Total
2197 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-27337 | 1 Tungstenautomation | 1 Power Pdf | 2025-06-03 | N/A | 7.8 HIGH |
| Kofax Power PDF TIF File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of TIF files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22033. | |||||
| CVE-2025-44892 | 1 Planet | 2 Wgs-804hpt, Wgs-804hpt Firmware | 2025-06-03 | N/A | 6.5 MEDIUM |
| FW-WGS-804HPT v1.305b241111 was discovered to contain a stack overflow via the ownekey parameter in the web_rmon_alarm_post_rmon_alarm function. | |||||
| CVE-2025-44895 | 1 Planet | 2 Wgs-804hpt, Wgs-804hpt Firmware | 2025-06-03 | N/A | 6.5 MEDIUM |
| FW-WGS-804HPT v1.305b241111 was discovered to contain a stack overflow via the ipv4Aclkey parameter in the web_acl_ipv4BasedAceAdd function. | |||||
| CVE-2024-41592 | 1 Draytek | 48 Vigor1000b, Vigor1000b Firmware, Vigor165 and 45 more | 2025-06-03 | N/A | 8.0 HIGH |
| DrayTek Vigor3910 devices through 4.3.2.6 have a stack-based overflow when processing query string parameters because GetCGI mishandles extraneous ampersand characters and long key-value pairs. | |||||
| CVE-2024-46325 | 1 Tp-link | 2 Wr740n, Wr740n Firmware | 2025-06-02 | N/A | 5.5 MEDIUM |
| TP-Link WR740N V6 has a stack overflow vulnerability via the ssid parameter in /userRpm/popupSiteSurveyRpm.htm url. | |||||
| CVE-2025-45846 | 1 Alfa | 2 Aip-w512, Aip-w512 Firmware | 2025-06-02 | N/A | 8.8 HIGH |
| ALFA AIP-W512 v3.2.2.2.3 was discovered to contain an authenticated stack overflow via the torrentsindex parameter in the formBTClinetSetting function. | |||||
| CVE-2025-45847 | 1 Alfa | 2 Aip-w512, Aip-w512 Firmware | 2025-06-02 | N/A | 6.5 MEDIUM |
| ALFA AIP-W512 v3.2.2.2.3 was discovered to contain an authenticated stack overflow via the targetAPMac parameter in the formWsc function. | |||||
| CVE-2025-46836 | 2025-05-31 | N/A | 6.6 MEDIUM | ||
| net-tools is a collection of programs that form the base set of the NET-3 networking distribution for the Linux operating system. Inn versions up to and including 2.10, the Linux network utilities (like ifconfig) from the net-tools package do not properly validate the structure of /proc files when showing interfaces. `get_name()` in `interface.c` copies interface labels from `/proc/net/dev` into a fixed 16-byte stack buffer without bounds checking, leading to possible arbitrary code execution or crash. The known attack path does not require privilege but also does not provide privilege escalation in this scenario. A patch is available and expected to be part of version 2.20. | |||||
| CVE-2024-35388 | 1 Totolink | 2 Nr1800x, Nr1800x Firmware | 2025-05-30 | N/A | 8.8 HIGH |
| TOTOLINK NR1800X v9.1.0u.6681_B20230703 was discovered to contain a stack overflow via the password parameter in the function urldecode | |||||
| CVE-2025-5278 | 2025-05-29 | N/A | 4.4 MEDIUM | ||
| A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data. | |||||
| CVE-2024-50694 | 1 Sungrowpower | 2 Winet-s, Winet-s Firmware | 2025-05-29 | N/A | 9.8 CRITICAL |
| In SunGrow WiNet-SV200.001.00.P027 and earlier versions, when copying the timestamp read from an MQTT message, the underlying code does not check the bounds of the buffer that is used to store the message. This may lead to a stack-based buffer overflow. | |||||
| CVE-2024-50695 | 1 Sungrowpower | 2 Winet-s, Winet-s Firmware | 2025-05-29 | N/A | 9.8 CRITICAL |
| SunGrow WiNet-SV200.001.00.P027 and earlier versions is vulnerable to stack-based buffer overflow when parsing MQTT messages, due to missing MQTT topic bounds checks. | |||||
| CVE-2025-44884 | 1 Planet | 2 Wgs-804hpt, Wgs-804hpt Firmware | 2025-05-29 | N/A | 9.8 CRITICAL |
| FW-WGS-804HPT v1.305b241111 was discovered to contain a stack overflow via the web_sys_infoContact_post function. | |||||
| CVE-2025-44885 | 1 Planet | 2 Wgs-804hpt, Wgs-804hpt Firmware | 2025-05-29 | N/A | 9.8 CRITICAL |
| FW-WGS-804HPT v1.305b241111 was discovered to contain a stack overflow via the remote_ip parameter in the web_snmpv3_remote_engineId_add_post function. | |||||
| CVE-2025-44886 | 1 Planet | 2 Wgs-804hpt, Wgs-804hpt Firmware | 2025-05-29 | N/A | 9.8 CRITICAL |
| FW-WGS-804HPT v1.305b241111 was discovered to contain a stack overflow via the byruleEditName parameter in the web_acl_mgmt_Rules_Edit_postcontains function. | |||||
| CVE-2025-44887 | 1 Planet | 2 Wgs-804hpt, Wgs-804hpt Firmware | 2025-05-29 | N/A | 9.8 CRITICAL |
| FW-WGS-804HPT v1.305b241111 was discovered to contain a stack overflow via the radIpkey parameter in the web_radiusSrv_post function. | |||||
| CVE-2025-44888 | 1 Planet | 2 Wgs-804hpt, Wgs-804hpt Firmware | 2025-05-29 | N/A | 9.8 CRITICAL |
| FW-WGS-804HPT v1.305b241111 was discovered to contain a stack overflow via the stp_conf_name parameter in the web_stp_globalSetting_post function. | |||||
| CVE-2025-44890 | 1 Planet | 2 Wgs-804hpt, Wgs-804hpt Firmware | 2025-05-29 | N/A | 9.8 CRITICAL |
| FW-WGS-804HPT v1.305b241111 was discovered to contain a stack overflow via the host_ip parameter in the web_snmp_notifyv3_add_post function. | |||||
| CVE-2025-44893 | 1 Planet | 2 Wgs-804hpt, Wgs-804hpt Firmware | 2025-05-29 | N/A | 9.8 CRITICAL |
| FW-WGS-804HPT v1.305b241111 was discovered to contain a stack overflow via the ruleNamekey parameter in the web_acl_mgmt_Rules_Apply_post function. | |||||
| CVE-2025-44883 | 1 Planet | 2 Wgs-804hpt, Wgs-804hpt Firmware | 2025-05-29 | N/A | 9.8 CRITICAL |
| FW-WGS-804HPT v1.305b241111 was discovered to contain a stack overflow via the tacIp parameter in the web_tacplus_serverEdit_post function. | |||||