Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2023-4041

Summary
Assigner-Silabs
Assigner Org ID-030b2754-1501-44a4-bef8-48be86a33bf4
Published At-23 Aug, 2023 | 04:09
Updated At-03 Oct, 2024 | 14:08
Rejected At-
Credits

Second Stage Gecko Bootloader GBL Parser Buffer Overrun Vulnerability

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'), Out-of-bounds Write, Download of Code Without Integrity Check vulnerability in Silicon Labs Gecko Bootloader on ARM (Firmware Update File Parser modules) allows Code Injection, Authentication Bypass.This issue affects "Standalone" and "Application" versions of Gecko Bootloader.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Silabs
Assigner Org ID:030b2754-1501-44a4-bef8-48be86a33bf4
Published At:23 Aug, 2023 | 04:09
Updated At:03 Oct, 2024 | 14:08
Rejected At:
▼CVE Numbering Authority (CNA)
Second Stage Gecko Bootloader GBL Parser Buffer Overrun Vulnerability

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'), Out-of-bounds Write, Download of Code Without Integrity Check vulnerability in Silicon Labs Gecko Bootloader on ARM (Firmware Update File Parser modules) allows Code Injection, Authentication Bypass.This issue affects "Standalone" and "Application" versions of Gecko Bootloader.

Affected Products
Vendor
Silicon Labs
Product
Gecko Bootloader
Repo
https://github.com/SiliconLabs/gecko_sdk/releases
Modules
  • Firmware Update File Parser
Platforms
  • ARM
Default Status
affected
Versions
Affected
  • From 0 before 4.3.1 (4.3.1)
  • From 0 before 4.2.4 (4.2.4)
Unaffected
  • 4.3.2
  • 4.2.4
Problem Types
TypeCWE IDDescription
CWECWE-120CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWECWE-787CWE-787 Out-of-bounds Write
CWECWE-913CWE-913 Improper Control of Dynamically-Managed Code Resources
Type: CWE
CWE ID: CWE-120
Description: CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Type: CWE
CWE ID: CWE-787
Description: CWE-787 Out-of-bounds Write
Type: CWE
CWE ID: CWE-913
Description: CWE-913 Improper Control of Dynamically-Managed Code Resources
Metrics
VersionBase scoreBase severityVector
3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-242CAPEC-242 Code Injection
CAPEC-115CAPEC-115 Authentication Bypass
CAPEC ID: CAPEC-242
Description: CAPEC-242 Code Injection
CAPEC ID: CAPEC-115
Description: CAPEC-115 Authentication Bypass
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://siliconlabs.lightning.force.com/sfc/servlet.shepherd/document/download/0698Y00000XT8GsQAL?operationContext=S1
N/A
Hyperlink: https://siliconlabs.lightning.force.com/sfc/servlet.shepherd/document/download/0698Y00000XT8GsQAL?operationContext=S1
Resource: N/A
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://siliconlabs.lightning.force.com/sfc/servlet.shepherd/document/download/0698Y00000XT8GsQAL?operationContext=S1
x_transferred
Hyperlink: https://siliconlabs.lightning.force.com/sfc/servlet.shepherd/document/download/0698Y00000XT8GsQAL?operationContext=S1
Resource:
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Vendor
silabs
Product
gecko_bootloader
CPEs
  • cpe:2.3:a:silabs:gecko_bootloader:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 4.3.1 (custom)
  • From 0 before 4.3.2 (custom)
Unaffected
  • 4.3.2
  • 4.2.4
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:product-security@silabs.com
Published At:23 Aug, 2023 | 05:15
Updated At:25 Sep, 2024 | 17:15

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'), Out-of-bounds Write, Download of Code Without Integrity Check vulnerability in Silicon Labs Gecko Bootloader on ARM (Firmware Update File Parser modules) allows Code Injection, Authentication Bypass.This issue affects "Standalone" and "Application" versions of Gecko Bootloader.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Secondary3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 3.1
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CPE Matches
silabs
silabs
>>gecko_bootloader>>Versions before 4.2.4(exclusive)
cpe:2.3:a:silabs:gecko_bootloader:*:*:*:*:*:*:arm:*
silabs
silabs
>>gecko_bootloader>>Versions from 4.3.0(inclusive) to 4.3.2(exclusive)
cpe:2.3:a:silabs:gecko_bootloader:*:*:*:*:*:*:arm:*
Weaknesses
CWE IDTypeSource
CWE-120Primarynvd@nist.gov
CWE-494Primarynvd@nist.gov
CWE-787Primarynvd@nist.gov
CWE-120Secondaryproduct-security@silabs.com
CWE-787Secondaryproduct-security@silabs.com
CWE-913Secondaryproduct-security@silabs.com
CWE ID: CWE-120
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-494
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-787
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-120
Type: Secondary
Source: product-security@silabs.com
CWE ID: CWE-787
Type: Secondary
Source: product-security@silabs.com
CWE ID: CWE-913
Type: Secondary
Source: product-security@silabs.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://siliconlabs.lightning.force.com/sfc/servlet.shepherd/document/download/0698Y00000XT8GsQAL?operationContext=S1product-security@silabs.com
Permissions Required
Hyperlink: https://siliconlabs.lightning.force.com/sfc/servlet.shepherd/document/download/0698Y00000XT8GsQAL?operationContext=S1
Source: product-security@silabs.com
Resource:
Permissions Required

