Total
1636 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-31468 | 2 Arubanetworks, Hp | 2 Arubaos, Instantos | 2025-06-24 | N/A | 9.8 CRITICAL |
| There are buffer overflow vulnerabilities in the underlying Central Communications service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's Access Point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system. | |||||
| CVE-2024-31467 | 2 Arubanetworks, Hp | 2 Arubaos, Instantos | 2025-06-24 | N/A | 9.8 CRITICAL |
| There are buffer overflow vulnerabilities in the underlying CLI service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's Access Point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system. | |||||
| CVE-2024-31466 | 2 Arubanetworks, Hp | 2 Arubaos, Instantos | 2025-06-24 | N/A | 9.8 CRITICAL |
| There are buffer overflow vulnerabilities in the underlying CLI service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's Access Point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system. | |||||
| CVE-2024-46546 | 1 Nextu | 2 Fleta Ax1500, Fleta Ax1500 Firmware | 2025-06-23 | N/A | 7.3 HIGH |
| NEXTU FLETA AX1500 WIFI6 Router v1.0.3 was discovered to contain a stack overflow via the url parameter at /boafrm/formFilter. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. | |||||
| CVE-2025-29840 | 1 Microsoft | 11 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 8 more | 2025-06-23 | N/A | 8.8 HIGH |
| Stack-based buffer overflow in Windows Media allows an unauthorized attacker to execute code over a network. | |||||
| CVE-2024-36600 | 1 Gnu | 1 Libcdio | 2025-06-20 | N/A | 8.4 HIGH |
| Buffer Overflow Vulnerability in libcdio v2.1.0 allows an attacker to execute arbitrary code via a crafted ISO 9660 image file. | |||||
| CVE-2025-48060 | 1 Jqlang | 1 Jq | 2025-06-20 | N/A | 7.5 HIGH |
| jq is a command-line JSON processor. In versions up to and including 1.7.1, a heap-buffer-overflow is present in function `jv_string_vfmt` in the jq_fuzz_execute harness from oss-fuzz. This crash happens on file jv.c, line 1456 `void* p = malloc(sz);`. As of time of publication, no patched versions are available. | |||||
| CVE-2023-49236 | 1 Trendnet | 2 Tv-ip1314pi, Tv-ip1314pi Firmware | 2025-06-20 | N/A | 9.8 CRITICAL |
| A stack-based buffer overflow was discovered on TRENDnet TV-IP1314PI 5.5.3 200714 devices, leading to arbitrary command execution. This occurs because of lack of length validation during an sscanf of a user-entered scale field in the RTSP playback function of davinci. | |||||
| CVE-2025-5080 | 1 Tenda | 2 Fh451, Fh451 Firmware | 2025-06-20 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability classified as critical has been found in Tenda FH451 1.0.0.9. Affected is the function webExcptypemanFilter of the file /goform/webExcptypemanFilter. The manipulation of the argument page leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-5978 | 1 Tenda | 2 Fh1202, Fh1202 Firmware | 2025-06-20 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was found in Tenda FH1202 1.2.0.14. It has been classified as critical. Affected is the function fromVirtualSer of the file /goform/VirtualSer. The manipulation of the argument page leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-5934 | 1 Netgear | 2 Ex3700, Ex3700 Firmware | 2025-06-20 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was found in Netgear EX3700 up to 1.0.0.88. It has been classified as critical. Affected is the function sub_41619C of the file /mtd. The manipulation leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.0.0.98 is able to address this issue. It is recommended to upgrade the affected component. This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2024-33599 | 3 Debian, Gnu, Netapp | 13 Debian Linux, Glibc, H300s and 10 more | 2025-06-18 | N/A | 8.1 HIGH |
| nscd: Stack-based buffer overflow in netgroup cache If the Name Service Cache Daemon's (nscd) fixed size cache is exhausted by client requests then a subsequent client request for netgroup data may result in a stack-based buffer overflow. This flaw was introduced in glibc 2.15 when the cache was added to nscd. This vulnerability is only present in the nscd binary. | |||||
| CVE-2025-41388 | 2025-06-18 | N/A | 7.8 HIGH | ||
| Fuji Electric Smart Editor is vulnerable to a stack-based buffer overflow, which may allow an attacker to execute arbitrary code. | |||||
| CVE-2020-8006 | 1 Circontrol | 1 Raption Server | 2025-06-17 | N/A | 8.8 HIGH |
| The server in Circontrol Raption through 5.11.2 has a pre-authentication stack-based buffer overflow that can be exploited to gain run-time control of the device as root. The ocpp1.5 and pwrstudio binaries on the charging station do not use a number of common exploitation mitigations. In particular, there are no stack canaries and they do not use the Position Independent Executable (PIE) format. | |||||
| CVE-2024-27683 | 1 Dlink | 2 Go-rt-ac750, Go-rt-ac750 Firmware | 2025-06-17 | N/A | 9.8 CRITICAL |
| D-Link Go-RT-AC750 GORTAC750_A1_FW_v101b03 contains a stack-based buffer overflow via the function hnap_main. An attacker can send a POST request to trigger the vulnerablilify. | |||||
| CVE-2025-6141 | 2025-06-17 | 1.7 LOW | 3.3 LOW | ||
| A vulnerability has been found in GNU ncurses up to 6.5-20250322 and classified as problematic. This vulnerability affects the function postprocess_termcap of the file tinfo/parse_entry.c. The manipulation leads to stack-based buffer overflow. The attack needs to be approached locally. Upgrading to version 6.5-20250329 is able to address this issue. It is recommended to upgrade the affected component. | |||||
| CVE-2024-29756 | 1 Google | 1 Android | 2025-06-17 | N/A | 9.8 CRITICAL |
| In afe_callback of q6afe.c, there is a possible out of bounds write due to a buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2025-5503 | 1 Totolink | 2 X15, X15 Firmware | 2025-06-17 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability, which was classified as critical, was found in TOTOLINK X15 1.0.0-B20230714.1105. This affects the function formMapReboot of the file /boafrm/formMapReboot. The manipulation of the argument deviceMacAddr leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-6114 | 1 Dlink | 2 Dir-619l, Dir-619l Firmware | 2025-06-17 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability has been found in D-Link DIR-619L 2.06B01 and classified as critical. Affected by this vulnerability is the function form_portforwarding of the file /goform/form_portforwarding. The manipulation of the argument ingress_name_%d/sched_name_%d/name_%d leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2025-6115 | 1 Dlink | 2 Dir-619l, Dir-619l Firmware | 2025-06-17 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was found in D-Link DIR-619L 2.06B01 and classified as critical. Affected by this issue is the function form_macfilter. The manipulation of the argument mac_hostname_%d/sched_name_%d leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. | |||||