Total
3194 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-9565 | 1 Dlink | 2 Dir-605l, Dir-605l Firmware | 2024-10-08 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability has been found in D-Link DIR-605L 2.13B01 BETA and classified as critical. Affected by this vulnerability is the function formSetPassword of the file /goform/formSetPassword. The manipulation of the argument curTime leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-9564 | 1 Dlink | 2 Dir-605l, Dir-605l Firmware | 2024-10-08 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability, which was classified as critical, was found in D-Link DIR-605L 2.13B01 BETA. Affected is the function formWlanWizardSetup of the file /goform/formWlanWizardSetup. The manipulation of the argument webpage leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-9563 | 1 Dlink | 2 Dir-605l, Dir-605l Firmware | 2024-10-08 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability, which was classified as critical, has been found in D-Link DIR-605L 2.13B01 BETA. This issue affects the function formWlanSetup_Wizard of the file /goform/formWlanSetup_Wizard. The manipulation of the argument webpage leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-9562 | 1 Dlink | 2 Dir-605l, Dir-605l Firmware | 2024-10-08 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability classified as critical was found in D-Link DIR-605L 2.13B01 BETA. This vulnerability affects the function formSetWizard1/formSetWizard2. The manipulation of the argument curTime leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-9561 | 1 Dlink | 2 Dir-605l, Dir-605l Firmware | 2024-10-08 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability classified as critical has been found in D-Link DIR-605L 2.13B01 BETA. This affects the function formSetWAN_Wizard51/formSetWAN_Wizard52. The manipulation of the argument curTime leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-9559 | 1 Dlink | 2 Dir-605l, Dir-605l Firmware | 2024-10-08 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was found in D-Link DIR-605L 2.13B01 BETA. It has been classified as critical. Affected is the function formWlanSetup of the file /goform/formWlanSetup. The manipulation of the argument webpage leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-9557 | 1 Dlink | 2 Dir-605l, Dir-605l Firmware | 2024-10-08 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability has been found in D-Link DIR-605L 2.13B01 BETA and classified as critical. This vulnerability affects the function formSetWanPPPoE of the file /goform/formSetWanPPPoE. The manipulation of the argument webpage leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-9556 | 1 Dlink | 2 Dir-605l, Dir-605l Firmware | 2024-10-08 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability, which was classified as critical, was found in D-Link DIR-605L 2.13B01 BETA. This affects the function formSetEnableWizard of the file /goform/formSetEnableWizard. The manipulation of the argument curTime leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-9558 | 1 Dlink | 2 Dir-605l, Dir-605l Firmware | 2024-10-08 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was found in D-Link DIR-605L 2.13B01 BETA and classified as critical. This issue affects the function formSetWanPPTP of the file /goform/formSetWanPPTP. The manipulation of the argument webpage leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-9555 | 1 Dlink | 2 Dir-605l, Dir-605l Firmware | 2024-10-08 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability, which was classified as critical, has been found in D-Link DIR-605L 2.13B01 BETA. Affected by this issue is the function formSetEasy_Wizard of the file /goform/formSetEasy_Wizard. The manipulation of the argument curTime leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2022-49040 | 1 Synology | 1 Drive Client | 2024-10-08 | N/A | 4.4 MEDIUM |
| Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in connection management functionality in Synology Drive Client before 3.4.0-15721 allows local users with administrator privileges to crash the client via unspecified vectors. | |||||
| CVE-2022-49041 | 1 Synology | 1 Drive Client | 2024-10-08 | N/A | 4.4 MEDIUM |
| Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in backup task management functionality in Synology Drive Client before 3.4.0-15721 allows local users with administrator privileges to crash the client via unspecified vectors. | |||||
| CVE-2023-52946 | 1 Synology | 1 Drive Client | 2024-10-08 | N/A | 8.2 HIGH |
| Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in vss service component in Synology Drive Client before 3.5.0-16084 allows remote attackers to overwrite trivial buffers and crash the client via unspecified vectors. | |||||
| CVE-2024-41176 | 1 Beckhoff | 2 Mdp Package, Twincat\/bsd | 2024-10-01 | N/A | 7.3 HIGH |
| The MPD package included in TwinCAT/BSD allows an authenticated, low-privileged local attacker to induce a Denial-of-Service (DoS) condition on the daemon and execute code in the context of user “root” via a crafted HTTP request. | |||||
| CVE-2024-23972 | 1 Sony | 2 Xav-ax5500, Xav-ax5500 Firmware | 2024-09-30 | N/A | 6.8 MEDIUM |
| Sony XAV-AX5500 USB Configuration Descriptor Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Sony XAV-AX5500 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the USB host driver. A crafted USB configuration descriptor can trigger an overflow of a fixed-length buffer. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-23185 | |||||
| CVE-2024-9088 | 1 Razormist | 1 Telecom Billing Management System | 2024-09-26 | 5.8 MEDIUM | 9.8 CRITICAL |
| A vulnerability has been found in SourceCodester Telecom Billing Management System 1.0 and classified as critical. This vulnerability affects the function login. The manipulation of the argument uname leads to buffer overflow. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-23934 | 2024-09-26 | N/A | 8.8 HIGH | ||
| Sony XAV-AX5500 WMV/ASF Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sony XAV-AX5500 devices. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of WMV/ASF files. A crafted Extended Content Description Object in a WMV media file can trigger an overflow of a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the device. . Was ZDI-CAN-22994. | |||||
| CVE-2024-23933 | 2024-09-26 | N/A | 6.8 MEDIUM | ||
| Sony XAV-AX5500 CarPlay TLV Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Sony XAV-AX5500 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the Apple CarPlay protocol. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-23238 | |||||
| CVE-2024-41433 | 2024-09-25 | N/A | 9.8 CRITICAL | ||
| PingCAP TiDB v8.1.0 was discovered to contain a buffer overflow via the component expression.ExplainExpressionList. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. NOTE: PingCAP maintains that the actual reproduction of this issue did not cause the security impact of service interruption to other users. They argue that this is a complex query bug and not a DoS vulnerability. | |||||
| CVE-2024-34057 | 2 Siemens, Trianglemicroworks | 9 Sicam A8000, Sicam A8000 Firmware, Sicam Egs and 6 more | 2024-09-25 | N/A | 7.5 HIGH |
| Triangle Microworks TMW IEC 61850 Client source code libraries before 12.2.0 lack a buffer size check when processing received messages. The resulting buffer overflow can cause a crash, resulting in a denial of service. | |||||