Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a stack overflow in the function formSetVirtualSer. This vulnerability allows attackers to cause a Denial of Service (DoS) via the DnsHijackRule parameter.
Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a stack overflow in the function formIPMacBindAdd. This vulnerability allows attackers to cause a Denial of Service (DoS) via the IPMacBindRule parameter.
Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function formSetVirtualSer. This vulnerability allows attackers to cause a Denial of Service (DoS) via the list parameter.
Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a stack overflow in the function formAddDhcpBindRule. This vulnerability allows attackers to cause a Denial of Service (DoS) via the addDhcpRules parameter.
IOWOW is a C utility library and persistent key/value storage engine. Versions 1.4.15 and prior contain a stack buffer overflow vulnerability that allows for Denial of Service (DOS) when it parses scientific notation numbers present in JSON. A patch for this issue is available at commit a79d31e4cff1d5a08f665574b29fd885897a28fd in the `master` branch of the repository. There are no workarounds other than applying the patch.
Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function formSetRebootTimer. This vulnerability allows attackers to cause a Denial of Service (DoS) via the rebootTime parameter.
Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function fromSetWifiGusetBasic. This vulnerability allows attackers to cause a Denial of Service (DoS) via the shareSpeed parameter.
Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function fromSetIpMacBind. This vulnerability allows attackers to cause a Denial of Service (DoS) via the list parameter.
Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function formSetPPTPServer. This vulnerability allows attackers to cause a Denial of Service (DoS) via the startIp and endIp parameters.
Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function formSetFirewallCfg. This vulnerability allows attackers to cause a Denial of Service (DoS) via the firewallEn parameter.
Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function fromAdvSetMacMtuWan. This vulnerability allows attackers to cause a Denial of Service (DoS) via the wanMTU, wanSpeed, cloneType, mac, and serviceName parameters.
Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a stack overflow in the function formSetSysTime. This vulnerability allows attackers to cause a Denial of Service (DoS) via the manualTime parameter.
Tenda AX3 v16.03.12.10_CN was discovered to contain a heap overflow in the function setSchedWifi. This vulnerability allows attackers to cause a Denial of Service (DoS) via the schedStartTime and schedEndTime parameters.
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Monterey 12.3. A remote attacker may be able to cause unexpected system termination or corrupt kernel memory.
In ElementaryStreamQueue::dequeueAccessUnitMPEG4Video of ESQueue.cpp, there is a possible infinite loop leading to resource exhaustion due to an incorrect bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.
Buffer Overflow in LibTiff v4.0.10 allows attackers to cause a denial of service via the "invertImage()" function in the component "tiffcrop".
A vulnerability in the generic routing encapsulation (GRE) tunnel decapsulation feature of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to a memory handling error that occurs when GRE traffic is processed. An attacker could exploit this vulnerability by sending a crafted GRE payload through an affected device. A successful exploit could allow the attacker to cause the device to restart, resulting in a DoS condition. https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-gre-dos-hmedHQPM ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-gre-dos-hmedHQPM"] This advisory is part of the November 2022 release of the Cisco ASA, FTD, and FMC Security Advisory Bundled publication.
MOXA NPort 5110: Firmware Versions 2.10 is vulnerable to an out-of-bounds write that can cause the device to become unresponsive.
A vulnerability exists in the HCI Modbus TCP function included in the product versions listed above. If the HCI Modbus TCP is enabled and configured, an attacker could exploit the vulnerability by sending a specially crafted message to the RTU500 in a high rate, causing the targeted RTU500 CMU to reboot. The vulnerability is caused by a lack of flood control which eventually if exploited causes an internal stack overflow in the HCI Modbus TCP function.
An Out-of-bounds Write in RT-Labs P-Net version 1.0.1 or earlier allows an attacker to induce a crash in IO devices that use the library by sending a malicious RPC packet.
An Heap-based Buffer Overflow in RT-Labs P-Net version 1.0.1 or earlier allows an attacker to induce a crash in IO devices that use the library by sending a malicious RPC packet.
Pyramid Solutions' affected products, the Developer and DLL kits for EtherNet/IP Adapter and EtherNet/IP Scanner, are vulnerable to an out-of-bounds write, which may allow an unauthorized attacker to send a specially crafted packet that may result in a denial-of-service condition.
Heap Buffer Overflow in parseDragons in GitHub repository radareorg/radare2 prior to 5.6.8.
Modbus Tools Modbus Slave (versions 7.4.2 and prior) is vulnerable to a stack-based buffer overflow in the registration field. This may cause the program to crash when a long character string is used.
