Search Results (20405 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-29176 1 Dell 11 Apex Protection Storage, Data Domain Operating System, Dd3300 and 8 more 2024-11-21 8.8 High
Dell PowerProtect DD, version(s) 8.0, 7.13.1.0, 7.10.1.30, 7.7.5.40, contain(s) an Out-of-bounds Write vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Code execution.
CVE-2024-28970 1 Dell 28 G7 7500, G7 7500 Firmware, G7 7700 and 25 more 2024-11-21 4.7 Medium
Dell Client BIOS contains an Out-of-bounds Write vulnerability. A local authenticated malicious user with admin privileges could potentially exploit this vulnerability, leading to platform denial of service.
CVE-2024-28553 1 Tenda 1 Ac18 Firmware 2024-11-21 9.8 Critical
Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in the entrys parameter fromAddressNat function.
CVE-2024-28535 1 Tenda 1 Ac18 Firmware 2024-11-21 8 High
Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in the mitInterface parameter of fromAddressNat function.
CVE-2024-27459 1 Openvpn 1 Openvpn 2024-11-21 7.8 High
The interactive service in OpenVPN 2.6.9 and earlier allows an attacker to send data causing a stack overflow which can be used to execute arbitrary code with more privileges.
CVE-2024-25448 1 Enlightenment 1 Imlib2 2024-11-21 8.8 High
An issue in the imlib_free_image_and_decache function of imlib2 v1.9.1 allows attackers to cause a heap buffer overflow via parsing a crafted image.
CVE-2024-24920 1 Siemens 1 Simcenter Femap 2024-11-21 7.8 High
A vulnerability has been identified in Simcenter Femap (All versions < V2401.0000). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted Catia MODEL file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21710)
CVE-2024-24623 1 Softaculous 1 Webuzo 2024-11-21 8.8 High
Softaculous Webuzo contains a command injection vulnerability in the FTP management functionality. A remote, authenticated attacker can exploit this vulnerability to gain code execution on the system.
CVE-2024-24622 1 Softaculous 1 Webuzo 2024-11-21 8.8 High
Softaculous Webuzo contains a command injection in the password reset functionality. A remote, authenticated attacker can exploit this vulnerability to gain code execution on the system.
CVE-2024-24328 1 Totolink 2 A3300r, A3300r Firmware 2024-11-21 9.8 Critical
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the enable parameter in the setMacFilterRules function.
CVE-2024-24326 1 Totolink 2 A3300r, A3300r Firmware 2024-11-21 9.8 Critical
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the arpEnable parameter in the setStaticDhcpRules function.
CVE-2024-23812 1 Siemens 1 Sinec Nms 2024-11-21 8 High
A vulnerability has been identified in SINEC NMS (All versions < V2.0 SP1). The affected application incorrectly neutralizes special elements when creating a report which could lead to command injection.
CVE-2024-23804 1 Siemens 1 Tecnomatix Plant Simulation 2024-11-21 7.8 High
A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0012), Tecnomatix Plant Simulation V2302 (All versions < V2302.0006). The affected applications contain a stack overflow vulnerability while parsing specially crafted PSOBJ files. This could allow an attacker to execute code in the context of the current process.
CVE-2024-23798 1 Siemens 1 Tecnomatix Plant Simulation 2024-11-21 7.8 High
A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0012), Tecnomatix Plant Simulation V2302 (All versions < V2302.0006). The affected applications contain a stack overflow vulnerability while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process.
CVE-2024-23797 1 Siemens 1 Tecnomatix Plant Simulation 2024-11-21 7.8 High
A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0012), Tecnomatix Plant Simulation V2302 (All versions < V2302.0006). The affected applications contain a stack overflow vulnerability while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process.
CVE-2024-23796 1 Siemens 1 Tecnomatix Plant Simulation 2024-11-21 7.8 High
A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0012), Tecnomatix Plant Simulation V2302 (All versions < V2302.0006). The affected application is vulnerable to heap-based buffer overflow while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process.
CVE-2024-23110 1 Fortinet 1 Fortios 2024-11-21 7.4 High
A stack-based buffer overflow in Fortinet FortiOS version 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, 6.0 all versions allows attacker to execute unauthorized code or commands via specially crafted commands
CVE-2024-23058 1 Totolink 2 A3300r, A3300r Firmware 2024-11-21 9.8 Critical
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the pass parameter in the setTr069Cfg function.
CVE-2024-23057 1 Totolink 2 A3300r, A3300r Firmware 2024-11-21 9.8 Critical
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the tz parameter in the setNtpCfg function.
CVE-2024-22916 1 Dlink 2 Go-rt-ac750, Go-rt-ac750 Firmware 2024-11-21 9.8 Critical
In D-LINK Go-RT-AC750 v101b03, the sprintf function in the sub_40E700 function within the cgibin is susceptible to stack overflow.