Total
11736 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-7581 | 1 Tendacn | 2 A301, A301 Firmware | 2024-08-07 | N/A | 9.8 CRITICAL |
| A vulnerability classified as critical has been found in Tenda A301 15.13.08.12. This affects the function formWifiBasicSet of the file /goform/WifiBasicSet. The manipulation of the argument security leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-5948 | 1 Deepseaelectronics | 2 Dse855, Dse855 Firmware | 2024-08-07 | N/A | 8.8 HIGH |
| Deep Sea Electronics DSE855 Multipart Boundary Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Deep Sea Electronics DSE855 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of multipart boundaries. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-23170. | |||||
| CVE-2024-5950 | 1 Deepseaelectronics | 2 Dse855, Dse855 Firmware | 2024-08-07 | N/A | 8.8 HIGH |
| Deep Sea Electronics DSE855 Multipart Value Handling Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Deep Sea Electronics DSE855 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of multipart form variables. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-23172. | |||||
| CVE-2016-20009 | 2 Siemens, Windriver | 15 Sgt-100, Sgt-100 Firmware, Sgt-200 and 12 more | 2024-08-06 | 7.5 HIGH | 9.8 CRITICAL |
| A DNS client stack-based buffer overflow in ipdnsc_decode_name() affects Wind River VxWorks 6.5 through 7. NOTE: This vulnerability only affects products that are no longer supported by the maintainer | |||||
| CVE-2021-38578 | 2 Insyde, Tianocore | 2 Kernel, Edk2 | 2024-08-06 | 7.5 HIGH | 9.8 CRITICAL |
| Existing CommBuffer checks in SmmEntryPoint will not catch underflow when computing BufferSize. | |||||
| CVE-2018-14496 | 1 Vivotek | 2 Fd8136, Fd8136 Firmware | 2024-08-05 | 7.5 HIGH | 9.8 CRITICAL |
| Vivotek FD8136 devices allow remote memory corruption and remote code execution because of a stack-based buffer overflow, related to sprintf, vlocal_buff_4326, and set_getparam.cgi. NOTE: The vendor has disputed this as a vulnerability and states that the issue does not cause a web server crash or have any other affect on it's performance | |||||
| CVE-2018-11556 | 1 Littlecms | 1 Little Cms | 2024-08-05 | 6.8 MEDIUM | 7.8 HIGH |
| tificc in Little CMS 2.9 has an out-of-bounds write in the cmsPipelineCheckAndRetreiveStages function in cmslut.c in liblcms2.a via a crafted TIFF file. NOTE: Little CMS developers do consider this a vulnerability because the issue is based on an sample program using LIBTIFF and do not apply to the lcms2 library, lcms2 does not depends on LIBTIFF other than to build sample programs, and the issue cannot be reproduced on the lcms2 library.” | |||||
| CVE-2018-11555 | 1 Littlecms | 1 Little Cms | 2024-08-05 | 6.8 MEDIUM | 7.8 HIGH |
| tificc in Little CMS 2.9 has an out-of-bounds write in the PrecalculatedXFORM function in cmsxform.c in liblcms2.a via a crafted TIFF file. NOTE: Little CMS developers do consider this a vulnerability because the issue is based on an sample program using LIBTIFF and do not apply to the lcms2 library, lcms2 does not depends on LIBTIFF other than to build sample programs, and the issue cannot be reproduced on the lcms2 library.” | |||||
| CVE-2018-5282 | 1 Kentico | 1 Kentico Cms | 2024-08-05 | 7.2 HIGH | 7.8 HIGH |
| Kentico 9.0 through 11.0 has a stack-based buffer overflow via the SqlName, SqlPswd, Database, UserName, or Password field in a SilentInstall XML document. NOTE: the vendor disputes this issue because neither a buffer overflow nor a crash can be reproduced; also, reading XML documents is implemented exclusively with managed code within the Microsoft .NET Framework | |||||
| CVE-2019-25035 | 2 Debian, Nlnetlabs | 2 Debian Linux, Unbound | 2024-08-05 | 7.5 HIGH | 9.8 CRITICAL |
| Unbound before 1.9.5 allows an out-of-bounds write in sldns_bget_token_par. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited | |||||
| CVE-2019-25042 | 2 Debian, Nlnetlabs | 2 Debian Linux, Unbound | 2024-08-05 | 7.5 HIGH | 9.8 CRITICAL |
| Unbound before 1.9.5 allows an out-of-bounds write via a compressed name in rdata_copy. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited | |||||
