CVE-2023-49912

CVE-2023-49912 describes a stack-based buffer overflow in the TP-Link AC1350 series (EAP225 V3) and EAP115 web interfaces, exposed through the Radio Scheduling feature. The vulnerability exists in the POST endpoint /data/scheduler.association.json, where an authenticated HTTP request with a craft...

CVE-2023-49907

A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point EAP225 V3 v5.1.0 Build 20220926. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can make an...

CVE-2023-49911

Talos details CVE-2023-49911 in Tp-Link AC1350 (EAP225 V3) and EAP115 (v5.x) web interfaces. The flaw is a stack-based buffer overflow in the Radio Scheduling endpoint exposed via POST /data/scheduler.association.json. In the vulnerable code path, postScheAssocSsidDataJson routes requests with op...

CVE-2023-49909

Talos reports a stack-based buffer overflow in Tp-Link AC1350 (EAP225 V3) Web UI, specifically in the Radio Scheduling endpoint. The vulnerability (CVE-2023-49909) is triggered by crafted POST requests to /data/scheduler.association.json with operation not equal to read or load (commonly operatio...

CVE-2023-49907

A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point EAP225 V3 v5.1.0 Build 20220926. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can make an...

Adobe Illustrator < 27.9.3 / 28.0 < 28.4 Multiple Vulnerabilities (APSB24-25)

The version of Adobe Illustrator installed on the remote Windows host is prior to 27.9.3, 28.4. It is, therefore, affected by multiple vulnerabilities as referenced in the APSB24-25 advisory. - Illustrator versions 28.3, 27.9.2 and earlier are affected by an out-of-bounds write vulnerability that...

Adobe Illustrator < 27.9.3 / 28.0 < 28.4 Multiple Vulnerabilities (APSB24-25) (macOS)

The version of Adobe Illustrator installed on the remote macOS host is prior to 27.9.3, 28.4. It is, therefore, affected by multiple vulnerabilities as referenced in the APSB24-25 advisory. - Illustrator versions 28.3, 27.9.2 and earlier are affected by an out-of-bounds write vulnerability that...

Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) web interface Radio Scheduling stack-based buffer overflow vulnerability

Talos Vulnerability Report TALOS-2023-1888 Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point EAP225 V3 web interface Radio Scheduling stack-based buffer overflow vulnerability April 9, 2024 CVE Number...

Stack Based Buffer Overflow

gtkwave is vulnerable to Stack Based Buffer Overflow. The vulnerability is due to insufficient bounds checking in the fstReaderVarint32 function. Crafted .fst files, allowing attackers to execute arbitrary code execution when opened by a victim...

Stack Based Buffer Overflow

gtkwave is vulnerable to Stack Based Buffer Overflow. The vulnerability is due to insufficient bounds checking in the fstReaderVarint32WithSkip function. Crafted .fst files, allowing attackers to execute arbitrary code execution when opened by a victim...

Westermo WeOS Stack-Based Buffer Overflow (CVE-2015-7547)

An attacker that successfully masquerade as an upstream DNS server may serve the WeOS device with malicious DNS query response that can allow the attacker full unauthorized access to the device. The glibc DNS client side resolver is vulnerable to a stack-based buffer overflow when the getaddrinfo...

CVE-2024-28014

Stack-based Buffer Overflow vulnerability in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX-MS, WG1200HS, WG1200HP, WF300HP2, W300P, WF800HP, WR8165N, WG2200HP, WF1200HP2, WG1800HP2, WF1200HP, WG600HP, WG300HP, WF300HP, WG1800H...

CVE-2024-28014

Summary: CVE-2024-28014 is a stack-based buffer overflow in NEC Aterm devices (multiple WG/WR/WG18xx/WM/WF/others) that enables an attacker to execute arbitrary commands over the internet. Red Hat and JVN entries corroborate the vulnerability across many NEC Aterm model lines, including WG1800HP4...

CVE-2024-3011

CVE-2024-3011 affects Tenda FH1205 (version 2.0.0.7(775)). The vulnerability is in the function formQuickIndex of the file /goform/QuickIndex , where manipulating the PPPOEPassword parameter causes a stack-based buffer overflow . Exploitation can be performed remotely, and multiple sources note t...

Linux Kernel nft_exthdr_tcp_eval Stack-based Buffer Overflow Information Disclosure Vulnerability

This vulnerability allows local attackers to disclose sensitive information on affected installations of the Linux Kernel. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the...

CVE-2024-3010

The CVE-2024-3010 entry affects Tenda FH1205 version 2.0.0.7(775). The vulnerability is in the function formSetCfm of the file /goform/setcfm, where manipulation of the funcpara1 argument leads to a stack-based buffer overflow. The issue can be exploited remotely and the exploit has been publicly...

CVE-2024-3006

A vulnerability classified as critical was found in Tenda FH1205 2.0.0.7775. This vulnerability affects the function fromSetRouteStatic of the file /goform/fromRouteStatic. The manipulation of the argument entrys leads to stack-based buffer overflow. The attack can be initiated remotely. The...

CVE-2024-2994

A vulnerability was found in Tenda FH1203 2.0.1.6. It has been declared as critical. Affected by this vulnerability is the function GetParentControlInfo of the file /goform/GetParentControlInfo. The manipulation of the argument mac leads to stack-based buffer overflow. The attack can be launched...

CVE-2024-2993

A vulnerability was found in Tenda FH1203 2.0.1.6. It has been classified as critical. Affected is the function formQuickIndex of the file /goform/QuickIndex. The manipulation of the argument PPPOEPassword leads to stack-based buffer overflow. It is possible to launch the attack remotely. The...

CVE-2024-2994 Tenda FH1203 GetParentControlInfo stack-based overflow

A vulnerability was found in Tenda FH1203 2.0.1.6. It has been declared as critical. Affected by this vulnerability is the function GetParentControlInfo of the file /goform/GetParentControlInfo. The manipulation of the argument mac leads to stack-based buffer overflow. The attack can be launched...