Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-0731

Summary
Assigner-VulDB
Assigner Org ID-1af790b2-7ee1-4545-860a-a788eba489b5
Published At-19 Jan, 2024 | 19:31
Updated At-30 May, 2025 | 14:25
Rejected At-
Credits

PCMan FTP Server PUT Command denial of service

A vulnerability has been found in PCMan FTP Server 2.0.7 and classified as problematic. This vulnerability affects unknown code of the component PUT Command Handler. The manipulation leads to denial of service. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-251554 is the identifier assigned to this vulnerability.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:VulDB
Assigner Org ID:1af790b2-7ee1-4545-860a-a788eba489b5
Published At:19 Jan, 2024 | 19:31
Updated At:30 May, 2025 | 14:25
Rejected At:
▼CVE Numbering Authority (CNA)
PCMan FTP Server PUT Command denial of service

A vulnerability has been found in PCMan FTP Server 2.0.7 and classified as problematic. This vulnerability affects unknown code of the component PUT Command Handler. The manipulation leads to denial of service. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-251554 is the identifier assigned to this vulnerability.

Affected Products
Vendor
PCMan
Product
FTP Server
Modules
  • PUT Command Handler
Versions
Affected
  • 2.0.7
Problem Types
TypeCWE IDDescription
CWECWE-404CWE-404 Denial of Service
Type: CWE
CWE ID: CWE-404
Description: CWE-404 Denial of Service
Metrics
VersionBase scoreBase severityVector
3.15.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
3.05.3MEDIUM
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
2.05.0N/A
AV:N/AC:L/Au:N/C:N/I:N/A:P
Version: 3.1
Base score: 5.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Version: 3.0
Base score: 5.3
Base severity: MEDIUM
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Version: 2.0
Base score: 5.0
Base severity: N/A
Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
reporter
fernando.mengali (VulDB User)
Timeline
EventDate
Advisory disclosed2024-01-19 00:00:00
VulDB entry created2024-01-19 01:00:00
VulDB entry last update2024-01-19 12:22:50
Event: Advisory disclosed
Date: 2024-01-19 00:00:00
Event: VulDB entry created
Date: 2024-01-19 01:00:00
Event: VulDB entry last update
Date: 2024-01-19 12:22:50
Replaced By
Rejected Reason
References
HyperlinkResource
https://vuldb.com/?id.251554
vdb-entry
https://vuldb.com/?ctiid.251554
signature
permissions-required
https://fitoxs.com/vuldb/01-PCMan%20v2.0.7-exploit.txt
exploit
Hyperlink: https://vuldb.com/?id.251554
Resource:
vdb-entry
Hyperlink: https://vuldb.com/?ctiid.251554
Resource:
signature
permissions-required
Hyperlink: https://fitoxs.com/vuldb/01-PCMan%20v2.0.7-exploit.txt
Resource:
exploit
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://vuldb.com/?id.251554
vdb-entry
x_transferred
https://vuldb.com/?ctiid.251554
signature
permissions-required
x_transferred
https://fitoxs.com/vuldb/01-PCMan%20v2.0.7-exploit.txt
exploit
x_transferred
Hyperlink: https://vuldb.com/?id.251554
Resource:
vdb-entry
x_transferred
Hyperlink: https://vuldb.com/?ctiid.251554
Resource:
signature
permissions-required
x_transferred
Hyperlink: https://fitoxs.com/vuldb/01-PCMan%20v2.0.7-exploit.txt
Resource:
exploit
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cna@vuldb.com
Published At:19 Jan, 2024 | 20:15
Updated At:17 May, 2024 | 02:34

