34187 matches found
CVE-2025-7623
CVE-2025-7623 affects the SMASH-CLP shell on the BMC firmware OS. The root cause is a stack-based overflow in a 260-byte stack buffer, exploitable by an authenticated attacker who has SSH access to the BMC. An attacker can craft a SMASH command to overwrite the return address and registers, poten...
EUVD-2025-197951
Stack-based buffer overflow in the SMASH-CLP shell. An authenticated attacker with SSH access to the BMC can exploit a stack buffer overflow via a crafted SMASH command, overwrite the return address and registers, and achieve arbitrary code execution on the BMC firmware operating system...
CVE-2025-7623 Supermicro BMC SMASH services has a Stack-based buffer overflow vulnerability
Stack-based buffer overflow in the SMASH-CLP shell. An authenticated attacker with SSH access to the BMC can exploit a stack buffer overflow via a crafted SMASH command, overwrite the return address and registers, and achieve arbitrary code execution on the BMC firmware operating system...
Stack-based Buffer Overflow
Overview Affected versions of this package are vulnerable to Stack-based Buffer Overflow via the gnutlspkcs11tokeninit function. An attacker can cause a crash or potentially execute arbitrary code by supplying a PKCS11 token with a label longer than 32 characters, leading to writing past the end ...
PT-2025-47244
Name of the Vulnerable Software and Affected Versions SMASH-CLP shell affected versions not specified Description A stack-based buffer overflow exists in the SMASH-CLP shell. An authenticated attacker with SSH access to the Baseboard Management Controller BMC can exploit this issue by providing a...
PT-2025-47249
Name of the Vulnerable Software and Affected Versions Supermicro BMC versions affected versions not specified Description A stack buffer overflow exists in the Supermicro BMC Shared library. An authenticated attacker with access to the BMC can exploit a stack buffer via a crafted header,...
Rockwell Automation Arena Stack Buffer Overflow Vulnerability
Rockwell Automation Arena is a discrete-event simulation and automation software from Rockwell Automation USA. Rockwell Automation Arena suffers from a stack buffer overflow vulnerability that originates when the program fails to properly validate the length and size of input data, which could be...
Linksys E1200 Stack Buffer Overflow Vulnerability (CNVD-2026-00025)
The Linksys E1200 is a router from Linksys USA. The Linksys E1200 suffers from a stack buffer overflow vulnerability that can be exploited by an attacker to cause the execution of arbitrary code or a denial of service...
Linksys E1200 Stack Buffer Overflow Vulnerability (CNVD-2026-00024)
The Linksys E1200 is a router from Linksys USA. The Linksys E1200 suffers from a stack buffer overflow vulnerability that can be exploited by an attacker to cause the execution of arbitrary code or a denial of service...
Fortinet FortiOS 缓冲区错误漏洞
Fortinet FortiOS is a set of security operating system dedicated to the FortiGate network security platform from the U.S. company Fiat Fortinet. The system provides users with a variety of security features such as firewall, antivirus, IPSec/SSLVPN, Web content filtering and anti-spam. A buffer...
TOTOLINK A720R Stack Buffer Overflow Vulnerability
TOTOLINK A720R is a wireless router from China's Gion Electronics TOTOLINK with dual-band Wi-Fi capabilities, focusing on high-speed internet and signal coverage. The TOTOLINK A720R suffers from a stack buffer overflow vulnerability that stems from a failure to properly validate the length size o...
PT-2025-47250
Name of the Vulnerable Software and Affected Versions Supermicro BMC versions affected versions not specified Description A stack buffer overflow vulnerability exists in the web function of the Supermicro BMC on the Supermicro MBD-X13SEDW-F. An attacker gaining access to the BMC Web server can...
SuperMicro BMC 安全漏洞
SuperMicro BMC is a firmware from SuperMicro USA used in devices such as servers, top-of-rack switches or RAID devices. A security vulnerability exists in the SuperMicro BMC that stems from a stack buffer overflow in the BMC Web function that could lead to arbitrary code execution...
Supermicro BMC Firmware 安全漏洞
Supermicro BMC Firmware is a system firmware from Supermicro Corporation USA. A security vulnerability exists in Supermicro BMC Firmware that originates from a stack buffer overflow that could lead to arbitrary code execution...
Fortinet Fortigate Stack buffer overflow in CAPWAP daemon (FG-IR-25-632)
The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-25-632 advisory. - A stack-based buffer overflow in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2 all version...
GnuTLS -- Stack write buffer overflow
GnuTLS reports: When a PKCS11 token is initialized with gnutlspkcs11tokeninit function and it is passed a token label longer than 32 characters, it may write past the boundary of stack allocated memory...
CVE-2025-13191
A vulnerability was determined in D-Link DIR-816L 206b09beta. This issue affects the function soapcgimain of the file /soap.cgi. This manipulation causes stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized. This...
CVE-2025-13189
A vulnerability has been found in D-Link DIR-816L 206b09beta. This affects the function genacgimain of the file gena.cgi. The manipulation of the argument SERVERID/HTTPSID leads to stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been disclosed to th...
CVE-2025-13188
A vulnerability was detected in D-Link DIR-816L 206b09beta. Affected by this vulnerability is the function authenticationcgimain of the file /authentication.cgi. Performing manipulation of the argument Password results in stack-based buffer overflow. Remote exploitation of the attack is possible...
CVE-2025-11918
Rockwell Automation Arena® suffers from a stack-based buffer overflow vulnerability. The specific flaw exists within the parsing of DOE files. Local attackers are able to exploit this issue to potentially execute arbitrary code on affected installations of Arena®. Exploiting the vulnerability...