Total
1013 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-7909 | 1 Totolink | 2 Ex1200l, Ex1200l Firmware | 2024-08-21 | 9.0 HIGH | 9.8 CRITICAL |
| A vulnerability has been found in TOTOLINK EX1200L 9.3.5u.6146_B20201023 and classified as critical. Affected by this vulnerability is the function setLanguageCfg of the file /www/cgi-bin/cstecgi.cgi. The manipulation of the argument langType leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-7614 | 1 Tenda | 2 Fh1206, Fh1206 Firmware | 2024-08-21 | 9.0 HIGH | 9.8 CRITICAL |
| A vulnerability was found in Tenda FH1206 1.2.0.8(8155). It has been classified as critical. Affected is the function fromqossetting of the file /goform/qossetting. The manipulation of the argument page leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-7615 | 1 Tenda | 2 Fh1206, Fh1206 Firmware | 2024-08-21 | 9.0 HIGH | 9.8 CRITICAL |
| A vulnerability was found in Tenda FH1206 1.2.0.8. It has been declared as critical. Affected by this vulnerability is the function fromSafeClientFilter/fromSafeMacFilter/fromSafeUrlFilter. The manipulation leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-7013 | 2024-08-21 | N/A | 7.8 HIGH | ||
| Stack-based buffer overflow in Control FPWIN Pro version 7.7.2.0 and all previous versions may allow attackers to execute arbitrary code via a specially crafted project file. | |||||
| CVE-2024-39480 | 1 Linux | 1 Linux Kernel | 2024-08-21 | N/A | 7.8 HIGH |
| In the Linux kernel, the following vulnerability has been resolved: kdb: Fix buffer overflow during tab-complete Currently, when the user attempts symbol completion with the Tab key, kdb will use strncpy() to insert the completed symbol into the command buffer. Unfortunately it passes the size of the source buffer rather than the destination to strncpy() with predictably horrible results. Most obviously if the command buffer is already full but cp, the cursor position, is in the middle of the buffer, then we will write past the end of the supplied buffer. Fix this by replacing the dubious strncpy() calls with memmove()/memcpy() calls plus explicit boundary checks to make sure we have enough space before we start moving characters around. | |||||
| CVE-2024-28447 | 2024-08-20 | N/A | 6.5 MEDIUM | ||
| Shenzhen Libituo Technology Co., Ltd LBT-T300-mini1 v1.2.9 was discovered to contain a buffer overflow via lan_ipaddr parameters at /apply.cgi. | |||||
| CVE-2024-39791 | 1 Vonets | 28 Vap11ac, Vap11ac Firmware, Vap11g and 25 more | 2024-08-20 | N/A | 9.8 CRITICAL |
| Stack-based buffer overflow vulnerabilities affecting Vonets industrial wifi bridge relays and wifi bridge repeaters, software versions 3.3.23.6.9 and prior, enable an unauthenticated remote attacker to execute arbitrary code. | |||||
| CVE-2023-51146 | 2024-08-20 | N/A | 8.0 HIGH | ||
| Buffer Overflow vulnerability in TRENDnet AC1200 TEW-821DAP with firmware version 3.00b06 allows an attacker to execute arbitrary code via the adm_add_user action. | |||||
| CVE-2024-40902 | 1 Linux | 1 Linux Kernel | 2024-08-20 | N/A | 7.8 HIGH |
| In the Linux kernel, the following vulnerability has been resolved: jfs: xattr: fix buffer overflow for invalid xattr When an xattr size is not what is expected, it is printed out to the kernel log in hex format as a form of debugging. But when that xattr size is bigger than the expected size, printing it out can cause an access off the end of the buffer. Fix this all up by properly restricting the size of the debug hex dump in the kernel log. | |||||
| CVE-2024-35580 | 2024-08-20 | N/A | 9.8 CRITICAL | ||
| Tenda AX1806 v1.0.0.1 contains a stack overflow via the adv.iptv.stbpvid parameter in the function formSetIptv. | |||||
| CVE-2024-42986 | 1 Tenda | 2 Fh1206, Fh1206 Firmware | 2024-08-19 | N/A | 7.5 HIGH |
| Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow via the PPPOEPassword parameter in the fromAdvSetWan function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. | |||||
| CVE-2024-42977 | 1 Tenda | 2 Fh1206, Fh1206 Firmware | 2024-08-19 | N/A | 7.5 HIGH |
| Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow via the qos parameter in the fromqossetting function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. | |||||
| CVE-2024-30629 | 2024-08-19 | N/A | 5.7 MEDIUM | ||
| Tenda FH1205 v2.0.0.7(775) has a stack overflow vulnerability in the list1 parameter from fromDhcpListClient function. | |||||
| CVE-2024-30621 | 1 Tenda | 2 Ax1803, Ax1803 Firmware | 2024-08-19 | N/A | 9.8 CRITICAL |
| Tenda AX1803 v1.0.0.1 contains a stack overflow via the serverName parameter in the function fromAdvSetMacMtuWan. | |||||
| CVE-2024-30603 | 2024-08-19 | N/A | 6.5 MEDIUM | ||
| Tenda FH1203 v2.0.1.6 has a stack overflow vulnerability in the urls parameter of the saveParentControlInfo function. | |||||
| CVE-2024-27569 | 2024-08-19 | N/A | 6.5 MEDIUM | ||
| LBT T300-T390 v2.2.1.8 were discovered to contain a stack overflow via the ApCliSsid parameter in the init_nvram function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. | |||||
| CVE-2024-7547 | 1 Ofono Project | 1 Ofono | 2024-08-19 | N/A | 7.8 HIGH |
| oFono SMS Decoder Stack-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to execute arbitrary code on affected installations of oFono. An attacker must first obtain the ability to execute code on the target modem in order to exploit this vulnerability. The specific flaw exists within the parsing of SMS PDUs. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-23460. | |||||
| CVE-2024-29012 | 1 Sonicwall | 22 Nsa 2700, Nsa 3700, Nsa 4700 and 19 more | 2024-08-19 | N/A | 7.5 HIGH |
| Stack-based buffer overflow vulnerability in the SonicOS HTTP server allows an authenticated remote attacker to cause Denial of Service (DoS) via sscanf function. | |||||
| CVE-2024-7908 | 1 Totolink | 2 Ex1200l, Ex1200l Firmware | 2024-08-19 | 9.0 HIGH | 9.8 CRITICAL |
| A vulnerability, which was classified as critical, was found in TOTOLINK EX1200L 9.3.5u.6146_B20201023. Affected is the function setDefResponse of the file /www/cgi-bin/cstecgi.cgi. The manipulation of the argument IpAddress leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-41852 | 3 Adobe, Apple, Microsoft | 3 Indesign, Macos, Windows | 2024-08-19 | N/A | 7.8 HIGH |
| InDesign Desktop versions ID19.4, ID18.5.2 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||