CVE-2024-2709

The CVE-2024-2709 vulnerability affects Tenda AC10U firmware 15.03.06.49. A stack-based buffer overflow is triggered by manipulating the argument list in the fromSetRouteStatic function of /goform/SetStaticRouteCfg, allowing remote execution with no user interaction. Multiple sources confirm the ...

CVE-2024-2708

CVE-2024-2708 affects Tenda AC10U, specifically the /goform/execCommand formexeCommand function. The vulnerability stems from a stack-based buffer overflow triggered by manipulating the cmdinput argument, potentially allowing a remote attacker to execute arbitrary code on the device. Public explo...

CVE-2024-2705

A vulnerability, which was classified as critical, has been found in Tenda AC10U 1.0/15.03.06.49. Affected by this issue is the function formSetQosBand of the file /goform/SetNetControlList. The manipulation of the argument list leads to stack-based buffer overflow. The attack may be launched...

CVE-2024-2706

CVE-2024-2706 affects Tenda AC10U 15.03.06.49. The vulnerability is a stack-based overflow in the formWifiWpsStart function located in /goform/WifiWpsStart, triggered by manipulating the index argument. It enables remote initiation of an attack and has been publicly disclosed. Multiple sources (N...

CVE-2024-2705

CVE-2024-2705 affects Tenda AC10U 1.0/15.03.06.49. The vulnerability is a stack-based overflow in the formSetQosBand function of /goform/SetNetControlList caused by manipulation of the list argument, potentially enabling a remote attacker to compromise confidentiality, integrity, and availability...

CVE-2024-2704

CVE-2024-2704 affects Tenda AC10U (firmware 15.03.06.49). The vulnerable code path is formSetFirewallCfg in /goform/SetFirewallCfg, where manipulating the firewallEn argument triggers a stack-based buffer overflow. The description states the attack can be launched remotely and that the exploit ha...

CVE-2024-2581

A vulnerability was found in Tenda AC10 16.03.10.13 and classified as critical. This issue affects the function fromSetRouteStatic of the file /goform/SetStaticRouteCfg. The manipulation of the argument list leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit h...

CVE-2024-2581

The CVE-2024-2581 vulnerability affects Tenda AC10 firmware 16.03.10.13, specifically the fromSetRouteStatic() function in /goform/SetStaticRouteCfg. The issue is a stack-based buffer overflow triggered by manipulating the list parameter, permitting remote exploitation. Multiple sources confirm i...

CVE-2024-2581 Tenda AC10 SetStaticRouteCfg fromSetRouteStatic stack-based overflow

A vulnerability was found in Tenda AC10 16.03.10.13 and classified as critical. This issue affects the function fromSetRouteStatic of the file /goform/SetStaticRouteCfg. The manipulation of the argument list leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit h...

CVE-2023-52159

A stack-based buffer overflow vulnerability in gross 0.9.3 through 1.x before 1.0.4 allows remote attackers to trigger a denial of service grossd daemon crash or potentially execute arbitrary code in grossd via crafted SMTP transaction parameters that cause an incorrect strncat for a log entry...

Mageia: Security Advisory (MGASA-2024-0064)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2023-52159

A stack-based buffer overflow vulnerability in gross 0.9.3 through 1.x before 1.0.4 allows remote attackers to trigger a denial of service grossd daemon crash or potentially execute arbitrary code in grossd via crafted SMTP transaction parameters that cause an incorrect strncat for a log entry...

Cisco IP Phones Web-based Management Interface Stack-based Buffer Overflow (CVE-2023-20079)

Multiple vulnerabilities in the web-based management interface of certain Cisco IP Phones could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service DoS condition. For more information about these vulnerabilities, see the Details section of this advisor...

CVE-2024-2558

A vulnerability was found in Tenda AC18 15.03.05.05. It has been rated as critical. This issue affects the function formexeCommand of the file /goform/execCommand. The manipulation of the argument cmdinput leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has...

CVE-2024-2558

CVE-2024-2558 affects Tenda AC18, version 15.03.05.05. A stack-based buffer overflow in formexeCommand (file /goform/execCommand) is triggered by the cmdinput parameter, potentially allowing remote code execution and impacting confidentiality, integrity, and availability. Sources consistently des...

CVE-2024-2547

A vulnerability was found in Tenda AC18 15.03.05.05 and classified as critical. Affected by this issue is the function R7WebsSecurityHandler. The manipulation of the argument password leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the...

CVE-2024-2547 Tenda AC18 R7WebsSecurityHandler stack-based overflow

A vulnerability was found in Tenda AC18 15.03.05.05 and classified as critical. Affected by this issue is the function R7WebsSecurityHandler. The manipulation of the argument password leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the...

CVE-2024-2547

CVE-2024-2547 affects Tenda AC18, version 15.03.05.05, specifically the R7WebsSecurityHandler. The issue is a stack‑based buffer overflow triggered by manipulating the password argument, and the attack is network‑based with the potential for remote exploitation. Publicly disclosed exploit informa...

CVE-2024-2546

A vulnerability has been found in Tenda AC18 15.13.07.09 and classified as critical. Affected by this vulnerability is the function fromSetWirelessRepeat. The manipulation of the argument wpapskcrypto5g leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has bee...

Security Bulletin: IBM App Connect Enterprise is vulnerable to a denial of service due to json-path [CVE-2023-51074]

Summary The Transformation Advisor Tool in IBM App Connect Enterprise is vulnerable to a denial of service due to json-path. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2023-51074 DESCRIPTION: json-path is vulnerable to a denial of...