Change History

0
Information is not available yet

Similar CVEs

2984Records found
CVE-2022-25434
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.39% / 84.41%
||
7 Day CHG~0.00%
Published-18 Mar, 2022 | 20:53
Updated-03 Aug, 2024 | 04:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via the firewallen parameter in the SetFirewallCfg function.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-ac9_firmwareac9n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-29324
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.87% / 82.37%
||
7 Day CHG~0.00%
Published-10 May, 2022 | 13:16
Updated-03 Aug, 2024 | 06:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the proto parameter in /goform/form2IPQoSTcAdd.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-dir-816_firmwaredir-816n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-25708
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.25% / 47.81%
||
7 Day CHG~0.00%
Published-16 Sep, 2022 | 05:26
Updated-04 Jun, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Memory corruption in WLAN due to buffer copy without checking size of input while parsing keys in Snapdragon Connectivity, Snapdragon Mobile

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-wcn6750_firmwarewcd9385_firmwaresd888_5gsm7450_firmwarewcn7851wcn6851wcn7850_firmwarewcn6850wcd9380_firmwaresm8475sm7450wcd9380sd888_5g_firmwarewsa8830_firmwarewcn6856_firmwarewcd9370_firmwarewsa8830wcd9375wcn6855wcn7850wcd9370wsa8835wcn6750sd_8_gen1_5g_firmwarewcn7851_firmwarewsa8835_firmwarewcn6850_firmwarewcd9375_firmwarewcn6856wcd9385wsa8832_firmwarewcn6855_firmwarewcn6851_firmwarewsa8832Snapdragon Connectivity, Snapdragon Mobile
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2022-29325
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.50% / 80.37%
||
7 Day CHG~0.00%
Published-10 May, 2022 | 13:16
Updated-03 Aug, 2024 | 06:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the addurlfilter parameter in /goform/websURLFilter.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-dir-816_firmwaredir-816n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-24788
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.1||HIGH
EPSS-0.31% / 53.76%
||
7 Day CHG~0.00%
Published-13 Apr, 2022 | 18:30
Updated-23 Apr, 2025 | 18:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Buffer overflow in Vyper

Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. Versions of vyper prior to 0.3.2 suffer from a potential buffer overrun. Importing a function from a JSON interface which returns `bytes` generates bytecode which does not clamp bytes length, potentially resulting in a buffer overrun. Users are advised to upgrade. There are no known workarounds for this issue.

Action-Not Available
Vendor-vyperlangvyperlang
Product-vypervyper
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-9544
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-48.34% / 97.66%
||
7 Day CHG~0.00%
Published-12 Jun, 2017 | 06:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is a remote stack-based buffer overflow (SEH) in register.ghp in EFS Software Easy Chat Server versions 2.0 to 3.1. By sending an overly long username string to registresult.htm for registering the user, an attacker may be able to execute arbitrary code.

Action-Not Available
Vendor-echatservern/a
Product-easy_chat_servern/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-6970
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-9.8||CRITICAL
EPSS-1.15% / 77.63%
||
7 Day CHG~0.00%
Published-19 Feb, 2020 | 20:19
Updated-04 Aug, 2024 | 09:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Heap-based Buffer Overflow was found in Emerson OpenEnterprise SCADA Server 2.83 (if Modbus or ROC Interfaces have been installed and are in use) and all versions of OpenEnterprise 3.1 through 3.3.3, where a specially crafted script could execute code on the OpenEnterprise Server.

Action-Not Available
Vendor-emersonEmerson
Product-openenterprise_scada_serverOpenEnterpriseOpenEnterprise SCADA Server
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-29077
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.92% / 75.04%
||
7 Day CHG~0.00%
Published-25 Apr, 2022 | 02:59
Updated-03 Aug, 2024 | 06:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A heap-based buffer overflow exists in rippled before 1.8.5. The vulnerability allows attackers to cause a crash or execute commands remotely on a rippled node, which may lead to XRPL mainnet DoS or compromise. This exposes all digital assets on the XRPL to a security threat.

Action-Not Available
Vendor-ripplen/a
Product-rippledn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-29399
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.45% / 62.89%
||
7 Day CHG~0.00%
Published-10 May, 2022 | 19:50
Updated-03 Aug, 2024 | 06:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the url parameter in the function FUN_00415bf0.

Action-Not Available
Vendor-n/aTOTOLINK
Product-n600r_firmwaren600rn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-52370
Matching Score-4
Assigner-Huawei Technologies
ShareView Details
Matching Score-4
Assigner-Huawei Technologies
CVSS Score-9.8||CRITICAL
EPSS-0.11% / 30.64%
||
7 Day CHG~0.00%
Published-18 Feb, 2024 | 03:41
Updated-24 Apr, 2025 | 15:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack overflow vulnerability in the network acceleration module.Successful exploitation of this vulnerability may cause unauthorized file access.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-emuiharmonyosEMUIHarmonyOSharmonyosemui
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-25740
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.12% / 32.00%
||
7 Day CHG~0.00%
Published-04 Apr, 2023 | 04:46
Updated-03 Aug, 2024 | 04:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Buffer Copy Without Checking Size of Input in MODEM

Memory corruption in modem due to buffer overwrite while building an IPv6 multicast address based on the MAC address of the iface

