An unauthenticated remote attacker can write memory out of bounds due to improper input validation in the MQTT stack. The brute force attack is not always successful because of memory randomization.

Multiple memory corruption vulnerabilities exist in CodeMeter (All versions prior to 7.10) where the packet parser mechanism does not verify length fields. An attacker could send specially crafted packets to exploit these vulnerabilities.

On Phoenix Contact PLCnext Control Devices versions before 2021.0 LTS an attacker can use this vulnerability i.e. to open a reverse shell with root privileges.

Multiple Phoenix Contact devices allow remote attackers to establish TCP sessions to port 1962 and obtain sensitive information or make changes, as demonstrated by using the Create Backup feature to traverse all directories.

A remote unauthenticated attacker can use the firmware update feature on the LAN interface of the device to reset the password for the predefined, low-privileged user “user-app” to the default password.

An unauthenticated, remote attacker could upload malicious logic to devices based on ProConOS/ProConOS eCLR in order to gain full control over the device.

Multiple Trumpf Products in multiple versions use default privileged Windows users and passwords. An adversary may use these accounts to remotely gain full access to the system.

An unauthenticated remote attacker can alter the device configuration in a way to get remote code execution as root with specific configurations.

Incorrect Permission Assignment for Critical Resource vulnerability in multiple products of the PHOENIX CONTACT classic line allow an remote unauthenticated attacker to gain full access of the affected device.

Protocol encryption can be easily broken for CodeMeter (All versions prior to 6.90 are affected, including Version 6.90 or newer only if CodeMeter Runtime is running as server) and the server accepts external connections, which may allow an attacker to remotely communicate with the CodeMeter API.

Incorrect Permission Assignment for Critical Resource vulnerability in PHOENIX CONTACT MULTIPROG, PHOENIX CONTACT ProConOS eCLR (SDK) allows an unauthenticated remote attacker to upload arbitrary malicious code and gain full access on the affected device.

An unauthenticated remote attacker can modify configurations to perform a remote code execution, gain root rights or perform an DoS due to improper input validation.

An issue was discovered on Phoenix Contact mGuard devices that have been updated to Version 8.4.0. When updating an mGuard device to Version 8.4.0 via the update-upload facility, the update will succeed, but it will reset the password of the admin user to its default value.

An unauthenticated remote attacker can perform a remote code execution due to an origin validation error. The access is limited to the service user.

An unauthenticated, remote attacker could upload malicious logic to the devices based on ProConOS/ProConOS eCLR in order to gain full control over the device.

Multiple Version of TRUMPF TruTops products expose a service function without necessary authentication. Execution of this function may result in unauthorized access to change of data or disruption of the whole service.

PLCopen XML file parsing in Phoenix Contact PC Worx and PC Worx Express version 1.87 and earlier can lead to a stack-based overflow. Manipulated PC Worx projects could lead to a remote code execution due to insufficient input data validation.

An exploitable heap overflow vulnerability exists in the WkbProgramLow function of WibuKey Network server management, version 6.40.2402.500. A specially crafted TCP packet can cause a heap overflow, potentially leading to remote code execution. An attacker can send a malformed TCP packet to trigger this vulnerability.

An issue was discovered in WibuKey64.sys in WIBU-SYSTEMS WibuKey before v6.70 and fixed in v.6.70. An improper bounds check allows crafted packets to cause an arbitrary address write, resulting in kernel memory corruption.

An issue was discovered in the client side of Zoho ManageEngine Desktop Central 10.0.552.W. An attacker-controlled server can trigger an integer overflow in InternetSendRequestEx and InternetSendRequestByBitrate that leads to a heap-based buffer overflow and Remote Code Execution with SYSTEM privileges. This issue will occur only when untrusted communication is initiated with server. In cloud, Agent will always connect with trusted communication.

Stack-based Buffer Overflow vulnerability in the ONVIF server component of Victure PC420 smart camera allows an attacker to execute remote code on the target device. This issue affects: Victure PC420 firmware version 1.2.2 and prior versions.

A stack-based buffer overflow vulnerability exists in the OpenPLC Runtime EtherNet/IP parser functionality of OpenPLC _v3 b4702061dc14d1024856f71b4543298d77007b88. A specially crafted EtherNet/IP request can lead to remote code execution. An attacker can send a series of EtherNet/IP requests to trigger this vulnerability.

