CVE-2024-39357

CVE-2024-39357 describes a stack-based buffer overflow in the Wavlink AC3000 wireless.cgi SetName() functionality. TALOS confirms affected device: Wavlink AC3000 M33A8.V5030.210505, where input from the POST parameter NewName is copied to the heap with no length check and then to the stack via st...

CVE-2024-39357

A stack-based buffer overflow vulnerability exists in the wireless.cgi SetName functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability...

CVE-2024-39359

A stack-based buffer overflow vulnerability exists in the wireless.cgi DeleteMac functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability...

CVE-2024-39603

A stack-based buffer overflow vulnerability exists in the wireless.cgi setwifibasicmesh functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability...

CVE-2024-39603

A stack-based buffer overflow vulnerability exists in the wireless.cgi setwifibasicmesh functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability...

CVE-2025-0349

A vulnerability classified as critical has been found in Tenda AC6 15.03.05.16. Affected is the function GetParentControlInfo of the file /goform/GetParentControlInfo. The manipulation of the argument src/mac leads to stack-based buffer overflow. It is possible to launch the attack remotely. The...

CVE-2025-0349

CVE-2025-0349 affects Tenda AC6 (firmware 15.03.05.16). The vulnerability is a stack-based overflow in GetParentControlInfo (/goform/GetParentControlInfo) triggered by manipulating the src/mac argument, which can be exploited remotely. Public exploit/public disclosure is noted. Other parameters m...

Security Bulletin: Vulnerability in XStream affect BM Spectrum Control

Summary XStream is vulnerable to denial of service, This vulnerability affect IBM Spectrum Control. Vulnerability Details CVEID:CVE-2024-47072 DESCRIPTION: XStream is vulnerable to a denial of service, caused by a stack-based buffer overflow in BinaryStreamDriver. By sending a specially crafted...

CVE-2025-0283

A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3 allows a local authenticated attacker to escalate their privileges...

CVE-2018-4301

This issue is fixed in SCSSU-201801. A potential stack based buffer overflow existed in GemaltoKeyHandle.cpp...

Ivanti Policy Secure 22.x <= 22.7R1.2 Local Privilege Escalation (CVE-2025-0283)

The version of Ivanti Policy Secure installed on the remote host is 22.x prior or equal to 22.7R1.2 Build 1485. It is, therefore, affected by a local privilege escalation vulnerability: - A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before...

Ivanti Connect Secure 9.x / 22.x < 22.7R2.5 Local Privilege Escalation (CVE-2025-0283)

The Ivanti Connect Secure install on the remote host is 9.x, or 22.x prior to 22.7R2.5. It is, therefore, affected by a local privilege escalation vulnerability: - A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and...

Ivanti Connect Secure 22.7R2.x < 22.7R2.5 Remote Code Execution (CVE-2025-0282)

The Ivanti Connect Secure install on the remote host is 22.7R2.x prior to 22.7R2.5. It is, therefore, affected by a remote code execution vulnerability: - A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neuro...

CVE-2024-45542 Stack-based Buffer Overflow in WLAN Windows Host

Memory corruption when IOCTL call is invoked from user-space to write board data to WLAN driver...

(0Day) Ashlar-Vellum Cobalt AR File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing o...

CBL Mariner 2.0 Security Update: iptraf-ng (CVE-2024-52949)

The version of iptraf-ng installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-52949 advisory. - iptraf-ng 1.2.1 has a stack-based buffer overflow. In src/ifaces.c, the strcpy function consistently fail...

CVE-2024-52949

iptraf-ng 1.2.1 has a stack-based buffer overflow. In src/ifaces.c, the strcpy function consistently fails to control the size, and it is consequently possible to overflow memory on the stack...

CVE-2024-52949

iptraf-ng 1.2.1 has a stack-based buffer overflow. In src/ifaces.c, the strcpy function consistently fails to control the size, and it is consequently possible to overflow memory on the stack...

AutomationDirect C-More EA9 EAP9 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of AutomationDirect C-More EA9. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Amazon Linux 2022 : vim-common, vim-data, vim-default-editor (ALAS2022-2021-005)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2022-2021-005 advisory. vim is vulnerable to Heap-based Buffer Overflow CVE-2021-3903 A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to...