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-mdm9206wcd9306snapdragon_wear_1300mdm8207snapdragon_wear_1200wcd9330mdm9207snapdragon_x5_lte_modem_firmwaremdm8207_firmwaresnapdragon_wear_1100mdm9205_firmwaremdm9205qca4004_firmwaremdm9206_firmwaremdm9207_firmwareqca4004qts110wcd9306_firmwaresnapdragon_wear_1100_firmwaresnapdragon_wear_1300_firmwarewcd9330_firmwaresnapdragon_wear_1200_firmwaresnapdragon_x5_lte_modemqts110_firmwareSnapdragon9205_lte_modem_firmware9206_lte_modem_firmwaresnapdragon_wear_1300_platform_firmware9207_lte_modem_firmwarewcd9306_firmwaresnapdragon_x5_lte_modem_firmwaremdm8207_firmwarewcd9330_firmwareqca4004_firmwaresnapdragon_1200_wearable_platform_firmwaresnapdragon_1100_wearable_platform_firmwareqts110_firmware
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-25435
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.39% / 59.08%
||
7 Day CHG~0.00%
Published-18 Mar, 2022 | 20:53
Updated-03 Aug, 2024 | 04:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via the list parameter in the SetStaticRoutecfg function.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-ac9_firmwareac9n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-8012
Matching Score-4
Assigner-CA Technologies - A Broadcom Company
ShareView Details
Matching Score-4
Assigner-CA Technologies - A Broadcom Company
CVSS Score-9.8||CRITICAL
EPSS-80.03% / 99.07%
||
7 Day CHG~0.00%
Published-18 Feb, 2020 | 03:12
Updated-04 Aug, 2024 | 09:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CA Unified Infrastructure Management (Nimsoft/UIM) 20.1, 20.3.x, and 9.20 and below contains a buffer overflow vulnerability in the robot (controller) component. A remote attacker can execute arbitrary code.

Action-Not Available
Vendor-Broadcom Inc.
Product-unified_infrastructure_managementCA Unified Infrastructure Management (Nimsoft/UIM)
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2022-25461
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.39% / 59.08%
||
7 Day CHG~0.00%
Published-18 Mar, 2022 | 20:53
Updated-03 Aug, 2024 | 04:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the startip parameter in the SetPptpServerCfg function.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-ac6_firmwareac6n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-25450
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.39% / 84.41%
||
7 Day CHG~0.00%
Published-18 Mar, 2022 | 20:53
Updated-03 Aug, 2024 | 04:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda AC6 V15.03.05.09_multi was discovered to contain a stack overflow via the list parameter in the SetVirtualServerCfg function.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-ac6_firmwareac6n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2014-1524
Matching Score-4
Assigner-Mozilla Corporation
ShareView Details
Matching Score-4
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-6.41% / 90.66%
||
7 Day CHG~0.00%
Published-30 Apr, 2014 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The nsXBLProtoImpl::InstallImplementation function in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 does not properly check whether objects are XBL objects, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow) via crafted JavaScript code that accesses a non-XBL object as if it were an XBL object.

Action-Not Available
Vendor-n/aMozilla CorporationopenSUSESUSERed Hat, Inc.Fedora ProjectDebian GNU/LinuxCanonical Ltd.
Product-enterprise_linux_serverenterprise_linux_eusfirefoxenterprise_linux_server_eusthunderbirddebian_linuxenterprise_linux_server_ausfedoraseamonkeyfirefox_esrubuntu_linuxenterprise_linux_desktopopensusesuse_linux_enterprise_serverenterprise_linux_server_tusenterprise_linux_workstationn/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2022-25456
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.39% / 59.08%
||
7 Day CHG~0.00%
Published-18 Mar, 2022 | 20:53
Updated-03 Aug, 2024 | 04:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the security_5g parameter in the WifiBasicSet function.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-ac6_firmwareac6n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-25687
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.3||HIGH
EPSS-0.19% / 41.12%
||
7 Day CHG~0.00%
Published-19 Oct, 2022 | 00:00
Updated-09 May, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

