Total
2726 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-0923 | 1 Tendacn | 2 Ac10u, Ac10u Firmware | 2025-06-03 | 4.7 Medium |
| A vulnerability, which was classified as critical, has been found in Tenda AC10U 15.03.06.49_multi_TDE01. Affected by this issue is the function formSetDeviceName. The manipulation of the argument devName leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252128. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-0931 | 1 Tendacn | 2 Ac10u, Ac10u Firmware | 2025-06-03 | 4.7 Medium |
| A vulnerability classified as critical was found in Tenda AC10U 15.03.06.49_multi_TDE01. This vulnerability affects the function saveParentControlInfo. The manipulation of the argument deviceId/time/urls leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252136. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-4841 | 1 Dlink | 2 Dcs-932l, Dcs-932l Firmware | 2025-06-03 | 8.8 High |
| A vulnerability was found in D-Link DCS-932L 2.18.01 and classified as critical. Affected by this issue is the function sub_404780 of the file /bin/gpio. The manipulation of the argument CameraName leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. | ||||
| CVE-2025-44172 | 1 Tenda | 2 Ac6, Ac6 Firmware | 2025-06-03 | 6.5 Medium |
| Tenda AC6 V15.03.05.16 was discovered to contain a stack overflow via the time parameter in the setSmartPowerManagement function. | ||||
| CVE-2024-32228 | 1 Ffmpeg | 1 Ffmpeg | 2025-06-03 | 6.6 Medium |
| FFmpeg 7.0 is vulnerable to Buffer Overflow. There is a SEGV at libavcodec/hevcdec.c:2947:22 in hevc_frame_end. | ||||
| CVE-2023-7219 | 1 Totolink | 2 N350rt, N350rt Firmware | 2025-06-03 | 7.2 High |
| A vulnerability has been found in Totolink N350RT 9.3.5u.6139_B202012 and classified as critical. Affected by this vulnerability is the function loginAuth of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument http_host leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249853 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2023-51745 | 1 Siemens | 2 Jt2go, Teamcenter Visualization | 2025-06-03 | 7.8 High |
| A vulnerability has been identified in JT2Go (All versions < V14.3.0.6), Teamcenter Visualization V13.3 (All versions < V13.3.0.13), Teamcenter Visualization V14.1 (All versions < V14.1.0.12), Teamcenter Visualization V14.2 (All versions < V14.2.0.9), Teamcenter Visualization V14.3 (All versions < V14.3.0.6). The affected applications contain a stack overflow vulnerability while parsing specially crafted CGM files. This could allow an attacker to execute code in the context of the current process. | ||||
| CVE-2023-31030 | 1 Nvidia | 2 Dgx A100, Dgx A100 Firmware | 2025-06-03 | 9.3 Critical |
| NVIDIA DGX A100 BMC contains a vulnerability in the host KVM daemon, where an unauthenticated attacker may cause a stack overflow by sending a specially crafted network packet. A successful exploit of this vulnerability may lead to arbitrary code execution, denial of service, information disclosure, and data tampering. | ||||
| CVE-2023-31024 | 1 Nvidia | 2 Dgx A100, Dgx A100 Firmware | 2025-06-03 | 9 Critical |
| NVIDIA DGX A100 BMC contains a vulnerability in the host KVM daemon, where an unauthenticated attacker may cause stack memory corruption by sending a specially crafted network packet. A successful exploit of this vulnerability may lead to arbitrary code execution, denial of service, information disclosure, and data tampering. | ||||
| CVE-2024-0531 | 1 Tenda | 2 A15, A15 Firmware | 2025-06-03 | 7.2 High |
| A vulnerability was found in Tenda A15 15.13.07.13. It has been classified as critical. This affects an unknown part of the file /goform/setBlackRule of the component Web-based Management Interface. The manipulation of the argument deviceList leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250701 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-0539 | 1 Tenda | 2 W9, W9 Firmware | 2025-06-03 | 8.8 High |
| A vulnerability was found in Tenda W9 1.0.0.7(4456) and classified as critical. This issue affects the function formQosManage_user of the component httpd. The manipulation of the argument ssidIndex leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250709 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-27337 | 1 Tungstenautomation | 1 Power Pdf | 2025-06-03 | 7.8 High |
| Kofax Power PDF TIF File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of TIF files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22033. | ||||
| CVE-2024-0540 | 1 Tenda | 2 W9, W9 Firmware | 2025-06-03 | 6.3 Medium |
| A vulnerability was found in Tenda W9 1.0.0.7(4456). It has been classified as critical. Affected is the function formOfflineSet of the component httpd. The manipulation of the argument ssidIndex leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-250710 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-44892 | 1 Planet | 2 Wgs-804hpt, Wgs-804hpt Firmware | 2025-06-03 | 6.5 Medium |
| FW-WGS-804HPT v1.305b241111 was discovered to contain a stack overflow via the ownekey parameter in the web_rmon_alarm_post_rmon_alarm function. | ||||
| CVE-2025-44895 | 1 Planet | 2 Wgs-804hpt, Wgs-804hpt Firmware | 2025-06-03 | 6.5 Medium |
| FW-WGS-804HPT v1.305b241111 was discovered to contain a stack overflow via the ipv4Aclkey parameter in the web_acl_ipv4BasedAceAdd function. | ||||
| CVE-2024-41592 | 1 Draytek | 48 Vigor1000b, Vigor1000b Firmware, Vigor165 and 45 more | 2025-06-03 | 8 High |
| DrayTek Vigor3910 devices through 4.3.2.6 have a stack-based overflow when processing query string parameters because GetCGI mishandles extraneous ampersand characters and long key-value pairs. | ||||
| CVE-2024-0995 | 1 Tenda | 2 W6, W6 Firmware | 2025-06-02 | 7.2 High |
| A vulnerability was found in Tenda W6 1.0.0.9(4122). It has been rated as critical. Affected by this issue is the function formwrlSSIDset of the file /goform/wifiSSIDset of the component httpd. The manipulation of the argument index leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252260. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-46325 | 1 Tp-link | 2 Wr740n, Wr740n Firmware | 2025-06-02 | 5.5 Medium |
| TP-Link WR740N V6 has a stack overflow vulnerability via the ssid parameter in /userRpm/popupSiteSurveyRpm.htm url. | ||||
| CVE-2025-45846 | 1 Alfa | 2 Aip-w512, Aip-w512 Firmware | 2025-06-02 | 8.8 High |
| ALFA AIP-W512 v3.2.2.2.3 was discovered to contain an authenticated stack overflow via the torrentsindex parameter in the formBTClinetSetting function. | ||||
| CVE-2025-45847 | 1 Alfa | 2 Aip-w512, Aip-w512 Firmware | 2025-06-02 | 6.5 Medium |
| ALFA AIP-W512 v3.2.2.2.3 was discovered to contain an authenticated stack overflow via the targetAPMac parameter in the formWsc function. | ||||