Total
992 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-46552 | 1 Totolink | 2 X2000r, X2000r Firmware | 2024-09-11 | N/A | 9.8 CRITICAL |
TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formMultiAP. | |||||
CVE-2023-46564 | 1 Totolink | 2 X2000r, X2000r Firmware | 2024-09-11 | N/A | 9.8 CRITICAL |
TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formDMZ. | |||||
CVE-2024-27130 | 1 Qnap | 2 Qts, Quts Hero | 2024-09-11 | N/A | 8.8 HIGH |
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute code via a network. We have already fixed the vulnerability in the following version: QTS 5.1.7.2770 build 20240520 and later QuTS hero h5.1.7.2770 build 20240520 and later | |||||
CVE-2024-27129 | 1 Qnap | 2 Qts, Quts Hero | 2024-09-11 | N/A | 8.8 HIGH |
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to execute code via a network. We have already fixed the vulnerability in the following version: QTS 5.1.7.2770 build 20240520 and later QuTS hero h5.1.7.2770 build 20240520 and later | |||||
CVE-2024-27128 | 1 Qnap | 2 Qts, Quts Hero | 2024-09-11 | N/A | 8.8 HIGH |
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to execute code via a network. We have already fixed the vulnerability in the following version: QTS 5.1.7.2770 build 20240520 and later QuTS hero h5.1.7.2770 build 20240520 and later | |||||
CVE-2023-51367 | 1 Qnap | 2 Qts, Quts Hero | 2024-09-11 | N/A | 8.8 HIGH |
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.6.2722 build 20240402 and later QuTS hero h5.1.6.2734 build 20240414 and later | |||||
CVE-2023-50362 | 1 Qnap | 2 Qts, Quts Hero | 2024-09-11 | N/A | 8.8 HIGH |
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.6.2722 build 20240402 and later QuTS hero h5.1.6.2734 build 20240414 and later | |||||
CVE-2023-50361 | 1 Qnap | 2 Qts, Quts Hero | 2024-09-11 | N/A | 8.8 HIGH |
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.6.2722 build 20240402 and later QuTS hero h5.1.6.2734 build 20240414 and later | |||||
CVE-2024-42642 | 1 Crucial | 6 Ct1000mx500ssd1, Ct2000mx500ssd1, Ct250mx500ssd1 and 3 more | 2024-09-10 | N/A | 6.7 MEDIUM |
Micron Crucial MX500 Series Solid State Drives M3CR046 is vulnerable to Buffer Overflow, which can be triggered by sending specially crafted ATA packets from the host to the drive controller. | |||||
CVE-2024-41170 | 2024-09-10 | N/A | 7.8 HIGH | ||
A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0015), Tecnomatix Plant Simulation V2404 (All versions < V2404.0004). The affected applications contain a stack based overflow vulnerability while parsing specially crafted SPP files. This could allow an attacker to execute code in the context of the current process. | |||||
CVE-2024-43700 | 1 Philiphazel | 1 Xfpt | 2024-09-06 | N/A | 7.8 HIGH |
xfpt versions prior to 1.01 fails to handle appropriately some parameters inside the input data, resulting in a stack-based buffer overflow vulnerability. When a user of the affected product is tricked to process a specially crafted file, arbitrary code may be executed on the user's environment. | |||||
CVE-2023-39281 | 3 Amd, Insyde, Intel | 279 Athlon Gold 7220u, Athlon Silver 7120u, Ryzen3 5300u and 276 more | 2024-09-06 | N/A | 9.8 CRITICAL |
A stack buffer overflow vulnerability discovered in AsfSecureBootDxe in Insyde InsydeH2O with kernel 5.0 through 5.5 allows attackers to run arbitrary code execution during the DXE phase. | |||||
CVE-2024-45158 | 2024-09-06 | N/A | 9.8 CRITICAL | ||
An issue was discovered in Mbed TLS 3.6 before 3.6.1. A stack buffer overflow in mbedtls_ecdsa_der_to_raw() and mbedtls_ecdsa_raw_to_der() can occur when the bits parameter is larger than the largest supported curve. In some configurations with PSA disabled, all values of bits are affected. (This never happens in internal library calls, but can affect applications that call these functions directly.) | |||||
CVE-2024-1151 | 4 Debian, Fedoraproject, Linux and 1 more | 4 Debian Linux, Fedora, Linux Kernel and 1 more | 2024-09-05 | N/A | 5.5 MEDIUM |
A vulnerability was reported in the Open vSwitch sub-component in the Linux Kernel. The flaw occurs when a recursive operation of code push recursively calls into the code block. The OVS module does not validate the stack depth, pushing too many frames and causing a stack overflow. As a result, this can lead to a crash or other related issues. | |||||
CVE-2024-8408 | 1 Linksys | 2 Wrt54g, Wrt54g Firmware | 2024-09-05 | 6.5 MEDIUM | 9.8 CRITICAL |
A vulnerability was found in Linksys WRT54G 4.21.5. It has been rated as critical. Affected by this issue is the function validate_services_port of the file /apply.cgi of the component POST Parameter Handler. The manipulation of the argument services_array leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
CVE-2023-47456 | 1 Tenda | 2 Ax1806, Ax1806 Firmware | 2024-09-05 | N/A | 9.1 CRITICAL |
Tenda AX1806 V1.0.0.1 contains a stack overflow vulnerability in function sub_455D4, called by function fromSetWirelessRepeat. | |||||
CVE-2024-44859 | 2024-09-05 | N/A | 8.0 HIGH | ||
Tenda FH1201 v1.2.0.14 has a stack buffer overflow vulnerability in `formWrlExtraGet`. | |||||
CVE-2024-42815 | 2024-09-03 | N/A | 9.8 CRITICAL | ||
In the TP-Link RE365 V1_180213, there is a buffer overflow vulnerability due to the lack of length verification for the USER_AGENT field in /usr/bin/httpd. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or execute arbitrary commands. | |||||
CVE-2024-42941 | 1 Tenda | 2 Fh1201, Fh1201 Firmware | 2024-09-03 | N/A | 7.5 HIGH |
Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack overflow via the wanmode parameter in the fromAdvSetWan function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. | |||||
CVE-2024-42940 | 1 Tenda | 2 Fh1201, Fh1201 Firmware | 2024-09-03 | N/A | 7.5 HIGH |
Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack overflow via the page parameter in the fromP2pListFilter function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. |