Linuxfoundation, Mediatek | 40 Android, Yocto, Mt6781 and 37 more | 2025-01-07 | 4.4 Medium |
| In wlan, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07573603; Issue ID: ALPS07573603. | ||||
| CVE-2023-47583 | 1 Fujielectric | 1 Tellus | 2025-01-07 | 7.8 High |
| Multiple out-of-bounds read vulnerabilities exist in TELLUS Simulator V4.0.17.0 and earlier. If a user opens a specially crafted file (X1 or V9 file), information may be disclosed and/or arbitrary code may be executed. | ||||
| CVE-2023-31278 | 1 Hornerautomation | 2 Cscape, Cscape Envisionrv | 2025-01-07 | 7.8 High |
| Horner Automation Cscape lacks proper validation of user-supplied data when parsing project files (e.g., HMI). This could lead to an out-of-bounds read. An attacker could leverage this vulnerability to potentially execute arbitrary code in the context of the current process. | ||||
| CVE-2023-27916 | 1 Hornerautomation | 2 Cscape, Cscape Envisionrv | 2025-01-07 | 7.8 High |
| The affected application lacks proper validation of user-supplied data when parsing font files (e.g., FNT). This could lead to an out-of-bounds read. An attacker could leverage this vulnerability to potentially execute arbitrary code in the context of the current process. | ||||
| CVE-2023-32545 | 1 Hornerautomation | 2 Cscape, Cscape Envisionrv | 2025-01-07 | 7.8 High |
| The affected application lacks proper validation of user-supplied data when parsing project files (e.g., CSP). This could lead to an out-of-bounds read in Cscape!CANPortMigration. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process. | ||||
| CVE-2023-32289 | 1 Hornerautomation | 2 Cscape, Cscape Envisionrv | 2025-01-07 | 7.8 High |
| The affected application lacks proper validation of user-supplied data when parsing project files (e.g.., CSP). This could lead to an out-of-bounds read in IO_CFG. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process. | ||||
| CVE-2023-32281 | 1 Hornerautomation | 2 Cscape, Cscape Envisionrv | 2025-01-07 | 7.8 High |
| The affected application lacks proper validation of user-supplied data when parsing project files (e.g., CSP). This could lead to an out-of-bounds read in the FontManager. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process. | ||||
| CVE-2024-48457 | 2025-01-07 | 7.5 High | ||
| An issue in Netis Wifi6 Router NX10 2.0.1.3643 and 2.0.1.3582 and Netis Wifi 11AC Router NC65 3.0.0.3749 and Netis Wifi 11AC Router NC63 3.0.0.3327 and 3.0.0.3503 and Netis Wifi 11AC Router NC21 3.0.0.3800, 3.0.0.3500 and 3.0.0.3329 and Netis Wifi Router MW5360 1.0.1.3442 and 1.0.1.3031 allows a remote attacker to obtain sensitive information via the endpoint /cgi-bin/skk_set.cgi and binary /bin/scripts/start_wifi.sh | ||||
| CVE-2024-48456 | 2025-01-07 | 7.5 High | ||
| An issue in Netis Wifi6 Router NX10 2.0.1.3643 and 2.0.1.3582 and Netis Wifi 11AC Router NC65 3.0.0.3749 and Netis Wifi 11AC Router NC63 3.0.0.3327 and 3.0.0.3503 and Netis Wifi 11AC Router NC21 3.0.0.3800, 3.0.0.3500 and 3.0.0.3329 and Netis Wifi Router MW5360 1.0.1.3442 and 1.0.1.3031 allows a remote attacker to obtain sensitive information via the parameter password at the change admin password page at the router web interface. | ||||
| CVE-2023-33537 | 1 Tp-link | 6 Tl-wr740n, Tl-wr740n Firmware, Tl-wr841n and 3 more | 2025-01-07 | 8.1 High |
| TP-Link TL-WR940N V2/V4, TL-WR841N V8/V10, and TL-WR740N V1/V2 was discovered to contain a buffer overflow via the component /userRpm/FixMapCfgRpm. | ||||
| CVE-2023-33536 | 1 Tp-link | 6 Tl-wr740n, Tl-wr740n Firmware, Tl-wr841n and 3 more | 2025-01-07 | 8.1 High |
| TP-Link TL-WR940N V2/V4, TL-WR841N V8/V10, and TL-WR740N V1/V2 was discovered to contain a buffer overflow via the component /userRpm/WlanMacFilterRpm. | ||||