| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Znuny before LTS 6.5.1 through 6.5.10 and 7.0.1 through 7.0.16 allows DoS/ReDos via email. Parsing the content of emails where HTML code is copied from Microsoft Word could lead to high CPU usage and block the parsing process. |
| An issue was discovered in Samsung Mobile Processor Exynos Wearable Processor Exynos 980, Exynos 850, Exynos 1080, Exynos 1280, Exynos 1380, Exynos 1330, Exynos 1480, Exynos W920, Exynos W930. In the function slsi_rx_scan_ind(), there is no input validation check on a length coming from userspace, which can lead to integer overflow and a potential heap over-read. |
| The issue was addressed with improved bounds checks. This issue is fixed in macOS Sequoia 15.2, watchOS 11.2, tvOS 18.2, iOS 18.2 and iPadOS 18.2. An app may be able to corrupt coprocessor memory. |
| Improper isolation in some Intel(R) Processors stream cache mechanism may allow an authenticated user to potentially enable escalation of privilege via local access. |
| Improper neutralization of quoting syntax in PostgreSQL libpq functions PQescapeLiteral(), PQescapeIdentifier(), PQescapeString(), and PQescapeStringConn() allows a database input provider to achieve SQL injection in certain usage patterns. Specifically, SQL injection requires the application to use the function result to construct input to psql, the PostgreSQL interactive terminal. Similarly, improper neutralization of quoting syntax in PostgreSQL command line utility programs allows a source of command line arguments to achieve SQL injection when client_encoding is BIG5 and server_encoding is one of EUC_TW or MULE_INTERNAL. Versions before PostgreSQL 17.3, 16.7, 15.11, 14.16, and 13.19 are affected. |
| By manipulating the fullscreen feature while opening a data-list, an attacker could have overlaid a text box over the address bar. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 127. |
| Object corruption in V8 in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High) |
| Tenda FH1205 v2.0.0.7(775) has a stack overflow vulnerability in the security_5g parameter from formWifiBasicSet function. |
| Tenda FH1205 v2.0.0.7(775) has a stack overflow vulnerability in the security parameter from the formWifiBasicSet function. |
| Tenda F1202 v1.2.0.20(408) has a stack overflow vulnerability via the mitInterface parameter in the fromAddressNat function. |
| Tenda F1202 v1.2.0.20(408) has a stack overflow vulnerability via the PPPOEPassword parameter in the formQuickIndex function. |
| Tenda F1202 v1.2.0.20(408) has a stack overflow vulnerability via the entrys parameter in the fromAddressNat function. |
| Tenda F1202 v1.2.0.20(408) has a stack overflow vulnerability in the page parameter of fromAddressNat function. |
| Tenda FH1205 v2.0.0.7(775) has a stack overflow vulnerability in the mitInterface parameter from fromAddressNat function. |
| Tenda FH1205 v2.0.0.7(775) has a stack overflow vulnerability in the page parameter from fromDhcpListClient function. |
| Tenda FH1205 v2.0.0.7(775) has a stack overflow vulnerability in the list1 parameter from fromDhcpListClient function. |
| Tenda FH1205 v2.0.0.7(775) has a stack overflow vulnerability in the urls parameter from saveParentControlInfo function. |
| Tenda FH1205 v2.0.0.7(775) has a stack overflow vulnerability in the entrys parameter from fromAddressNat function. |
| Tenda FH1205 v2.0.0.7(775) has a stack overflow vulnerability in the schedEndTime parameter from setSchedWifi function. |
| Tenda FH1205 v2.0.0.7(775) has a stack overflow vulnerability in the deviceId parameter from saveParentControlInfo function. |
