Total
2048 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-21137 | 1 Omron | 1 Cx-one | 2024-09-16 | 7.8 High |
| Omron CX-One Versions 4.60 and prior are vulnerable to a stack-based buffer overflow while processing specific project files, which may allow an attacker to execute arbitrary code. | ||||
| CVE-2021-1159 | 1 Cisco | 9 Application Extension Platform, Rv110w, Rv110w Firmware and 6 more | 2024-09-16 | 7.2 High |
| Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities. | ||||
| CVE-2021-1163 | 1 Cisco | 9 Application Extension Platform, Rv110w, Rv110w Firmware and 6 more | 2024-09-16 | 7.2 High |
| Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities. | ||||
| CVE-2023-32973 | 1 Qnap | 3 Qts, Quts Hero, Qutscloud | 2024-09-16 | 3.8 Low |
| A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.0.1.2425 build 20230609 and later QTS 5.1.0.2444 build 20230629 and later QTS 4.5.4.2467 build 20230718 and later QuTS hero h5.0.1.2515 build 20230907 and later QuTS hero h5.1.0.2424 build 20230609 and later QuTS hero h4.5.4.2476 build 20230728 and later QuTScloud c5.1.0.2498 and later | ||||
| CVE-2021-1340 | 1 Cisco | 12 Rv016 Multi-wan Vpn Router, Rv016 Multi-wan Vpn Router Firmware, Rv042 Dual Wan Vpn Router and 9 more | 2024-09-16 | 7.2 High |
| Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. These vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. | ||||
| CVE-2021-31383 | 1 Juniper | 2 Junos, Junos Os Evolved | 2024-09-16 | 7.5 High |
| In Point to MultiPoint (P2MP) scenarios within established sessions between network or adjacent neighbors the improper use of a source to destination copy write operation combined with a Stack-based Buffer Overflow on certain specific packets processed by the routing protocol daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved sent by a remote unauthenticated network attacker causes the RPD to crash causing a Denial of Service (DoS). Continued receipt and processing of these packets will create a sustained Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS 19.2 versions prior to 19.2R3-S2; 19.3 versions prior to 19.3R2-S6, 19.3R3-S2; 19.4 versions prior to 19.4R1-S4, 19.4R2-S4, 19.4R3-S3; 20.1 versions prior to 20.1R2-S2, 20.1R3; 20.2 versions prior to 20.2R2-S3, 20.2R3; 20.3 versions prior to 20.3R2. This issue does not affect Juniper Networks Junos OS versions prior to 19.2R1. Juniper Networks Junos OS Evolved 20.1 versions prior to 20.1R3-EVO; 20.2 versions prior to 20.2R3-EVO; 20.3 versions prior to 20.3R2-EVO. | ||||
| CVE-2024-1151 | 4 Debian, Fedoraproject, Linux and 1 more | 5 Debian Linux, Fedora, Linux Kernel and 2 more | 2024-09-16 | 5.5 Medium |
| A vulnerability was reported in the Open vSwitch sub-component in the Linux Kernel. The flaw occurs when a recursive operation of code push recursively calls into the code block. The OVS module does not validate the stack depth, pushing too many frames and causing a stack overflow. As a result, this can lead to a crash or other related issues. | ||||
| CVE-2021-32040 | 1 Mongodb | 1 Mongodb | 2024-09-16 | 6.5 Medium |
| It may be possible to have an extremely long aggregation pipeline in conjunction with a specific stage/operator and cause a stack overflow due to the size of the stack frames used by that stage. If an attacker could cause such an aggregation to occur, they could maliciously crash MongoDB in a DoS attack. This vulnerability affects MongoDB Server v4.4 versions prior to and including 4.4.28, MongoDB Server v5.0 versions prior to 5.0.4 and MongoDB Server v4.2 versions prior to 4.2.16. Workaround: >= v4.2.16 users and all v4.4 users can add the --setParameter internalPipelineLengthLimit=50 instead of the default 1000 to mongod at startup to prevent a crash. | ||||
