Total
2430 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-39668 | 1 Dlink | 2 Dir-868l, Dir-868l Firmware | 2024-08-02 | N/A | 9.8 CRITICAL |
D-Link DIR-868L fw_revA_1-12_eu_multi_20170316 was discovered to contain a buffer overflow via the param_2 parameter in the inet_ntoa() function. | |||||
CVE-2023-39667 | 1 Dlink | 2 Dir-868l, Dir-868l Firmware | 2024-08-02 | N/A | 9.8 CRITICAL |
D-Link DIR-868L fw_revA_1-12_eu_multi_20170316 was discovered to contain a buffer overflow via the param_2 parameter in the FUN_0000acb4 function. | |||||
CVE-2023-39665 | 1 Dlink | 2 Dir-868l, Dir-868l Firmware | 2024-08-02 | N/A | 9.8 CRITICAL |
D-Link DIR-868L fw_revA_1-12_eu_multi_20170316 was discovered to contain a buffer overflow via the acStack_50 parameter. | |||||
CVE-2024-28570 | 2024-08-02 | N/A | 5.5 MEDIUM | ||
Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the processMakerNote() function when reading images in JPEG format. | |||||
CVE-2023-29856 | 1 Dlink | 2 Dir-868l, Dir-868l Firmware | 2024-08-02 | N/A | 9.8 CRITICAL |
D-Link DIR-868L Hardware version A1, firmware version 1.12 is vulnerable to Buffer Overflow. The vulnerability is in scandir.sgi binary. | |||||
CVE-2023-26930 | 1 Xpdfreader | 1 Xpdf | 2024-08-02 | N/A | 5.5 MEDIUM |
Buffer Overflow vulnerability found in XPDF v.4.04 allows an attacker to cause a Denial of Service via the PDFDoc malloc in the pdftotext.cc function. NOTE: Vendor states “it's an expected abort on out-of-memory error.” | |||||
CVE-2023-26924 | 1 Llvm | 1 Llvm | 2024-08-02 | N/A | 5.5 MEDIUM |
LLVM a0dab4950 has a segmentation fault in mlir::outlineSingleBlockRegion. NOTE: third parties dispute this because the LLVM security policy excludes "Language front-ends ... for which a malicious input file can cause undesirable behavior." | |||||
CVE-2023-0687 | 1 Gnu | 1 Glibc | 2024-08-02 | 4.0 MEDIUM | 9.8 CRITICAL |
A vulnerability was found in GNU C Library 2.38. It has been declared as critical. This vulnerability affects the function __monstartup of the file gmon.c of the component Call Graph Monitor. The manipulation leads to buffer overflow. It is recommended to apply a patch to fix this issue. VDB-220246 is the identifier assigned to this vulnerability. NOTE: The real existence of this vulnerability is still doubted at the moment. The inputs that induce this vulnerability are basically addresses of the running application that is built with gmon enabled. It's basically trusted input or input that needs an actual security flaw to be compromised or controlled. | |||||
CVE-2024-1786 | 2024-08-01 | 7.8 HIGH | 7.5 HIGH | ||
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, has been found in D-Link DIR-600M C1 3.08. Affected by this issue is some unknown functionality of the component Telnet Service. The manipulation of the argument username leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-254576. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced. | |||||
CVE-2023-23513 | 1 Apple | 1 Macos | 2024-08-01 | N/A | 9.8 CRITICAL |
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Big Sur 11.7.3, macOS Ventura 13.2, macOS Monterey 12.6.3. Mounting a maliciously crafted Samba network share may lead to arbitrary code execution. | |||||
CVE-2024-7331 | 1 Totolink | 2 A3300r, A3300r Firmware | 2024-08-01 | 9.0 HIGH | 8.8 HIGH |
A vulnerability was found in TOTOLINK A3300R 17.0.0cu.557_B20221024 and classified as critical. Affected by this issue is the function UploadCustomModule of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument File leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-273254 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
CVE-2023-52549 | 2024-08-01 | N/A | 7.5 HIGH | ||
Vulnerability of data verification errors in the kernel module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | |||||
CVE-2024-4143 | 2024-08-01 | N/A | 9.8 CRITICAL | ||
A potential security vulnerability has been identified in certain HP PC products using AMI BIOS, which might allow arbitrary code execution. AMI has released firmware updates to mitigate this vulnerability. | |||||
CVE-2024-41464 | 1 Tendacn | 2 Fh1201, Fh1201 Firmware | 2024-08-01 | N/A | 7.5 HIGH |
Tenda FH1201 v1.2.0.14 was discovered to contain a stack-based buffer overflow vulnerability via the mitInterface parameter in ip/goform/RouteStatic | |||||
CVE-2024-34196 | 2024-08-01 | N/A | 8.8 HIGH | ||
Totolink AC1200 Wireless Dual Band Gigabit Router A3002RU_V3 Firmware V3.0.0-B20230809.1615 is vulnerable to Buffer Overflow. The "boa" program allows attackers to modify the value of the "vwlan_idx" field via "formMultiAP". This can lead to a stack overflow through the "formWlEncrypt" CGI function by constructing malicious HTTP requests and passing a WLAN SSID value exceeding the expected length, potentially resulting in command execution or denial of service attacks. | |||||
CVE-2024-33365 | 2024-08-01 | N/A | 7.5 HIGH | ||
Buffer Overflow vulnerability in Tenda AC10 v4 US_AC10V4.0si_V16.03.10.20_cn allows a remote attacker to execute arbitrary code via the Virtual_Data_Check function in the bin/httpd component. | |||||
CVE-2024-33180 | 1 Tendacn | 2 Ac18, Ac18 Firmware | 2024-08-01 | N/A | 9.8 CRITICAL |
Tenda AC18 V15.03.3.10_EN was discovered to contain a stack-based buffer overflow vulnerability via the deviceId parameter at ip/goform/saveParentControlInfo. | |||||
CVE-2024-32324 | 2024-08-01 | N/A | 7.8 HIGH | ||
Buffer Overflow vulnerability in Shenzhen Libituo Technology Co., Ltd LBT-T300-T400 v.3.2 allows a local attacker to execute arbitrary code via the vpn_client_ip variable of the config_vpn_pptp function in rc program. | |||||
CVE-2024-30635 | 2024-08-01 | N/A | 9.8 CRITICAL | ||
Tenda F1202 v1.2.0.20(408) has a stack overflow vulnerability located in the funcpara1 parameter in the formSetCfm function. | |||||
CVE-2024-30628 | 2024-08-01 | N/A | N/A | ||
Tenda FH1205 v2.0.0.7(775) has a stack overflow vulnerability in the page parameter from fromAddressNat function. |