Vulnerabilities (CVE)

Filtered by CWE-120
Total 710 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-28972 3 Fedoraproject, Linux, Netapp 5 Fedora, Linux Kernel, Cloud Backup and 2 more 2024-11-21 7.2 HIGH 6.7 MEDIUM
In drivers/pci/hotplug/rpadlpar_sysfs.c in the Linux kernel through 5.11.8, the RPA PCI Hotplug driver has a user-tolerable buffer overflow when writing a new device name to the driver from userspace, allowing userspace to write data to the kernel stack frame directly. This occurs because add_slot_store and remove_slot_store mishandle drc_name '\0' termination, aka CID-cc7a0bb058b8.
CVE-2021-28202 1 Asus 88 Asmb9-ikvm, Asmb9-ikvm Firmware, E700 G4 and 85 more 2024-11-21 4.0 MEDIUM 4.9 MEDIUM
The Service configuration-2 function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.
CVE-2021-28201 1 Asus 88 Asmb9-ikvm, Asmb9-ikvm Firmware, E700 G4 and 85 more 2024-11-21 4.0 MEDIUM 4.9 MEDIUM
The Service configuration-1 function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.
CVE-2021-28200 1 Asus 88 Asmb9-ikvm, Asmb9-ikvm Firmware, E700 G4 and 85 more 2024-11-21 4.0 MEDIUM 4.9 MEDIUM
The CD media configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.
CVE-2021-28199 1 Asus 88 Asmb9-ikvm, Asmb9-ikvm Firmware, E700 G4 and 85 more 2024-11-21 4.0 MEDIUM 4.9 MEDIUM
The specific function in ASUS BMC’s firmware Web management page (Modify user’s information function) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.
CVE-2021-28198 1 Asus 88 Asmb9-ikvm, Asmb9-ikvm Firmware, E700 G4 and 85 more 2024-11-21 4.0 MEDIUM 4.9 MEDIUM
The Firmware protocol configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.
CVE-2021-28197 1 Asus 88 Asmb9-ikvm, Asmb9-ikvm Firmware, E700 G4 and 85 more 2024-11-21 4.0 MEDIUM 4.9 MEDIUM
The Active Directory configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.
CVE-2021-28196 1 Asus 88 Asmb9-ikvm, Asmb9-ikvm Firmware, E700 G4 and 85 more 2024-11-21 4.0 MEDIUM 4.9 MEDIUM
The specific function in ASUS BMC’s firmware Web management page (Generate SSL certificate function) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.
CVE-2021-28195 1 Asus 88 Asmb9-ikvm, Asmb9-ikvm Firmware, E700 G4 and 85 more 2024-11-21 4.0 MEDIUM 4.9 MEDIUM
The Radius configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.
CVE-2021-28194 1 Asus 88 Asmb9-ikvm, Asmb9-ikvm Firmware, E700 G4 and 85 more 2024-11-21 4.0 MEDIUM 4.9 MEDIUM
The specific function in ASUS BMC’s firmware Web management page (Remote image configuration setting) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.
CVE-2021-28193 1 Asus 88 Asmb9-ikvm, Asmb9-ikvm Firmware, E700 G4 and 85 more 2024-11-21 4.0 MEDIUM 4.9 MEDIUM
The SMTP configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.
CVE-2021-28192 1 Asus 88 Asmb9-ikvm, Asmb9-ikvm Firmware, E700 G4 and 85 more 2024-11-21 4.0 MEDIUM 4.9 MEDIUM
The specific function in ASUS BMC’s firmware Web management page (Remote video storage function) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.
CVE-2021-28191 1 Asus 88 Asmb9-ikvm, Asmb9-ikvm Firmware, E700 G4 and 85 more 2024-11-21 4.0 MEDIUM 4.9 MEDIUM
The Firmware update function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.
CVE-2021-28190 1 Asus 88 Asmb9-ikvm, Asmb9-ikvm Firmware, E700 G4 and 85 more 2024-11-21 4.0 MEDIUM 4.9 MEDIUM
The specific function in ASUS BMC’s firmware Web management page (Generate new certificate function) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.
CVE-2021-28189 1 Asus 6 Asmb8-ikvm, Asmb8-ikvm Firmware, Z10pe-d16 Ws and 3 more 2024-11-21 4.0 MEDIUM 4.9 MEDIUM
The SMTP configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.
CVE-2021-28188 1 Asus 6 Asmb8-ikvm, Asmb8-ikvm Firmware, Z10pe-d16 Ws and 3 more 2024-11-21 4.0 MEDIUM 4.9 MEDIUM
The specific function in ASUS BMC’s firmware Web management page (Modify user’s information function) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.
CVE-2021-28187 1 Asus 6 Asmb8-ikvm, Asmb8-ikvm Firmware, Z10pe-d16 Ws and 3 more 2024-11-21 4.0 MEDIUM 4.9 MEDIUM
The specific function in ASUS BMC’s firmware Web management page (Generate new SSL certificate) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.
CVE-2021-28186 1 Asus 6 Asmb8-ikvm, Asmb8-ikvm Firmware, Z10pe-d16 Ws and 3 more 2024-11-21 4.0 MEDIUM 4.9 MEDIUM
The specific function in ASUS BMC’s firmware Web management page (ActiveX configuration-2 acquisition) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.
CVE-2021-28185 1 Asus 6 Asmb8-ikvm, Asmb8-ikvm Firmware, Z10pe-d16 Ws and 3 more 2024-11-21 4.0 MEDIUM 4.9 MEDIUM
The specific function in ASUS BMC’s firmware Web management page (ActiveX configuration-1 acquisition) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.
CVE-2021-28184 1 Asus 6 Asmb8-ikvm, Asmb8-ikvm Firmware, Z10pe-d16 Ws and 3 more 2024-11-21 4.0 MEDIUM 4.9 MEDIUM
The Active Directory configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.