Total
12754 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-32139 | 2 D-link, Dlink | 5 Dap-1360, Dap-1360, Dap-1360 Firmware and 2 more | 2025-05-16 | 8.8 High |
| D-Link DAP-1360 webproc Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1360 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling requests to the /cgi-bin/webproc endpoint. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. . Was ZDI-CAN-18417. | ||||
| CVE-2023-32141 | 2 D-link, Dlink | 6 Dap-1360, Dap-2020, Dap-1360 and 3 more | 2025-05-16 | 8.8 High |
| D-Link DAP-1360 webproc WEB_DisplayPage Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1360 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of requests to the /cgi-bin/webproc endpoint. When parsing the getpage and errorpage parameters, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. . Was ZDI-CAN-18419. | ||||
| CVE-2023-32142 | 2 D-link, Dlink | 5 Dap-1360f1 Firmware, Dap-1360, Dap-1360 Firmware and 2 more | 2025-05-16 | 8.8 High |
| D-Link DAP-1360 webproc var:page Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1360 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of requests to the /cgi-bin/webproc endpoint. When parsing the var:page parameter, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. . Was ZDI-CAN-18422. | ||||
| CVE-2023-32144 | 1 Dlink | 4 Dap-1360, Dap-1360 Firmware, Dap-2020 and 1 more | 2025-05-16 | 8.8 High |
| D-Link DAP-1360 webproc COMM_MakeCustomMsg Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1360 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of requests to the /cgi-bin/webproc endpoint. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. . Was ZDI-CAN-18454. | ||||
| CVE-2023-32136 | 1 Dlink | 4 Dap-1360, Dap-1360 Firmware, Dap-2020 and 1 more | 2025-05-16 | 8.8 High |
| D-Link DAP-1360 webproc var:menu Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1360 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling requests to the /cgi-bin/webproc endpoint. When parsing the var:menu parameter, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. . Was ZDI-CAN-18414. | ||||
| CVE-2023-32888 | 1 Mediatek | 38 Mt2735, Mt6813, Mt6833 and 35 more | 2025-05-16 | 7.5 High |
| In Modem IMS Call UA, there is a possible out of bounds write due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01161830; Issue ID: MOLY01161830 (MSV-894). | ||||
| CVE-2025-22882 | 1 Deltaww | 1 Ispsoft | 2025-05-16 | 7.8 High |
| Delta Electronics ISPSoft version 3.20 is vulnerable to a Stack-Based buffer overflow vulnerability that could allow an attacker to leverage debugging logic to execute arbitrary code when parsing CBDGL file. | ||||
| CVE-2025-22883 | 1 Deltaww | 1 Ispsoft | 2025-05-16 | 7.8 High |
| Delta Electronics ISPSoft version 3.20 is vulnerable to an Out-Of-Bounds Write vulnerability that could allow an attacker to execute arbitrary code when parsing DVP file. | ||||
| CVE-2025-22884 | 1 Deltaww | 1 Ispsoft | 2025-05-16 | 7.8 High |
| Delta Electronics ISPSoft version 3.20 is vulnerable to a Stack-Based buffer overflow vulnerability that could allow an attacker to execute arbitrary code when parsing DVP file. | ||||
| CVE-2025-4124 | 1 Deltaww | 1 Ispsoft | 2025-05-16 | 7.8 High |
| Delta Electronics ISPSoft version 3.20 is vulnerable to an Out-Of-Bounds Write vulnerability that could allow an attacker to execute arbitrary code when parsing ISP file. | ||||
| CVE-2025-4125 | 1 Deltaww | 1 Ispsoft | 2025-05-16 | 7.8 High |
| Delta Electronics ISPSoft version 3.20 is vulnerable to an Out-Of-Bounds Write vulnerability that could allow an attacker to execute arbitrary code when parsing ISP file. | ||||
| CVE-2023-42043 | 1 Pdf-xchange | 2 Pdf-tools, Pdf-xchange Editor | 2025-05-16 | 7.8 High |
| PDF-XChange Editor PDF File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-20887. | ||||
| CVE-2023-42047 | 1 Pdf-xchange | 2 Pdf-tools, Pdf-xchange Editor | 2025-05-16 | 7.8 High |
| PDF-XChange Editor JP2 File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JP2 files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-20908. | ||||
| CVE-2023-42051 | 1 Pdf-xchange | 2 Pdf-tools, Pdf-xchange Editor | 2025-05-16 | 7.8 High |
| PDF-XChange Editor U3D File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-20924. | ||||
| CVE-2023-42083 | 1 Pdf-xchange | 2 Pdf-tools, Pdf-xchange Editor | 2025-05-16 | 7.8 High |
| PDF-XChange Editor JPG File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JPG files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-21967. | ||||
| CVE-2023-42085 | 1 Pdf-xchange | 2 Pdf-tools, Pdf-xchange Editor | 2025-05-16 | 7.8 High |
| PDF-XChange Editor EMF File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of EMF files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22061. | ||||
| CVE-2023-42069 | 1 Pdf-xchange | 2 Pdf-tools, Pdf-xchange Editor | 2025-05-16 | 7.8 High |
| PDF-XChange Editor PDF File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-21166. | ||||
| CVE-2023-42071 | 1 Pdf-xchange | 2 Pdf-tools, Pdf-xchange Editor | 2025-05-16 | 7.8 High |
| PDF-XChange Editor PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-21291. | ||||
| CVE-2023-42076 | 1 Pdf-xchange | 2 Pdf-tools, Pdf-xchange Editor | 2025-05-16 | 7.8 High |
| PDF-XChange Editor PDF File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-21762. | ||||
| CVE-2023-42077 | 1 Pdf-xchange | 2 Pdf-tools, Pdf-xchange Editor | 2025-05-16 | 7.8 High |
| PDF-XChange Editor EMF File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of EMF files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-21818. | ||||