Ivanti Avalanche WLAvalancheService Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche. Authentication is not required to exploit this vulnerability. The specific flaw exists within the WLAvalancheService. The issue results from the lack of proper validation of the...

D-Link DIR-X3260 prog.cgi SetAPClientSettings Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-X3260 routers. Authentication is required to exploit this vulnerability. The specific flaw exists within the prog.cgi binary, which handles HNAP requests made to the lighttpd...

Ivanti Avalanche WLAvalancheService Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche. Authentication is not required to exploit this vulnerability. The specific flaw exists within the WLAvalancheService. The issue results from the lack of proper validation of the...

D-Link DIR-X3260 prog.cgi SetTriggerPPPoEValidate Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-X3260 routers. Authentication is required to exploit this vulnerability. The specific flaw exists within the prog.cgi binary, which handles HNAP requests made to the lighttpd...

CVE-2023-37293

AMI’s SPx contains a vulnerability in the BMC where an Attacker may cause a stack-based buffer overflow via an adjacent network. A successful exploitation of this vulnerability may lead to a loss of confidentiality, integrity, and/or availability...

Stack overflow

AMI’s SPx contains a vulnerability in the BMC where an Attacker may cause a stack-based buffer overflow via an adjacent network. A successful exploitation of this vulnerability may lead to a loss of confidentiality, integrity, and/or availability...

CVE-2023-37293 stack-based buffer overflow

AMI’s SPx contains a vulnerability in the BMC where an Attacker may cause a stack-based buffer overflow via an adjacent network. A successful exploitation of this vulnerability may lead to a loss of confidentiality, integrity, and/or availability...

CVE-2023-37293 stack-based buffer overflow

AMI’s SPx contains a vulnerability in the BMC where an Attacker may cause a stack-based buffer overflow via an adjacent network. A successful exploitation of this vulnerability may lead to a loss of confidentiality, integrity, and/or availability...

CVE-2023-3043 Stack-based Buffer Overflow BMC

AMI’s SPx contains a vulnerability in the BMC where an Attacker may cause a stack-based buffer overflow via an adjacent network. A successful exploitation of this vulnerability may lead to a loss of confidentiality, integrity, and/or availability...

CVE-2023-3043

CVE-2023-3043 affects AMI MegaRAC SPx BMC, where a stack-based buffer overflow can be triggered over an adjacent network. The vulnerability in the SPx firmware could lead to confidentiality, integrity, and availability losses. Reported CVSS vectors indicate high to critical impact (CVSS v3.1: AV:...

CVE-2023-49236

A stack-based buffer overflow was discovered on TRENDnet TV-IP1314PI 5.5.3 200714 devices, leading to arbitrary command execution. This occurs because of lack of length validation during an sscanf of a user-entered scale field in the RTSP playback function of davinci...

CVE-2023-7220

A vulnerability was found in Totolink NR1800X 9.1.0u.6279B20210910 and classified as critical. Affected by this issue is the function loginAuth of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument password leads to stack-based buffer overflow. The attack may be launched remotely. Th...

Stack Based Buffer Overflow

gpac/gpac is vulnerable to SBuffer Overflow. The vulnerability is caused due to missing checks for the lineSize within the gftextgetutf8line function. This can potentially lead to a Denial of Service DoS attack...

CVE-2023-7220

CVE-2023-7220 affects Totolink NR1800X running 9.1.0u.6279_B20210910. The vulnerability is in the function loginAuth of /cgi-bin/cstecgi.cgi; manipulation of the password argument leads to a stack-based buffer overflow. The issue can be exploited remotely and, per sources, the exploit has been di...

CVE-2023-7219

The CVE-2023-7219 entry affects Totolink N350RT (v9.3.5u.6139_B202012) via the loginAuth function in /cgi-bin/cstecgi.cgi. The root cause is a stack-based buffer overflow caused by manipulation of the http_host argument, enabling a remote attacker to potentially execute arbitrary code. Public exp...

Siemens Teamcenter Visualization and JT2Go

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

CVE-2023-49236

A stack-based buffer overflow was discovered on TRENDnet TV-IP1314PI 5.5.3 200714 devices, leading to arbitrary command execution. This occurs because of lack of length validation during an sscanf of a user-entered scale field in the RTSP playback function of davinci...

CVE-2023-49236

CVE-2023-49236 affects TRENDnet TV-IP1314PI devices running version 5.5.3 200714. A stack-based buffer overflow occurs due to lack of length validation when parsing a user-entered scale field in the RTSP playback function of the internal module (davinci), enabling arbitrary command execution. Mul...

CVE-2023-7218

Summary: CVE-2023-7218 affects Totolink N350RT, specifically the loginAuth function in /cgi-bin/cstecgi.cgi. The vulnerability is a stack-based buffer overflow triggered by manipulating the password parameter, with remote exploit potential in the affected firmware version 9.3.5u.6139_B202012. Mul...

CVE-2023-38583

A stack-based buffer overflow vulnerability exists in the LXT2 lxt2rdexpandintegertobits function of GTKWave 3.3.115. A specially crafted .lxt2 file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger this vulnerability...