memory corruption in video due to buffer overflow while parsing asf clips in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-wcn3660wcd9340_firmwaresd210_firmwaremdm9250qcs6125_firmwaresw5100psd439wcd9385_firmwarewcn3988_firmwareqca6431_firmwareqcs610qam8295p_firmwareqcs6125sd210msm8976sg_firmwaremdm9206_firmwaresd778gapq8096au_firmwaresd460sd_8_gen1_5g_firmwareapq8052wcd9385wcn7850_firmwaresdx55m_firmwarewcd9340sd845qcn7606_firmwaresd730_firmwaremdm9150_firmwaresd690_5g_firmwareapq8056sd690_5gwcn7850mdm9250_firmwaresw5100p_firmwaresdx55mwcd9326apq8009w_firmwarewcn6851_firmwaresdm429wmdm9628sa8155qca6574_firmwaresd678_firmwareqca6595ausm7250p_firmwaresd480_firmwarewcn3680bsa8150pwcn3680_firmwaresd665wcn3660bwcd9330_firmwarewcn7851_firmwaremsm8208_firmwarewsa8835wcn3990_firmwarefsm10056_firmwarecsra6640apq8076wcn6750sdm429w_firmwareqca6320_firmwaresa8195psa6150pqca9367sd768g_firmwaresm4125sd780g_firmwaresd865_5gqca6421_firmwareqca6574asd429_firmwareqca6310_firmwaresd_675wcn3990sdxr2_5gwsa8810_firmwaresd670msm8952wcd9335_firmwarewcn3998_firmwareqcs4290wsa8815qca6436_firmwaresd888_5gsa6155psa8155psdx55qca6335qca6564amsm8608wcn3991_firmwareqca6564a_firmwarewcn3660b_firmwareqca6391_firmwaresa4155pqca6696_firmwarewcn6855sm6250sd710sd480qca4020_firmwaresd765wcn6750_firmwaremsm8956sa4150psd662_firmwaresd695csra6640_firmwaresd820sd845_firmwareqca6174asd660sd450sxr2150psdxr1_firmwaremsm8976sgsd205sm8475msm8909w_firmwarewcd9371_firmwareaqt1000_firmwaremsm8208qcm2290_firmwaremsm8108_firmwareqcs605apq8009wqca9377wcn3620wcn7851qcs4290_firmwaresa8155_firmwareqca9379_firmwarewcn6740qca6431sd730msm8909wfsm10056sa8145p_firmwarewcn3910wcn3910_firmwaresd888wcd9380_firmwarewcn6740_firmwaremsm8996au_firmwareapq8017_firmwarewcd9370sa6155apq8096ausd678qca6574ausa6145pqcc5100_firmwarewsa8815_firmwaresd680wcn3950_firmwaresdxr2_5g_firmwaresd870sw5100qca9377_firmwaresm7325psm4375msm8953_firmwareqca6426_firmwaresa8150p_firmwaresd870_firmwareqcs405_firmwarewcn3950qcs2290_firmwaresa6155_firmwaremdm9607wcd9380qcm4290_firmwaremdm9150qcs610_firmwareqca9379qcm4290wcd9326_firmwareqcm6125_firmwareqcn7606sm4125_firmwareapq8053_firmwaresd662wcn3615sd675wcn3991sd695_firmwareqca6420_firmwaresm7325p_firmwaresd750gqcm6125sd820_firmwarewcd9341msm8917_firmwaremdm9650_firmwareqca6426qca6335_firmwarewsa8835_firmwaresd821_firmwareqcs2290apq8056_firmwareqca6390sdw2500sd205_firmwaresd750g_firmwareqca6696wcn3980wcn6856_firmwaremdm9650sdx20msa6150p_firmwareqcs605_firmwaresd780gwcn3620_firmwaresd680_firmwareqcc5100sa8295psdxr1sa4155p_firmwareqca6420qca6174a_firmwaresd_636sm7250psd888_firmwarewcn3999apq8017sm6250psdw2500_firmwaresd_675_firmwareqca6430qualcomm215_firmwaresd675_firmwarewsa8810sd865_5g_firmwarewcd9341_firmwarewcn6850ar8031wcn3660_firmwaresxr2150p_firmwaremdm9628_firmwaremsm8976_firmwareqca6574a_firmwarewcn3999_firmwaresdx20_firmwareqca6595au_firmwareqcm2290sd460_firmwaresd439_firmwaresda429wsd720gapq8064ausa8295p_firmwaresw5100_firmwarewcn3610sd765g_firmwaresd632msm8953qca6390_firmwareqca6564au_firmwareqca6574wcn3610_firmwarewcn3998sm7315_firmwarewcd9335sd665_firmwareqca6430_firmwaresm6250_firmwarewcd9330qcs405qca6436sm6250p_firmwareaqt1000qca6421qcm6490msm8209apq8076_firmwaresd855_firmwaresdx50msd855wcn6856qcs410_firmwareqam8295pmdm9206wcn6855_firmwareqcm6490_firmwaremsm8108sd429mdm9607_firmwaremsm8956_firmwaresm4375_firmwaresa4150p_firmwareapq8009sd720g_firmwaresd835_firmwaresd778g_firmwarewcd9371msm8917qcs410qca4020apq8009_firmwaresd632_firmwareqca6391qca6595csra6620sd768gsd835sd710_firmwarewcn3615_firmwaresd670_firmwaresa6155p_firmwareqca6584auqca6584au_firmwareqcs6490_firmwaremsm8209_firmwaresa8195p_firmwareqca6574au_firmwarewcd9370_firmwaresa8155p_firmwaresd888_5g_firmwarewcn3680wcd9375qca6310sdx20m_firmwareapq8064au_firmwareapq8053apq8052_firmwaresda429w_firmwaresd821wsa8830msm8952_firmwareqca6564msm8996auwcd9375_firmwarewcn3980_firmwaresd765_firmwaresd765gmsm8608_firmwareqca6320qca6595_firmwarewcn6850_firmwaresd660_firmwaresdx20wcn6851qca6564_firmwaremsm8976sm7315qca9367_firmwareqcs6490ar8031_firmwarewcn3988qca6564auwsa8830_firmwarewcn3680b_firmwaresdx55_firmwarecsra6620_firmwarequalcomm215sd_636_firmwaresa8145psd450_firmwaresdx50m_firmwaresa6145p_firmwareSnapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2022-29328
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-10.66% / 93.01%
||
7 Day CHG~0.00%
Published-10 May, 2022 | 13:16
Updated-03 Aug, 2024 | 06:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

D-Link DAP-1330_OSS-firmware_1.00b21 was discovered to contain a stack overflow via the function checkvalidupgrade.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-dap-1330_firmwaredap-1330n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-29329
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-10.66% / 93.01%
||
7 Day CHG~0.00%
Published-10 May, 2022 | 13:16
Updated-03 Aug, 2024 | 06:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

D-Link DAP-1330_OSS-firmware_1.00b21 was discovered to contain a heap overflow via the devicename parameter in /goform/setDeviceSettings.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-dap-1330_firmwaredap-1330n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-25073
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-3.35% / 86.81%
||
7 Day CHG~0.00%
Published-22 Feb, 2022 | 22:44
Updated-03 Aug, 2024 | 04:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TL-WR841Nv14_US_0.9.1_4.18 routers were discovered to contain a stack overflow in the function dm_fillObjByStr(). This vulnerability allows unauthenticated attackers to execute arbitrary code.

