Total
2805 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-5931 | 1 Zephyrproject | 1 Zephyr | 2026-06-17 | N/A | 6.3 MEDIUM |
| BT: Unchecked user input in bap_broadcast_assistant | |||||
| CVE-2024-5602 | 2026-06-17 | N/A | 7.8 HIGH | ||
| A stack-based buffer overflow vulnerability due to a missing bounds check in the NI I/O Trace Tool may result in arbitrary code execution. Successful exploitation requires an attacker to provide a user with a specially crafted nitrace file. The NI I/O Trace tool is installed as part of the NI System Configuration utilities included with many NI software products. Refer to the NI Security Advisory for identifying the version of NI IO Trace.exe installed. The NI I/O Trace tool was also previously released as NI Spy. | |||||
| CVE-2024-5507 | 1 Luxion | 3 Keyshot, Keyshot Network Rendering, Keyshot Viewer | 2026-06-17 | N/A | 7.8 HIGH |
| Luxion KeyShot Viewer KSP File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxion KeyShot Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of KSP files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22266. | |||||
| CVE-2024-5305 | 1 Tungstenautomation | 1 Power Pdf | 2026-06-17 | N/A | 7.8 HIGH |
| Kofax Power PDF PDF File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22921. | |||||
| CVE-2024-5293 | 1 Dlink | 2 Dir-2640, Dir-2640 Firmware | 2026-06-17 | N/A | 8.8 HIGH |
| D-Link DIR-2640 HTTP Referer Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-2640-US routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within prog.cgi, which handles HNAP requests made to the lighttpd webserver listening on TCP ports 80 and 443. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-21853. | |||||
| CVE-2024-5242 | 1 Tp-link | 2 Omada Er605, Omada Er605 Firmware | 2026-06-17 | N/A | 7.5 HIGH |
| TP-Link Omada ER605 Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Omada ER605 routers. Authentication is not required to exploit this vulnerability. However, devices are vulnerable only if configured to use the Comexe DDNS service. The specific flaw exists within the handling of DDNS error codes. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-22522. | |||||
| CVE-2024-58299 | 2026-06-17 | N/A | 9.8 CRITICAL | ||
| PCMan FTP Server 2.0 contains a buffer overflow vulnerability in the 'pwd' command that allows remote attackers to execute arbitrary code. Attackers can send a specially crafted payload during the FTP login process to overwrite memory and potentially gain system access. | |||||
| CVE-2024-58117 | 1 Huawei | 1 Harmonyos | 2026-06-17 | N/A | 4.0 MEDIUM |
| Stack overflow risk when vector images are parsed during file preview Impact: Successful exploitation of this vulnerability may affect the file preview function. | |||||
| CVE-2024-58116 | 1 Huawei | 1 Harmonyos | 2026-06-17 | N/A | 4.0 MEDIUM |
| Buffer overflow vulnerability in the SVG parsing module of the ArkUI framework Impact: Successful exploitation of this vulnerability may affect availability. | |||||
| CVE-2024-58115 | 1 Huawei | 1 Harmonyos | 2026-06-17 | N/A | 4.0 MEDIUM |
| Buffer overflow vulnerability in the SVG parsing module of the ArkUI framework Impact: Successful exploitation of this vulnerability may affect availability. | |||||
| CVE-2024-57440 | 1 Dlink | 2 Dsl-3788, Dsl-3788 Firmware | 2026-06-17 | N/A | 7.5 HIGH |
| D-Link DSL-3788 revA1 1.01R1B036_EU_EN is vulnerable to Buffer Overflow via the COMM_MAKECustomMsg function of the webproc cgi | |||||
| CVE-2024-56468 | 1 Ibm | 1 Infosphere Data Replication | 2026-06-17 | N/A | 7.5 HIGH |
| IBM InfoSphere Data Replication VSAM for z/OS Remote Source 11.4 could allow a remote user to cause a denial of service by sending an invalid HTTP request to the log reading service. | |||||
| CVE-2024-56139 | 2026-06-17 | N/A | N/A | ||
| pdftools is a high level tools to convert PDF files to ePUB formats. In versions up to and including 0.5.0 maliciously crafted epub files can cause a stack overflow leading to a crash. This issue has not yet been addressed and users are advised to avoid untrusted input to their systems. | |||||
| CVE-2024-55577 | 2026-06-17 | N/A | 7.0 HIGH | ||
| Stack-based buffer overflow vulnerability exists in Linux Ratfor 1.06 and earlier. When the software processes a file which is specially crafted by an attacker, arbitrary code may be executed. As a result, the attacker may obtain or alter information of the user environment or cause the user environment to become unusable. | |||||
| CVE-2024-54809 | 1 Netgear | 2 Wnr854t, Wnr854t Firmware | 2026-06-17 | N/A | 9.8 CRITICAL |
| Netgear Inc WNR854T 1.5.2 (North America) contains a stack-based buffer overflow vulnerability in the parse_st_header function due to use of a request header parameter in a strncpy where size is determined based on the input specified. By sending a specially crafted packet, an attacker can take control of the program counter and hijack control flow of the program to execute arbitrary system commands. | |||||
| CVE-2024-54808 | 1 Netgear | 2 Wnr854t, Wnr854t Firmware | 2026-06-17 | N/A | 9.8 CRITICAL |
| Netgear WNR854T 1.5.2 (North America) contains a stack-based buffer overflow vulnerability in the SetDefaultConnectionService function due to an unconstrained use of sscanf. The vulnerability allows for control of the program counter and can be utilized to achieve arbitrary code execution. | |||||
| CVE-2024-53959 | 2 Adobe, Microsoft | 2 Framemaker, Windows | 2026-06-17 | N/A | 7.8 HIGH |
| Adobe Framemaker versions 2020.7, 2022.5 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2024-53849 | 2026-06-17 | N/A | N/A | ||
| editorconfig-core-c is theEditorConfig core library written in C (for use by plugins supporting EditorConfig parsing). In affected versions several overflows may occur in switch case '[' when the input pattern contains many escaped characters. The added backslashes leave too little space in the output pattern when processing nested brackets such that the remaining input length exceeds the output capacity. This issue has been addressed in release version 0.12.7. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2024-53703 | 1 Sonicwall | 10 Sma 200, Sma 200 Firmware, Sma 210 and 7 more | 2026-06-17 | N/A | 8.1 HIGH |
| A vulnerability in the SonicWall SMA100 SSLVPN firmware 10.2.1.13-72sv and earlier versions mod_httprp library loaded by the Apache web server allows remote attackers to cause Stack-based buffer overflow and potentially lead to code execution. | |||||
| CVE-2024-53695 | 1 Qnap | 1 Hybrid Backup Sync | 2026-06-17 | N/A | 9.1 CRITICAL |
| A buffer overflow vulnerability has been reported to affect HBS 3 Hybrid Backup Sync. If exploited, the vulnerability could allow remote attackers to modify memory or crash processes. We have already fixed the vulnerability in the following version: HBS 3 Hybrid Backup Sync 25.1.4.952 and later | |||||
