Total
3125 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-8576 | 1 Totolink | 4 T10, T10 Firmware, T8 and 1 more | 2024-09-09 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was found in TOTOLINK AC1200 T8 and AC1200 T10 4.1.5cu.861_B20230220/4.1.8cu.5207. It has been classified as critical. Affected is the function setIpPortFilterRules of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument desc leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-8577 | 1 Totolink | 4 T10, T10 Firmware, T8 and 1 more | 2024-09-09 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was found in TOTOLINK AC1200 T8 and AC1200 T10 4.1.5cu.861_B20230220/4.1.8cu.5207. It has been declared as critical. Affected by this vulnerability is the function setStaticDhcpRules of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument desc leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-8575 | 1 Totolink | 2 T8, T8 Firmware | 2024-09-09 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was found in TOTOLINK AC1200 T8 4.1.5cu.861_B20230220 and classified as critical. This issue affects the function setWiFiScheduleCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument desc leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-8578 | 1 Totolink | 2 T8, T8 Firmware | 2024-09-09 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was found in TOTOLINK AC1200 T8 4.1.5cu.861_B20230220. It has been rated as critical. Affected by this issue is the function setWiFiMeshName of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument device_name leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-5412 | 1 Zyxel | 100 Ax7501-b0, Ax7501-b0 Firmware, Ax7501-b1 and 97 more | 2024-09-06 | N/A | 7.5 HIGH |
| A buffer overflow vulnerability in the library "libclinkc" of the Zyxel VMG8825-T50K firmware version 5.50(ABOM.8)C0 could allow an unauthenticated attacker to cause denial of service (DoS) conditions by sending a crafted HTTP request to a vulnerable device. | |||||
| CVE-2024-33052 | 1 Qualcomm | 406 205 Mobile, 205 Mobile Firmware, 215 Mobile and 403 more | 2024-09-04 | N/A | 7.8 HIGH |
| Memory corruption when user provides data for FM HCI command control operations. | |||||
| CVE-2024-33042 | 1 Qualcomm | 406 205, 205 Firmware, 215 and 403 more | 2024-09-04 | N/A | 7.8 HIGH |
| Memory corruption when Alternative Frequency offset value is set to 255. | |||||
| CVE-2024-33054 | 1 Qualcomm | 66 Fastconnect 6700, Fastconnect 6700 Firmware, Fastconnect 6900 and 63 more | 2024-09-04 | N/A | 7.8 HIGH |
| Memory corruption during the handshake between the Primary Virtual Machine and Trusted Virtual Machine. | |||||
| CVE-2024-41435 | 2024-09-03 | N/A | 7.5 HIGH | ||
| YugabyteDB v2.21.1.0 was discovered to contain a buffer overflow via the "insert into" parameter. | |||||
| CVE-2024-41436 | 2024-09-03 | N/A | 7.5 HIGH | ||
| ClickHouse v24.3.3.102 was discovered to contain a buffer overflow via the component DB::evaluateConstantExpressionImpl. | |||||
| CVE-2024-34198 | 2024-08-29 | N/A | 9.8 CRITICAL | ||
| TOTOLINK AC1200 Wireless Router A3002RU V2.1.1-B20230720.1011 is vulnerable to Buffer Overflow. The formWlEncrypt CGI handler in the boa program fails to limit the length of the wlan_ssid field from user input. This allows attackers to craft malicious HTTP requests by supplying an excessively long value for the wlan_ssid field, leading to a stack overflow. This can be further exploited to execute arbitrary commands or launch denial-of-service attacks. | |||||
| CVE-2024-41285 | 1 Fastcom | 2 Fw300r, Fw300r Firmware | 2024-08-27 | N/A | 9.8 CRITICAL |
| A stack overflow in FAST FW300R v1.3.13 Build 141023 Rel.61347n allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via a crafted file path. | |||||
| CVE-2024-45237 | 1 Nicmx | 1 Fort-validator | 2024-08-27 | N/A | 9.8 CRITICAL |
| An issue was discovered in Fort before 1.6.3. A malicious RPKI repository that descends from a (trusted) Trust Anchor can serve (via rsync or RRDP) a resource certificate containing a Key Usage extension composed of more than two bytes of data. Fort writes this string into a 2-byte buffer without properly sanitizing its length, leading to a buffer overflow. | |||||
| CVE-2024-44555 | 1 Tenda | 2 Ax1806, Ax1806 Firmware | 2024-08-27 | N/A | 9.8 CRITICAL |
| Tenda AX1806 v1.0.0.1 contains a stack overflow via the iptv.city.vlan parameter in the function setIptvInfo. | |||||
| CVE-2024-20450 | 1 Cisco | 22 Spa 301 1 Line Ip Phone, Spa 301 Firmware, Spa 303 3 Line Ip Phone and 19 more | 2024-08-23 | N/A | 9.8 CRITICAL |
| Multiple vulnerabilities in the web-based management interface of Cisco Small Business SPA300 Series IP Phones and Cisco Small Business SPA500 Series IP Phones could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system with root privileges. These vulnerabilities exist because incoming HTTP packets are not properly checked for errors, which could result in a buffer overflow. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to overflow an internal buffer and execute arbitrary commands at the root privilege level. | |||||
| CVE-2024-20451 | 1 Cisco | 22 Spa 301 1 Line Ip Phone, Spa 301 Firmware, Spa 303 3 Line Ip Phone and 19 more | 2024-08-23 | N/A | 7.5 HIGH |
| Multiple vulnerabilities in the web-based management interface of Cisco Small Business SPA300 Series IP Phones and Cisco Small Business SPA500 Series IP Phones could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly. These vulnerabilities exist because HTTP packets are not properly checked for errors. An attacker could exploit this vulnerability by sending a crafted HTTP packet to the remote interface of an affected device. A successful exploit could allow the attacker to cause a DoS condition on the device. | |||||
| CVE-2024-20454 | 1 Cisco | 22 Spa 301 1 Line Ip Phone, Spa 301 Firmware, Spa 303 3 Line Ip Phone and 19 more | 2024-08-23 | N/A | 9.8 CRITICAL |
| Multiple vulnerabilities in the web-based management interface of Cisco Small Business SPA300 Series IP Phones and Cisco Small Business SPA500 Series IP Phones could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system with root privileges. These vulnerabilities exist because incoming HTTP packets are not properly checked for errors, which could result in a buffer overflow. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to overflow an internal buffer and execute arbitrary commands at the root privilege level. | |||||
| CVE-2024-7613 | 1 Tenda | 2 Fh1206, Fh1206 Firmware | 2024-08-21 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was found in Tenda FH1206 1.2.0.8(8155) and classified as critical. This issue affects the function fromGstDhcpSetSer of the file /goform/GstDhcpSetSer. The manipulation of the argument dips leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-6918 | 2024-08-20 | N/A | 7.5 HIGH | ||
| CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability exists that could cause a crash of the Accutech Manager when receiving a specially crafted request over port 2536/TCP. | |||||
| CVE-2024-7831 | 1 Dlink | 40 Dnr-202l, Dnr-202l Firmware, Dnr-322l and 37 more | 2024-08-19 | 9.0 HIGH | 8.8 HIGH |
| ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20240814 and classified as critical. Affected by this vulnerability is the function cgi_get_cooliris of the file /cgi-bin/photocenter_mgr.cgi. The manipulation of the argument path leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed that the product is end-of-life. It should be retired and replaced. | |||||