Total
13459 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-34570 | 1 Tenda | 2 Ac10, Ac10 Firmware | 2025-01-06 | N/A | 6.7 MEDIUM |
|
Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via parameter devName at /goform/SetOnlineDevName.
|
|||||
| CVE-2023-34569 | 1 Tenda | 2 Ac10, Ac10 Firmware | 2025-01-06 | N/A | 6.7 MEDIUM |
|
Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via parameter list at /goform/SetNetControlList.
|
|||||
| CVE-2023-34567 | 1 Tenda | 2 Ac10, Ac10 Firmware | 2025-01-06 | N/A | 6.7 MEDIUM |
|
Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via parameter list at /goform/SetVirtualServerCfg.
|
|||||
| CVE-2023-33658 | 1 Emqx | 1 Nanomq | 2025-01-06 | N/A | 7.5 HIGH |
|
A heap buffer overflow vulnerability exists in NanoMQ 0.17.2. The vulnerability can be triggered by calling the function nni_msg_get_pub_pid() in the file message.c. An attacker could exploit this vulnerability to cause a denial of service attack.
|
|||||
| CVE-2023-34624 | 1 Htmlcleaner Project | 1 Htmlcleaner | 2025-01-06 | N/A | 7.5 HIGH |
|
An issue was discovered htmlcleaner thru = 2.28 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies.
|
|||||
| CVE-2023-34614 | 1 Jsonij Project | 1 Jsonij | 2025-01-06 | N/A | 7.5 HIGH |
|
An issue was discovered jmarsden/jsonij thru 0.5.2 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies.
|
|||||
| CVE-2023-34613 | 1 Sojo Project | 1 Sojo | 2025-01-06 | N/A | 7.5 HIGH |
|
An issue was discovered sojo thru 1.1.1 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies.
|
|||||
| CVE-2023-34612 | 1 Ph-json Project | 1 Ph-json | 2025-01-06 | N/A | 7.5 HIGH |
|
An issue was discovered ph-json thru 9.5.5 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies.
|
|||||
| CVE-2023-34611 | 1 Mjson Project | 1 Mjson | 2025-01-06 | N/A | 7.5 HIGH |
|
An issue was discovered mjson thru 1.4.1 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies.
|
|||||
| CVE-2023-34610 | 1 Json-io Project | 1 Json-io | 2025-01-06 | N/A | 7.5 HIGH |
|
An issue was discovered json-io thru 4.14.0 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies.
|
|||||
| CVE-2023-34609 | 1 Flexjson Project | 1 Flexjson | 2025-01-06 | N/A | 7.5 HIGH |
|
An issue was discovered flexjson thru 3.3 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies.
|
|||||
| CVE-2023-34364 | 1 Progress | 1 Datadirect Odbc Oracle Wire Protocol Driver | 2025-01-06 | N/A | 9.8 CRITICAL |
|
A buffer overflow was discovered in Progress DataDirect Connect for ODBC before 08.02.2770 for Oracle. An overly large value for certain options of a connection string may overrun the buffer allocated to process the string value. This allows an attacker to execute code of their choice on an affected host by copying carefully selected data that will be executed as code.
|
|||||
| CVE-2023-37712 | 1 Tenda | 6 Ac1206, Ac1206 Firmware, F1202 and 3 more | 2025-01-06 | N/A | 9.8 CRITICAL |
|
Tenda AC1206 V15.03.06.23, F1202 V1.2.0.20(408), and FH1202 V1.2.0.20(408) were discovered to contain a stack overflow in the page parameter in the fromSetIpBind function.
|
|||||
| CVE-2023-28478 | 1 Tp-link | 2 Ec70, Ec70 Firmware | 2025-01-06 | N/A | 8.8 HIGH |
|
TP-Link EC-70 devices through 2.3.4 Build 20220902 rel.69498 have a Buffer Overflow.
|
|||||
| CVE-2023-34940 | 1 Asus | 2 Rt-n10lx, Rt-n10lx Firmware | 2025-01-06 | N/A | 7.5 HIGH |
|
Asus RT-N10LX Router v2.0.0.39 was discovered to contain a stack overflow via the url parameter at /start-apply.html. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
|
|||||
| CVE-2023-48229 | 1 Contiki-ng | 1 Contiki-ng | 2025-01-06 | N/A | 7.0 HIGH |
|
Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. An out-of-bounds write exists in the driver for IEEE 802.15.4 radios on nRF platforms in the Contiki-NG operating system. The problem is triggered when parsing radio frames in the `read_frame` function in the `arch/cpu/nrf/net/nrf-ieee-driver-arch.c` module. More specifically, the `read_frame` function performs an incomplete validation of the payload length of the packet, which is a value that can be s ...
