Security Bulletin: Multiple vulnerabilities affect IBM Db2® REST

Summary IBM has released the below fix for IBM Db2® REST in response to multiple vulnerabilities found in multiple components. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2021-35942 DESCRIPTION: GNU C Library aka glibc could allow a local attacker to obtain sensitive...

Security Bulletin: IBM Storage Fusion is vulnerable to denial of service due to Apache Commons Compress and ion-java.

Summary commons-compress and ion-java is used by IBM Storage Fusion as part of the Backup and Restore service and may be vulnerable to the CVEs listed below. CVE-2024-26308, CVE-2024-25710, CVE-2024-21634. Vulnerability Details CVEID:CVE-2024-26308 DESCRIPTION: Apache Commons Compress is vulnerab...

PT-2024-3674 · D Link · D-Link Dir-822

Name of the Vulnerable Software and Affected Versions: D-Link DIR-822+ version 1.0.5 Description: The issue is related to a stack-based buffer overflow vulnerability in the SetNetworkTomographySettings module of the D-Link DIR-822+ wireless router's firmware. This vulnerability can be exploited b...

CVE-2023-35748

D-Link DAP-2622 DDP Firmware Upgrade Server IPv6 Address Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit...

CVE-2024-4497 Tenda i21 formexeCommand stack-based overflow

A vulnerability was found in Tenda i21 1.0.0.144656. It has been declared as critical. This vulnerability affects the function formexeCommand. The manipulation of the argument cmdinput leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to th...

CVE-2024-4497 Tenda i21 formexeCommand stack-based overflow

A vulnerability was found in Tenda i21 1.0.0.144656. It has been declared as critical. This vulnerability affects the function formexeCommand. The manipulation of the argument cmdinput leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to th...

CVE-2024-4496 Tenda i21 formWifiMacFilterSet stack-based overflow

A vulnerability was found in Tenda i21 1.0.0.144656. It has been classified as critical. This affects the function formWifiMacFilterSet. The manipulation of the argument ssidIndex leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed ...

CVE-2024-4496 Tenda i21 formWifiMacFilterSet stack-based overflow

A vulnerability was found in Tenda i21 1.0.0.144656. It has been classified as critical. This affects the function formWifiMacFilterSet. The manipulation of the argument ssidIndex leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed ...

CVE-2024-4495 Tenda i21 formWifiMacFilterGet stack-based overflow

A vulnerability was found in Tenda i21 1.0.0.144656 and classified as critical. Affected by this issue is the function formWifiMacFilterGet. The manipulation of the argument index leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the publ...

CVE-2024-4495 Tenda i21 formWifiMacFilterGet stack-based overflow

A vulnerability was found in Tenda i21 1.0.0.144656 and classified as critical. Affected by this issue is the function formWifiMacFilterGet. The manipulation of the argument index leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the publ...

CVE-2024-4494 Tenda i21 setUplinkInfo formSetUplinkInfo stack-based overflow

A vulnerability has been found in Tenda i21 1.0.0.144656 and classified as critical. Affected by this vulnerability is the function formSetUplinkInfo of the file /goform/setUplinkInfo. The manipulation of the argument pingHostIp2 leads to stack-based buffer overflow. The attack can be launched...

CVE-2024-4493 Tenda i21 formSetAutoPing stack-based overflow

A vulnerability, which was classified as critical, was found in Tenda i21 1.0.0.144656. Affected is the function formSetAutoPing. The manipulation of the argument ping1/ping2 leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the...

CVE-2024-4492 Tenda i21 setStaOffline formOfflineSet stack-based overflow

A vulnerability, which was classified as critical, has been found in Tenda i21 1.0.0.144656. This issue affects the function formOfflineSet of the file /goform/setStaOffline. The manipulation of the argument GO/ssidIndex leads to stack-based buffer overflow. The attack may be initiated remotely...

CVE-2024-4491 Tenda i21 formGetDiagnoseInfo stack-based overflow

A vulnerability classified as critical was found in Tenda i21 1.0.0.144656. This vulnerability affects the function formGetDiagnoseInfo. The manipulation of the argument cmdinput leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the publ...

CVE-2024-4491 Tenda i21 formGetDiagnoseInfo stack-based overflow

A vulnerability classified as critical was found in Tenda i21 1.0.0.144656. This vulnerability affects the function formGetDiagnoseInfo. The manipulation of the argument cmdinput leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the publ...

CVE-2023-51624

D-Link DCS-8300LHV2 RTSP ValidateAuthorizationHeader Nonce Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DCS-8300LHV2 IP cameras. Authentication is not required to...

CVE-2023-51627

D-Link DCS-8300LHV2 ONVIF Duration Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DCS-8300LHV2 IP cameras. Although authentication is required to exploit this...

CVE-2023-51619

D-Link DIR-X3260 prog.cgi SetMyDLinkRegistration Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-X3260 routers. Authentication is required to exploit this...

CVE-2023-51615

D-Link DIR-X3260 prog.cgi SetQuickVPNSettings PSK Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-X3260 routers. Authentication is required to exploit this...

CVE-2023-51614

D-Link DIR-X3260 prog.cgi SetQuickVPNSettings Password Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-X3260 routers. Authentication is required to exploit this...