Action-Not Available
Vendor-n/aTP-Link Systems Inc.
Product-tl-wr841ntl-wr841n_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-25678
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.17% / 38.35%
||
7 Day CHG~0.00%
Published-04 Apr, 2023 | 04:46
Updated-03 Aug, 2024 | 04:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Buffer Copy Without Checking Size of Input in MODEM

Memory correction in modem due to buffer overwrite during coap connection

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-mdm9206wcd9306snapdragon_wear_1300mdm8207snapdragon_wear_1200wcd9330mdm9207snapdragon_x5_lte_modem_firmwaremdm8207_firmwaresnapdragon_wear_1100mdm9205_firmwaremdm9205qca4004_firmwaremdm9206_firmwaremdm9207_firmwareqca4004qts110wcd9306_firmwaresnapdragon_wear_1100_firmwaresnapdragon_wear_1300_firmwarewcd9330_firmwaresnapdragon_wear_1200_firmwaresnapdragon_x5_lte_modemqts110_firmwareSnapdragon
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-7813
Matching Score-4
Assigner-KrCERT/CC
ShareView Details
Matching Score-4
Assigner-KrCERT/CC
CVSS Score-7.8||HIGH
EPSS-0.41% / 60.45%
||
7 Day CHG~0.00%
Published-22 May, 2020 | 13:05
Updated-04 Aug, 2024 | 09:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Kaoni ezHTTPTrans Active-X File Download and Execution Vulnerability

Ezhttptrans.ocx ActiveX Control in Kaoni ezHTTPTrans 1.0.0.70 and prior versions contain a vulnerability that could allow remote attacker to download and execute arbitrary file by setting the arguments to the activex method. This can be leveraged for code execution.

Action-Not Available
Vendor-kaoniKaoni
Product-ezhttptransezHTTPTrans
CWE ID-CWE-494
Download of Code Without Integrity Check
CVE-2022-25074
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-3.35% / 86.81%
||
7 Day CHG~0.00%
Published-22 Feb, 2022 | 22:44
Updated-03 Aug, 2024 | 04:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TP-Link TL-WR902AC(US)_V3_191209 routers were discovered to contain a stack overflow in the function DM_ Fillobjbystr(). This vulnerability allows unauthenticated attackers to execute arbitrary code.

Action-Not Available
Vendor-n/aTP-Link Systems Inc.
Product-tl-wr902actl-wr902ac_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-49402
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.26% / 48.71%
||
7 Day CHG~0.00%
Published-07 Dec, 2023 | 00:00
Updated-02 Aug, 2024 | 21:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda W30E V16.01.0.12(4843) was discovered to contain a stack overflow via the function localMsg.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-w30e_firmwarew30en/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-28750
Matching Score-4
Assigner-Zoom Video Communications, Inc.
ShareView Details
Matching Score-4
Assigner-Zoom Video Communications, Inc.
CVSS Score-7.5||HIGH
EPSS-0.64% / 69.61%
||
7 Day CHG-0.00%
Published-11 Aug, 2022 | 14:55
Updated-16 Sep, 2024 | 21:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Zoom On-Premise Deployments: Stack Buffer Overflow in Meeting Connector

Zoom On-Premise Meeting Connector Zone Controller (ZC) before version 4.8.20220419.112 fails to properly parse STUN error codes, which can result in memory corruption and could allow a malicious actor to crash the application. In versions older than 4.8.12.20211115, this vulnerability could also be leveraged to execute arbitrary code.

Action-Not Available
Vendor-Zoom Communications, Inc.
Product-meeting_connectorZoom On-Premise Meeting Connector Zone Controller (ZC)
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-50002
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.37% / 57.97%
||
7 Day CHG~0.00%
Published-07 Dec, 2023 | 00:00
Updated-02 Aug, 2024 | 22:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda W30E V16.01.0.12(4843) was discovered to contain a stack overflow via the function formRebootMeshNode.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-w30e_firmwarew30en/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-25729
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.14% / 35.29%
||
7 Day CHG~0.00%
Published-09 Feb, 2023 | 06:58
Updated-03 Aug, 2024 | 04:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Input Validation in MODEM

Memory corruption in modem due to improper length check while copying into memory

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-wcd9306wcd9380_firmwarewsa8830ssg2125psxr2230p_firmwarewcn3999wcn7851ar8031_firmwarewsa8832_firmwarewcn6856_firmwareqca4004_firmwarecsra6620qcs405qca4024_firmwareqts110wcd9306_firmwaresxr1230p_firmwarewsa8835wsa8810_firmwarewcd9380wsa8810wsa8832qca4020_firmwarewcn6855wcd9335csra6620_firmwaressg2125p_firmwarewcn6856ssg2115pwcn7851_firmwaremdm9206csra6640_firmwarewcn6855_firmwaresxr1230pwcd9385ar8031qcs405_firmwarewcd9335_firmwarewcn3980wcn3998mdm9205_firmwarewcd9385_firmwareqca4024mdm9205mdm9206_firmwarewsa8815qca4004csra6640sxr2230pwsa8830_firmwareqca4020wsa8815_firmwarewcn7850wcn7850_firmwarewsa8835_firmwaressg2115p_firmwarewcn3999_firmwarewcn3998_firmwarewcn3980_firmwareqts110_firmwareSnapdragonwcn6855_firmwarecsra6640_firmwarewcd9380_firmwaresxr2230p_firmwarecsra6620_firmwareqcs405_firmwarewcd9335_firmwarear8031_firmwarewsa8832_firmwaremdm9205_firmwarewcd9385_firmwarewcn6856_firmwareqca4004_firmwaremdm9206_firmwarewsa8830_firmwareqca4024_firmwarewcd9306_firmwaresxr1230p_firmwarewsa8815_firmwarewsa8835_firmwarewsa8810_firmwarewcn7851_firmwarewcn7850_firmwaressg2115p_firmwarewcn3999_firmwareqca4020_firmwarewcn3998_firmwarewcn3980_firmwaressg2125p_firmwareqts110_firmware
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-7812
Matching Score-4
Assigner-KrCERT/CC
ShareView Details
Matching Score-4
Assigner-KrCERT/CC
CVSS Score-7.8||HIGH
EPSS-0.46% / 63.35%
||
7 Day CHG~0.00%
Published-28 May, 2020 | 13:12
Updated-04 Aug, 2024 | 09:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Kaoni ezHTTPTrans Active-X File Download and Execution Vulnerability

Ezhttptrans.ocx ActiveX Control in Kaoni ezHTTPTrans 1.0.0.70 and prior versions contain a vulnerability that could allow remote attacker to download arbitrary file by setting the arguments to the activex method. This can be leveraged for code execution by rebooting the victim’s PC.

