Wavlink AC3000 internet.cgi set_qos() buffer overflow vulnerabilities

Talos Vulnerability Report TALOS-2024-2022 Wavlink AC3000 internet.cgi setqos buffer overflow vulnerabilities January 14, 2025 CVE Number CVE-2024-39768,CVE-2024-39770,CVE-2024-39769 SUMMARY Multiple buffer overflow vulnerabilities exist in the internet.cgi setqos functionality of Wavlink AC3000...

Ubuntu: Security Advisory (USN-7198-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-7198-1 rlottie vulnerabilities

Paolo Giai discovered a series of stack-based overflow vulnerabilities in the blit and grayrendercubic functions of a custom fork of the rlottie library. An attacker could possibly use this issue to leak sensitive information. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS...

CVE-2025-0349

A vulnerability classified as critical has been found in Tenda AC6 15.03.05.16. Affected is the function GetParentControlInfo of the file /goform/GetParentControlInfo. The manipulation of the argument src/mac leads to stack-based buffer overflow. It is possible to launch the attack remotely. The...

CVE-2025-0349 Tenda AC6 GetParentControlInfo stack-based overflow

A vulnerability classified as critical has been found in Tenda AC6 15.03.05.16. Affected is the function GetParentControlInfo of the file /goform/GetParentControlInfo. The manipulation of the argument src/mac leads to stack-based buffer overflow. It is possible to launch the attack remotely. The...

CVE-2025-0349

CVE-2025-0349 affects Tenda AC6 (firmware 15.03.05.16). The vulnerability is a stack-based overflow in GetParentControlInfo (/goform/GetParentControlInfo) triggered by manipulating the src/mac argument, which can be exploited remotely. Public exploit/public disclosure is noted. Other parameters m...

CVE-2025-0349 Tenda AC6 GetParentControlInfo stack-based overflow

A vulnerability classified as critical has been found in Tenda AC6 15.03.05.16. Affected is the function GetParentControlInfo of the file /goform/GetParentControlInfo. The manipulation of the argument src/mac leads to stack-based buffer overflow. It is possible to launch the attack remotely. The...

Security Bulletin: Vulnerability in XStream affect BM Spectrum Control

Summary XStream is vulnerable to denial of service, This vulnerability affect IBM Spectrum Control. Vulnerability Details CVEID:CVE-2024-47072 DESCRIPTION: XStream is vulnerable to a denial of service, caused by a stack-based buffer overflow in BinaryStreamDriver. By sending a specially crafted...

CVE-2025-0283

A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3 allows a local authenticated attacker to escalate their privileges...

CVE-2018-4301

This issue is fixed in SCSSU-201801. A potential stack based buffer overflow existed in GemaltoKeyHandle.cpp...

Smart Card Services 安全漏洞

Smart Card Services is a smart card service open-sourced by Smart Card Services. A security vulnerability exists in Smart Card Services that stems from the presence of a stack-based buffer overflow vulnerability...

Ivanti Policy Secure 22.x <= 22.7R1.2 Local Privilege Escalation (CVE-2025-0283)

The version of Ivanti Policy Secure installed on the remote host is 22.x prior or equal to 22.7R1.2 Build 1485. It is, therefore, affected by a local privilege escalation vulnerability: - A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before...

Ivanti Connect Secure 9.x / 22.x < 22.7R2.5 Local Privilege Escalation (CVE-2025-0283)

The Ivanti Connect Secure install on the remote host is 9.x, or 22.x prior to 22.7R2.5. It is, therefore, affected by a local privilege escalation vulnerability: - A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and...

Ivanti Connect Secure 22.7R2.x < 22.7R2.5 Remote Code Execution (CVE-2025-0282)

The Ivanti Connect Secure install on the remote host is 22.7R2.x prior to 22.7R2.5. It is, therefore, affected by a remote code execution vulnerability: - A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neuro...

CVE-2024-45542 Stack-based Buffer Overflow in WLAN Windows Host

Memory corruption when IOCTL call is invoked from user-space to write board data to WLAN driver...

PT-2025-34647 · Libbiosig +1 · Libbiosig +1

Name of the Vulnerable Software and Affected Versions: libbiosig versions 3.9.0 through Master Branch 35a819fa Description: A stack-based buffer overflow vulnerability exists in the MFER parsing functionality. A specially crafted MFER file can lead to arbitrary code execution. The vulnerability...

PT-2025-22999 · Gimp +1 · Gimp +1

Name of the Vulnerable Software and Affected Versions: GIMP affected versions not specified Description: A flaw was found in GIMP. The ani load image function is vulnerable to a stack-based overflow. Opening .ANI files may allow GIMP to store more information than its capacity allows. This flaw...

PT-2025-39346

Name of the Vulnerable Software and Affected Versions GIMP affected versions not specified Description The GIMP software contains a stack-based buffer overflow in the ILBM file parsing functionality. This issue could allow for remote code execution. Recommendations At the moment, there is no...

PT-2024-17902 · Ashlar Vellum · Ashlar-Vellum Cobalt

Name of the Vulnerable Software and Affected Versions: Ashlar-Vellum Cobalt affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this issue, where the...

(0Day) Ashlar-Vellum Cobalt AR File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing o...