Vulnerabilities (CVE)

Filtered by CWE-120
Total 710 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-57577 1 Tenda 2 Ac18, Ac18 Firmware 2025-03-17 N/A 5.7 MEDIUM
Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the speed_dir parameter in the formSetSpeedWan function.
CVE-2024-25373 1 Tenda 2 Ac10, Ac10 Firmware 2025-03-17 N/A 4.6 MEDIUM
Tenda AC10V4.0 V16.03.10.20 was discovered to contain a stack overflow via the page parameter in the sub_49B384 function.
CVE-2024-27878 1 Apple 1 Macos 2025-03-13 N/A 6.7 MEDIUM
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.6. An app with root privileges may be able to execute arbitrary code with kernel privileges.
CVE-2023-52365 1 Huawei 2 Emui, Harmonyos 2025-03-13 N/A 5.3 MEDIUM
Out-of-bounds read vulnerability in the smart activity recognition module.Successful exploitation of this vulnerability may cause features to perform abnormally.
CVE-2023-52364 1 Huawei 2 Emui, Harmonyos 2025-03-13 N/A 6.3 MEDIUM
Vulnerability of input parameters being not strictly verified in the RSMC module. Impact: Successful exploitation of this vulnerability may cause out-of-bounds write.
CVE-2023-52551 1 Huawei 2 Emui, Harmonyos 2025-03-13 N/A 5.3 MEDIUM
Vulnerability of data verification errors in the kernel module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2025-25900 2025-03-13 N/A 4.9 MEDIUM
A buffer overflow vulnerability was discovered in TP-Link TL-WR841ND V11 via the username and password parameters at /userRpm/PPPoEv6CfgRpm.htm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted packet.
CVE-2023-20624 2 Google, Mediatek 16 Android, Mt6789, Mt6833 and 13 more 2025-03-06 N/A 6.7 MEDIUM
In vow, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628530; Issue ID: ALPS07628530.
CVE-2025-0689 2025-03-05 N/A 6.4 MEDIUM
When reading data from disk, the grub's UDF filesystem module utilizes the user controlled data length metadata to allocate its internal buffers. In certain scenarios, while iterating through disk sectors, it assumes the read size from the disk is always smaller than the allocated buffer size which is not guaranteed. A crafted filesystem image may lead to a heap-based buffer overflow resulting in critical data to be corrupted, resulting in the risk of arbitrary code execution by-passing secure boot protections.
CVE-2023-1161 1 Wireshark 1 Wireshark 2025-03-05 N/A 6.3 MEDIUM
ISO 15765 and ISO 10681 dissector crash in Wireshark 4.0.0 to 4.0.3 and 3.6.0 to 3.6.11 allows denial of service via packet injection or crafted capture file
CVE-2025-1899 1 Tenda 2 Tx3, Tx3 Firmware 2025-03-05 6.8 MEDIUM 6.5 MEDIUM
A vulnerability has been found in Tenda TX3 16.03.13.11_multi and classified as critical. Affected by this vulnerability is an unknown functionality of the file /goform/setPptpUserList. The manipulation of the argument list leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-1895 1 Tenda 2 Tx3, Tx3 Firmware 2025-03-05 6.8 MEDIUM 6.5 MEDIUM
A vulnerability classified as critical has been found in Tenda TX3 16.03.13.11_multi. This affects an unknown part of the file /goform/setMacFilterCfg. The manipulation of the argument deviceList leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2024-5463 1 Synology 4 Bc500, Bc500 Firmware, Tc500 and 1 more 2025-03-04 N/A 6.5 MEDIUM
A vulnerability regarding buffer copy without checking the size of input ('Classic Buffer Overflow') has been found in the login component. This allows remote attackers to conduct denial-of-service attacks via unspecified vectors. This attack only affects the login service which will automatically restart. The following models with Synology Camera Firmware versions before 1.1.1-0383 may be affected: BC500 and TC500.
CVE-2025-1898 2025-03-04 6.8 MEDIUM 6.5 MEDIUM
A vulnerability, which was classified as critical, was found in Tenda TX3 16.03.13.11_multi. Affected is an unknown function of the file /goform/openSchedWifi. The manipulation of the argument schedStartTime/schedEndTime leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-1897 2025-03-04 6.8 MEDIUM 6.5 MEDIUM
A vulnerability, which was classified as critical, has been found in Tenda TX3 16.03.13.11_multi. This issue affects some unknown processing of the file /goform/SetNetControlList. The manipulation of the argument list leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-1896 2025-03-04 6.8 MEDIUM 6.5 MEDIUM
A vulnerability classified as critical was found in Tenda TX3 16.03.13.11_multi. This vulnerability affects unknown code of the file /goform/SetStaticRouteCfg. The manipulation of the argument list leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-1786 2025-03-03 4.3 MEDIUM 5.3 MEDIUM
A vulnerability was found in rizinorg rizin up to 0.7.4. It has been rated as critical. This issue affects the function msf_stream_directory_free in the library /librz/bin/pdb/pdb.c. The manipulation of the argument -P leads to buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. Upgrading to version 0.8.0 is able to address this issue. It is recommended to upgrade the affected component.
CVE-2025-25280 2025-03-03 N/A 5.3 MEDIUM
Buffer overflow vulnerability exists in FutureNet AS series (Industrial Routers) and FA series (Protocol Conversion Machine) provided by Century Systems Co., Ltd. If this vulnerability is exploited, a remote unauthenticated attacker may reboot the device by sending a specially crafted request.
CVE-2024-2331 1 Razormist 1 Tourist Reservation System 2025-02-26 6.5 MEDIUM 6.3 MEDIUM
A vulnerability was found in SourceCodester Tourist Reservation System 1.0. It has been declared as critical. This vulnerability affects the function ad_writedata of the file System.cpp. The manipulation of the argument ad_code leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-256282 is the identifier assigned to this vulnerability.
CVE-2025-25474 2025-02-20 N/A 6.5 MEDIUM
DCMTK v3.6.9+ DEV was discovered to contain a buffer overflow via the component /dcmimgle/diinpxt.h.