Total
992 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-43239 | 1 Dlink | 2 Dir-816 A2, Dir-816 A2 Firmware | 2024-09-25 | N/A | 9.8 CRITICAL |
| D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack overflow via parameter flag_5G in showMACfilterMAC. | |||||
| CVE-2023-43238 | 1 Dlink | 2 Dir-816 A2, Dir-816 A2 Firmware | 2024-09-25 | N/A | 9.8 CRITICAL |
| D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack overflow via parameter nvmacaddr in form2Dhcpip.cgi. | |||||
| CVE-2023-43237 | 1 Dlink | 2 Dir-816 A2, Dir-816 A2 Firmware | 2024-09-25 | N/A | 9.8 CRITICAL |
| D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack overflow via parameter macCloneMac in setMAC. | |||||
| CVE-2023-43236 | 1 Dlink | 2 Dir-816 A2, Dir-816 A2 Firmware | 2024-09-25 | N/A | 9.8 CRITICAL |
| D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack overflow via parameter statuscheckpppoeuser in dir_setWanWifi. | |||||
| CVE-2023-43203 | 1 Dlink | 2 Dwl-6610ap, Dwl-6610ap Firmware | 2024-09-25 | N/A | 9.8 CRITICAL |
| D-LINK DWL-6610 FW_v_4.3.0.8B003C was discovered to contain a stack overflow vulnerability in the function update_users. | |||||
| CVE-2024-45415 | 2024-09-20 | N/A | 9.8 CRITICAL | ||
| The HTTPD binary in multiple ZTE routers has a stack-based buffer overflow vulnerability in check_data_integrity function. This function is responsible for validating the checksum of data in post request. The checksum is sent encrypted in the request, the function decrypts it and stores the checksum on the stack without validating it. An unauthenticated attacker can get RCE as root by exploiting this vulnerability. | |||||
| CVE-2024-45414 | 2024-09-20 | N/A | 9.8 CRITICAL | ||
| The HTTPD binary in multiple ZTE routers has a stack-based buffer overflow vulnerability in webPrivateDecrypt function. This function is responsible for decrypting RSA encrypted ciphertext, the encrypted data is supplied base64 encoded. The decoded ciphertext is stored on the stack without checking its length. An unauthenticated attacker can get RCE as root by exploiting this vulnerability. | |||||
| CVE-2024-45413 | 2024-09-20 | N/A | 8.1 HIGH | ||
| The HTTPD binary in multiple ZTE routers has a stack-based buffer overflow vulnerability in rsa_decrypt function. This function is an API wrapper for LUA to decrypt RSA encrypted ciphertext, the decrypted data is stored on the stack without checking its length. An authenticated attacker can get RCE as root by exploiting this vulnerability. | |||||
| CVE-2024-44589 | 2024-09-20 | N/A | 8.8 HIGH | ||
| Stack overflow vulnerability in the Login function in the HNAP service in D-Link DCS-960L with firmware 1.09 allows attackers to execute of arbitrary code. | |||||
| CVE-2024-46049 | 1 Tenda | 2 O6, O6 Firmware | 2024-09-20 | N/A | 9.8 CRITICAL |
| Tenda O6 V3.0 firmware V1.0.0.7(2054) contains a stack overflow vulnerability in the formexeCommand function. | |||||
| CVE-2024-46047 | 1 Tenda | 2 Fh451, Fh451 Firmware | 2024-09-20 | N/A | 7.5 HIGH |
| Tenda FH451 v1.0.0.9 has a stack overflow vulnerability in the fromDhcpListClient function. | |||||
| CVE-2024-46046 | 1 Tenda | 2 Fh451, Fh451 Firmware | 2024-09-20 | N/A | 9.8 CRITICAL |
| Tenda FH451 v1.0.0.9 has a stack overflow vulnerability located in the RouteStatic function. | |||||
| CVE-2024-46045 | 1 Tenda | 2 Ch22, Ch22 Firmware | 2024-09-20 | N/A | 9.8 CRITICAL |
| Tenda CH22 V1.0.0.6(468) has a stack overflow vulnerability located in the frmL7PlotForm function. | |||||
| CVE-2024-46044 | 1 Tenda | 2 Ch22, Ch22 Firmware | 2024-09-20 | N/A | 9.8 CRITICAL |
| CH22 V1.0.0.6(468) has a stack overflow vulnerability located in the fromqossetting function. | |||||
| CVE-2024-6146 | 1 Actiontec | 2 Wcb6200q, Wcb6200q Firmware | 2024-09-19 | N/A | 8.8 HIGH |
| Actiontec WCB6200Q uh_get_postdata_withupload Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Actiontec WCB6200Q routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HTTP server. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the HTTP server. Was ZDI-CAN-21418. | |||||
| CVE-2024-6144 | 1 Actiontec | 2 Wcb6200q, Wcb6200q Firmware | 2024-09-19 | N/A | 8.8 HIGH |
| Actiontec WCB6200Q Multipart Boundary Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Actiontec WCB6200Q routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HTTP server. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the HTTP server. Was ZDI-CAN-21416. | |||||
| CVE-2023-35012 | 3 Ibm, Linux, Microsoft | 4 Aix, Db2, Linux Kernel and 1 more | 2024-09-19 | N/A | 6.7 MEDIUM |
| IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 with a Federated configuration is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. A local user with SYSADM privileges could overflow the buffer and execute arbitrary code on the system. IBM X-Force ID: 257763. | |||||
| CVE-2024-5931 | 1 Zephyrproject | 1 Zephyr | 2024-09-19 | N/A | 6.5 MEDIUM |
| BT: Unchecked user input in bap_broadcast_assistant | |||||
| CVE-2024-6137 | 1 Zephyrproject | 1 Zephyr | 2024-09-19 | N/A | 6.5 MEDIUM |
| BT: Classic: SDP OOB access in get_att_search_list | |||||
| CVE-2023-50225 | 2024-09-18 | N/A | 6.8 MEDIUM | ||
| TP-Link TL-WR902AC dm_fillObjByStr Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link TL-WR902AC routers. Authentication is required to exploit this vulnerability. The specific flaw exists within the libcmm.so module. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. . Was ZDI-CAN-21819. | |||||