| CVE-2018-8839 | 1 Deltaww | 1 Pmsoft | 2024-09-16 | 7.8 High |
| Delta PMSoft versions 2.10 and prior have multiple stack-based buffer overflow vulnerabilities where a .ppm file can introduce a value larger than is readable by PMSoft's fixed-length stack buffer. This can cause the buffer to be overwritten, which may allow arbitrary code execution or cause the application to crash. CVSS v3 base score: 7.1; CVSS vector string: AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H. Delta Electronics recommends affected users update to at least PMSoft v2.11, which was made available as of March 22, 2018, or the latest available version. | ||||
| CVE-2021-1180 | 1 Cisco | 8 Rv110w, Rv110w Firmware, Rv130 and 5 more | 2024-09-16 | 7.2 High |
| Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities. | ||||
| CVE-2021-1193 | 1 Cisco | 9 Application Extension Platform, Rv110w, Rv110w Firmware and 6 more | 2024-09-16 | 7.2 High |
| Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities. | ||||
| CVE-2022-35690 | 1 Adobe | 1 Coldfusion | 2024-09-16 | 9.8 Critical |
| Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction, the vulnerability is triggered when a crafted network packet is sent to the server. | ||||
| CVE-2021-1336 | 1 Cisco | 12 Rv016 Multi-wan Vpn Router, Rv016 Multi-wan Vpn Router Firmware, Rv042 Dual Wan Vpn Router and 9 more | 2024-09-16 | 7.2 High |
| Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. These vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. | ||||
| CVE-2021-43556 | 1 Fatek | 1 Winproladder | 2024-09-16 | 7.8 High |
| FATEK WinProladder Versions 3.30_24518 and prior are vulnerable to a stack-based buffer overflow while processing project files, which may allow an attacker to execute arbitrary code. | ||||
| CVE-2022-29496 | 1 Blynk | 1 Blynk-library | 2024-09-16 | 9.8 Critical |
| A stack-based buffer overflow vulnerability exists in the BlynkConsole.h runCommand functionality of Blynk -Library v1.0.1. A specially-crafted network request can lead to command execution. An attacker can send a network request to trigger this vulnerability. | ||||
| CVE-2021-42705 | 1 We-con | 1 Plc Editor | 2024-09-16 | 7.8 High |
| PLC Editor Versions 1.3.8 and prior is vulnerable to a stack-based buffer overflow while processing project files, which may allow an attacker to execute arbitrary code. | ||||
| CVE-2021-21540 | 1 Dell | 1 Idrac9 Firmware | 2024-09-16 | 5.9 Medium |
| Dell EMC iDRAC9 versions prior to 4.40.00.00 contain a stack-based overflow vulnerability. A remote authenticated attacker could potentially exploit this vulnerability to overwrite configuration information by injecting arbitrarily large payload. | ||||
| CVE-2021-26567 | 2 Faad2 Project, Synology | 8 Faad2, Diskstation Manager, Diskstation Manager Unified Controller and 5 more | 2024-09-16 | 7.8 High |
| Stack-based buffer overflow vulnerability in frontend/main.c in faad2 before 2.2.7.1 allow local attackers to execute arbitrary code via filename and pathname options. | ||||
| CVE-2021-39847 | 2 Adobe, Debian | 2 Xmp Toolkit Software Development Kit, Debian Linux | 2024-09-16 | 7.8 High |
| XMP Toolkit SDK version 2020.1 (and earlier) is affected by a stack-based buffer overflow vulnerability potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file. | ||||
| CVE-2018-14802 | 1 Fujielectric | 7 Frenic-ace, Frenic-eco, Frenic-mega and 4 more | 2024-09-16 | N/A |
| Fuji Electric FRENIC LOADER v3.3 v7.3.4.1a of FRENIC-Mini (C1), FRENIC-Mini (C2), FRENIC-Eco, FRENIC-Multi, FRENIC-MEGA, FRENIC-Ace. The program does not properly check user-supplied comments which may allow for arbitrary remote code execution. | ||||