Show More |
|||||
| CVE-2023-29562 | 1 Tp-link | 2 Tl-wpa7510, Tl-wpa7510 Firmware | 2025-01-03 | N/A | 9.8 CRITICAL |
|
TP-Link TL-WPA7510 (EU)_V2_190125 was discovered to contain a stack overflow via the operation parameter at /admin/locale.
|
|||||
| CVE-2023-29160 | 1 Fujielectric | 1 Frenic Rhc Loader | 2025-01-03 | N/A | 7.8 HIGH |
|
Stack-based buffer overflow vulnerability exists in FRENIC RHC Loader v1.1.0.3. If a user opens a specially crafted FNE file, sensitive information on the system where the affected product is installed may be disclosed or arbitrary code may be executed.
|
|||||
| CVE-2023-34297 | 1 Santesoft | 1 Dicom Viewer Pro | 2025-01-03 | N/A | 8.8 HIGH |
|
Sante DICOM Viewer Pro JP2 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sante DICOM Viewer Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of JP2 files. The issue results from the lack of proper validation of user-supplied data, which can resu ...
Show More |
|||||
| CVE-2023-34296 | 1 Santesoft | 1 Dicom Viewer Pro | 2025-01-03 | N/A | 8.8 HIGH |
|
Sante DICOM Viewer Pro DCM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sante DICOM Viewer Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of DCM files. The issue results from the lack of proper validation of user-supplied data, which can resu ...
Show More |
|||||
| CVE-2023-34295 | 1 Santesoft | 1 Dicom Viewer Pro | 2025-01-03 | N/A | 8.8 HIGH |
|
Sante DICOM Viewer Pro DCM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sante DICOM Viewer Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of DCM files. The issue results from the lack of proper validation of user-supplied data, which can resu ...
Show More |
|||||
| CVE-2023-32133 | 1 Santesoft | 2 Dicom Editor, Dicom Viewer Pro | 2025-01-03 | N/A | 8.8 HIGH |
|
Sante DICOM Viewer Pro J2K File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sante DICOM Viewer Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of J2K images. Crafted data in a J2K image can trigger a write past the end of an allocated buffer. An a ...
Show More |
|||||
| CVE-2023-32132 | 1 Santesoft | 2 Dicom Editor, Dicom Viewer Pro | 2025-01-03 | N/A | 8.8 HIGH |
|
Sante DICOM Viewer Pro DCM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sante DICOM Viewer Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of DCM images. Crafted data in a DCM image can trigger a write past the end of an allocated buffer. An a ...
Show More |
|||||
| CVE-2023-32131 | 1 Santesoft | 2 Dicom Editor, Dicom Viewer Pro | 2025-01-03 | N/A | 8.8 HIGH |
|
Sante DICOM Viewer Pro DCM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sante DICOM Viewer Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of DCM images. Crafted data in a DCM image can trigger a write past the end of an allocated buffer. An a ...
Show More |
|||||
| CVE-2022-28550 | 1 Jhead Project | 1 Jhead | 2025-01-03 | N/A | 9.8 CRITICAL |
|
Matthias-Wandel/jhead jhead 3.06 is vulnerable to Buffer Overflow via shellescape(), jhead.c, jhead. jhead copies strings to a stack buffer when it detects a &i or &o. However, jhead does not check the boundary of the stack buffer. As a result, there will be a stack buffer overflow problem when multiple `&i` or `&o` are given.
|
|||||
| CVE-2024-11578 | 1 Luxion | 1 Keyshot | 2025-01-03 | N/A | 7.8 HIGH |
|
Luxion KeyShot 3DS File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxion KeyShot. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of 3DS files. The issue results from the lack of proper validation of the length of user-supplied data prior to ...
