CVE-2023-39786

Tenda AC8V4 V16.03.34.06 was discovered to contain a stack overflow via the time parameter in the sscanf function...

CVE-2023-48194

Vulnerability in Tenda AC8v4 .V16.03.34.09 due to sscanf and the last digit of s8 being overwritten with \x0. After executing setclientqos, control over the gp register can be obtained...

CVE-2019-15900

An issue was discovered in slicer69 doas before 6.2 on certain platforms other than OpenBSD. On platforms without strtonum3, sscanf was used without checking for error cases. Instead, the uninitialized variable errstr was checked and in some cases returned success even if sscanf failed. The resul...

SUSE CVE-2025-22082

In the Linux kernel, the following vulnerability has been resolved: iio: backend: make sure to NULL terminate stack buffer Make sure to NULL terminate the buffer in iiobackenddebugfswritereg before passing it to sscanf. It is a stack variable so we should not assume it will 0 initialized...

UBUNTU-CVE-2025-22082

In the Linux kernel, the following vulnerability has been resolved: iio: backend: make sure to NULL terminate stack buffer Make sure to NULL terminate the buffer in iiobackenddebugfswritereg before passing it to sscanf. It is a stack variable so we should not assume it will 0 initialized...

CVE-2024-54808

Netgear WNR854T 1.5.2 North America contains a stack-based buffer overflow vulnerability in the SetDefaultConnectionService function due to an unconstrained use of sscanf. The vulnerability allows for control of the program counter and can be utilized to achieve arbitrary code execution...

UBUNTU-CVE-2022-49058

In the Linux kernel, the following vulnerability has been resolved: cifs: potential buffer overflow in handling symlinks Smatch printed a warning: arch/x86/crypto/poly1305glue.c:198 poly1305updatearch error: memcpy 'dctx-buf' too small 16 vs u32max It's caused because Smatch marks 'linklen' as...

CVE-2024-13503

CVE-2024-13503 affects Newtec NTC2218, NTC2250 and NTC2299 on Linux (PowerPC/ARM). A stack buffer overflow in the swdownload binary is caused by an unrestricted sscanf in the parse_INFO function, reading an incoming network packet into a fixed-size buffer. This leads to arbitrary code execution w...

CVE-2025-0518 Unchecked sscanf return value which leads to memory data leak

Unchecked Return Value, Out-of-bounds Read vulnerability in FFmpeg allows Read Sensitive Constants Within an Executable. This vulnerability is associated with program files https://github.Com/FFmpeg/FFmpeg/blob/master/libavfilter/afpan.C . This issue affects FFmpeg: 7.1. Issue was fixed: ...

CVE-2024-50259 netdevsim: Add trailing zero to terminate the string in nsim_nexthop_bucket_activity_write()

In the Linux kernel, the following vulnerability has been resolved: netdevsim: Add trailing zero to terminate the string in nsimnexthopbucketactivitywrite This was found by a static analyzer. We should not forget the trailing zero after copyfromuser if we will further do some string operations,...

Tenda AC8 Out-of-Bounds Write Vulnerability

Tenda AC8 is a dual gigabit wireless router from Tenda designed for fiber optic homes up to 1000 megabytes, supporting IPv6 protocol with intelligent network management. The Tenda AC8 suffers from an out-of-bounds write vulnerability that stems from the presence of an sscanf issue where the last...

CVE-2023-48194

Vulnerability in Tenda AC8v4 .V16.03.34.09 due to sscanf and the last digit of s8 being overwritten with \x0. After executing setclientqos, control over the gp register can be obtained...

CVE-2023-48194

Vulnerability in Tenda AC8v4 .V16.03.34.09 due to sscanf and the last digit of s8 being overwritten with \x0. After executing setclientqos, control over the gp register can be obtained...

CVE-2023-48194

Vulnerability in Tenda AC8v4 .V16.03.34.09 due to sscanf and the last digit of s8 being overwritten with \x0. After executing setclientqos, control over the gp register can be obtained...

CVE-2023-48194

CVE-2023-48194 affects Tenda AC8v4 firmware .V16.03.34.09. The vulnerability stems from an sscanf issue where the last digit of s8 can be overwritten with a null byte, enabling after set_client_qos a condition in which control over the gp register may be obtained. Connected sources corroborate th...

SUSE CVE-2024-38560

In the Linux kernel, the following vulnerability has been resolved: scsi: bfa: Ensure the copied buf is NUL terminated Currently, we allocate a nbytes-sized kernel buffer and copy nbytes from userspace to that buffer. Later, we use sscanf on this buffer but we don't ensure that the string is...

CVE-2024-29012

Stack-based buffer overflow vulnerability in the SonicOS HTTP server allows an authenticated remote attacker to cause Denial of Service DoS via sscanf function...

CVE-2024-29012

Stack-based buffer overflow vulnerability in the SonicOS HTTP server allows an authenticated remote attacker to cause Denial of Service DoS via sscanf function...

CVE-2024-29012

Stack-based buffer overflow vulnerability in the SonicOS HTTP server allows an authenticated remote attacker to cause Denial of Service DoS via sscanf function...

CVE-2024-29012

Stack-based buffer overflow vulnerability in the SonicOS HTTP server allows an authenticated remote attacker to cause Denial of Service DoS via sscanf function...