Total
1394 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-35710 | 1 Ashlar | 1 Cobalt | 2025-06-04 | N/A | 7.8 HIGH |
| Ashlar-Vellum Cobalt Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of CO files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. . Was ZDI-CAN-19956. | |||||
| CVE-2025-44900 | 1 Tenda | 2 Rx3, Rx3 Firmware | 2025-06-04 | N/A | 6.5 MEDIUM |
| In Tenda RX3 V1.0br_V16.03.13.11 in the GetParentControlInfo function of the web url /goform/GetParentControlInfo, the manipulation of the parameter mac leads to stack overflow. | |||||
| CVE-2025-44899 | 1 Tenda | 2 Rx3, Rx3 Firmware | 2025-06-04 | N/A | 9.8 CRITICAL |
| There is a stack overflow vulnerability in Tenda RX3 V1.0br_V16.03.13.11 In the fromSetWifiGusetBasic function of the web url /goform/ WifiGuestSet, the manipulation of the parameter shareSpeed leads to stack overflow. | |||||
| CVE-2023-34302 | 1 Ashlar | 1 Cobalt | 2025-06-04 | N/A | 7.8 HIGH |
| Ashlar-Vellum Cobalt CO File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of CO files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. . Was ZDI-CAN-17865. | |||||
| CVE-2024-41281 | 1 Linksys | 2 Wrt54g, Wrt54g Firmware | 2025-06-04 | N/A | 8.8 HIGH |
| Linksys WRT54G v4.21.5 has a stack overflow vulnerability in get_merge_mac function. | |||||
| CVE-2025-40580 | 1 Siemens | 2 Scalance Lpe9403, Scalance Lpe9403 Firmware | 2025-06-04 | N/A | 6.7 MEDIUM |
| A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions). Affected devices are vulnerable to a stack-based buffer overflow. This could allow a non-privileged local attacker to execute arbitrary code on the device or to cause a denial of service condition. | |||||
| CVE-2025-40579 | 1 Siemens | 2 Scalance Lpe9403, Scalance Lpe9403 Firmware | 2025-06-04 | N/A | 6.7 MEDIUM |
| A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions). Affected devices are vulnerable to a stack-based buffer overflow. This could allow a non-privileged local attacker to execute arbitrary code on the device or to cause a denial of service condition. | |||||
| CVE-2025-5503 | 2025-06-04 | 9.0 HIGH | 8.8 HIGH | ||
| A vulnerability, which was classified as critical, was found in TOTOLINK X15 1.0.0-B20230714.1105. This affects the function formMapReboot of the file /boafrm/formMapReboot. The manipulation of the argument deviceMacAddr leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-1594 | 1 Ffmpeg | 1 Ffmpeg | 2025-06-03 | 7.5 HIGH | 6.3 MEDIUM |
| A vulnerability, which was classified as critical, was found in FFmpeg up to 7.1. This affects the function ff_aac_search_for_tns of the file libavcodec/aacenc_tns.c of the component AAC Encoder. The manipulation leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-4841 | 1 Dlink | 2 Dcs-932l, Dcs-932l Firmware | 2025-06-03 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was found in D-Link DCS-932L 2.18.01 and classified as critical. Affected by this issue is the function sub_404780 of the file /bin/gpio. The manipulation of the argument CameraName leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2025-44172 | 1 Tenda | 2 Ac6, Ac6 Firmware | 2025-06-03 | N/A | 6.5 MEDIUM |
| Tenda AC6 V15.03.05.16 was discovered to contain a stack overflow via the time parameter in the setSmartPowerManagement function. | |||||
| CVE-2024-32228 | 1 Ffmpeg | 1 Ffmpeg | 2025-06-03 | N/A | 6.6 MEDIUM |
| FFmpeg 7.0 is vulnerable to Buffer Overflow. There is a SEGV at libavcodec/hevcdec.c:2947:22 in hevc_frame_end. | |||||
| CVE-2024-27337 | 1 Tungstenautomation | 1 Power Pdf | 2025-06-03 | N/A | 7.8 HIGH |
| Kofax Power PDF TIF File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of TIF files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22033. | |||||
| CVE-2025-44892 | 1 Planet | 2 Wgs-804hpt, Wgs-804hpt Firmware | 2025-06-03 | N/A | 6.5 MEDIUM |
| FW-WGS-804HPT v1.305b241111 was discovered to contain a stack overflow via the ownekey parameter in the web_rmon_alarm_post_rmon_alarm function. | |||||
| CVE-2025-44895 | 1 Planet | 2 Wgs-804hpt, Wgs-804hpt Firmware | 2025-06-03 | N/A | 6.5 MEDIUM |
| FW-WGS-804HPT v1.305b241111 was discovered to contain a stack overflow via the ipv4Aclkey parameter in the web_acl_ipv4BasedAceAdd function. | |||||
| CVE-2024-41592 | 1 Draytek | 48 Vigor1000b, Vigor1000b Firmware, Vigor165 and 45 more | 2025-06-03 | N/A | 8.0 HIGH |
| DrayTek Vigor3910 devices through 4.3.2.6 have a stack-based overflow when processing query string parameters because GetCGI mishandles extraneous ampersand characters and long key-value pairs. | |||||
| CVE-2024-46325 | 1 Tp-link | 2 Wr740n, Wr740n Firmware | 2025-06-02 | N/A | 5.5 MEDIUM |
| TP-Link WR740N V6 has a stack overflow vulnerability via the ssid parameter in /userRpm/popupSiteSurveyRpm.htm url. | |||||
| CVE-2025-45846 | 1 Alfa | 2 Aip-w512, Aip-w512 Firmware | 2025-06-02 | N/A | 8.8 HIGH |
| ALFA AIP-W512 v3.2.2.2.3 was discovered to contain an authenticated stack overflow via the torrentsindex parameter in the formBTClinetSetting function. | |||||
| CVE-2025-45847 | 1 Alfa | 2 Aip-w512, Aip-w512 Firmware | 2025-06-02 | N/A | 6.5 MEDIUM |
| ALFA AIP-W512 v3.2.2.2.3 was discovered to contain an authenticated stack overflow via the targetAPMac parameter in the formWsc function. | |||||
| CVE-2025-46836 | 2025-05-31 | N/A | 6.6 MEDIUM | ||
| net-tools is a collection of programs that form the base set of the NET-3 networking distribution for the Linux operating system. Inn versions up to and including 2.10, the Linux network utilities (like ifconfig) from the net-tools package do not properly validate the structure of /proc files when showing interfaces. `get_name()` in `interface.c` copies interface labels from `/proc/net/dev` into a fixed 16-byte stack buffer without bounds checking, leading to possible arbitrary code execution or crash. The known attack path does not require privilege but also does not provide privilege escalation in this scenario. A patch is available and expected to be part of version 2.20. | |||||