Action-Not Available
Vendor-kaoniKaoniMicrosoft Corporation
Product-windowsezhttptransezHTTPTrans
CWE ID-CWE-494
Download of Code Without Integrity Check
CVE-2023-50711
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-5.7||MEDIUM
EPSS-0.07% / 22.82%
||
7 Day CHG~0.00%
Published-02 Jan, 2024 | 20:02
Updated-13 Feb, 2025 | 17:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
`serde` deserialization for `FamStructWrapper` lacks bound checks that could potentially lead to out-of-bounds memory access

vmm-sys-util is a collection of modules that provides helpers and utilities used by multiple rust-vmm components. Starting in version 0.5.0 and prior to version 0.12.0, an issue in the `FamStructWrapper::deserialize` implementation provided by the crate for `vmm_sys_util::fam::FamStructWrapper` can lead to out of bounds memory accesses. The deserialization does not check that the length stored in the header matches the flexible array length. Mismatch in the lengths might allow out of bounds memory access through Rust-safe methods. The issue was corrected in version 0.12.0 by inserting a check that verifies the lengths of compared flexible arrays are equal for any deserialized header and aborting deserialization otherwise. Moreover, the API was changed so that header length can only be modified through Rust-unsafe code. This ensures that users cannot trigger out-of-bounds memory access from Rust-safe code.

Action-Not Available
Vendor-rust-vmmrust-vmm
Product-vmm-sys-utilvmm-sys-util
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-28722
Matching Score-4
Assigner-HP Inc.
ShareView Details
Matching Score-4
Assigner-HP Inc.
CVSS Score-9.8||CRITICAL
EPSS-2.07% / 83.20%
||
7 Day CHG~0.00%
Published-26 Sep, 2022 | 14:54
Updated-27 May, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain HP Print Products are potentially vulnerable to Buffer Overflow.

