hutool v5.8.21 was discovered to contain a buffer overflow via the component jsonObject.putByPath.
Hutool v5.7.18's HttpRequest was discovered to ignore all TLS/SSL certificate validation.
SQL Inection vulnerability in Dromara hutool before 5.8.21 allows attacker to execute arbitrary code via the aviator template engine.
Deserialization vulnerability in Dromara Hutool v5.8.11 allows attacker to execute arbitrary code via the XmlUtil.readObjectFromXml parameter.
hutool v5.8.21 was discovered to contain a buffer overflow via the component JSONUtil.parse().
SoftEther VPN 5.02.5187 is vulnerable to Buffer Overflow in the Command.c file via the PtMakeCert and PtMakeCert2048 functions. NOTE: the Supplier disputes this because the behavior only allows a user to attack himself by typing a long string on a command line.
Telesquare TLR-2005KSH 1.1.4 has an unauthorized stack overflow vulnerability when requesting the admin.cgi parameter with setAutorest.
Telesquare TLR-2005KSH 1.1.4 is affected by an unauthorized stack overflow vulnerability when requesting the admin.cgi parameter with setSyncTimeHost.
Tenda AC8V4 V16.03.34.06 was discovered to contain a stack overflow via the urls parameter in the function get_parentControl_list_Info.
Tenda AC10 V1.0 V15.03.06.23 is vulnerable to Buffer Overflow in form_fast_setting_wifi_set via the parameter ssid.
Telesquare TLR-2005KSH 1.1.4 has an unauthorized stack overflow vulnerability when requesting the admin.cgi parameter with setUsernamePassword.
Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via function formSetMacFilterCfg.
Tenda AC6 V15.03.05.16 firmware has a buffer overflow vulnerability in the formexeCommand function.
Telesquare TLR-2005KSH 1.1.4 has an unauthorized stack overflow vulnerability in the login interface when requesting systemtil.cgi.
Telesquare TLR-2005KSH 1.1.4 is vulnerable to unauthorized stack buffer overflow vulnerability when requesting admin.cgi parameter with setDdns.
Tenda AC8V4 V16.03.34.06 was discovered to contain a stack overflow via the shareSpeed parameter in the sub_47D878 function.
Tenda AC8V4 V16.03.34.06 was discovered to contain a stack overflow via the shareSpeed parameter in the sub_49E098 function.
Tenda i12 V1.0.0.10(3805) was discovered to contain a buffer overflow via the list parameter in the formwrlSSIDset function.
Tenda AC10 V4.0si_V16.03.10.20 is vulnerable to Buffer Overflow in AdvSetMacMtuWan via mac2.
In Telesquare TLR-2005KSH 1.1.4, an unauthorized stack overflow vulnerability exists when requesting admin.cgi parameter with setSyncTimeHost.
Tenda O4 V3.0 V1.0.0.10(2936) is vulnerable to Buffer Overflow in the function SafeSetMacFilter of the file /goform/setMacFilterList via the argument remark/type/time.
SoftEther VPN 5.02.5187 is vulnerable to Buffer Overflow in Internat.c via the UniToStrForSingleChars function. NOTE: the Supplier disputes this because the behavior only enables a local user to attack himself through the UI,
The nsXBLProtoImpl::InstallImplementation function in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 does not properly check whether objects are XBL objects, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow) via crafted JavaScript code that accesses a non-XBL object as if it were an XBL object.
A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, visionOS 2.4, watchOS 11.4. An app may be able to cause unexpected system termination.
A vulnerability has been identified in OpenV2G (All versions < V0.9.6). The OpenV2G EXI parsing feature is missing a length check when parsing X509 serial numbers. Thus, an attacker could introduce a buffer overflow that leads to memory corruption.
A buffer overflow was addressed with improved bounds checking. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. An app may be able to cause unexpected system termination.