There is a vulnerability in DHCPv6 packet parsing code that could be explored by remote attacker to craft a packet that could cause buffer overflow in a memcpy call, leading to out-of-bounds memory write that would cause dhcp6relay to crash. Dhcp6relay is a critical process and could cause dhcp relay docker to shutdown. Discovered by Eugene Lim of GovTech Singapore.
A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions), SIMATIC PCS neo V5.0 (All versions), SINEC NMS (All versions < V4.0), SINEMA Remote Connect (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), Totally Integrated Automation Portal (TIA Portal) V18 (All versions), Totally Integrated Automation Portal (TIA Portal) V19 (All versions), Totally Integrated Automation Portal (TIA Portal) V20 (All versions), User Management Component (UMC) (All versions < V2.15.1.1). Affected products contain a out of bound write buffer overflow vulnerability in the integrated UMC component. This could allow an unauthenticated remote attacker to cause a denial of service condition.
A call stack overflow bug in the SAML login feature in Mattermost server in versions up to and including 6.3.2 allows an attacker to crash the server via submitting a maliciously crafted POST body.
Crash in the PVFS protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows denial of service via packet injection or crafted capture file
The Linux Foundation Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) was discovered to contain a buffer overflow in the decode_esm_message_container function at /nas/ies/EsmMessageContainer.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted NAS packet.
examples/6lbr/apps/6lbr-webserver/httpd.c in CETIC-6LBR (aka 6lbr) 1.5.0 has a strcat stack-based buffer overflow via a request for a long URL over a 6LoWPAN network.
An issue was discovered in NAS in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, W920, W930, W1000, Modem 5123, Modem 5300, Modem 5400. The lack of a length check leads to out-of-bounds writes.
A buffer overflow vulnerability was discovered in TP-Link TL-WR841ND V11 via the pskSecret parameter at /userRpm/WlanSecurityRpm.htm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted packet.
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1969.
A buffer overflow vulnerability was discovered in TP-Link TL-WR841ND V11 via the 'ip' parameter at /userRpm/WanStaticIpV6CfgRpm.htm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted packet.
NASA cFS (Core Flight System) Aquila is vulnerable to segmentation fault via sending a malicious telecommand to the Memory Management Module.
Improper validation of DRAM addresses in SMU may allow an attacker to overwrite sensitive memory locations within the ASP potentially resulting in a denial of service.
Those using Xstream to seralize XML data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack.
A buffer overflow vulnerability was discovered in TP-Link TL-WR841ND V11, triggered by the dnsserver1 and dnsserver2 parameters at /userRpm/WanSlaacCfgRpm.htm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted packet.
Out-of-bounds write vulnerability in the RSMC module. Impact: Successful exploitation of this vulnerability will affect availability.
An out-of-memory flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFRasterScanlineSize64() API. This flaw allows a remote attacker to cause a denial of service via a crafted input with a size smaller than 379 KB.
procps-ng before version 3.3.15 is vulnerable to a stack buffer overflow in pgrep. This vulnerability is mitigated by FORTIFY, as it involves strncat() to a stack-allocated string. When pgrep is compiled with FORTIFY (as on Red Hat Enterprise Linux and Fedora), the impact is limited to a crash.
A segment fault (SEGV) flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFReadRGBATileExt() API. This flaw allows a remote attacker to cause a heap-buffer overflow, leading to a denial of service.
This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the Add Downstream Frequency parameter at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the parameter at the web interface of the vulnerable targeted system. Successful exploitation of this vulnerability could allow the attacker to perform a Denial of Service (DoS) attack on the targeted system.
An issue was discovered in the derive-com-impl crate before 0.1.2 for Rust. An invalid reference (and memory corruption) can occur because AddRef might not be called before returning a pointer.
The NumberUtil.toBigDecimal method in hutool-core v5.8.23 was discovered to contain a stack overflow.
Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a stack overflow in the function formSetPortMapping. This vulnerability allows attackers to cause a Denial of Service (DoS) via the portMappingServer, portMappingProtocol, portMappingWan, porMappingtInternal, and portMappingExternal parameters.
Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a stack overflow in the function formSetStaticRoute. This vulnerability allows attackers to cause a Denial of Service (DoS) via the staticRouteNet, staticRouteMask, and staticRouteGateway parameters.
Heap-based Buffer Overflow in function bfd_getl32 in Binutils objdump 3.37.
Tenda AX12 v22.03.01.21 was discovered to contain a stack buffer overflow in the function sub_422CE4. This vulnerability allows attackers to cause a Denial of Service (DoS) via the strcpy parameter.
Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a stack overflow in the function formAddVpnUsers. This vulnerability allows attackers to cause a Denial of Service (DoS) via the vpnUsers parameter.