Export limit exceeded: 364697 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (364697 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-51013 1 Netgear 2 R7000p, R7000p Firmware 2025-05-02 5.7 Medium
Netgear R7000P v1.3.3.154 was discovered to contain a stack overflow via the RADIUSAddr%d_wla parameter at wireless.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.
CVE-2024-51015 1 Netgear 2 R7000p, R7000p Firmware 2025-05-02 5.7 Medium
Netgear R7000P v1.3.3.154 was discovered to contain a command injection vulnerability via the device_name2 parameter at operation_mode.cgi. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request.
CVE-2024-51017 1 Netgear 2 R7000p, R7000p Firmware 2025-05-02 5.7 Medium
Netgear R7000P v1.3.3.154 was discovered to contain a stack overflow via the l2tp_user_netmask parameter at l2tp.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.
CVE-2024-51018 1 Netgear 2 R7000p, R7000p Firmware 2025-05-02 5.7 Medium
Netgear R7000P v1.3.3.154 was discovered to contain a stack overflow via the pptp_user_netmask parameter at pptp.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.
CVE-2024-51019 1 Netgear 2 R7000p, R7000p Firmware 2025-05-02 5.7 Medium
Netgear R7000P v1.3.3.154 was discovered to contain a stack overflow via the pppoe_localnetmask parameter at pppoe.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.
CVE-2024-51020 1 Netgear 2 R7000p, R7000p Firmware 2025-05-02 5.7 Medium
Netgear R7000P v1.3.3.154 was discovered to contain a stack overflow via the apn parameter at usbISP_detail_edit.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.
CVE-2024-52028 1 Netgear 2 R7000p, R7000p Firmware 2025-05-02 5.7 Medium
Netgear R7000P v1.3.3.154 was discovered to contain a stack overflow via the pptp_user_netmask parameter at wiz_pptp.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.
CVE-2024-52029 1 Netgear 2 R7000p, R7000p Firmware 2025-05-02 5.7 Medium
Netgear R7000P v1.3.3.154 was discovered to contain a stack overflow via the pptp_user_netmask parameter at genie_pptp.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.
CVE-2024-52030 1 Netgear 2 R7000p, R7000p Firmware 2025-05-02 5.7 Medium
Netgear R7000P v1.3.3.154 was discovered to contain a stack overflow via the pptp_user_netmask parameter at ru_wan_flow.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.
CVE-2017-9844 1 Sap 1 Netweaver 2025-05-02 7.5 High
SAP NetWeaver 7400.12.21.30308 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted serialized Java object in a request to metadatauploader, aka SAP Security Note 2399804. NOTE: The vendor states that the devserver package of Visual Composer deserializes a malicious object that may cause legitimate users accessing a service, either by crashing or flooding the service.
CVE-2022-37912 1 Arubanetworks 2 Arubaos, Sd-wan 2025-05-02 7.2 High
Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities results in the ability to execute arbitrary commands as a privileged user on the underlying operating system.
CVE-2022-37903 1 Arubanetworks 12 7005, 7008, 7010 and 9 more 2025-05-02 7.2 High
A vulnerability exists that allows an authenticated attacker to overwrite an arbitrary file with attacker-controlled content via the web interface. Successful exploitation of this vulnerability could lead to full compromise the underlying host operating system.
CVE-2022-37902 1 Arubanetworks 12 7005, 7008, 7010 and 9 more 2025-05-02 7.2 High
Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities results in the ability to execute arbitrary commands as a privileged user on the underlying operating system.
CVE-2022-24309 1 Mendix 1 Mendix 2025-05-02 6.8 Medium
A vulnerability has been identified in Mendix Runtime V7 (All versions < V7.23.29), Mendix Runtime V8 (All versions < V8.18.16), Mendix Runtime V9 (All versions < V9.13 only with Runtime Custom Setting *DataStorage.UseNewQueryHandler* set to False). If an entity has an association readable by the user, then in some cases, Mendix Runtime may not apply checks for XPath constraints that parse said associations, within apps running on affected versions. A malicious user could use this to dump and manipulate sensitive data.
CVE-2016-1585 1 Canonical 1 Apparmor 2025-05-02 9.8 Critical
In all versions of AppArmor mount rules are accidentally widened when compiled.
CVE-2022-44622 1 Jetbrains 1 Teamcity 2025-05-02 2.7 Low
In JetBrains TeamCity version between 2021.2 and 2022.10 access permissions for secure token health items were excessive
CVE-2022-3023 1 Pingcap 1 Tidb 2025-05-02 9.8 Critical
Use of Externally-Controlled Format String in GitHub repository pingcap/tidb prior to 6.4.0, 6.1.3.
CVE-2024-36742 1 Oneflow 1 Oneflow 2025-05-02 7.5 High
An issue in the oneflow.scatter_nd parameter OneFlow-Inc. Oneflow v0.9.1 allows attackers to cause a Denial of Service (DoS) when index parameter exceeds the range of shape.
CVE-2022-39393 1 Bytecodealliance 1 Wasmtime 2025-05-02 8.6 High
Wasmtime is a standalone runtime for WebAssembly. Prior to versions 2.0.2 and 1.0.2, there is a bug in Wasmtime's implementation of its pooling instance allocator where when a linear memory is reused for another instance the initial heap snapshot of the prior instance can be visible, erroneously to the next instance. This bug has been patched and users should upgrade to Wasmtime 2.0.2 and 1.0.2. Other mitigations include disabling the pooling allocator and disabling the `memory-init-cow`.
CVE-2024-36737 1 Oneflow 1 Oneflow 2025-05-02 7.5 High
Improper input validation in OneFlow-Inc. Oneflow v0.9.1 allows attackers to cause a Denial of Service (DoS) via inputting a negative value into the oneflow.full parameter.