| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Memory safety bugs present in Firefox 115, Firefox ESR 115.0, and Thunderbird 115.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 116, Firefox ESR < 115.1, and Thunderbird < 115.1. |
| Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'), Out-of-bounds Write, Download of Code Without Integrity Check vulnerability in Silicon Labs Gecko Bootloader on ARM (Firmware Update File Parser modules) allows Code Injection, Authentication Bypass.This issue affects "Standalone" and "Application" versions of Gecko Bootloader. |
| An unvalidated input in a library function responsible for communicating between secure and non-secure memory in Silicon Labs TrustZone implementation allows reading/writing of memory in the secure region of memory from the non-secure region of memory. |
| `nuxt-api-party` is an open source module to proxy API requests. The library allows the user to send many options directly to `ofetch`. There is no filter on which options are available. We can abuse the retry logic to cause the server to crash from a stack overflow. fetchOptions are obtained directly from the request body. A malicious user can construct a URL known to not fetch successfully, then set the retry attempts to a high value, this will cause a stack overflow as ofetch error handling works recursively resulting in a denial of service. This issue has been addressed in version 0.22.1. Users are advised to upgrade. Users unable to upgrade should limit ofetch options. |
| Memory Corruption in SIM management while USIMPhase2init |
| Memory Corruption in IMS while calling VoLTE Streamingmedia Interface |
| An unauthenticated local attacker may trick a user to open corrupted project files to execute arbitrary code or crash the system due to an out-of-bounds write vulnerability.
|
| Out of bounds write in firmware for some Intel(R) FPGA products before version 2.9.0 may allow escalation of privilege and information disclosure. |
| Libde265 v1.0.14 was discovered to contain a global buffer overflow vulnerability in the read_coding_unit function at slice.cc. |
| Libde265 v1.0.14 was discovered to contain a heap-buffer-overflow vulnerability in the derive_combined_bipredictive_merging_candidates function at motion.cc. |
| Libde265 v1.0.14 was discovered to contain a heap-buffer-overflow vulnerability in the derive_spatial_luma_vector_prediction function at motion.cc. |
| Tenda AX9 V22.03.01.46 has been found to contain a stack overflow vulnerability in the 'list' parameter at /goform/SetNetControlList. |
| Tenda AX9 V22.03.01.46 has been found to contain a stack overflow vulnerability in the 'list' parameter at /goform/SetVirtualServerCfg. |
| Tenda AX9 V22.03.01.46 has been found to contain a stack overflow vulnerability in the 'list' parameter at /goform/SetStaticRouteCfg. |
| Tenda AX12 V22.03.01.46 was discovered to contain a stack overflow via the list parameter at /goform/SetStaticRouteCfg. |
| Tenda AX12 V22.03.01.46 was discovered to contain a stack overflow via the deviceList parameter at /goform/setMacFilterCfg . |
| Tenda AX12 V22.03.01.46 was discovered to contain a stack overflow via the list parameter at /goform/SetVirtualServerCfg. |
| TOTOLink A7000R V9.1.0u.6115_B20201022has a stack overflow vulnerability via setIpPortFilterRules. |
| Tenda W30E V16.01.0.12(4843) contains a stack overflow vulnerability via the function formDeleteMeshNode. |
| Tenda W30E V16.01.0.12(4843) was discovered to contain a stack overflow via the function via the function set_wan_status. |
