In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the `data_splits` argument of `tf.raw_ops.StringNGrams` lacks validation. This allows a user to pass values that can cause heap overflow errors and even leak contents of memory In the linked code snippet, all the binary strings after `ee ff` are contents from the memory stack. Since these can contain return addresses, this data leak can be used to defeat ASLR. The issue is patched in commit 0462de5b544ed4731aa2fb23946ac22c01856b80, and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1.
A vulnerability in /goform/SetNetControlList in the sub_656BC function in Tenda AX1806 1.0.0.1 firmware leads to stack-based buffer overflow.
Softing Industrial Automation all versions prior to the latest build of version 4.47.0, The affected product is vulnerable to a heap-based buffer overflow, which may allow an attacker to remotely execute arbitrary code.
D-Link DAP-1330_OSS-firmware_1.00b21 was discovered to contain a stack overflow via the function checkvalidupgrade.
TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formIPv6Addr.
There is a stack overflow vulnerability in the /goform/setMacFilterCfg function in the httpd service of Tenda ax12 22.03.01.21_cn router. An attacker can obtain a stable shell through a carefully constructed payload
TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formSysLog.
TOTOLINK X5000R V9.1.0u.6118_B20201102 and TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the lang parameter in the function setLanguageCfg.
A heap overflow vulnerability exists in the way the GIF parser decodes LZW compressed streams in Accusoft ImageGear 19.8. A specially crafted malformed file can trigger a heap overflow, which can result in arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.
Tenda F1202 V1.0BR_V1.2.0.20(408), FH1202_V1.2.0.19_EN were discovered to contain a stack overflow in the page parameter in the function frmL7ProtForm.
Tenda AX12 v22.03.01.21_CN was discovered to contain a stack overflow via the list parameter at /goform/SetNetControlList.
An out-of-bounds write vulnerability exists in the Ethernet/IP server functionality of EIP Stack Group OpENer 2.3 and development commit 8c73bf3. A specially crafted series of network requests can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability.
IrfanView B3D PlugIns before version 4.56 has a B3d.dll!+27ef heap-based out-of-bounds write.
In Morgan Stanley Hobbes through 2020-05-21, the array implementation lacks bounds checking, allowing exploitation of an out-of-bounds (OOB) read/write vulnerability that leads to both local and remote code (via RPC) execution.
An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution.
In MiniShare before 1.4.2, there is a stack-based buffer overflow via an HTTP PUT request, which allows an attacker to achieve arbitrary code execution, a similar issue to CVE-2018-19861, CVE-2018-19862, and CVE-2019-17601. NOTE: this product is discontinued.
Irzip v0.640 was discovered to contain a heap memory corruption via the component lrzip.c:initialise_control.
A vulnerability in the MIME message handling of the Domino server (versions 9 and 10) could potentially be exploited by an unauthenticated attacker resulting in a stack buffer overflow. This could allow a remote attacker to crash the server or inject code into the system which would execute with the privileges of the server.
TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function uninstallPluginReqHandle.
A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 15.5 and iPadOS 15.5. A malicious application may be able to elevate privileges.
Stack-based buffer overflow vulnerability in Vigor3900, Vigor2960, and Vigor300B with firmware before 1.5.1.1.
H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a stack overflow via the function DEleteusergroup.
TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. The overflow allows an unauthenticated user to execute arbitrary code by POSTing to apply_sec.cgi via the action ping_test with a sufficiently long ping_ipaddr key.
A vulnerability in the MIME message handling of the HCL Notes v9 client could potentially be exploited by an unauthenticated attacker resulting in a stack buffer overflow. This could allow a remote attacker to crash the Notes application or inject code into the system which would execute with the privileges of the currently logged-in user.
An issue was discovered on Accfly Wireless Security IR Camera System 720P with software versions v3.10.73 through v4.15.77. There is an unauthenticated stack-based buffer overflow in the function CNetClientGuard::SubOprMsg during incoming message handling.
H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a stack overflow via the function UpdateWanModeMulti.
In Xiaomi router R3600, ROM version<1.0.20, a connect service suffers from an injection vulnerability through the web interface, leading to a stack overflow or remote code execution.
In Xiaomi router R3600, ROM version<1.0.20, the connection service can be injected through the web interface, resulting in stack overflow or remote code execution.
A vulnerability in /goform/SetStaticRouteCfg in the sub_519F4 function in Tenda AX1806 1.0.0.1 firmware leads to stack-based buffer overflow.
IrfanView B3D PlugIns before version 4.56 has a B3d.dll!+214f heap-based out-of-bounds write.
An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution.
There is a stack overflow vulnerability in the SetStaticRouteCfg() function in the httpd service of Tenda AC9 15.03.2.21_cn.
A vulnerability in the MIME message handling of the Notes client (versions 9 and 10) could potentially be exploited by an unauthenticated attacker resulting in a stack buffer overflow. This could allow a remote attacker to crash the client or inject code into the system which would execute with the privileges of the client.
A memory corruption vulnerability is present in bspatch as shipped in Colin Percival’s bsdiff tools version 4.3. Insufficient checks when handling external inputs allows an attacker to bypass the sanity checks in place and write out of a dynamically allocated buffer boundaries.
An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution.
An issue was discovered in janus-gateway (aka Janus WebRTC Server) through 0.10.0. janus_sdp_merge in sdp.c has a stack-based buffer overflow.
TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formIpv6Setup.
TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function getResetVeriRegister.
jbig2_image_compose in jbig2_image.c in Artifex jbig2dec before 0.18 has a heap-based buffer overflow.
There is a stack overflow vulnerability in the SetSysTimeCfg() function in the httpd service of Tenda AC9 V15.03.2.21_cn. The attacker can obtain a stable root shell through a constructed payload.
An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution.
TP-LINK device TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin and TL-WDR7660 2.0.30 were discovered to contain a stack overflow via the function deviceInfoRegister.
Mozilla developers and community members reported memory safety bugs present in Firefox 75. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 76.
TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formWlSiteSurvey.
A memory corruption vulnerability exists in the httpd unescape functionality of Asuswrt prior to 3.0.0.4.386_48706 and Asuswrt-Merlin New Gen prior to 386.7.. A specially-crafted HTTP request can lead to memory corruption. An attacker can send a network request to trigger this vulnerability.
In nbd-server in nbd before 3.24, there is a stack-based buffer overflow. An attacker can cause a buffer overflow in the parsing of the name field by sending a crafted NBD_OPT_INFO or NBD_OPT_GO message with an large value as the length of the name.
A vulnerability in /goform/SetVirtualServerCfg in the sub_6320C function in Tenda AX1806 1.0.0.1 firmware leads to stack-based buffer overflow.
TRENDnet ProView Wireless camera TV-IP512WN 1.0R 1.0.4 is vulnerable to an unauthenticated stack-based buffer overflow in handling RTSP packets. This may result in remote code execution or denial of service. The issue is in the binary rtspd (in /sbin) when parsing a long "Authorization: Basic" RTSP header.
cbs_jpeg_split_fragment in libavcodec/cbs_jpeg.c in FFmpeg 4.1 and 4.2.2 has a heap-based buffer overflow during JPEG_MARKER_SOS handling because of a missing length check.
TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function chkResetVeriRegister.