A vulnerability has been found in PCMan FTP Server 2.0.7 and classified as problematic. This vulnerability affects unknown code of the component PUT Command Handler. The manipulation leads to denial of service. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-251554 is the identifier assigned to this vulnerability.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Secondary3.15.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Secondary2.05.0MEDIUM
AV:N/AC:L/Au:N/C:N/I:N/A:P
Type: Primary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Type: Secondary
Version: 3.1
Base score: 5.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Type: Secondary
Version: 2.0
Base score: 5.0
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P
CPE Matches
pcman_ftp_server_project
pcman_ftp_server_project
>>pcman_ftp_server>>2.0.7
cpe:2.3:a:pcman_ftp_server_project:pcman_ftp_server:2.0.7:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-120Primarynvd@nist.gov
CWE-404Secondarycna@vuldb.com
CWE ID: CWE-120
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-404
Type: Secondary
Source: cna@vuldb.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://fitoxs.com/vuldb/01-PCMan%20v2.0.7-exploit.txtcna@vuldb.com
Exploit
Third Party Advisory
https://vuldb.com/?ctiid.251554cna@vuldb.com
Permissions Required
Third Party Advisory
https://vuldb.com/?id.251554cna@vuldb.com
Third Party Advisory
Hyperlink: https://fitoxs.com/vuldb/01-PCMan%20v2.0.7-exploit.txt
Source: cna@vuldb.com
Resource:
Exploit
Third Party Advisory
Hyperlink: https://vuldb.com/?ctiid.251554
Source: cna@vuldb.com
Resource:
Permissions Required
Third Party Advisory
Hyperlink: https://vuldb.com/?id.251554
Source: cna@vuldb.com
Resource:
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

652Records found
CVE-2022-45648
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.10% / 29.10%
||
7 Day CHG+0.02%
Published-02 Dec, 2022 | 00:00
Updated-24 Apr, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the devName parameter in the formSetDeviceName function.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-ac6ac6_firmwaren/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2022-45664
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.10% / 29.10%
||
7 Day CHG+0.02%
Published-02 Dec, 2022 | 00:00
Updated-24 Apr, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda i22 V1.0.0.3(4687) was discovered to contain a buffer overflow via the list parameter in the formwrlSSIDget function.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-i22_firmwarei22n/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2024-55553
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.25% / 48.47%
||
7 Day CHG~0.00%
Published-06 Jan, 2025 | 00:00
Updated-23 Jan, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In FRRouting (FRR) before 10.3 from 6.0 onward, all routes are re-validated if the total size of an update received via RTR exceeds the internal socket's buffer size, default 4K on most OSes. An attacker can use this to trigger re-parsing of the RIB for FRR routers using RTR by causing more than this number of updates during an update interval (usually 30 minutes). Additionally, this effect regularly occurs organically. Furthermore, an attacker can use this to trigger route validation continuously. Given that routers with large full tables may need more than 30 minutes to fully re-validate the table, continuous issuance/withdrawal of large numbers of ROA may be used to impact the route handling performance of all FRR instances using RPKI globally. Additionally, the re-validation will cause heightened BMP traffic to ingestors. Fixed Versions: 10.0.3, 10.1.2, 10.2.1, >= 10.3.

Action-Not Available
Vendor-n/a
Product-n/a
CWE ID-CWE-404
Improper Resource Shutdown or Release
CVE-2022-45646
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.10% / 29.10%
||
7 Day CHG+0.02%
Published-02 Dec, 2022 | 00:00
Updated-24 Apr, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the limitSpeedUp parameter in the formSetClientState function.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-ac6_firmwareac6n/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2022-45665
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.08% / 25.16%
||
7 Day CHG~0.00%
Published-20 Dec, 2022 | 00:00
Updated-17 Apr, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda i22 V1.0.0.3(4687) was discovered to contain a buffer overflow via the funcpara1 parameter in the formSetCfm function.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-i22_firmwarei22n/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2024-53319
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.12% / 31.91%
||
7 Day CHG+0.01%
Published-31 Jan, 2025 | 00:00
Updated-03 Feb, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A heap buffer overflow in the XML Text Escaping component of Qualisys C++ SDK commit a32a21a allows attackers to cause Denial of Service (DoS) via escaping special XML characters.

Action-Not Available
Vendor-n/a
Product-n/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2024-52949
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.05% / 14.43%
||
7 Day CHG~0.00%
Published-16 Dec, 2024 | 00:00
Updated-03 Apr, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

iptraf-ng 1.2.1 has a stack-based buffer overflow. In src/ifaces.c, the strcpy function consistently fails to control the size, and it is consequently possible to overflow memory on the stack.

