966 matches found
SUSE-SU-2026:2642-1 Security update for apache-commons-configuration2, apache-commons-text
This update for apache-commons-configuration2, apache-commons-text fixes the following issues - CVE-2026-45205: uncontrolled recursion leads to StackOverflowError when processing specially crafted configuration files bsc1265299. Changes for apache-commons-configuration2: - Upgrade to version...
Astra Linux – Vulnerability in ORC
A stack-based buffer overflow vulnerability exists in orcparse.c of ORC versions prior to 0.4.39. If a developer is tricked into processing a specially crafted file using the affected ORC compiler, arbitrary code may be executed on the developer’s build environment. This may result in compromise ...
Oj: Stack Buffer Overflow in Oj::Doc#each_child via Deeply Nested Input
Summary Oj::Doceachchild, when invoked recursively over a deeply nested JSON document, overflows a fixed-size stack buffer and aborts the process. This is a denial of service reachable from untrusted JSON. Details Two-step chain in ext/oj/fast.c: 1. doceachchild line 1501 increments doc-where pas...
EUVD-2026-38051
Tenda AC7 v15.03.06.44 contains a stack buffer overflow vulnerability in the /goform/AdvSetMacMtuWan interface via the mac parameter...
CVE-2026-12221 Yealink SIP-T46U Firmware Chunk Upload upgrade sprintf stack-based overflow
A vulnerability was found in Yealink SIP-T46U 108.86.0.118. This impacts the function sprintf of the file /api/upgrade/upgrade of the component Firmware Chunk Upload Handler. Performing a manipulation of the argument uid/startoffset results in stack-based buffer overflow. The attack needs to be...
CVE-2026-36771
Shenzhen Tenda Technology Co., Ltd Tenda W3 Wireless Router v1.0.0.32204 was discovered to contain a stack overflow in the wlradio parameter of the formwrlSSIDset function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted input...
CVE-2026-10120
A vulnerability was detected in TRENDnet TEW-432BRP 3.10B20. The affected element is the function formSetFirewallRule of the file /goform/formSetFirewallRule. The manipulation of the argument firewallname results in stack-based buffer overflow. The attack can be executed remotely. The exploit is...
EUVD-2026-32581
go-ipld-prime is an implementation of the InterPlanetary Linked Data IPLD spec interfaces, a batteries-included codec implementations of IPLD for CBOR and JSON, and tooling for basic operations on IPLD objects. Prior to 0.23.0, the DAG-CBOR and DAG-JSON decoders recurse on each nested map or list...
EUVD-2018-21868
10-Strike Network Inventory Explorer 8.54 contains a stack-based buffer overflow vulnerability in the registration key input field that allows local attackers to execute arbitrary code by triggering a structured exception handler overwrite. Attackers can craft a malicious registration key string...
EUVD-2026-27163
An issue was discovered in Nix before 2.34.7 and Lix before 2.95.2. Unbounded recursion in the NAR Nix Archive parser could lead to a stack-to-heap overflow when the parser is run on a coroutine stack. The stack is allocated without a guard page, which means that a stack overflow could overwrite...
PT-2026-45096
Name of the Vulnerable Software and Affected Versions TRENDnet TEW-432BRP version 3.10B20 Description A stack-based buffer overflow occurs due to the manipulation of the filter name argument within the formSetMACFilter function located in the /goform/formSetMACFilter file. This allows for remote...
CVE-2026-5544
A security flaw has been discovered in UTT HiPER 1250GW up to 3.2.7-210907-180535. The impacted element is an unknown function of the file /goform/formRemoteControl. The manipulation of the argument Profile results in stack-based buffer overflow. The attack can be executed remotely. The exploit h...
iccDEV 安全漏洞
iccDEV is an open-source color configuration code library developed by the International Color Consortium. Versions of iccDEV prior to 2.3.1.6 contained security vulnerabilities; these vulnerabilities stemmed from stack overflows during the processing of custom ICC configuration files, which coul...
CVE-2026-4212
A security vulnerability has been detected in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. This affects the function...
PT-2026-28666
Name of the Vulnerable Software and Affected Versions Tenda AC5 version 15.03.06.47 Description A flaw exists in the function formQuickIndex located in the file /goform/QuickIndex within the POST Request Handler component. Manipulation of the PPPOEPassword argument can lead to a stack-based buffe...
GPAC 安全漏洞
GPAC is an open-source multimedia framework developed by GPAC. Versions of GPAC 2.5-DEV-rev2167-gcc9d617c0-master and earlier versions have security vulnerabilities. These vulnerabilities stem from incorrect handling of the parameter szName in the file src/scenemanager/swfparse.c, which may lead ...
CVE-2025-54820
A Stack-based Buffer Overflow vulnerability CWE-121 vulnerability in Fortinet FortiManager 7.4.0 through 7.4.2, FortiManager 7.2.0 through 7.2.10, FortiManager 6.4 all versions may allow a remote unauthenticated attacker to execute unauthorized commands via crafted requests, if the service is...
CVE-2026-3630
Delta Electronics COMMGR2 has Stack-based Buffer Overflow vulnerability...
EUVD-2025-208420
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetWANWizard534...
EUVD-2025-208422
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formdumpeasysetup...