Export limit exceeded: 19010 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 20396 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (20396 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-38621 | 1 Linux | 1 Linux Kernel | 2025-11-04 | 7.1 High |
| In the Linux kernel, the following vulnerability has been resolved: media: stk1160: fix bounds checking in stk1160_copy_video() The subtract in this condition is reversed. The ->length is the length of the buffer. The ->bytesused is how many bytes we have copied thus far. When the condition is reversed that means the result of the subtraction is always negative but since it's unsigned then the result is a very high positive value. That means the overflow check is never true. Additionally, the ->bytesused doesn't actually work for this purpose because we're not writing to "buf->mem + buf->bytesused". Instead, the math to calculate the destination where we are writing is a bit involved. You calculate the number of full lines already written, multiply by two, skip a line if necessary so that we start on an odd numbered line, and add the offset into the line. To fix this buffer overflow, just take the actual destination where we are writing, if the offset is already out of bounds print an error and return. Otherwise, write up to buf->length bytes. | ||||
| CVE-2024-36016 | 2 Linux, Redhat | 6 Linux Kernel, Enterprise Linux, Rhel Aus and 3 more | 2025-11-04 | 7.7 High |
| In the Linux kernel, the following vulnerability has been resolved: tty: n_gsm: fix possible out-of-bounds in gsm0_receive() Assuming the following: - side A configures the n_gsm in basic option mode - side B sends the header of a basic option mode frame with data length 1 - side A switches to advanced option mode - side B sends 2 data bytes which exceeds gsm->len Reason: gsm->len is not used in advanced option mode. - side A switches to basic option mode - side B keeps sending until gsm0_receive() writes past gsm->buf Reason: Neither gsm->state nor gsm->len have been reset after reconfiguration. Fix this by changing gsm->count to gsm->len comparison from equal to less than. Also add upper limit checks against the constant MAX_MRU in gsm0_receive() and gsm1_receive() to harden against memory corruption of gsm->len and gsm->mru. All other checks remain as we still need to limit the data according to the user configuration and actual payload size. | ||||
| CVE-2024-32937 | 1 Grandstream | 2 Gxp2135, Gxp2135 Firmware | 2025-11-04 | 8.1 High |
| An os command injection vulnerability exists in the CWMP SelfDefinedTimeZone functionality of Grandstream GXP2135 1.0.9.129, 1.0.11.74 and 1.0.11.79. A specially crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of malicious packets to trigger this vulnerability. | ||||
| CVE-2024-21778 | 3 Level1, Levelone, Realtek | 5 Wbr-6013, Wbr-6013 Firmware, Wbr-6013 and 2 more | 2025-11-04 | 7.2 High |
| A heap-based buffer overflow vulnerability exists in the configuration file mib_init_value_array functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted .dat file can lead to arbitrary code execution. An attacker can upload a malicious file to trigger this vulnerability. | ||||
| CVE-2023-52628 | 2 Linux, Redhat | 3 Linux Kernel, Enterprise Linux, Rhel Eus | 2025-11-04 | 7.1 High |
| In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: exthdr: fix 4-byte stack OOB write If priv->len is a multiple of 4, then dst[len / 4] can write past the destination array which leads to stack corruption. This construct is necessary to clean the remainder of the register in case ->len is NOT a multiple of the register size, so make it conditional just like nft_payload.c does. The bug was added in 4.1 cycle and then copied/inherited when tcp/sctp and ip option support was added. Bug reported by Zero Day Initiative project (ZDI-CAN-21950, ZDI-CAN-21951, ZDI-CAN-21961). | ||||
| CVE-2023-50383 | 3 Level1, Level One, Realtek | 5 Wbr-6013, Wbr-6013 Firmware, Wbr6013 and 2 more | 2025-11-04 | 7.2 High |
| Three os command injection vulnerabilities exist in the boa formWsc functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of HTTP requests can lead to arbitrary command execution. An attacker can send a series of HTTP requests to trigger these vulnerabilities.This command injection is related to the `localPin` request's parameter. | ||||
| CVE-2023-50382 | 3 Level1, Levelone, Realtek | 5 Wbr-6013, Wbr-6013 Firmware, Wbr-6013 and 2 more | 2025-11-04 | 7.2 High |
| Three os command injection vulnerabilities exist in the boa formWsc functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of HTTP requests can lead to arbitrary command execution. An attacker can send a series of HTTP requests to trigger these vulnerabilities.This command injection is related to the `peerPin` request's parameter. | ||||
| CVE-2023-50381 | 3 Level1, Level One, Realtek | 5 Wbr-6013, Wbr-6013 Firmware, Wbr6013 and 2 more | 2025-11-04 | 7.2 High |
