Filtered by vendor Tcl Subscriptions
Total 48 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2022-24016 1 Tcl 1 Linkhub Mesh Wifi Ac1200 2024-09-16 9.8 Critical
A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted configuration value can lead to a buffer overflow. An attacker can modify a configuration value to trigger this vulnerability.This vulnerability represents all occurances of the buffer overflow vulnerability within the mesh_status_check binary.
CVE-2022-26009 1 Tcl 1 Linkhub Mesh Wifi Ac1200 2024-09-16 9.8 Critical
A stack-based buffer overflow vulnerability exists in the confsrv ucloud_set_node_location functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted network packet can lead to stack-based buffer overflow. An attacker can send a malicious packet to trigger this vulnerability.
CVE-2023-43481 1 Tcl 1 Browser Tv Web - Browsehere 2024-08-27 9.8 Critical
An issue in Shenzhen TCL Browser TV Web BrowseHere (aka com.tcl.browser) 6.65.022_dab24cc6_231221_gp allows a remote attacker to execute arbitrary JavaScript code via the com.tcl.browser.portal.browse.activity.BrowsePageActivity component.
CVE-2007-4772 5 Canonical, Debian, Postgresql and 2 more 6 Ubuntu Linux, Debian Linux, Postgresql and 3 more 2024-08-07 N/A
The regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows context-dependent attackers to cause a denial of service (infinite loop) via a crafted regular expression.
CVE-2019-7163 1 Tcl 2 Alcatel Linkzone, Alcatel Linkzone Firmware 2024-08-04 N/A
The web interface of Alcatel LINKZONE MW40-V-V1.0 MW40_LU_02.00_02 devices is vulnerable to an authentication bypass that allows an unauthenticated user to have access to the web interface without knowing the administrator's password.
CVE-2020-28055 1 Tcl 14 32s330, 32s330 Firmware, 40s330 and 11 more 2024-08-04 7.8 High
A vulnerability in the TCL Android Smart TV series V8-R851T02-LF1 V295 and below and V8-T658T01-LF1 V373 and below by TCL Technology Group Corporation allows a local unprivileged attacker, such as a malicious App, to read & write to the /data/vendor/tcl, /data/vendor/upgrade, and /var/TerminalManager directories within the TV file system. An attacker, such as a malicious APK or local unprivileged user could perform fake system upgrades by writing to the /data/vendor/upgrage folder.
CVE-2020-27403 1 Tcl 14 32s330, 32s330 Firmware, 40s330 and 11 more 2024-08-04 6.5 Medium
A vulnerability in the TCL Android Smart TV series V8-R851T02-LF1 V295 and below and V8-T658T01-LF1 V373 and below by TCL Technology Group Corporation allows an attacker on the adjacent network to arbitrarily browse and download sensitive files over an insecure web server running on port 7989 that lists all files & directories. An unprivileged remote attacker on the adjacent network, can download most system files, leading to serious critical information disclosure. Also, some TV models and/or FW versions may expose the webserver with the entire filesystem accessible on another port. For example, nmap scan for all ports run directly from the TV model U43P6046 (Android 8.0) showed port 7983 not mentioned in the original CVE description, but containing the same directory listing of the entire filesystem. This webserver is bound (at least) to localhost interface and accessible freely to all unprivileged installed apps on the Android such as a regular web browser. Any app can therefore read any files of any other apps including Android system settings including sensitive data such as saved passwords, private keys etc.
CVE-2021-35331 1 Tcl 1 Tcl 2024-08-04 7.8 High
In Tcl 8.6.11, a format string vulnerability in nmakehlp.c might allow code execution via a crafted file. NOTE: multiple third parties dispute the significance of this finding