Show More |
|||||
| CVE-2024-13051 | 1 Ashlar | 1 Graphite | 2025-01-03 | N/A | 7.8 HIGH |
|
Ashlar-Vellum Graphite VC6 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Graphite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of VC6 files. The issue results from the lack of proper validation of the length of user-supplied ...
Show More |
|||||
| CVE-2024-13050 | 1 Ashlar | 1 Graphite | 2025-01-03 | N/A | 7.8 HIGH |
|
Ashlar-Vellum Graphite VC6 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Graphite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of VC6 files. The issue results from the lack of proper validation of the length of user-supplied ...
Show More |
|||||
| CVE-2023-27368 | 1 Netgear | 2 Rax30, Rax30 Firmware | 2025-01-03 | N/A | 8.8 HIGH |
|
NETGEAR RAX30 soap_serverd Stack-based Buffer Overflow Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RAX30 routers. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the soap_serverd binary. When parsing SOAP message headers, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based ...
Show More |
|||||
| CVE-2023-27361 | 1 Netgear | 2 Rax30, Rax30 Firmware | 2025-01-03 | N/A | 8.0 HIGH |
|
NETGEAR RAX30 rex_cgi JSON Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RAX30 routers. Authentication is required to exploit this vulnerability.
The specific flaw exists within the handling of JSON data. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An a ...
Show More |
|||||
| CVE-2023-34285 | 1 Netgear | 2 Rax30, Rax30 Firmware | 2025-01-03 | N/A | 8.8 HIGH |
|
NETGEAR RAX30 cmsCli_authenticate Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RAX30 routers. Authentication is not required to exploit this vulnerability.
The specific flaw exists within a shared library used by the telnetd service, which listens on TCP port 23 by default. The issue results from the lack of proper validation of the length of user-supplied data ...
Show More |
|||||
| CVE-2023-27369 | 1 Netgear | 2 Rax30, Rax30 Firmware | 2025-01-03 | N/A | 8.8 HIGH |
|
NETGEAR RAX30 soap_serverd Stack-based Buffer Overflow Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RAX30. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the soap_serverd binary. When parsing the request headers, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. ...
Show More |
|||||
| CVE-2023-51635 | 1 Netgear | 2 Rax30, Rax30 Firmware | 2025-01-03 | N/A | 8.8 HIGH |
|
NETGEAR RAX30 fing_dil Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RAX30 routers. Authentication is not required to exploit this vulnerability.
The specific flaw exists within fing_dil service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can lever ...
Show More |
|||||
| CVE-2023-40478 | 1 Netgear | 2 Rax30, Rax30 Firmware | 2025-01-03 | N/A | 6.8 MEDIUM |
|
NETGEAR RAX30 Telnet CLI passwd Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RAX30 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.
The specific flaw exists within the telnet CLI service, which listens on TCP port 23. The issue results from the lack of proper validation of the len ...
Show More |
|||||
| CVE-2023-34823 | 1 Fdkaac Project | 1 Fdkaac | 2025-01-03 | N/A | 5.5 MEDIUM |
|
fdkaac before 1.0.5 was discovered to contain a stack overflow in read_callback function in src/main.c.
|
|||||
| CVE-2023-34623 | 1 Jtidy Project | 1 Jtidy | 2025-01-03 | N/A | 7.5 HIGH |
|
An issue was discovered jtidy thru r938 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies.
|
|||||
| CVE-2023-34620 | 1 Hjson Project | 1 Hjson | 2025-01-03 | N/A | 7.5 HIGH |
|
An issue was discovered hjson thru 3.0.0 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies.
|
|||||
| CVE-2023-34617 | 1 Genson Project | 1 Genson | 2025-01-03 | N/A | 7.5 HIGH |
|
An issue was discovered genson thru 1.6 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies.
|
|||||
| CVE-2023-34616 | 1 Pbjson Project | 1 Pbjson | 2025-01-03 | N/A | 7.5 HIGH |
|
An issue was discovered pbjson thru 0.4.0 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies.
|
|||||
| CVE-2023-34615 | 1 Pwall | 1 Jsonutil | 2025-01-03 | N/A | 7.5 HIGH |
|
An issue was discovered JSONUtil thru 5.0 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies.
|
|||||