In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, when determining the common dimension size of two tensors, TFLite uses a `DCHECK` which is no-op outside of debug compilation modes. Since the function always returns the dimension of the first tensor, malicious attackers can craft cases where this is larger than that of the second tensor. In turn, this would result in reads/writes outside of bounds since the interpreter will wrongly assume that there is enough data in both tensors. The issue is patched in commit 8ee24e7949a203d234489f9da2c5bf45a7d5157d, and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1.

A vulnerability classified as critical has been found in D-Link DIR-513 1.10. This affects the function formSetWanPPTPcallback of the file /goform/formSetWanPPTPpath of the component HTTP POST Request Handler. The manipulation of the argument curTime leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.

Tenda W20E v15.11.0.6 was discovered to contain multiple stack overflows in the function formSetStaticRoute via the parameters staticRouteNet, staticRouteMask, staticRouteGateway, staticRouteWAN.

In nDPI through 3.2, there is a stack overflow in extractRDNSequence in lib/protocols/tls.c.

A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.6, Ivanti Policy Secure before version 22.7R1.4, and Ivanti ZTA Gateways before version 22.8R2.2 allows a remote unauthenticated attacker to achieve remote code execution.

An issue found in Espruino Espruino 6ea4c0a allows an attacker to execute arbitrrary code via oldFunc parameter of the jswrap_object.c:jswrap_function_replacewith endpoint.

NETGEAR Nighthawk WiFi Mesh systems and routers are affected by a stack-based buffer overflow vulnerability. This affects MR60 before 1.1.7.132, MS60 before 1.1.7.132, R6900P before 1.3.3.154, R7000P before 1.3.3.154, R7960P before 1.4.4.94, and R8000P before 1.4.4.94.

In Perl 5.34.0, function S_find_uninit_var in sv.c has a stack-based crash that can lead to remote code execution or local privilege escalation.

Tenda A15 V15.13.07.13 was discovered to contain a stack overflow via the security parameter at /goform/WifiBasicSet.

Multiple out-of-bounds write vulnerabilities exist in the translationVectors parsing functionality in multiple supported formats of Open Babel 3.1.1 and master commit 530dbfa3. A specially-crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.This vulnerability affects the Gaussian file format

D-Link DIR 645A1 1.06B01_Beta01 was discovered to contain a stack overflow via the service= variable in the genacgi_main function.

Tenda A15 V15.13.07.13 was discovered to contain a stack overflow via the wepkey3 parameter at /goform/WifiBasicSet.

TRENDnet TEW755AP 1.13B01 was discovered to contain a stack overflow via the REMOTE_USER parameter in the get_access (sub_45AC2C) function.

TRENDnet TEW755AP 1.13B01 was discovered to contain a stack overflow via the wps_sta_enrollee_pin parameter in the do_sta_enrollee_wifi function.

A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions < V5.2.5), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.5.0), SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) (All versions < V4.1.0). The webserver of the affected devices contains a vulnerability that may lead to a heap overflow condition. An attacker could cause this condition on the webserver by sending specially crafted requests. This could stop the webserver temporarily.

Fingerprint calibration has a vulnerability of lacking boundary judgment. Successful exploitation of this vulnerability may cause out-of-bounds write.

TRENDnet TEW755AP 1.13B01 was discovered to contain a stack overflow via the user_edit_page parameter in the wifi_captive_portal function.

TRENDnet TEW755AP 1.13B01 was discovered to contain a stack overflow via the cameo.cameo.netstat_rsname parameter in the tools_netstat (sub_41E730) function.

Some smartphones have the out-of-bounds write vulnerability.Successful exploitation of this vulnerability may cause system service exceptions.

Tenda A15 V15.13.07.13 was discovered to contain a stack overflow via the security_5g parameter at /goform/WifiBasicSet.

TRENDnet TEW755AP 1.13B01 was discovered to contain a stack overflow via the del_num parameter in the icp_delete_img (sub_41DEDC) function.

An issue was discovered in Mbed TLS before 2.28.2 and 3.x before 3.3.0. There is a potential heap-based buffer overflow and heap-based buffer over-read in DTLS if MBEDTLS_SSL_DTLS_CONNECTION_ID is enabled and MBEDTLS_SSL_CID_IN_LEN_MAX > 2 * MBEDTLS_SSL_CID_OUT_LEN_MAX.

TRENDnet TEW755AP 1.13B01 was discovered to contain a stack overflow via the login_name parameter in the do_graph_auth (sub_4061E0) function.

Tenda A15 V15.13.07.13 was discovered to contain a stack overflow via the wrlEn parameter at /goform/WifiBasicSet.