| Three os command injection vulnerabilities exist in the boa formWsc functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of HTTP requests can lead to arbitrary command execution. An attacker can send a series of HTTP requests to trigger these vulnerabilities.This command injection is related to the `targetAPSsid` request's parameter. | ||||
| CVE-2023-50330 | 3 Level1, Levelone, Realtek | 5 Wbr-6013, Wbr-6013 Firmware, Wbr-6013 and 2 more | 2025-11-04 | 7.2 High |
| A stack-based buffer overflow vulnerability exists in the boa getInfo functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can send a series of HTTP requests to trigger this vulnerability. | ||||
| CVE-2023-50244 | 3 Level1, Level One, Realtek | 5 Wbr-6013, Wbr-6013 Firmware, Wbr6013 and 2 more | 2025-11-04 | 7.2 High |
| Two stack-based buffer overflow vulnerabilities exist in the boa formIpQoS functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can send a series of HTTP requests to trigger these vulnerabilities.This stack-based buffer overflow is related to the `entry_name` request's parameter. | ||||
| CVE-2023-50243 | 3 Level1, Level One, Realtek | 5 Wbr-6013, Wbr-6013 Firmware, Wbr6013 and 2 more | 2025-11-04 | 7.2 High |
| Two stack-based buffer overflow vulnerabilities exist in the boa formIpQoS functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can send a series of HTTP requests to trigger these vulnerabilities.This stack-based buffer overflow is related to the `comment` request's parameter. | ||||
| CVE-2023-50240 | 3 Level1, Level One, Realtek | 5 Wbr-6013, Wbr-6013 Firmware, Wbr6013 and 2 more | 2025-11-04 | 7.2 High |
| Two stack-based buffer overflow vulnerabilities exist in the boa set_RadvdInterfaceParam functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of network requests can lead to remote code execution. An attacker can send a sequence of requests to trigger these vulnerabilities.This stack-based buffer overflow is related to the `AdvDefaultPreference` request's parameter. | ||||
| CVE-2023-50239 | 3 Level1, Level One, Realtek | 5 Wbr-6013, Wbr-6013 Firmware, Wbr6013 and 2 more | 2025-11-04 | 7.2 High |
| Two stack-based buffer overflow vulnerabilities exist in the boa set_RadvdInterfaceParam functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of network requests can lead to remote code execution. An attacker can send a sequence of requests to trigger these vulnerabilities.This stack-based buffer overflow is related to the `interfacename` request's parameter. | ||||
| CVE-2023-49867 | 3 Level1, Level One, Realtek | 5 Wbr-6013, Wbr-6013 Firmware, Wbr6013 and 2 more | 2025-11-04 | 7.2 High |
| A stack-based buffer overflow vulnerability exists in the boa formWsc functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can send a series of HTTP requests to trigger this vulnerability. | ||||
| CVE-2023-49595 | 3 Level1, Level One, Realtek | 5 Wbr-6013, Wbr-6013 Firmware, Wbr6013 and 2 more | 2025-11-04 | 7.2 High |
| A stack-based buffer overflow vulnerability exists in the boa rollback_control_code functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of network requests can lead to arbitrary code execution. An attacker can send a sequence of requests to trigger this vulnerability. | ||||
| CVE-2023-49073 | 3 Level1, Level One, Realtek | 5 Wbr-6013, Wbr-6013 Firmware, Wbr6013 and 2 more | 2025-11-04 | 7.2 High |
| A stack-based buffer overflow vulnerability exists in the boa formFilter functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of HTTP requests can lead to arbitrary code execution. An attacker can send a sequence of requests to trigger this vulnerability. | ||||
| CVE-2023-48270 | 3 Level1, Level One, Realtek | 5 Wbr-6013, Wbr-6013 Firmware, Wbr6013 and 2 more | 2025-11-04 | 7.2 High |
| A stack-based buffer overflow vulnerability exists in the boa formDnsv6 functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of network requests can lead to arbitrary code execution. An attacker can send a sequence of requests to trigger this vulnerability. | ||||
| CVE-2023-47856 | 3 Level1, Level One, Realtek | 5 Wbr-6013, Wbr-6013 Firmware, Wbr6013 and 2 more | 2025-11-04 | 7.2 High |
| A stack-based buffer overflow vulnerability exists in the boa set_RadvdPrefixParam functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of network requests can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability. | ||||
| CVE-2023-47212 | 3 Fedoraproject, Nothings, Stb Vorbis Project | 3 Fedora, Stb Vorbis.c, Stb Vorbis | 2025-11-04 | 9.8 Critical |
| A heap-based buffer overflow vulnerability exists in the comment functionality of stb _vorbis.c v1.22. A specially crafted .ogg file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability. | ||||
| CVE-2023-45215 | 3 Level1, Level One, Realtek | 5 Wbr-6013, Wbr-6013 Firmware, Wbr6013 and 2 more | 2025-11-04 | 7.2 High |
| A stack-based buffer overflow vulnerability exists in the boa setRepeaterSsid functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of network requests can lead to arbitrary code execution. An attacker can send a sequence of requests to trigger this vulnerability. | ||||