231 matches found
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: iio: backend: make sure to NULL terminate the stack buffer Make sure to NULL terminate the buffer in iiobackend DebugfsWriteReg before passing it to sscan. It is a stack variable, so we should not assume that it will be initializ...
CVE-2026-7372
A stack overflow vulnerability exists in the WebCam Server Login functionality of GeoVision GV-VMS V20 20.0.2. A specially crafted HTTP request can lead to an arbitrary code execution. An attacker can make an unauthenticated HTTP request to trigger this vulnerability. Stack-overflow via...
CVE-2026-7372
A stack overflow vulnerability exists in the WebCam Server Login functionality of GeoVision GV-VMS V20 20.0.2. A specially crafted HTTP request can lead to an arbitrary code execution. An attacker can make an unauthenticated HTTP request to trigger this vulnerability. Stack-overflow via...
EUVD-2026-26864
A stack overflow vulnerability exists in the WebCam Server Login functionality of GeoVision GV-VMS V20 20.0.2. A specially crafted HTTP request can lead to an arbitrary code execution. An attacker can make an unauthenticated HTTP request to trigger this vulnerability. Stack-overflow via...
CVE-2026-7372 GeoVision GV-VMS V20 WebCam Server Login stack overflow vulnerability
A stack overflow vulnerability exists in the WebCam Server Login functionality of GeoVision GV-VMS V20 20.0.2. A specially crafted HTTP request can lead to an arbitrary code execution. An attacker can make an unauthenticated HTTP request to trigger this vulnerability. Stack-overflow via...
CVE-2026-7372
CVE-2026-7372 affects GeoVision GV-VMS V20 20.0.2, specifically the WebCam Server Login functionality. A stack overflow is triggered by an unconstrained sscanf when parsing the Authorization string, where username or password extracted content may exceed 40 characters, overwriting the stack. The ...
PT-2026-36741
Name of the Vulnerable Software and Affected Versions GeoVision GV-VMS V20 version 20.0.2 Description A stack overflow exists in the WebCam Server Login functionality. An unauthenticated attacker can send a specially crafted HTTP request to trigger the issue, potentially leading to arbitrary code...
EUVD-2026-23786
A stack-based buffer overflow vulnerability was found in the VPN Clients on the ADM. The issue stems from the use of unbounded sscanf and passing user-controlled data directly to printf. Due to the lack of PIE and Stack Canary protections, an authenticated remote attacker can exploit these to...
CVE-2026-6643
A stack-based buffer overflow vulnerability was found in the VPN Clients on the ADM. The issue stems from the use of unbounded sscanf and passing user-controlled data directly to printf. Due to the lack of PIE and Stack Canary protections, an authenticated remote attacker can exploit these to...
CVE-2026-6643 A stack-based buffer overflow vulnerability in the VPN Clients on the ADM
A stack-based buffer overflow vulnerability was found in the VPN Clients on the ADM. The issue stems from the use of unbounded sscanf and passing user-controlled data directly to printf. Due to the lack of PIE and Stack Canary protections, an authenticated remote attacker can exploit these to...
ASUSTOR ADM 安全漏洞
ASUSTOR ADM is a dedicated operating system developed by ASUSTOR Technology ASUSTOR for all ASUSTOR NAS devices. Vulnerabilities exist in versions 4.1.0 to 4.3.3.RR42, and 5.0.0 to 5.1.2.REO1 of ASUSTOR ADM. These vulnerabilities stem from the use of the unbounded sscanf function by the VPN clien...
CVE-2026-24110
An issue was discovered in Tenda W20E V4.0brV15.11.0.6. Attackers may send overly long addDhcpRules data. When these rules enter the addDhcpRule function and are processed by ret = sscanfpRule, " %d\t%^\t\t%^\n\r\t", &dhcpsIndex, dhcpsIP, dhcpsMac;, the lack of size validation for the rules could...
CVE-2026-24111
An issue was discovered in Tenda W20E V4.0brV15.11.0.6. Attackers may exploit the vulnerability by specifying the value of userInfo. When userInfo is passed into the addAuthUser function and processed by sscanf without size validation, it could lead to buffer overflow...
CVE-2026-24111
An issue was discovered in Tenda W20E V4.0brV15.11.0.6. Attackers may exploit the vulnerability by specifying the value of userInfo. When userInfo is passed into the addAuthUser function and processed by sscanf without size validation, it could lead to buffer overflow...
CVE-2026-24111
An issue was discovered in Tenda W20E V4.0brV15.11.0.6. Attackers may exploit the vulnerability by specifying the value of userInfo. When userInfo is passed into the addAuthUser function and processed by sscanf without size validation, it could lead to buffer overflow...
PT-2026-22601
Name of the Vulnerable Software and Affected Versions Tenda W20E version 4.0br V15.11.0.6 Description An issue exists in Tenda W20E firmware where improper input validation can lead to a buffer overflow. Attackers can exploit this by manipulating the userInfo variable. Specifically, when the...
EUVD-2026-9183
An issue was discovered in Tenda W20E V4.0brV15.11.0.6. Attackers may exploit the vulnerability by specifying the value of userInfo. When userInfo is passed into the addAuthUser function and processed by sscanf without size validation, it could lead to buffer overflow...
CVE-2026-24112
An issue was discovered in Tenda W20E V4.0brV15.11.0.6. Attackers may exploit the vulnerability by specifying the value of userInfo. When userInfo is passed into the addWewifiWhiteUser function and processed by sscanf without size validation, it could lead to a buffer overflow vulnerability...
EUVD-2026-9184
An issue was discovered in Tenda W20E V4.0brV15.11.0.6. Attackers may exploit the vulnerability by specifying the value of userInfo. When userInfo is passed into the addWewifiWhiteUser function and processed by sscanf without size validation, it could lead to a buffer overflow vulnerability...
CVE-2026-24110
An issue was discovered in Tenda W20E V4.0brV15.11.0.6. Attackers may send overly long addDhcpRules data. When these rules enter the addDhcpRule function and are processed by ret = sscanfpRule, " %d\t%^\t\t%^\n\r\t", &dhcpsIndex, dhcpsIP, dhcpsMac;, the lack of size validation for the rules could...