Action-Not Available
Vendor-n/a
Product-n/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2024-53027
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.5||HIGH
EPSS-0.08% / 24.39%
||
7 Day CHG~0.00%
Published-03 Mar, 2025 | 10:07
Updated-11 Aug, 2025 | 15:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Buffer Copy Without Checking Size of Input in WLAN Host

Transient DOS may occur while processing the country IE.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sdm429w_firmwareqcm8550_firmwareqcs410_firmwaresd865_5gapq8017sw5100psxr1120sa6150p_firmwarewcn6650qca6595qcs610_firmwarewcd9335snapdragon_8\+_gen_1wcd9370qca8081_firmwaresnapdragon_429_firmwareqca6696qam8620p_firmwarewcd9340_firmwaresa8530pwcd9341_firmwaresxr2330p_firmwarewcd9395_firmwareqcn6024qcc2073_firmwareqcc710_firmwareqca6426wcn6740_firmwarefastconnect_6700wcn3610snapdragon_695_5gsa4150psnapdragon_888_5gwsa8832_firmwareqca8337qca6426_firmwarewcd9395snapdragon_4_gen_2_firmwareqca6574au_firmwareqca6564_firmwaresm6370qam8295pwcd9341qca6574ausnapdragon_820_automotivewcd9390sa8620p_firmwarewsa8810_firmwarewsa8845h_firmwaresnapdragon_429csra6640sa9000p_firmwaresrv1hsnapdragon_778g\+_5g_firmwaresnapdragon_865\+_5gsm8650q_firmwarewcn3660b_firmwareqcs9100qca6554asnapdragon_8\+_gen_2snapdragon_820_automotive_firmwareqcs5430fastconnect_6800_firmwaresnapdragon_865\+_5g_firmwaresd835_firmwareqcn6024_firmwaresnapdragon_x65_5gqcm5430qcm5430_firmwarevideo_collaboration_vc1_platform_firmwaresa4155psnapdragon_888\+_5g_firmwaresa8770pqcm6125_firmwareqcc710snapdragon_xr2_5g_firmwaresnapdragon_xr1_firmwaresa8540psxr1120_firmwareqca6777aqsnapdragon_660_firmwaresnapdragon_4_gen_2fastconnect_6900snapdragon_w5\+_gen_1_wearable_firmwaresnapdragon_8_gen_2_firmwarevideo_collaboration_vc1_platformsnapdragon_x72_5gqep8111sa7255psm8635qfw7114wcd9385_firmwareqca6310qam8255p_firmwaresnapdragon_778g_5gsa8155_firmwaresdx61qcs4490snapdragon_662_firmwareqca6787aqwsa8845sa6155pqcm6125qca6564au_firmwarewsa8810205video_collaboration_vc5_platform_firmwareqam8650psa9000psrv1h_firmwareqca6595ausxr2250p_firmwaresm7315_firmwaresnapdragon_865_5g_firmwarewcd9326_firmwaresa6155p_firmwarewsa8840mdm9640_firmwaresrv1m_firmwareqcs8550_firmwaresd835qfw7124_firmwareqca6436_firmwaresnapdragon_x35_5g_firmwareqcs4490_firmwarewcn3910_firmwaresnapdragon_7c\+_gen_3_compute_firmwaresm4125_firmwaresm8635psnapdragon_680_4gwcn3910snapdragon_212_firmwarewcd9370_firmwareqca9367snapdragon_8_gen_2snapdragon_480\+_5g_firmwareqcc2076snapdragon_835_pc_firmwarewcn3660bqca6574asa7255p_firmwarewcn3620_firmwareqca6174asnapdragon_695_5g_firmwaresa8195pwcd9340qcs8250_firmwareqcm2290talynplussnapdragon_auto_5g_modem-rf_gen_2qcm6490sa8540p_firmwaresxr2250psm8550p_firmwareqcm8550wcn3988snapdragon_x55_5g_firmwaresm6370_firmwareqcn9274qcn9024sa8775pqca6574sxr2230p_firmwareqca6777aq_firmwaresa8775p_firmwareqamsrv1hsmart_audio_400qcn9024_firmwarewsa8845hwcd9326sa6150pqcs410qcm2290_firmwaresm8650qsa8155p_firmwareqca6564asa8155pwsa8830snapdragon_870_5g_firmwaresm8550psa6145psnapdragon_x65_5g_firmwaresm7675_firmwaresa8255p_firmwaresnapdragon_888\+_5gsnapdragon_x75_5gqcc2073ar8035sm7635_firmwaremsm8996auqamsrv1m_firmwareqca6564sa8650p_firmwaresa6155wcn3620snapdragon_x72_5g_firmwaresrv1l_firmwareqcs9100_firmwareqcn6224qcs615snapdragon_782gqca6698aqwcn3950_firmwaresa7775p_firmwaresm7635sa8530p_firmwarefastconnect_6200sm7325p_firmwaresa8145p_firmwarewcd9378snapdragon_210_firmwaresm8635p_firmwaresa8150p_firmwarefastconnect_6700_firmwarevideo_collaboration_vc3_platform_firmwarewcn3990snapdragon_778g_5g_firmwaresnapdragon_780g_5gqcs6490qcs8250snapdragon_210snapdragon_x5_lte_firmwarefastconnect_6200_firmwaresnapdragon_778g\+_5gwsa8830_firmwareqcn6224_firmwareqca6678aq_firmwarewsa8845_firmwaresd660_firmwarewsa8832sdx61_firmwarewcd9378_firmwareqcc2076_firmwaresrv1lsxr2130_firmwaresrv1msm7675pqca6678aqar8035_firmwaresnapdragon_680_4g_firmwareqca6320sa4150p_firmwaresd888_firmwareqca6564auqcs6125_firmwaresm4635snapdragon_460wsa8815_firmwaresnapdragon_865_5gsa8195p_firmwareqca8337_firmwareqcm4290snapdragon_480_5g_firmwaresnapdragon_4_gen_1_firmwaresnapdragon_xr2\+_gen_1sg8275p_firmwareqca9377_firmwaresnapdragon_x62_5gqcm6490_firmwaresnapdragon_685_4gsm4635_firmwaresm4125205_firmwarewcn3950qcs6125qca6797aq_firmwaresnapdragon_auto_5g_modem-rf_gen_2_firmwaresnapdragon_7c\+_gen_3_computetalynplus_firmwaresa8295p_firmwaresmart_audio_400_firmwaresnapdragon_460_firmwaresa4155p_firmwaresa8155qcn6274_firmwaresd888qca6320_firmwareqca6584auwcn6755_firmwaresw5100_firmwarewcn6740wcn6650_firmwareqca6310_firmwarefastconnect_6800qfw7114_firmwaresnapdragon_662qcs7230qca6595_firmwaresnapdragon_x5_ltefastconnect_7800_firmwaresm8635_firmwarefastconnect_6900_firmwareapq8017_firmwarewcd9380sa6145p_firmwareqam8255psxr2230psa6155_firmwaresnapdragon_xr2_5gsa8150psxr2330pwcn6755snapdragon_888_5g_firmwaresnapdragon_835_pcsnapdragon_8\+_gen_2_firmwaremsm8996au_firmwaresnapdragon_auto_5g_modem-rf_firmwaresm6650sw5100video_collaboration_vc3_platformqca6688aqqam8295p_firmwaresnapdragon_8_gen_1_firmwarewcn3990_firmwaresm7315qca6175a_firmwareqca6698aq_firmwareqcs2290qca6564a_firmwarewcd9385qcs2290_firmwaresnapdragon_xr2\+_gen_1_firmwareqca9367_firmwarewcn3610_firmwaresnapdragon_8_gen_1sa8255pqcs7230_firmwareqcs4290wcd9390_firmwaresnapdragon_x62_5g_firmwaresnapdragon_8_gen_3qep8111_firmwareqcs615_firmwaresg8275psnapdragon_782g_firmwaresnapdragon_x55_5gsnapdragon_auto_5g_modem-rfqca6554a_firmwaresxr2130snapdragon_4_gen_1snapdragon_870_5gcsra6640_firmwareqamsrv1msnapdragon_480\+_5gqca6174a_firmwaresnapdragon_685_4g_firmwaresm7325pqam8650p_firmwarevideo_collaboration_vc5_platformqcs6490_firmwaresm6650_firmwaresnapdragon_480_5gwcn3980_firmwareqam8620pmdm9640qca6436wcd9335_firmwaresdm429wwsa8835wsa8840_firmwareqca6391_firmwareqca6584au_firmwareqcn6274qfw7124qca6595au_firmwareqcs8300_firmwaresw5100p_firmwareqca6696_firmwareqcs4290_firmwareqcs8300wcd9380_firmwareqca6574_firmwarewsa8815sd660csra6620mdm9628qca8081sg4150pqam8775pqca9377snapdragon_ar2_gen_1_firmwaresd_8_gen1_5gqca6797aqmdm9628_firmwaresnapdragon_x35_5gsa8620psnapdragon_660qca6574a_firmwareqcm4290_firmwaresnapdragon_8\+_gen_1_firmwareqca6175asd_8_gen1_5g_firmwareqca6787aq_firmwarewcd9375_firmwareqca6391snapdragon_x75_5g_firmwaresa7775psnapdragon_8_gen_3_firmwareqcn9274_firmwareqcs5430_firmwaresg4150p_firmwaresnapdragon_780g_5g_firmwaresa8770p_firmwarecsra6620_firmwaresa8295pqcs8550fastconnect_7800sa8650pqam8775p_firmwaresd865_5g_firmwaresnapdragon_xr1wcd9375qca6688aq_firmwaresnapdragon_ar2_gen_1wcn3988_firmwareqamsrv1h_firmwaresm7675sa8145psnapdragon_212wsa8835_firmwarewcn3980sm7675p_firmwaresnapdragon_w5\+_gen_1_wearableqcs610Snapdragon
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2021-46882
Matching Score-4
Assigner-Huawei Technologies
ShareView Details
Matching Score-4
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.08% / 25.39%
||
7 Day CHG~0.00%
Published-26 May, 2023 | 00:00
Updated-16 Jan, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The video framework has memory overwriting caused by addition overflow. Successful exploitation of this vulnerability may affect availability.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-emuiHarmonyOSEMUI
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2022-45650
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.10% / 29.10%
||
7 Day CHG+0.02%
Published-02 Dec, 2022 | 00:00
Updated-24 Apr, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the firewallEn parameter in the formSetFirewallCfg function.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-ac6ac6_firmwaren/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2022-45669
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.10% / 29.10%
||
7 Day CHG+0.02%
Published-02 Dec, 2022 | 00:00
Updated-24 Apr, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda i22 V1.0.0.3(4687) was discovered to contain a buffer overflow via the index parameter in the formWifiMacFilterGet function.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-i22_firmwarei22n/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2022-45659
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.10% / 29.10%
||
7 Day CHG+0.02%
Published-02 Dec, 2022 | 00:00
Updated-24 Apr, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the wpapsk_crypto parameter in the fromSetWirelessRepeat function.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-ac6ac6_firmwaren/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2022-45641
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.10% / 29.10%
||
7 Day CHG+0.02%
Published-02 Dec, 2022 | 00:00
Updated-24 Apr, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda AC6V1.0 V15.03.05.19 is vulnerable to Buffer Overflow via formSetMacFilterCfg.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-ac6_firmwareac6n/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2022-45653
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.10% / 29.10%
||
7 Day CHG+0.02%
Published-02 Dec, 2022 | 00:00
Updated-24 Apr, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the page parameter in the fromNatStaticSetting function.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-ac6_firmwareac6n/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2022-45651
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.1||CRITICAL
EPSS-0.10% / 29.10%
||
7 Day CHG+0.02%
Published-02 Dec, 2022 | 00:00
Updated-24 Apr, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the list parameter in the formSetVirtualSer function.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-ac6_firmwareac6n/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2022-4565
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-4.3||MEDIUM
EPSS-0.19% / 40.82%
||
7 Day CHG~0.00%
Published-16 Dec, 2022 | 00:00
Updated-03 Aug, 2024 | 01:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Dromara HuTool cn.hutool.core.util.ZipUtil.java resource consumption