DBI versions before 1.648 for Perl saved errors in a limited-sized buffer. Error messages that were returned when RaiseError, PrintError or HandleError were set were written to a 200-byte buffer without a length limit. Attackers that can influence the error text in an application can trigger a buffer overflow.
An issue was discovered in net/wireless/nl80211.c in the Linux kernel through 5.2.17. It does not check the length of variable elements in a beacon head, leading to a buffer overflow.
NetSarang XFTP Client 6.0149 and earlier version contains a buffer overflow vulnerability caused by improper boundary checks when copying file name from an attacker controlled FTP server. That leads attacker to execute arbitrary code by sending a crafted filename.
A heap-based buffer overflow vulnerability exists in the configuration server functionality of the Cosori Smart 5.8-Quart Air Fryer CS158-AF 1.1.0. A specially crafted JSON object can lead to remote code execution. An attacker can send a malicious packet to trigger this vulnerability.
A security flaw has been discovered in Totolink WA300 5.2cu.7112_B20190227. The affected element is the function loginauth of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argument http_host results in buffer overflow. The attack may be launched remotely. The exploit has been released to the public and may be used for attacks.
A security flaw has been discovered in Totolink N300RH 3.2.4-B20220812. Affected by this vulnerability is the function loginauth of the file /cgi-bin/cstecgi.cgi of the component Parameter Handler. Performing a manipulation of the argument Password results in buffer overflow. The attack can be initiated remotely. The exploit has been released to the public and may be used for attacks.
A remote SEH buffer overflow has been discovered in IntraSrv 1.0 (2007-06-03). An attacker may send a crafted HTTP GET or HEAD request that can result in a compromise of the hosting system.
A weakness has been identified in D-Link DI-8100 16.07.26A1. Affected is the function sprintf of the file /auto_reboot.asp of the component HTTP Handler. This manipulation of the argument enable/time causes buffer overflow. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be used for attacks.
A security vulnerability has been detected in D-Link DI-8100 16.07.26A1. Affected by this vulnerability is the function url_rule_asp of the file /url_rule.asp of the component POST Parameter Handler. Such manipulation leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used.
Tenda ac9 v1.0 firmware v15.03.05.19 contains a stack overflow vulnerability in /goform/SetOnlineDevName, which may lead to remote arbitrary code execution.
Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via function R7WebsSecurityHandler.
RE11S v1.11 was discovered to contain a stack overflow via the pppUserName parameter in the formPPPoESetup function.
The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.
Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via function formSetWifiGuestBasic.
Belkin n750 routers have a buffer overflow.
RE11S v1.11 was discovered to contain a stack overflow via the selSSID parameter in the formWlSiteSurvey function.
Tenda AC18 V15.03.05.05 is vulnerable to Buffer Overflow via function formSetDeviceName.
D-Link DIR3060 DIR3060A1_FW111B04.bin is vulnerable to Buffer Overflow.
RE11S v1.11 was discovered to contain a stack overflow via the rootAPmac parameter in the formStaDrvSetup function.
Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via function fromSetRouteStatic.
A buffer overflow vulnerability in the library of the web server in Zyxel NR7101 firmware prior to V1.15(ACCC.3)C0, which could allow an unauthenticated attacker to execute some OS commands or to cause denial-of-service (DoS) conditions on a vulnerable device.
Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via function form_fast_setting_wifi_set.
In FreeBSD 12.2-STABLE before r368250, 11.4-STABLE before r368253, 12.2-RELEASE before p1, 12.1-RELEASE before p11 and 11.4-RELEASE before p5 rtsold(8) does not verify that the RDNSS option does not extend past the end of the received packet before processing its contents. While the kernel currently ignores such malformed packets, it passes them to userspace programs. Any programs expecting the kernel to do validation may be vulnerable to an overflow.
process_http_response in OpenConnect before 8.05 has a Buffer Overflow when a malicious server uses HTTP chunked encoding with crafted chunk sizes.