Action-Not Available
Vendor-n/aHP Inc.
Product-j9v80a_firmwared3q17a_firmwareg5j38aj7k42aj7k42a_firmwarej6u51b_firmwarej7k40a_firmwarek7s40a_firmwarej7k40ad9l63a_firmwaret0f39aj6u51bt0f29a_firmwared9l63ak7s43ad3q19aj7k38a_firmwarey3z46a_firmwared9l64a_firmwaret0g46ak7s38a_firmwarew1b37a_firmwarek7s37a_firmwarej7k35aj6u55bp4c78ap4c84a_firmwarey3z47ap4c86ap4c82a_firmwarej7k37at0g65a_firmwarew1b38aj6x81a_firmwarej6x79a_firmwarej3p65aj6u55ad3q21a_firmwarej3p66at0f28aj7k33a_firmwaret0g46a_firmwarem9l70a_firmwarej3p67aj7k36ak7s41aw1b39ag5j38a_firmwareg5j56at0g48a_firmwarem9l65a_firmwarem9l67at0f39a_firmwarej9v82ad3q16a_firmwarej3p67a_firmwaret0f40a_firmwarej6x80a_firmwarew1b31a_firmwaret0f37aj6u57ay3z57at0g70at3p03a_firmwarew1b29a_firmwarep4c82aj6x79at0f33a_firmwaret0f29ay3z45a_firmwaret0f40at0g48aj6x83a_firmwaret0f35ay0s18at0g49ak7s41a_firmwaret0g47ay0s18a_firmwarep4c81aj6x81ad3q15a_firmwarea7w93at0g25aj3p68ap4c85a_firmwaret0g70a_firmwaret0f35a_firmwared9l18a_firmwarem9l65ak7s42aj7k37a_firmwarej7k39at0f32aj6x77aw1b33am9l66at0f36ak7s39ad3q15aj7k38ad9l21aj6x76a_firmwaret0g49a_firmwared3q19a_firmwarel3t99a_firmwarey0s19a_firmwarej7k33ak7s37aj7k34a_firmwarea7w93a_firmwarey3z45ay0s19ay3z54ak7s32ak7s42a_firmwarej6x78a_firmwarem9l70ay3z46am9l67a_firmwarej6u55a_firmwared9l21a_firmwaret0f31a_firmwarej6x77a_firmwaret0f34aw1b39a_firmwarek9z76a_firmwarej3p66a_firmwarek7s40ap4c85aj7k36a_firmwarey3z57a_firmwarej6x80ay3z44a_firmwaret0g65ad9l64ay3z44al3t99at0f38at0f28a_firmwarek7s39a_firmwarej6u55b_firmwared3q17ad3q20a_firmwaret0g47a_firmwarey3z54a_firmwarep4c78a_firmwarem9l66a_firmwaret1p99a_firmwarew1b33a_firmwarej7k41aj7k35a_firmwaret0g25a_firmwarew1b38a_firmwarej6x78ad9l20at1p99at0f38a_firmwarew1b31at0f34a_firmwarej9v80ad9l18at0f33aw1b37ak7s43a_firmwaret0f31ak9z76at3p03at0f30at0f37a_firmwarej6x83at0g26ad9l20a_firmwarep4c86a_firmwarek7s38aj7k34aj6x76aj3p68a_firmwared3q16ad3q21aw1b29at0f32a_firmwarey3z47a_firmwarej6u57a_firmwared3q20aw1b28a_firmwarej7k41a_firmwarej9v82a_firmwarew1b28aj3p65a_firmwareg5j56a_firmwarek7s32a_firmwaret0f30a_firmwarej7k39a_firmwarep4c81a_firmwaret0g26a_firmwarep4c84at0f36a_firmwareCertain HP inkjet printers, HP LaserJet Pro printers, HP PageWide Pro printers
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2022-25686
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.3||HIGH
EPSS-0.14% / 34.03%
||
7 Day CHG~0.00%
Published-16 Sep, 2022 | 05:25
Updated-03 Aug, 2024 | 04:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Memory corruption in video module due to buffer overflow while processing WAV file in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-wcn3991_firmwarewsa8830sd678qcs2290_firmwaresd_636qcs4290wcn3950_firmwaresd765g_firmwareqca6420_firmwareqca6595au_firmwareqcs2290qca6390_firmwaresa6155msm8917sd690_5gsd730_firmwarewcd9370sd_675_firmwaresd675_firmwareqca6426sd632wcn3990_firmwarewcn3998wcd9385_firmwaresdxr2_5g_firmwarewcn3950sm4125sd720gwcd9326_firmwarewcn3615_firmwaresd_8_gen1_5g_firmwarewcn3660bsd662sd710_firmwaresd460_firmwaresa8155sm7315_firmwarewcn7850qca6574au_firmwaresdx55_firmwarewcn3680b_firmwareqca6595ausa6155_firmwarewcd9375_firmwarewcn3615sm7250p_firmwarewcn3998_firmwareqca6420qca6436_firmwareapq8053_firmwaresm7450_firmwaresd680_firmwaresd778gsa6155p_firmwarewcn7851qcs6490sd429sdxr2_5gsa8155_firmwaresd662_firmwaresdm630wcn3988_firmwareqca6430sd429_firmwaresm6250sd778g_firmwarewcd9340sa8195papq8017_firmwarewsa8810_firmwarequalcomm215_firmwaresd765gsw5100sd765_firmwareqca6436sd680wcd9326sa6155pwcd9335wcn6851wcn7851_firmwareqcs4290_firmwarewcd9385wcd9341qca6696_firmwareqcs6490_firmwaresd750gsd870_firmwareqca6390wcd9375sd750g_firmwareaqt1000wcn3910_firmwaresm6250_firmwaremsm8953_firmwarewsa8830_firmwaremsm8917_firmwaresd855_firmwaresd660sd865_5g_firmwareqcm6490sd888_5g_firmwarewcn3988sd660_firmwarewcn6850_firmwarewcn7850_firmwaresa8195p_firmwaresm7450wsa8815_firmwarewsa8835_firmwareapq8017sm8475wcn6750_firmwareqcm2290_firmwarewcn3991wcd9380_firmwarewcn3990sd_675sw5100psd780gsd865_5gsdx55m_firmwarewcn6856_firmwaresd888sd670_firmwareqca6574sd632_firmwarewsa8835sd665_firmwarewcd9380sd888_5gqualcomm215qca6574asd690_5g_firmwaresdx50m_firmwarewcn6855_firmwaresm7325pqca6430_firmwarewcd9335_firmwarewcn3980sd439_firmwarewcn6750qca6574_firmwarewcd9340_firmwaresd855sm4125_firmwaresm7325p_firmwaresd665wcn3910wcn6850wsa8815sd765qca6426_firmwarewcn3660b_firmwarewcn3680qca6574a_firmwaresd695sd768g_firmwaresd835wcn3980_firmwaresm7315sd460qca6391sd730sdx55msm8475_firmwareaqt1000_firmwarewcn6740_firmwaremsm8953sd678_firmwareqcm4290qcm6490_firmwaresdx50mwcn3680_firmwarewsa8832_firmwaresd480_firmwarewcn6851_firmwareqca6574ausa8155p_firmwaresd710sd_636_firmwaresd670wcd9341_firmwareqcm4290_firmwaresd480sd870wcn6855wsa8810wsa8832sw5100p_firmwarewcn6856wcn3680bsd835_firmwaresd695_firmwaresd768gwcn6740qca6696sdm630_firmwareqca6391_firmwaresd780g_firmwarewcd9370_firmwaresdx55sd888_firmwareapq8053sa8155psd675sd439sm7250psd720g_firmwaresw5100_firmwaresm8475p_firmwareqcm2290sm8475pSnapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2023-50585
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.16% / 37.18%
||
7 Day CHG~0.00%
Published-09 Jan, 2024 | 00:00
Updated-03 Jun, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda A18 v15.13.07.09 was discovered to contain a stack overflow via the devName parameter in the formSetDeviceName function.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-a18_firmwarea18n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-49287
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.7||HIGH
EPSS-1.64% / 81.22%
||
7 Day CHG~0.00%
Published-04 Dec, 2023 | 05:29
Updated-29 May, 2025 | 13:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Buffer overflow vulnerabilities in tinydir

TinyDir is a lightweight C directory and file reader. Buffer overflows in the `tinydir_file_open()` function. This vulnerability has been patched in version 1.2.6.

