Filtered by CWE-120
Total 3765 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2023-41913 1 Strongswan 1 Strongswan 2025-01-17 9.8 Critical
strongSwan before 5.9.12 has a buffer overflow and possible unauthenticated remote code execution via a DH public value that exceeds the internal buffer in charon-tkm's DH proxy. The earliest affected version is 5.3.0. An attack can occur via a crafted IKE_SA_INIT message.
CVE-2022-24807 4 Debian, Fedoraproject, Net-snmp and 1 more 16 Debian Linux, Fedora, Net-snmp and 13 more 2025-01-17 6.5 Medium
net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a malformed OID in a SET request to `SNMP-VIEW-BASED-ACM-MIB::vacmAccessTable` can cause an out-of-bounds memory access. A user with read-write credentials can exploit the issue. Version 5.9.2 contains a patch. Users should use strong SNMPv3 credentials and avoid sharing the credentials. Those who must use SNMPv1 or SNMPv2c should use a complex community string and enhance the protection by restricting access to a given IP address range.
CVE-2022-24805 4 Debian, Fedoraproject, Net-snmp and 1 more 16 Debian Linux, Fedora, Net-snmp and 13 more 2025-01-17 6.5 Medium
net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a buffer overflow in the handling of the `INDEX` of `NET-SNMP-VACM-MIB` can cause an out-of-bounds memory access. A user with read-only credentials can exploit the issue. Version 5.9.2 contains a patch. Users should use strong SNMPv3 credentials and avoid sharing the credentials. Those who must use SNMPv1 or SNMPv2c should use a complex community string and enhance the protection by restricting access to a given IP address range.
CVE-2024-13503 2025-01-17 N/A
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in Newtec NTC2218, NTC2250, NTC2299 on Linux, PowerPC, ARM (Updating signaling process in the swdownload binary modules) allows Local Execution of Code, Remote Code Inclusion. This issue affects NTC2218, NTC2250, NTC2299: from 1.0.1.1 through 2.2.6.19. The issue is both present on the PowerPC versions of the modem and the ARM versions. A stack buffer buffer overflow in the swdownload binary allows attackers to execute arbitrary code. The parse_INFO function uses an unrestricted `sscanf` to read a string of an incoming network packet into a statically sized buffer.
CVE-2024-48806 2025-01-16 6.8 Medium
Buffer Overflow vulnerability in Neat Board NFC v.1.20240620.0015 allows a physically proximate attackers to escalate privileges via a crafted payload to the password field
CVE-2021-46886 1 Huawei 1 Emui 2025-01-16 7.5 High
The video framework has memory overwriting caused by addition overflow. Successful exploitation of this vulnerability may affect availability.
CVE-2021-46885 1 Huawei 1 Emui 2025-01-16 7.5 High
The video framework has memory overwriting caused by addition overflow. Successful exploitation of this vulnerability may affect availability.
CVE-2021-46884 1 Huawei 1 Emui 2025-01-16 7.5 High
The video framework has memory overwriting caused by addition overflow. Successful exploitation of this vulnerability may affect availability.
CVE-2021-46883 1 Huawei 1 Emui 2025-01-16 7.5 High
The video framework has memory overwriting caused by addition overflow. Successful exploitation of this vulnerability may affect availability.
CVE-2021-46882 1 Huawei 1 Emui 2025-01-16 7.5 High
The video framework has memory overwriting caused by addition overflow. Successful exploitation of this vulnerability may affect availability.
CVE-2021-46881 1 Huawei 1 Emui 2025-01-16 7.5 High
The video framework has memory overwriting caused by addition overflow. Successful exploitation of this vulnerability may affect availability.
CVE-2024-39288 2025-01-15 9.1 Critical
A buffer overflow vulnerability exists in the internet.cgi set_add_routing() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger this vulnerability.
CVE-2024-39770 2025-01-15 9.1 Critical
Multiple buffer overflow vulnerabilities exist in the internet.cgi set_qos() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.This vulnerability exists in the `en_enable` POST parameter.
CVE-2024-39769 2025-01-15 9.1 Critical
Multiple buffer overflow vulnerabilities exist in the internet.cgi set_qos() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.This vulnerability exists in the `cli_mac` POST parameter.
CVE-2024-39768 2025-01-15 9.1 Critical
Multiple buffer overflow vulnerabilities exist in the internet.cgi set_qos() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.This vulnerability exists in the `cli_name` POST parameter.
CVE-2024-39756 2025-01-15 9.1 Critical
A buffer overflow vulnerability exists in the adm.cgi rep_as_router() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger this vulnerability.
CVE-2024-37184 2025-01-15 9.1 Critical
A buffer overflow vulnerability exists in the adm.cgi rep_as_bridge() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger this vulnerability.
CVE-2024-39294 2025-01-15 9.1 Critical
A buffer overflow vulnerability exists in the adm.cgi set_wzdgw4G() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger this vulnerability.
CVE-2024-39358 2025-01-15 9.1 Critical
A buffer overflow vulnerability exists in the adm.cgi set_wzap() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger this vulnerability.
CVE-2024-39803 2025-01-15 9.1 Critical
Multiple buffer overflow vulnerabilities exist in the qos.cgi qos_settings() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A buffer overflow vulnerability exists in the `sel_mode` POST parameter.