| CVE-2019-9719 | 1 Libav | 1 Libav | 2024-08-04 | 6.8 MEDIUM | 8.8 HIGH |
| A stack-based buffer overflow in the subtitle decoder in Libav 12.3 allows attackers to corrupt the stack via a crafted video file in Matroska format, because srt_to_ass in libavcodec/srtdec.c misuses snprintf. NOTE: Third parties dispute that this is a vulnerability because “no evidence of a vulnerability is provided” and only “a generic warning from a static code analysis” is provided | |||||
| CVE-2020-36406 | 2 Linux, Uwebsockets Project | 2 Linux Kernel, Uwebsockets | 2024-08-04 | 6.8 MEDIUM | 8.8 HIGH |
| uWebSockets 18.11.0 and 18.12.0 has a stack-based buffer overflow in uWS::TopicTree::trimTree (called from uWS::TopicTree::unsubscribeAll). NOTE: the vendor's position is that this is "a minor issue or not even an issue at all" because the developer of an application (that uses uWebSockets) should not be allowing the large number of triggered topics to accumulate | |||||
| CVE-2020-35702 | 1 Freedesktop | 1 Poppler | 2024-08-04 | 6.8 MEDIUM | 7.8 HIGH |
| DCTStream::getChars in DCTStream.cc in Poppler 20.12.1 has a heap-based buffer overflow via a crafted PDF document. NOTE: later reports indicate that this only affects builds from Poppler git clones in late December 2020, not the 20.12.1 release. In this situation, it should NOT be considered a Poppler vulnerability. However, several third-party Open Source projects directly rely on Poppler git clones made at arbitrary times, and therefore the CVE remains useful to users of those projects | |||||
| CVE-2020-28198 | 1 Ibm | 1 Tivoli Storage Manager | 2024-08-04 | 4.4 MEDIUM | 7.0 HIGH |
| The 'id' parameter of IBM Tivoli Storage Manager Version 5 Release 2 (Command Line Administrative Interface, dsmadmc.exe) is vulnerable to an exploitable stack buffer overflow. Note: the vulnerability can be exploited when it is used in "interactive" mode while, cause of a max number characters limitation, it cannot be exploited in batch or command line usage (e.g. dsmadmc.exe -id=username -password=pwd). NOTE: This vulnerability only affects products that are no longer supported by the maintainer | |||||
| CVE-2020-28371 | 1 Readytalk | 1 Avian | 2024-08-04 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in ReadyTalk Avian 1.2.0 before 2020-10-27. The FileOutputStream.write() method in FileOutputStream.java has a boundary check to prevent out-of-bounds memory read/write operations. However, an integer overflow leads to bypassing this check and achieving the out-of-bounds access. NOTE: This vulnerability only affects products that are no longer supported by the maintainer | |||||
| CVE-2020-35457 | 1 Gnome | 1 Glib | 2024-08-04 | 4.6 MEDIUM | 7.8 HIGH |
| GNOME GLib before 2.65.3 has an integer overflow, that might lead to an out-of-bounds write, in g_option_group_add_entries. NOTE: the vendor's position is "Realistically this is not a security issue. The standard pattern is for callers to provide a static list of option entries in a fixed number of calls to g_option_group_add_entries()." The researcher states that this pattern is undocumented | |||||
| CVE-2020-26561 | 1 Belkin | 2 Linksys Wrt 160nl, Linksys Wrt 160nl Firmware | 2024-08-04 | 6.5 MEDIUM | 8.8 HIGH |
| Belkin LINKSYS WRT160NL 1.0.04.002_US_20130619 devices have a stack-based buffer overflow vulnerability because of sprintf in create_dir in mini_httpd. Successful exploitation leads to arbitrary code execution. NOTE: This vulnerability only affects products that are no longer supported by the maintainer | |||||
| CVE-2020-24345 | 1 Jerryscript | 1 Jerryscript | 2024-08-04 | 6.8 MEDIUM | 7.8 HIGH |
| JerryScript through 2.3.0 allows stack consumption via function a(){new new Proxy(a,{})}JSON.parse("[]",a). NOTE: the vendor states that the problem is the lack of the --stack-limit option | |||||
| CVE-2020-23904 | 1 Xiph | 1 Speex | 2024-08-04 | 4.3 MEDIUM | 5.5 MEDIUM |
| A stack buffer overflow in speexenc.c of Speex v1.2 allows attackers to cause a denial of service (DoS) via a crafted WAV file. NOTE: the vendor states "I cannot reproduce it" and it "is a demo program. | |||||