Total
4012 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-42813 | 1 Trendnet | 2 Tew-752dru, Tew-752dru Firmware | 2026-06-17 | N/A | 9.8 CRITICAL |
| In TRENDnet TEW-752DRU FW1.03B01, there is a buffer overflow vulnerability due to the lack of length verification for the service field in gena.cgi. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or execute arbitrary commands. | |||||
| CVE-2024-42812 | 1 Dlink | 2 Dir-860l, Dir-860l Firmware | 2026-06-17 | N/A | 9.8 CRITICAL |
| In D-Link DIR-860L v2.03, there is a buffer overflow vulnerability due to the lack of length verification for the SID field in gena.cgi. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or execute arbitrary commands. | |||||
| CVE-2024-42642 | 1 Crucial | 6 Ct1000mx500ssd1, Ct2000mx500ssd1, Ct250mx500ssd1 and 3 more | 2026-06-17 | N/A | 6.7 MEDIUM |
| Micron Crucial MX500 Series Solid State Drives M3CR046 is vulnerable to Buffer Overflow, which can be triggered by sending specially crafted ATA packets from the host to the drive controller. NOTE: The supplier states that this vulnerability was fully remediated in December 2024 and that updated firmware is available through Crucial’s official support page. | |||||
| CVE-2024-42547 | 1 Totolink | 2 A3100r, A3100r Firmware | 2026-06-17 | N/A | 9.8 CRITICAL |
| TOTOLINK A3100R V4.1.2cu.5050_B20200504 has a buffer overflow vulnerability in the http_host parameter in the loginauth function. | |||||
| CVE-2024-42546 | 1 Totolink | 2 A3100r, A3100r Firmware | 2026-06-17 | N/A | 9.8 CRITICAL |
| TOTOLINK A3100R V4.1.2cu.5050_B20200504 has a buffer overflow vulnerability in the password parameter in the loginauth function. | |||||
| CVE-2024-42545 | 1 Totolink | 2 A3700r, A3700r Firmware | 2026-06-17 | N/A | 9.8 CRITICAL |
| TOTOLINK A3700R v9.1.2u.5822_B20200513 has a buffer overflow vulnerability in the ssid parameter in setWizardCfg function. | |||||
| CVE-2024-42543 | 1 Totolink | 2 A3700r, A3700r Firmware | 2026-06-17 | N/A | 9.8 CRITICAL |
| TOTOLINK A3700R v9.1.2u.5822_B20200513 has a buffer overflow vulnerability in the http_host parameter in the loginauth function. | |||||
| CVE-2024-42520 | 1 Totolink | 2 A3002r, A3002r Firmware | 2026-06-17 | N/A | 9.8 CRITICAL |
| TOTOLINK A3002R v4.0.0-B20230531.1404 contains a buffer overflow vulnerability in /bin/boa via formParentControl. | |||||
| CVE-2024-42238 | 1 Linux | 1 Linux Kernel | 2026-06-17 | N/A | 5.5 MEDIUM |
| In the Linux kernel, the following vulnerability has been resolved: firmware: cs_dsp: Return error if block header overflows file Return an error from cs_dsp_power_up() if a block header is longer than the amount of data left in the file. The previous code in cs_dsp_load() and cs_dsp_load_coeff() would loop while there was enough data left in the file for a valid region. This protected against overrunning the end of the file data, but it didn't abort the file processing with an error. | |||||
| CVE-2024-42040 | 1 Denx | 1 U-boot | 2026-06-17 | N/A | 8.1 HIGH |
| Buffer Overflow vulnerability in the net/bootp.c in DENEX U-Boot from its initial commit in 2002 (3861aa5) up to today on any platform allows an attacker on the local network to leak memory from four up to 32 bytes of memory stored behind the packet to the network depending on the later use of DHCP-provided parameters via crafted DHCP responses. | |||||
| CVE-2024-42011 | 2026-06-17 | N/A | 7.5 HIGH | ||
| The Spotify app 8.9.58 for iOS has a buffer overflow in its use of strcat. | |||||
| CVE-2024-41660 | 2026-06-17 | N/A | 9.8 CRITICAL | ||
| slpd-lite is a unicast SLP UDP server. Any OpenBMC system that includes the slpd-lite package is impacted. Installing this package is the default when building OpenBMC. Nefarious users can send slp packets to the BMC using UDP port 427 to cause memory overflow issues within the slpd-lite daemon on the BMC. Patches will be available in the latest openbmc/slpd-lite repository. | |||||
| CVE-2024-41631 | 2026-06-17 | N/A | 7.5 HIGH | ||
| Buffer Overflow vulnerability in host-host NEUQ_board v.1.0 allows a remote attacker to cause a denial of service via the password.h component. | |||||
| CVE-2024-41596 | 1 Draytek | 48 Vigor1000b, Vigor1000b Firmware, Vigor165 and 45 more | 2026-06-17 | N/A | 8.0 HIGH |
| Buffer Overflow vulnerabilities exist in DrayTek Vigor310 devices through 4.3.2.6 (in the Vigor management UI) because of improper retrieval and handling of the CGI form parameters. | |||||
| CVE-2024-41588 | 1 Draytek | 48 Vigor1000b, Vigor1000b Firmware, Vigor165 and 45 more | 2026-06-17 | N/A | 8.0 HIGH |
| The CGI endpoints v2x00.cgi and cgiwcg.cgi of DrayTek Vigor3910 devices through 4.3.2.6 are vulnerable to buffer overflows, by authenticated users, because of missing bounds checking on parameters passed through POST requests to the strncpy function. | |||||
| CVE-2024-41464 | 1 Tendacn | 2 Fh1201, Fh1201 Firmware | 2026-06-17 | N/A | 7.5 HIGH |
| Tenda FH1201 v1.2.0.14 was discovered to contain a stack-based buffer overflow vulnerability via the mitInterface parameter in ip/goform/RouteStatic | |||||
| CVE-2024-41436 | 1 Clickhouse | 1 Clickhouse | 2026-06-17 | N/A | 7.5 HIGH |
| ClickHouse v24.3.3.102 was discovered to contain a buffer overflow via the component DB::evaluateConstantExpressionImpl. | |||||
| CVE-2024-41435 | 1 Yugabyte | 1 Yugabytedb | 2026-06-17 | N/A | 7.5 HIGH |
| YugabyteDB v2.21.1.0 was discovered to contain a buffer overflow via the "insert into" parameter. | |||||
| CVE-2024-41433 | 1 Pingcap | 1 Tidb | 2026-06-17 | N/A | 9.8 CRITICAL |
| PingCAP TiDB v8.1.0 was discovered to contain a buffer overflow via the component expression.ExplainExpressionList. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. NOTE: PingCAP maintains that the actual reproduction of this issue did not cause the security impact of service interruption to other users. They argue that this is a complex query bug and not a DoS vulnerability. | |||||
| CVE-2024-41285 | 1 Fastcom | 2 Fw300r, Fw300r Firmware | 2026-06-17 | N/A | 9.8 CRITICAL |
| A stack overflow in FAST FW300R v1.3.13 Build 141023 Rel.61347n allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via a crafted file path. | |||||