Ivanti Connect Secure, Policy Secure, and ZTA Gateways Stack-Based Buffer Overflow Vulnerability

Ivanti Connect Secure, Policy Secure, and ZTA Gateways contains a stack-based buffer overflow vulnerability that allows a remote unauthenticated attacker to achieve remote code execution...

CVE-2025-3161 Tenda AC10 ShutdownSetAdd stack-based overflow

A vulnerability was found in Tenda AC10 16.03.10.13 and classified as critical. This issue affects the function ShutdownSetAdd of the file /goform/ShutdownSetAdd. The manipulation of the argument list leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been...

CVE-2025-3161

The CVE-2025-3161 issue affects Tenda AC10 (firmware 16.03.10.13) in the ShutdownSetAdd routine (/goform/ShutdownSetAdd). The vulnerability arises from improper handling of an argument list, leading to a stack-based buffer overflow. Impact is described as remote, with the potential to execute arb...

CVE-2024-54808

Netgear WNR854T 1.5.2 North America contains a stack-based buffer overflow vulnerability in the SetDefaultConnectionService function due to an unconstrained use of sscanf. The vulnerability allows for control of the program counter and can be utilized to achieve arbitrary code execution...

CVE-2024-54809

Netgear Inc WNR854T 1.5.2 North America contains a stack-based buffer overflow vulnerability in the parsestheader function due to use of a request header parameter in a strncpy where size is determined based on the input specified. By sending a specially crafted packet, an attacker can take contr...

EulerOS 2.0 SP13 : binutils (EulerOS-SA-2025-1329)

According to the versions of the binutils package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : https://www.gnu.org/software/binutils/ nm =2.43 is affected by: Incorrect Access Control. The type of exploitation is: local. The component is: n...

CVE-2025-3007

A vulnerability was found in Novastar CX40 up to 2.44.0. It has been rated as critical. This issue affects the function getopt of the file /usr/nova/bin/netconfig of the component NetFilter Utility. The manipulation of the argument cmd/netmask/pipeout/nettask leads to stack-based buffer overflow...

CVE-2025-3007

CVE-2025-3007 affects Novastar CX40 (up to 2.44.0) in the NetFilter Utility, specifically the /usr/nova/bin/netconfig getopt function. The underlying issue is a stack-based buffer overflow caused by manipulation of arguments (cmd, netmask, pipeout, nettask). The advisory notes that the exploit ha...

CVE-2024-54808

Netgear WNR854T 1.5.2 North America contains a stack-based buffer overflow vulnerability in the SetDefaultConnectionService function due to an unconstrained use of sscanf. The vulnerability allows for control of the program counter and can be utilized to achieve arbitrary code execution...

CVE-2024-54802

In Netgear WNR854T 1.5.2 North America, the UPNP service /usr/sbin/upnp is vulnerable to stack-based buffer overflow in the M-SEARCH Host header...

CVE-2024-54802

The CVE-2024-54802 entry concerns Netgear WNR854T firmware version 1.5.2 (North America). The UPNP service at /usr/sbin/upnp is reported vulnerable to a stack-based buffer overflow via the M-SEARCH Host header. Public descriptions indicate potential to execute arbitrary code or cause a denial of ...

Amazon Linux 2023 : libxml2, libxml2-devel, libxml2-static (ALAS2023-2025-896)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-896 advisory. libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c. To exploit this, a crafted XML document must...

Security Bulletin: IBM InfoSphere Information Server is affected by a vulnerability in XStream (CVE-2024-47072)

Summary A vulnerability in XStream that is used by InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2024-47072 DESCRIPTION: XStream is vulnerable to a denial of service, caused by a stack-based buffer overflow in BinaryStreamDriver. By sending a specially crafted binar...

CVE-2025-2837 Silicon Labs Gecko OS HTTP Request Handling Stack-based Buffer Overflow Remote Code Execution Vulnerability

Silicon Labs Gecko OS HTTP Request Handling Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Silicon Labs Gecko OS. Authentication is not required to exploit this...

CVE-2025-2621

A vulnerability was found in D-Link DAP-1620 1.03 and classified as critical. This issue affects the function checkdwscookie of the file /storage. The manipulation of the argument uid leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the...

CVE-2021-26105

A stack-based buffer overflow vulnerability CWE-121 in the profile parser of FortiSandbox version 3.2.2 and below, version 3.1.4 and below may allow an authenticated attacker to potentially execute unauthorized code or commands via specifically crafted HTTP requests...

CVE-2025-2620

A vulnerability has been found in D-Link DAP-1620 1.03 and classified as critical. This vulnerability affects the function modgraphauthurihandler of the file /storage of the component Authentication Handler. The manipulation leads to stack-based buffer overflow. The attack can be initiated...

CVE-2025-30472

A flaw was found in Corosync. In affected versions, a stack-based buffer overflow may be triggered via a large UDP packet in configurations where encryption is disabled or if an attacker knows the encryption key. This issue can lead to an application crash or other undefined behavior. Mitigation ...

CVE-2025-2621

A vulnerability was found in D-Link DAP-1620 1.03 and classified as critical. This issue affects the function checkdwscookie of the file /storage. The manipulation of the argument uid leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the...

CVE-2025-2621

The CVE-2025-2621 entry concerns D-Link DAP-1620 (firmware ~1.03). A stack-based buffer overflow in the check_dws_cookie function under /storage is triggered by manipulating the uid argument; remote exploitation is indicated and public disclosure exists. The affected devices are noted as no longe...