CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

7644 matches found

SUSE CVE•added 2024/05/03 2:9 a.m.•4 views

SUSE CVE-2024-27001

In the Linux kernel, the following vulnerability has been resolved: comedi: vmk80xx: fix incomplete endpoint checking While vmk80xx does have endpoint checking implemented, some things can fall through the cracks. Depending on the hardware model, URBs can have either bulk or interrupt type, and...

5.5CVSS6.5AI score0.0028EPSS

Exploits0References16

NVD•added 2024/05/02 4:15 p.m.•14 views

CVE-2024-31963

A vulnerability on Mitel 6800 Series and 6900 Series SIP Phones through 6.3 SP3 HF4, 6900w Series SIP Phone through 6.3.3, and 6970 Conference Unit through 5.1.1 SP8 allows an authenticated attacker to conduct a buffer overflow attack due to insufficient bounds checking and input sanitization. A...

6.4CVSS7.7AI score0.0025EPSS

Exploits0References1

Veracode•added 2024/05/02 10:1 a.m.•10 views

Out-of-Bounds Read

github.com/onosproject/onos-lib-go is vulnerable to Out-of-Bounds Read. The vulnerability is due to improper bounds checking within the parseAlignBits function, which could allow an attacker to trigger an index out-of-range condition resulting in Denial of Service...

8.1CVSS6.8AI score0.00527EPSS

Exploits1References2Affected Software1

Veracode•added 2024/05/02 9:46 a.m.•14 views

Denial Of Service (DoS)

github.com/onosproject/rimedo-ts is vulnerable to Denial Of Service DoS. The vulnerability is due to inadequate bounds checking within reader.go, when accessing elements out of the slice bounds...

7.5CVSS6.8AI score0.00547EPSS

Exploits1References4Affected Software1

CNNVD•added 2024/05/02 12:0 a.m.•5 views

Mitel 6800 SIP 和 6900 SIP 安全漏洞

Mitel 6800 SIP and Mitel 6900 SIP are both products of Mitel Canada.Mitel 6800 SIP is a 6800 SIP series IP phone.Mitel 6900 SIP is a 6900 SIP series IP phone. A security vulnerability exists in the Mitel 6800 SIP and 6900 SIP that stems from insufficient boundary checking, and successful...

6.4CVSS7.2AI score0.0025EPSS

Exploits0References2

RedhatCVE•added 2024/05/01 7:19 p.m.•20 views

CVE-2024-27001

A flaw was found in the vmk80xx module in the Linux kernel. Incomplete endpoint checking can crash the system with paniconwarn, resulting in a denial of service...

5.5CVSS7.9AI score0.0028EPSS

Exploits0References4

NVD•added 2024/05/01 5:15 p.m.•16 views

CVE-2024-20357

A vulnerability in the XML service of Cisco IP Phone firmware could allow an unauthenticated, remote attacker to initiate phone calls on an affected device. This vulnerability exists because bounds-checking does not occur while parsing XML requests. An attacker could exploit this vulnerability by...

5.9CVSS5.8AI score0.00494EPSS

Exploits0References1

CVE•added 2024/05/01 4:27 p.m.•69 views

CVE-2024-23480

CVE-2024-23480 affects Zscaler Client Connector on macOS prior to version 4.2. The vulnerability arises from a fallback mechanism in code-sign checking that could allow arbitrary code execution. Impact is described in sources as potentially total for exploitation paths, with local/low complexity ...

9.8CVSS7.4AI score0.00301EPSS

Exploits0References1Affected Software1

NVD•added 2024/05/01 7:15 a.m.•20 views

CVE-2024-32018

RIOT is a real-time multi-threading operating system that supports a range of devices that are typically 8-bit, 16-bit and 32-bit microcontrollers. Most codebases define assertion macros which compile to a no-op on non-debug builds. If assertions are the only line of defense against untrusted...

9CVSS9.1AI score0.01466EPSS

Exploits2References4

NVD•added 2024/05/01 7:15 a.m.•18 views

CVE-2024-32017

RIOT is a real-time multi-threading operating system that supports a range of devices that are typically 8-bit, 16-bit and 32-bit microcontrollers. The size check in the gcoapdnsserverproxyget function contains a small typo that may lead to a buffer overflow in the subsequent strcpy. In detail, t...

9.8CVSS10AI score0.01476EPSS

Exploits2References5

NVD•added 2024/05/01 7:15 a.m.•10 views

CVE-2024-31225

RIOT is a real-time multi-threading operating system that supports a range of devices that are typically 8-bit, 16-bit and 32-bit microcontrollers. The onrdinit function does not implement a size check before copying data to the resultbuf static buffer. If an attacker can craft a long enough...

9CVSS8.7AI score0.01237EPSS

Exploits2References4

NVD•added 2024/05/01 6:15 a.m.•19 views

CVE-2024-27001

5.5CVSS7.5AI score0.0028EPSS

Exploits0References13

OSV•added 2024/05/01 6:15 a.m.•3 views

DEBIAN-CVE-2024-27001

5.5CVSS5.7AI score0.0028EPSS

Exploits0References1

UbuntuCve•added 2024/05/01 6:15 a.m.•19 views

CVE-2024-27001

5.5CVSS6.3AI score0.0028EPSS

Exploits0References24

OSV•added 2024/05/01 6:15 a.m.•2 views

UBUNTU-CVE-2024-27001

5.5CVSS6.2AI score0.0028EPSS

Exploits0References25

Vulnrichment•added 2024/05/01 6:14 a.m.•25 views

CVE-2024-32018 Ineffective size check due to assert() and buffer overflow in RIOT

8.8CVSS8.2AI score0.01466EPSS

Exploits2References4

CVE•added 2024/05/01 6:14 a.m.•59 views

CVE-2024-32018

CVE-2024-32018 affects RIOT OS, specifically the nimble_scanlist_update() function. The root cause is a len check performed via an assertion, with len subsequently used in memcpy(); if assertions are compiled out, an attacker-controlled len can overflow the fixed-length e->ad buffer. Impact ra...

9CVSS9.7AI score0.01466EPSS

Exploits2References4Affected Software1