74134 matches found
EUVD-2026-19038
A security flaw has been discovered in UTT HiPER 1250GW up to 3.2.7-210907-180535. The impacted element is an unknown function of the file /goform/formRemoteControl. The manipulation of the argument Profile results in stack-based buffer overflow. The attack can be executed remotely. The exploit h...
CVE-2026-5544 UTT HiPER 1250GW formRemoteControl stack-based overflow
A security flaw has been discovered in UTT HiPER 1250GW up to 3.2.7-210907-180535. The impacted element is an unknown function of the file /goform/formRemoteControl. The manipulation of the argument Profile results in stack-based buffer overflow. The attack can be executed remotely. The exploit h...
CVE-2026-5544
A security flaw has been discovered in UTT HiPER 1250GW up to 3.2.7-210907-180535. The impacted element is an unknown function of the file /goform/formRemoteControl. The manipulation of the argument Profile results in stack-based buffer overflow. The attack can be executed remotely. The exploit h...
CVE-2026-5544
CVE-2026-5544 affects UTT HiPER 1250GW, up to version 3.2.7-210907-180535. The vulnerability exists in an unknown function of the file /goform/formRemoteControl where manipulating the Profile argument causes a stack-based buffer overflow. It can be exploited remotely, and public exploits are avai...
Tenda AC10 安全漏洞
The Tenda AC10 is a wireless router produced by the Chinese company Tenda. There is a security vulnerability in the version 16.03.10.10multiTDE01 of the Tenda AC10; this vulnerability stems from a stack buffer overflow in the fromSysToolChangePwd function located in the /bin/httpd directory...
PT-2026-30416
A security flaw has been discovered in UTT HiPER 1250GW up to 3.2.7-210907-180535. The impacted element is an unknown function of the file /goform/formRemoteControl. The manipulation of the argument Profile results in stack-based buffer overflow. The attack can be executed remotely. The exploit h...
PT-2026-30419
Name of the Vulnerable Software and Affected Versions Tenda AC10 version 16.03.10.10 multi TDE01 Description A stack-based buffer overflow can be triggered in the fromSysToolChangePwd function located in the /bin/httpd file. This occurs through manipulation of the sys.userpass argument, allowing...
UTT HiPER 1250GW 安全漏洞
UTT HiPER 1250GW is a wireless gateway device developed by UTT Corporation. Versions of UTT HiPER 1250GW prior to 3.2.7-210907-180535 contained security vulnerabilities. These vulnerabilities were caused by incorrect handling of parameters in the file/goform/formRemoteControl, which could lead to...
Debian dla-4522 : libxml-parser-perl - security update
The remote Debian 11 host has a package installed that is affected by multiple vulnerabilities as referenced in the dla-4522 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4522-1 [email protected]...
Tenda AC10 安全漏洞
The Tenda AC10 is a wireless router produced by the Chinese company Tenda. There is a security vulnerability in the version 16.03.10.10multiTDE01 of the Tenda AC10. This vulnerability stems from incorrect handling of the parameter sys.userpass in the fromSysToolChangePwd function located in the...
GHSA-5JG4-P4QW-CGFR @stablelib/cbor: Stack exhaustion Denial of Service via deeply nested CBOR arrays, maps, or tags
Summary @stablelib/cbor decodes nested CBOR structures recursively and does not enforce a maximum nesting depth. A sufficiently deep attacker-controlled CBOR payload can therefore crash decoding with RangeError: Maximum call stack size exceeded. Details The decoder processes arrays, maps, and...
@stablelib/cbor: Stack exhaustion Denial of Service via deeply nested CBOR arrays, maps, or tags
Summary @stablelib/cbor decodes nested CBOR structures recursively and does not enforce a maximum nesting depth. A sufficiently deep attacker-controlled CBOR payload can therefore crash decoding with RangeError: Maximum call stack size exceeded. Details The decoder processes arrays, maps, and...
[SECURITY] Fedora 42 Update: python3.9-3.9.25-7.fc42
Python 3.9 package for developers. This package exists to allow developers to test their code against an older version of Python. This is not a full Python stack and if you wish to run your applications with Python 3.9, see other distributions that support it, such as CentOS or RHEL or older Fedo...
[SECURITY] Fedora 43 Update: python3.9-3.9.25-7.fc43
Python 3.9 package for developers. This package exists to allow developers to test their code against an older version of Python. This is not a full Python stack and if you wish to run your applications with Python 3.9, see other distributions that support it, such as CentOS or RHEL or older Fedo...
openSUSE 16 Security Update : kea (openSUSE-SU-2026:20452-1)
The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20452-1 advisory. Update to 3.0.3: - CVE-2025-11232: invalid characters cause assert bsc1252863. - CVE-2026-3608: stack overflow via maliciously crafted message...
Defending Buffer Overflows in WebAssembly: A Transpiler Approach
WebAssembly is quickly becoming a popular compilation target for a variety of code. However, vulnerabilities in the source languages translate to vulnerabilities in the WebAssembly binaries. This work proposes a methodology and a WebAssembly transpiler to prevent buffer overflows in the unmanaged...
GHSA-8PFC-JJGW-6G26 SandboxJS: Stack overflow DoS via deeply nested expressions in recursive descent parser
Summary The @nyariv/sandboxjs parser contains unbounded recursion in the restOfExp function and the lispify/lispifyExpr call chain. An attacker can crash any Node.js process that parses untrusted input by supplying deeply nested expressions e.g., 2000 nested parentheses, causing a RangeError:...
SandboxJS: Stack overflow DoS via deeply nested expressions in recursive descent parser
Summary The @nyariv/sandboxjs parser contains unbounded recursion in the restOfExp function and the lispify/lispifyExpr call chain. An attacker can crash any Node.js process that parses untrusted input by supplying deeply nested expressions e.g., 2000 nested parentheses, causing a RangeError:...
EUVD-2020-31212
Hirschmann HiOS devices versions prior to 08.1.00 and 07.1.01 contain a denial of service vulnerability in the EtherNet/IP stack where improper handling of packet length fields allows remote attackers to crash or hang the device. Attackers can send specially crafted UDP EtherNet/IP packets with a...
CVE-2020-37216
Hirschmann HiOS devices versions prior to 08.1.00 and 07.1.01 contain a denial of service vulnerability in the EtherNet/IP stack where improper handling of packet length fields allows remote attackers to crash or hang the device. Attackers can send specially crafted UDP EtherNet/IP packets with a...