Total
2779 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-51148 | 1 Trendnet | 2 Tew-821dap, Tew-821dap Firmware | 2025-05-27 | N/A | 8.0 HIGH |
| An issue in TRENDnet Trendnet AC1200 Dual Band PoE Indoor Wireless Access Point TEW-821DAP v.3.00b06 allows an attacker to execute arbitrary code via the 'mycli' command-line interface component. | |||||
| CVE-2024-37641 | 1 Trendnet | 2 Tew-814dap, Tew-814dap Firmware | 2025-05-27 | N/A | 8.8 HIGH |
| TRENDnet TEW-814DAP v1_(FW1.01B01) was discovered to contain a stack overflow via the submit-url parameter at /formNewSchedule | |||||
| CVE-2024-37643 | 1 Trendnet | 2 Tew-814dap, Tew-814dap Firmware | 2025-05-27 | N/A | 8.8 HIGH |
| TRENDnet TEW-814DAP v1_(FW1.01B01) was discovered to contain a stack overflow vulnerability via the submit-url parameter at /formPasswordAuth . | |||||
| CVE-2024-37645 | 1 Trendnet | 2 Tew-814dap, Tew-814dap Firmware | 2025-05-27 | N/A | 8.8 HIGH |
| TRENDnet TEW-814DAP v1_(FW1.01B01) was discovered to contain a stack overflow vulnerability via the submit-url parameter at /formSysLog . | |||||
| CVE-2023-40486 | 1 Nemetschek | 1 Cinema 4d | 2025-05-27 | N/A | 7.8 HIGH |
| Maxon Cinema 4D SKP File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Maxon Cinema 4D. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SKP files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-21434. | |||||
| CVE-2023-40484 | 1 Nemetschek | 1 Cinema 4d | 2025-05-27 | N/A | 7.8 HIGH |
| Maxon Cinema 4D SKP File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Maxon Cinema 4D. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SKP files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-21432. | |||||
| CVE-2023-40485 | 1 Nemetschek | 1 Cinema 4d | 2025-05-27 | N/A | 7.8 HIGH |
| Maxon Cinema 4D SKP File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Maxon Cinema 4D. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SKP files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-21433. | |||||
| CVE-2025-45514 | 1 Tenda | 2 Fh451, Fh451 Firmware | 2025-05-27 | N/A | 6.5 MEDIUM |
| Tenda FH451 V1.0.0.9 has a stack overflow vulnerability in the function.frmL7ImForm. | |||||
| CVE-2025-4810 | 1 Tenda | 2 Ac7, Ac7 Firmware | 2025-05-24 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was found in Tenda AC7 15.03.06.44. It has been declared as critical. Affected by this vulnerability is the function formSetRebootTimer of the file /goform/SetRebootTimer. The manipulation of the argument reboot_time leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-4809 | 1 Tenda | 2 Ac7, Ac7 Firmware | 2025-05-24 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was found in Tenda AC7 15.03.06.44. It has been classified as critical. Affected is the function fromSafeSetMacFilter of the file /goform/setMacFilterCfg. The manipulation of the argument deviceList leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-45862 | 1 Totolink | 2 A3002r, A3002r Firmware | 2025-05-24 | N/A | 6.5 MEDIUM |
| TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow via the interfacenameds parameter in the formDhcpv6s interface. | |||||
| CVE-2025-45513 | 1 Tenda | 2 Fh451, Fh451 Firmware | 2025-05-24 | N/A | 9.8 CRITICAL |
| Tenda FH451 V1.0.0.9 has a stack overflow vulnerability in the function.P2pListFilter. | |||||
| CVE-2022-40151 | 1 Xstream | 1 Xstream | 2025-05-23 | N/A | 6.5 MEDIUM |
| Those using Xstream to seralize XML data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack. | |||||
| CVE-2022-40152 | 2 Fasterxml, Xstream | 2 Woodstox, Xstream | 2025-05-23 | N/A | 6.5 MEDIUM |
| Those using Woodstox to parse XML data may be vulnerable to Denial of Service attacks (DOS) if DTD support is enabled. If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack. | |||||
| CVE-2022-41966 | 1 Xstream | 1 Xstream | 2025-05-23 | N/A | 8.2 HIGH |
| XStream serializes Java objects to XML and back again. Versions prior to 1.4.20 may allow a remote attacker to terminate the application with a stack overflow error, resulting in a denial of service only via manipulation the processed input stream. The attack uses the hash code implementation for collections and maps to force recursive hash calculation causing a stack overflow. This issue is patched in version 1.4.20 which handles the stack overflow and raises an InputManipulationException instead. A potential workaround for users who only use HashMap or HashSet and whose XML refers these only as default map or set, is to change the default implementation of java.util.Map and java.util per the code example in the referenced advisory. However, this implies that your application does not care about the implementation of the map and all elements are comparable. | |||||
| CVE-2025-4544 | 1 Dlink | 2 Di-8100, Di-8100 Firmware | 2025-05-22 | 6.8 MEDIUM | 6.6 MEDIUM |
| A vulnerability was found in D-Link DI-8100 up to 16.07.26A1 and classified as critical. This issue affects some unknown processing of the file /ddos.asp of the component jhttpd. The manipulation of the argument def_max/def_time/def_tcp_max/def_tcp_time/def_udp_max/def_udp_time/def_icmp_max leads to stack-based buffer overflow. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. | |||||
| CVE-2025-40634 | 2025-05-21 | N/A | N/A | ||
| Stack-based buffer overflow vulnerability in the 'conn-indicator' binary running as root on the TP-Link Archer AX50 router, in firmware versions prior to 1.0.15 build 241203 rel61480. This vulnerability allows an attacker to execute arbitrary code on the device over LAN and WAN networks. | |||||
| CVE-2025-41426 | 2025-05-21 | N/A | 9.8 CRITICAL | ||
| Affected Vertiv products contain a stack based buffer overflow vulnerability. An attacker could exploit this vulnerability to gain code execution on the device. | |||||
| CVE-2025-4883 | 1 Dlink | 2 Di-8100g, Di-8100g Firmware | 2025-05-21 | 8.3 HIGH | 7.2 HIGH |
| A vulnerability was found in D-Link DI-8100 16.07.26A1. It has been declared as critical. This vulnerability affects the function ctxz_asp of the file /ctxz.asp of the component Connection Limit Page. The manipulation of the argument def/defTcp/defUdp/defIcmp/defOther leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-1876 | 1 Dlink | 2 Dap-1562, Dap-1562 Firmware | 2025-05-21 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability, which was classified as critical, has been found in D-Link DAP-1562 1.10. Affected by this issue is the function http_request_parse of the component HTTP Header Handler. The manipulation of the argument Authorization leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. | |||||