Export limit exceeded: 364308 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (364308 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-46596 | 1 Trendnet | 2 Tew-755ap, Tew-755ap Firmware | 2025-04-11 | 9.8 Critical |
| TRENDnet TEW755AP 1.13B01 was discovered to contain a stack overflow via the del_num parameter in the icp_delete_img (sub_41DEDC) function. | ||||
| CVE-2022-46583 | 1 Trendnet | 2 Tew-755ap, Tew-755ap Firmware | 2025-04-11 | 9.8 Critical |
| TRENDnet TEW755AP 1.13B01 was discovered to contain a stack overflow via the reboot_type parameter in the wizard_ipv6 (sub_41C380) function. | ||||
| CVE-2022-44564 | 1 Huawei | 2 Aslan-al10, Aslan-al10 Firmware | 2025-04-11 | 7.8 High |
| Huawei Aslan Children's Watch has a path traversal vulnerability. Successful exploitation may allow attackers to access or modify protected system resources. | ||||
| CVE-2022-41579 | 1 Huawei | 2 Hota-fara-b19, Hota-fara-b19 Firmware | 2025-04-11 | 6.5 Medium |
| There is an insufficient authentication vulnerability in some Huawei band products. Successful exploit could allow the attacker to spoof then connect to the band. | ||||
| CVE-2022-39012 | 1 Huawei | 2 Aslan-al10, Aslan-al10 Firmware | 2025-04-11 | 7.5 High |
| Huawei Aslan Children's Watch has an improper input validation vulnerability. Successful exploitation may cause the watch's application service abnormal. | ||||
| CVE-2022-2584 | 1 Protocol | 1 Go-codec-dagpb | 2025-04-11 | 7.5 High |
| The dag-pb codec can panic when decoding invalid blocks. | ||||
| CVE-2022-2583 | 1 Gobase Project | 1 Gobase | 2025-04-11 | 3.7 Low |
| A race condition can cause incorrect HTTP request routing. | ||||
| CVE-2022-2582 | 1 Amazon | 1 Aws Software Development Kit | 2025-04-11 | 4.3 Medium |
| The AWS S3 Crypto SDK sends an unencrypted hash of the plaintext alongside the ciphertext as a metadata field. This hash can be used to brute force the plaintext, if the hash is readable to the attacker. AWS now blocks this metadata field, but older SDK versions still send it. | ||||
| CVE-2021-4238 | 2 Goutils Project, Redhat | 5 Goutils, Openshift, Openshift Data Foundation and 2 more | 2025-04-11 | 9.1 Critical |
| Randomly-generated alphanumeric strings contain significantly less entropy than expected. The RandomAlphaNumeric and CryptoRandomAlphaNumeric functions always return strings containing at least one digit from 0 to 9. This significantly reduces the amount of entropy in short strings generated by these functions. | ||||
| CVE-2021-4236 | 1 Web Project | 1 Web | 2025-04-11 | 9.8 Critical |
| Web Sockets do not execute any AuthenticateMethod methods which may be set, leading to a nil pointer dereference if the returned UserData pointer is assumed to be non-nil, or authentication bypass. This issue only affects WebSockets with an AuthenticateMethod hook. Request handlers that do not explicitly use WebSockets are not vulnerable. | ||||
| CVE-2021-4235 | 2 Redhat, Yaml Project | 3 Openshift, Openshift Data Foundation, Yaml | 2025-04-11 | 5.5 Medium |
| Due to unbounded alias chasing, a maliciously crafted YAML file can cause the system to consume significant system resources. If parsing user input, this may be used as a denial of service vector. | ||||
| CVE-2020-36567 | 2 Gin-gonic, Redhat | 3 Gin, Migration Toolkit Applications, Rhmt | 2025-04-11 | 7.5 High |
| Unsanitized input in the default logger in github.com/gin-gonic/gin before v1.6.0 allows remote attackers to inject arbitrary log lines. | ||||
| CVE-2020-36566 | 1 Tar-utils Project | 1 Tar-utils | 2025-04-11 | 9.1 Critical |
| Due to improper path sanitization, archives containing relative file paths can cause files to be written (or overwritten) outside of the target directory. | ||||
| CVE-2020-36564 | 1 Nosurf Project | 1 Nosurf | 2025-04-11 | 7.5 High |
| Due to improper validation of caller input, validation is silently disabled if the provided expected token is malformed, causing any user supplied token to be considered valid. | ||||
| CVE-2020-36563 | 1 Robotsandpencils | 1 Go-saml | 2025-04-11 | 5.3 Medium |
| XML Digital Signatures generated and validated using this package use SHA-1, which may allow an attacker to craft inputs which cause hash collisions depending on their control over the input. | ||||
| CVE-2020-36562 | 1 Dht Project | 1 Dht | 2025-04-11 | 7.5 High |
| Due to unchecked type assertions, maliciously crafted messages can cause panics, which may be used as a denial of service vector. | ||||
| CVE-2020-36561 | 1 Unzip Project | 1 Unzip | 2025-04-11 | 9.1 Critical |
| Due to improper path sanitization, archives containing relative file paths can cause files to be written (or overwritten) outside of the target directory. | ||||
| CVE-2020-36560 | 1 Go-unzip Project | 1 Go-unzip | 2025-04-11 | 9.1 Critical |
| Due to improper path sanitization, archives containing relative file paths can cause files to be written (or overwritten) outside of the target directory. | ||||
| CVE-2020-36559 | 1 Aahframework | 1 Aah | 2025-04-11 | 7.5 High |
| Due to improper sanitization of user input, HTTPEngine.Handle allows for directory traversal, allowing an attacker to read files outside of the target directory that the server has permission to read. | ||||
| CVE-2019-25072 | 1 Tendermint | 1 Tendermint | 2025-04-11 | 7.5 High |
| Due to support of Gzip compression in request bodies, as well as a lack of limiting response body sizes, a malicious server can cause a client to consume a significant amount of system resources, which may be used as a denial of service vector. | ||||