A vulnerability classified as problematic was found in Dromara HuTool up to 5.8.10. This vulnerability affects unknown code of the file cn.hutool.core.util.ZipUtil.java. The manipulation leads to resource consumption. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 5.8.11 is able to address this issue. It is recommended to upgrade the affected component. VDB-215974 is the identifier assigned to this vulnerability.

Action-Not Available
Vendor-hutoolDromara
Product-hutoolHuTool
CWE ID-CWE-404
Improper Resource Shutdown or Release
CVE-2022-45649
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.10% / 29.10%
||
7 Day CHG+0.02%
Published-02 Dec, 2022 | 00:00
Updated-24 Apr, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the endIp parameter in the formSetPPTPServer function.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-ac6ac6_firmwaren/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2022-45658
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.10% / 29.10%
||
7 Day CHG+0.02%
Published-02 Dec, 2022 | 00:00
Updated-24 Apr, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the schedEndTime parameter in the setSchedWifi function.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-ac6ac6_firmwaren/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2022-45657
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.10% / 29.10%
||
7 Day CHG+0.02%
Published-02 Dec, 2022 | 00:00
Updated-24 Apr, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the list parameter in the fromSetIpMacBind function.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-ac6ac6_firmwaren/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2000-0548
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-3.42% / 86.99%
||
7 Day CHG~0.00%
Published-13 Oct, 2000 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in Kerberos 4 KDC program allows remote attackers to cause a denial of service via the e_msg variable in the kerb_err_reply function.

