(0Day) Ashlar-Vellum Cobalt STP File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing o...

Tenda W9 out-of-bounds write vulnerability (CNVD-2024-13546)

Tenda W9 is a wireless in-wall access point from Tenda, China. An out-of-bounds write vulnerability exists in Tenda W9 version 1.0.0.7, which is caused by a stack-based buffer overflow in the ssidIndex parameter of the formQosManageauto function. An attacker can exploit this vulnerability to inje...

Tenda W9 out-of-bounds write vulnerability (CNVD-2024-14371)

Tenda W9 is a wireless in-wall access point from Tenda, China. An out-of-bounds write vulnerability exists in Tenda W9 version 1.0.0.7, which is caused by a stack-based buffer overflow in the sysRulenEn parameter of the formAddSysLogRule function. An attacker can exploit this vulnerability to...

Tenda W9 out-of-bounds write vulnerability (CNVD-2024-14373)

Tenda W9 is a wireless in-wall access point from Tenda, China. An out-of-bounds write vulnerability exists in Tenda W9 version 1.0.0.7, which is caused by a stack-based buffer overflow in the ssidIndex parameter of the setWrlBasicInfo function. An attacker can exploit this vulnerability to inject...

Delta Electronics CNCSoft-B DPA File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-B. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Tox: Remote Code Execution

Background Tox is easy-to-use software that connects you with friends and family without anyone else listening in. Description A vulnerability has been discovered in btrbk. Please review the CVE identifier referenced below for details. Impact A stack-based buffer overflow allows remote attackers ...

CVE-2024-1941

Delta Electronics CNCSoft-B is affected by CVE-2024-1941: stack-based buffer overflow in CNCSoft-B versions 1.0.0.4 and prior that can allow arbitrary code execution. Affected component is the CNCSoft-B software itself; root cause is a stack-based overflow due to input length validation failures....

Delta Electronics CNCSoft-B

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION : Low attack complexity Vendor : Delta Electronics Equipment : CNCSoft-B Vulnerability : Stack-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code. 3...

CentOS 9 : tmux-3.2a-4.el9

The remote CentOS Linux 9 host has a package installed that is affected by a vulnerability as referenced in the tmux-3.2a-4.el9 build changelog. - In tmux before version 3.1c the function inputcsidispatchsgrcolon in file input.c contained a stack- based buffer-overflow that can be exploited by...

CVE-2024-1847

Heap-based Buffer Overflow, Memory Corruption, Out-Of-Bounds Read, Out-Of-Bounds Write, Stack-based Buffer Overflow, Type Confusion, Uninitialized Variable, Use-After-Free vulnerabilities exist in the file reading procedure in eDrawings from Release SOLIDWORKS 2023 through Release SOLIDWORKS 2024...

Heap overflow

Heap-based Buffer Overflow, Memory Corruption, Out-Of-Bounds Read, Out-Of-Bounds Write, Stack-based Buffer Overflow, Type Confusion, Uninitialized Variable, Use-After-Free vulnerabilities exist in the file reading procedure in eDrawings from Release SOLIDWORKS 2023 through Release SOLIDWORKS 2024...

Security Bulletin: Json-path is vulnerable to CVE-2023-51074 used in IBM Maximo Application Suite - Monitor Component

Summary IBM Maximo Application Suite - Monitor Component uses json-path which is vulnerable to CVE-2023-51074. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2023-51074 DESCRIPTION: json-path is vulnerable to a denial of service, caused by...

CVE-2024-25751

A Stack Based Buffer Overflow vulnerability in Tenda AC9 v.3.0 with firmware version v.15.03.06.42multi allows a remote attacker to execute arbitrary code via the fromSetSysTime function...

CVE-2024-1783

A vulnerability classified as critical has been found in Totolink LR1200GB 9.1.0u.6619B20230130/9.3.5u.6698B20230810. Affected is the function loginAuth of the file /cgi-bin/cstecgi.cgi of the component Web Interface. The manipulation of the argument httphost leads to stack-based buffer overflow...

Stack overflow

Stack Based Buffer Overflow vulnerability in Tenda AC9 v.3.0 with firmware version v.15.03.06.42multi allows a remote attacker to execute arbitrary code via the addwhitenode function...

CVE-2024-25753

CVE-2024-25753 affects the Tenda AC9 router (v3.0) with firmware v15.03.06.42_multi. The vulnerability is a stack-based buffer overflow in the formSetDeviceName function, enabling a remote attacker to execute arbitrary code. The published metrics indicate a high-impact, adjacent-attack-vector sce...

CVE-2024-25753

Stack Based Buffer Overflow vulnerability in Tenda AC9 v.3.0 with firmware version v.15.03.06.42multi allows a remote attacker to execute arbitrary code via the formSetDeviceName function...

CVE-2024-25748

The CVE-2024-25748 entry describes a stack-based buffer overflow in the Tenda AC9 AC9 v3.0 firmware (v15.03.06.42_multi) affecting the fromSetIpMacBind function. The root cause is a stack overflow that allows remote code execution with high impact: confidentiality, integrity, and availability are...

CVE-2024-25756

CVE-2024-25756 describes a stack-based buffer overflow in the Tenda AC9 v3.0 firmware (version v.15.03.06.42_multi) triggered by the formWifiBasicSet function. The vulnerability allows a remote attacker to execute arbitrary code, with high impact on confidentiality, integrity, and availability. A...

Amazon Linux 2023 : cifs-utils, cifs-utils-devel, cifs-utils-info (ALAS2023-2024-530)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-530 advisory. A stack-based buffer overflow issue was found in pifs-utils. Parsing the mount.cifs ip command-line argument can lead to local attackers gaining root privileges. CVE-2022-27239 A flaw was found...