Total
992 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2024-30622 | 2024-08-13 | N/A | 9.8 CRITICAL | ||
Tenda FH1205 v2.0.0.7(775) has a stack overflow vulnerability in the mitInterface parameter from fromAddressNat function. | |||||
CVE-2023-50809 | 2024-08-13 | N/A | 7.8 HIGH | ||
In certain Sonos products before S1 Release 11.12 and S2 release 15.9, the mt_7615.ko wireless driver does not properly validate an information element during negotiation of a WPA2 four-way handshake. This lack of validation leads to a stack buffer overflow. This can result in remote code execution within the kernel. This affects Amp, Arc, Arc SL, Beam, Beam Gen 2, Beam SL, and Five. | |||||
CVE-2024-7502 | 1 Deltaww | 1 Diascreen | 2024-08-12 | N/A | 7.8 HIGH |
A crafted DPA file could force Delta Electronics DIAScreen to overflow a stack-based buffer, which could allow an attacker to execute arbitrary code. | |||||
CVE-2024-31203 | 1 Proges | 1 Thermoscan Ip | 2024-08-12 | N/A | 5.5 MEDIUM |
A “CWE-121: Stack-based Buffer Overflow” in the wd210std.dll dynamic library packaged with the ThermoscanIP installer allows a local attacker to possibly trigger a Denial-of-Service (DoS) condition on the target component. | |||||
CVE-2019-16641 | 2024-08-12 | N/A | 8.4 HIGH | ||
An issue was found on the Ruijie EG-2000 series gateway. There is a buffer overflow in client.so. Consequently, an attacker can use login.php to login to any account, without providing its password. This affects EG-2000SE EG_RGOS 11.1(1)B1. | |||||
CVE-2024-32307 | 2024-08-09 | N/A | 7.4 HIGH | ||
Tenda FH1205 V2.0.0.7(775) firmware has a stack overflow vulnerability located via the PPW parameter in the fromWizardHandle function. | |||||
CVE-2024-40723 | 1 Changingtec | 1 Hwatai Servisign | 2024-08-09 | N/A | 4.3 MEDIUM |
The specific API in HWATAIServiSign Windows Version from CHANGING Information Technology does not properly validate the length of server-side inputs. When a user visits a spoofed website, unauthenticated remote attackers can cause a stack-based buffer overflow in the HWATAIServiSign, temporarily disrupting its service. | |||||
CVE-2024-40722 | 1 Changingtec | 1 Tcb Servisign | 2024-08-09 | N/A | 4.3 MEDIUM |
The specific API in TCBServiSign Windows Version from CHANGING Information Technology does does not properly validate the length of server-side input. When a user visits a spoofed website, unauthenticated remote attackers can cause a stack-based buffer overflow in the TCBServiSign, temporarily disrupting its service. | |||||
CVE-2024-5507 | 1 Luxion | 3 Keyshot, Keyshot Network Rendering, Keyshot Viewer | 2024-08-09 | N/A | 7.8 HIGH |
Luxion KeyShot Viewer KSP File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxion KeyShot Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of KSP files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22266. | |||||
CVE-2024-32317 | 2024-08-08 | N/A | 7.5 HIGH | ||
Tenda AC10 v4.0 V16.03.10.13 and V16.03.10.20 firmware has a stack overflow vulnerability via the adslPwd parameter in the formWanParameterSetting function. | |||||
CVE-2024-34217 | 2024-08-08 | N/A | 7.7 HIGH | ||
TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the addWlProfileClientMode function. | |||||
CVE-2024-35579 | 2024-08-08 | N/A | 7.7 HIGH | ||
Tenda AX1806 v1.0.0.1 contains a stack overflow via the iptv.city.vlan parameter in the function formSetIptv. | |||||
CVE-2024-40414 | 1 Tenda | 2 Ax1806, Ax1806 Firmware | 2024-08-07 | N/A | 9.8 CRITICAL |
A vulnerability in /goform/SetNetControlList in the sub_656BC function in Tenda AX1806 1.0.0.1 firmware leads to stack-based buffer overflow. | |||||
CVE-2024-40416 | 1 Tenda | 2 Ax1806, Ax1806 Firmware | 2024-08-07 | N/A | 9.8 CRITICAL |
A vulnerability in /goform/SetVirtualServerCfg in the sub_6320C function in Tenda AX1806 1.0.0.1 firmware leads to stack-based buffer overflow. | |||||
CVE-2024-7581 | 1 Tendacn | 2 A301, A301 Firmware | 2024-08-07 | 9.0 HIGH | 9.8 CRITICAL |
A vulnerability classified as critical has been found in Tenda A301 15.13.08.12. This affects the function formWifiBasicSet of the file /goform/WifiBasicSet. The manipulation of the argument security leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
CVE-2024-5948 | 1 Deepseaelectronics | 2 Dse855, Dse855 Firmware | 2024-08-07 | N/A | 8.8 HIGH |
Deep Sea Electronics DSE855 Multipart Boundary Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Deep Sea Electronics DSE855 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of multipart boundaries. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-23170. | |||||
CVE-2024-5950 | 1 Deepseaelectronics | 2 Dse855, Dse855 Firmware | 2024-08-07 | N/A | 8.8 HIGH |
Deep Sea Electronics DSE855 Multipart Value Handling Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Deep Sea Electronics DSE855 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of multipart form variables. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-23172. | |||||
CVE-2024-7441 | 1 Vivotek | 2 Sd9364, Sd9364 Firmware | 2024-08-07 | 9.0 HIGH | 9.8 CRITICAL |
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in Vivotek SD9364 VVTK-0103f. It has been declared as critical. This vulnerability affects the function read of the component httpd. The manipulation of the argument Content-Length leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-273526 is the identifier assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed that the affected release tree is end-of-life. | |||||
CVE-2024-33217 | 2024-08-07 | N/A | 7.5 HIGH | ||
Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based buffer overflow vulnerability via the page parameter in ip/goform/addressNat. | |||||
CVE-2024-7439 | 1 Vivotek | 2 Cc8160, Cc8160 Firmware | 2024-08-06 | 9.0 HIGH | 9.8 CRITICAL |
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in Vivotek CC8160 VVTK-0100d and classified as critical. Affected by this issue is the function read of the component httpd. The manipulation of the argument Content-Length leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-273524. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed that the affected release tree is end-of-life. |