Action-Not Available
Vendor-kerbnet_projectcygnus_network_security_projectn/aMIT (Massachusetts Institute of Technology)
Product-kerberoskerbnetcygnus_network_securitykerberos_5n/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2022-45663
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.10% / 29.10%
||
7 Day CHG+0.02%
Published-02 Dec, 2022 | 00:00
Updated-24 Apr, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda i22 V1.0.0.3(4687) was discovered to contain a buffer overflow via the index parameter in the formWifiMacFilterSet function.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-i22_firmwarei22n/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2024-50305
Matching Score-4
Assigner-Apache Software Foundation
ShareView Details
Matching Score-4
Assigner-Apache Software Foundation
CVSS Score-7.5||HIGH
EPSS-1.04% / 76.51%
||
7 Day CHG~0.00%
Published-14 Nov, 2024 | 09:54
Updated-04 Jun, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache Traffic Server: Valid Host field value can cause crashes

Valid Host header field can cause Apache Traffic Server to crash on some platforms. This issue affects Apache Traffic Server: from 9.2.0 through 9.2.5. Users are recommended to upgrade to version 9.2.6, which fixes the issue, or 10.0.2, which does not have the issue.

Action-Not Available
Vendor-apache_software_foundationThe Apache Software Foundation
Product-traffic_serverApache Traffic Serverapache_traffic_server
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE ID-CWE-20
Improper Input Validation
CVE-2022-45652
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.1||CRITICAL
EPSS-0.10% / 29.10%
||
7 Day CHG+0.02%
Published-02 Dec, 2022 | 00:00
Updated-24 Apr, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the startIp parameter in the formSetPPTPServer function.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-ac6_firmwareac6n/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2022-45643
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.10% / 29.10%
||
7 Day CHG+0.02%
Published-02 Dec, 2022 | 00:00
Updated-24 Apr, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the deviceId parameter in the addWifiMacFilter function.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-ac6_firmwareac6n/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2022-45666
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.08% / 25.16%
||
7 Day CHG~0.00%
Published-20 Dec, 2022 | 00:00
Updated-17 Apr, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda i22 V1.0.0.3(4687) was discovered to contain a buffer overflow via the list parameter in the formwrlSSIDset function.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-i22_firmwarei22n/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2024-51179
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-6.30% / 90.58%
||
7 Day CHG~0.00%
Published-12 Nov, 2024 | 00:00
Updated-13 Nov, 2024 | 20:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue in Open 5GS v.2.7.1 allows a remote attacker to cause a denial of service via the Network Function Virtualizations (NFVs) such as the User Plane Function (UPF) and the Session Management Function (SMF), The Packet Data Unit (PDU) session establishment process.

Action-Not Available
Vendor-n/aopen5gs
Product-n/aopen5gs
CWE ID-CWE-404
Improper Resource Shutdown or Release
CVE-2019-20502
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.49% / 64.50%
||
7 Day CHG~0.00%
Published-05 Mar, 2020 | 19:14
Updated-05 Aug, 2024 | 02:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in EFS Easy Chat Server 3.1. There is a buffer overflow via a long body2.ghp message parameter.

