Total
2537 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-52949 | 1 Redhat | 1 Enterprise Linux | 2025-04-03 | 7.5 High |
| iptraf-ng 1.2.1 has a stack-based buffer overflow. In src/ifaces.c, the strcpy function consistently fails to control the size, and it is consequently possible to overflow memory on the stack. | ||||
| CVE-2024-35399 | 1 Totolink | 2 Cp900l, Cp900l Firmware | 2025-04-03 | 8.8 High |
| TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a stack overflow via the password parameter in the function loginAuth | ||||
| CVE-2024-37640 | 1 Totolink | 2 A3700r, A3700r Firmware | 2025-04-03 | 8.8 High |
| TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stack overflow via ssid5g in the function setWiFiEasyGuestCfg. | ||||
| CVE-2024-37639 | 1 Totolink | 2 A3700r, A3700r Firmware | 2025-04-03 | 8.8 High |
| TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stack overflow via eport in the function setIpPortFilterRules. | ||||
| CVE-2024-37634 | 1 Totolink | 2 A3700r, A3700r Firmware | 2025-04-03 | 9.8 Critical |
| TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stack overflow via ssid in the function setWiFiEasyCfg. | ||||
| CVE-2024-37633 | 1 Totolink | 2 A3700r, A3700r Firmware | 2025-04-03 | 8.8 High |
| TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stack overflow via ssid in the function setWiFiGuestCfg | ||||
| CVE-2024-37631 | 1 Totolink | 2 A3700r, A3700r Firmware | 2025-04-03 | 8.8 High |
| TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stack overflow via the File parameter in function UploadCustomModule. | ||||
| CVE-2025-2097 | 1 Totolink | 2 Ex1800t, Ex1800t Firmware | 2025-04-03 | 8.8 High |
| A vulnerability, which was classified as critical, has been found in TOTOLINK EX1800T 9.1.0cu.2112_B20220316. This issue affects the function setRptWizardCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument loginpass leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-35403 | 1 Totolink | 3 Cp900 L, Cp900l, Cp900l Firmware | 2025-04-03 | 2.7 Low |
| TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a stack overflow via the desc parameter in the function setIpPortFilterRules | ||||
| CVE-2023-24096 | 1 Trendnet | 2 Tew-820ap, Tew-820ap Firmware | 2025-04-02 | 8.8 High |
| TrendNet Wireless AC Easy-Upgrader TEW-820AP v1.0R, firmware version 1.01.B01 was discovered to contain a stack overflow via the newpass parameter at /formPasswordSetup. This vulnerability allows attackers to execute arbitrary code via a crafted payload. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | ||||
| CVE-2023-24039 | 1 Opengroup | 1 Common Desktop Environment | 2025-04-02 | 7.8 High |
| A stack-based buffer overflow in ParseColors in libXm in Common Desktop Environment 1.6 can be exploited by local low-privileged users via the dtprintinfo setuid binary to escalate their privileges to root on Solaris 10 systems. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | ||||
| CVE-2025-29118 | 1 Tenda | 2 Ac8, Ac8 Firmware | 2025-04-01 | 6.5 Medium |
| Tenda AC8 V16.03.34.06 was discovered to contain a stack overflow via the src parameter in the function sub_47D878. | ||||
| CVE-2025-30472 | 2 Corosync, Redhat | 2 Corosync, Enterprise Linux | 2025-04-01 | 9 Critical |
| Corosync through 3.1.9, if encryption is disabled or the attacker knows the encryption key, has a stack-based buffer overflow in orf_token_endian_convert in exec/totemsrp.c via a large UDP packet. | ||||
| CVE-2025-3007 | 2025-04-01 | 5.5 Medium | ||
| A vulnerability was found in Novastar CX40 up to 2.44.0. It has been rated as critical. This issue affects the function getopt of the file /usr/nova/bin/netconfig of the component NetFilter Utility. The manipulation of the argument cmd/netmask/pipeout/nettask leads to stack-based buffer overflow. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-29100 | 1 Tenda | 2 Ac8, Ac8 Firmware | 2025-04-01 | 9.8 Critical |
| Tenda AC8 V16.03.34.06 is vulnerable to Buffer Overflow in the fromSetRouteStatic function via the parameter list. | ||||
| CVE-2025-29135 | 1 Tenda | 2 Ac7, Ac7 Firmware | 2025-04-01 | 9.8 Critical |
| A stack-based buffer overflow vulnerability in Tenda AC7 V15.03.06.44 allows a remote attacker to execute arbitrary code through a stack overflow attack using the security parameter of the formWifiBasicSet function. | ||||
| CVE-2024-36728 | 1 Trendnet | 2 Tew-827dru, Tew-827dru Firmware | 2025-04-01 | 8.1 High |
| TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. The overflow allows an authenticated user to execute arbitrary code by POSTing to apply.cgi via the action vlan_setting with a sufficiently long dns1 or dns 2 key. | ||||
| CVE-2024-36729 | 1 Trendnet | 2 Tew-827dru, Tew-827dru Firmware | 2025-04-01 | 6.3 Medium |
| TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. The overflow allows an authenticated user to execute arbitrary code by POSTing to apply.cgi via the action wizard_ipv6 with a sufficiently long reboot_type key. | ||||
| CVE-2024-1783 | 1 Totolink | 2 Lr1200gb, Lr1200gb Firmware | 2025-04-01 | 9.8 Critical |
| A vulnerability classified as critical has been found in Totolink LR1200GB 9.1.0u.6619_B20230130/9.3.5u.6698_B20230810. Affected is the function loginAuth of the file /cgi-bin/cstecgi.cgi of the component Web Interface. The manipulation of the argument http_host leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-254574 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2022-40717 | 1 Dlink | 2 Dir-2150, Dir-2150 Firmware | 2025-04-01 | 8.8 High |
| This vulnerability allows network-adjacent attackers to execute arbitrary code on affected D-Link DIR-2150 4.0.1 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the anweb service, which listens on TCP ports 80 and 443 by default. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15727. | ||||