Action-Not Available
Vendor-cxongcxong
Product-tinydirtinydir
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2023-51954
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.24% / 47.46%
||
7 Day CHG~0.00%
Published-10 Jan, 2024 | 00:00
Updated-03 Jun, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.stb.port parameter in the function formSetIptv.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-ax1803ax1803_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-25458
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.39% / 59.08%
||
7 Day CHG~0.00%
Published-18 Mar, 2022 | 20:53
Updated-03 Aug, 2024 | 04:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the cmdinput parameter in the exeCommand function.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-ac6_firmwareac6n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-7806
Matching Score-4
Assigner-KrCERT/CC
ShareView Details
Matching Score-4
Assigner-KrCERT/CC
CVSS Score-7.8||HIGH
EPSS-0.46% / 63.35%
||
7 Day CHG~0.00%
Published-06 May, 2020 | 12:50
Updated-04 Aug, 2024 | 09:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tobesoft Xplatform ActiveX File Download Vulnerability

Tobesoft Xplatform 9.2.2.250 and earlier version have an arbitrary code execution vulnerability by using method supported by Xplatform ActiveX Control. It allows attacker to cause remote code execution.

Action-Not Available
Vendor-tobesoftTobesoftMicrosoft Corporation
Product-windowsxplatformXplatform
CWE ID-CWE-494
Download of Code Without Integrity Check
CVE-2022-25431
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.39% / 59.08%
||
7 Day CHG~0.00%
Published-18 Mar, 2022 | 20:53
Updated-03 Aug, 2024 | 04:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda AC9 v15.03.2.21 was discovered to contain multiple stack overflows via the NPTR, V12, V10 and V11 parameter in the Formsetqosband function.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-ac9_firmwareac9n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-29396
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.46% / 62.94%
||
7 Day CHG~0.00%
Published-10 May, 2022 | 19:49
Updated-03 Aug, 2024 | 06:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the comment parameter in the function FUN_00418f10.

Action-Not Available
Vendor-n/aTOTOLINK
Product-n600r_firmwaren600rn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-25452
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.39% / 59.08%
||
7 Day CHG~0.00%
Published-18 Mar, 2022 | 20:53
Updated-03 Aug, 2024 | 04:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the URLs parameter in the saveParentControlInfo function.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-ac6_firmwareac6n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2017-8923
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-3.04% / 86.14%
||
7 Day CHG~0.00%
Published-12 May, 2017 | 20:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The zend_string_extend function in Zend/zend_string.h in PHP through 7.1.5 does not prevent changes to string objects that result in a negative length, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact by leveraging a script's use of .= with a long string.

Action-Not Available
Vendor-n/aThe PHP Group
Product-phpn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-25439
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.39% / 59.08%
||
7 Day CHG~0.00%
Published-18 Mar, 2022 | 20:53
Updated-03 Aug, 2024 | 04:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via the list parameter in the SetIpMacBind function.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-ac9_firmwareac9n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-25427
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.39% / 59.08%
||
7 Day CHG~0.00%
Published-18 Mar, 2022 | 20:52
Updated-03 Aug, 2024 | 04:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via the schedendtime parameter in the openSchedWifi function.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-ac9_firmwareac9n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-25418
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.41% / 60.41%
||
7 Day CHG~0.00%
Published-22 Feb, 2022 | 22:44
Updated-03 Aug, 2024 | 04:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda AC9 V15.03.2.21_cn was discovered to contain a stack overflow via the function openSchedWifi.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-ac9_firmwareac9n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-50469
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-10.11% / 92.80%
||
7 Day CHG~0.00%
Published-15 Dec, 2023 | 00:00
Updated-02 Aug, 2024 | 22:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Shenzhen Libituo Technology Co., Ltd LBT-T300-T310 v2.2.2.6 was discovered to contain a buffer overflow via the ApCliEncrypType parameter at /apply.cgi.

Action-Not Available
Vendor-szlbtn/a
Product-lbt-t300-t310lbt-t300-t310_firmwaren/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2022-25429
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.39% / 59.08%
||
7 Day CHG~0.00%
Published-18 Mar, 2022 | 20:53
Updated-03 Aug, 2024 | 04:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda AC9 v15.03.2.21 was discovered to contain a buffer overflow via the time parameter in the saveparentcontrolinfo function.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-ac9_firmwareac9n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-2587
Matching Score-4
Assigner-Chrome
ShareView Details
Matching Score-4
Assigner-Chrome
CVSS Score-9.8||CRITICAL
EPSS-0.38% / 58.56%
||
7 Day CHG~0.00%
Published-12 Aug, 2022 | 19:35
Updated-03 Aug, 2024 | 00:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out of bounds write in Chrome OS Audio Server in Google Chrome on Chrome OS prior to 102.0.5005.125 allowed a remote attacker to potentially exploit heap corruption via crafted audio metadata.

Action-Not Available
Vendor-Google LLC
Product-chromechrome_osChrome
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-25454
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.39% / 59.08%
||
7 Day CHG~0.00%
Published-18 Mar, 2022 | 20:53
Updated-03 Aug, 2024 | 04:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the loginpwd parameter in the SetFirewallCfg function.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-ac6_firmwareac6n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-25455
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.39% / 59.08%
||
7 Day CHG~0.00%
Published-18 Mar, 2022 | 20:53
Updated-03 Aug, 2024 | 04:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the list parameter in the SetIpMacBind function.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-ac6_firmwareac6n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-25451
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.39% / 58.99%
||
7 Day CHG~0.00%
Published-18 Mar, 2022 | 20:53
Updated-03 Aug, 2024 | 04:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda AC6 V15.03.05.09_multi was discovered to contain a stack overflow via the list parameter in the setstaticroutecfg function.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-ac6_firmwareac6n/a
CWE ID-CWE-787
Out-of-bounds Write
  • Previous
  • 1
  • 2
  • ...
  • 8
  • 9
  • 10
  • ...
  • 59
  • 60
  • Next
Details not found