Action-Not Available
Vendor-echatservern/a
Product-easy_chat_servern/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2022-45655
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.10% / 29.10%
||
7 Day CHG+0.02%
Published-02 Dec, 2022 | 00:00
Updated-24 Apr, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the timeZone parameter in the form_fast_setting_wifi_set function.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-ac6_firmwareac6n/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2022-45670
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.10% / 29.10%
||
7 Day CHG+0.02%
Published-02 Dec, 2022 | 00:00
Updated-24 Apr, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda i22 V1.0.0.3(4687) was discovered to contain a buffer overflow via the ping1 parameter in the formSetAutoPing function.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-i22_firmwarei22n/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2022-45647
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.10% / 29.10%
||
7 Day CHG+0.02%
Published-02 Dec, 2022 | 00:00
Updated-24 Apr, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the limitSpeed parameter in the formSetClientState function.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-ac6_firmwareac6n/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2022-45654
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.10% / 29.10%
||
7 Day CHG+0.02%
Published-02 Dec, 2022 | 00:00
Updated-24 Apr, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the ssid parameter in the form_fast_setting_wifi_set function.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-ac6_firmwareac6n/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2022-45661
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.10% / 29.10%
||
7 Day CHG+0.02%
Published-02 Dec, 2022 | 00:00
Updated-24 Apr, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the time parameter in the setSmartPowerManagement function.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-ac6ac6_firmwaren/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2024-48982
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.35% / 56.57%
||
7 Day CHG~0.00%
Published-20 Nov, 2024 | 00:00
Updated-25 Nov, 2024 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in MBed OS 6.16.0. Its hci parsing software dynamically determines the length of certain hci packets by reading a byte from its header. This value is assumed to be greater than or equal to 3, but the software doesn't ensure that this is the case. Supplying a length less than 3 leads to a buffer overflow in a buffer that is allocated later. It is simultaneously possible to cause another integer overflow by supplying large length values because the provided length value is increased by a few bytes to account for additional information that is supposed to be stored there. This bug is trivial to exploit for a denial of service but is not certain to suffice to bring the system down and can generally not be exploited further because the exploitable buffer is dynamically allocated.

Action-Not Available
Vendor-n/ambedArm Limited
Product-mbedn/ambed
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2024-4791
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-8.7||HIGH
EPSS-0.20% / 41.95%
||
7 Day CHG~0.00%
Published-12 May, 2024 | 01:00
Updated-08 Aug, 2024 | 19:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Contemporary Control System BASrouter BACnet BASRT-B Application Protocol Data Unit denial of service

A vulnerability classified as critical was found in Contemporary Control System BASrouter BACnet BASRT-B 2.7.2. This vulnerability affects unknown code of the component Application Protocol Data Unit. The manipulation leads to denial of service. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-263890 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-Contemporary Control System
Product-BASrouter BACnet BASRT-B
CWE ID-CWE-404
Improper Resource Shutdown or Release
CVE-2024-48075
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.37% / 58.16%
||
7 Day CHG~0.00%
Published-12 Nov, 2024 | 00:00
Updated-21 Nov, 2024 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Heap buffer overflow in the server-site handshake implementation in Real Time Logic SharkSSL from 09/09/24 and earlier allows a remote attacker to trigger a Denial-of-Service via a malformed TLS Client Key Exchange message.

Action-Not Available
Vendor-n/arealtimelogic
Product-n/asharkssl
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2022-45644
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.10% / 29.10%
||
7 Day CHG+0.02%
Published-02 Dec, 2022 | 00:00
Updated-24 Apr, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the deviceId parameter in the formSetClientState function.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-ac6_firmwareac6n/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2019-19343
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-0.51% / 65.28%
||
7 Day CHG~0.00%
Published-23 Mar, 2021 | 20:23
Updated-05 Aug, 2024 | 02:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in Undertow when using Remoting as shipped in Red Hat Jboss EAP before version 7.2.4. A memory leak in HttpOpenListener due to holding remote connections indefinitely may lead to denial of service. Versions before undertow 2.0.25.SP1 and jboss-remoting 5.0.14.SP1 are believed to be vulnerable.

Action-Not Available
Vendor-n/aRed Hat, Inc.NetApp, Inc.
Product-jboss_enterprise_application_platformundertowactive_iq_unified_managerjboss-remotingUndertow
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-404
Improper Resource Shutdown or Release
CVE-2024-46304
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.25% / 47.92%
||
7 Day CHG~0.00%
Published-09 Oct, 2024 | 00:00
Updated-10 Oct, 2024 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A NULL pointer dereference in libcoap v4.3.5-rc2 and below allows a remote attacker to cause a denial of service via the coap_handle_request_put_block function in src/coap_block.c.

Action-Not Available
Vendor-n/alibcoap
Product-n/alibcoap
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2024-47213
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.05% / 16.27%
||
7 Day CHG-0.03%
Published-03 Apr, 2025 | 00:00
Updated-23 Apr, 2025 | 14:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered affecting Enrich 5.1.0 and below. It involves sending a maliciously crafted Snowplow event to the pipeline. Upon receiving this event and trying to validate it, Enrich crashes and attempts to restart indefinitely. As a result, event processing would be halted.

Action-Not Available
Vendor-snowplown/a
Product-enrichn/a
CWE ID-CWE-404
Improper Resource Shutdown or Release
CVE-2024-46552
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.20% / 41.81%
||
7 Day CHG~0.00%
Published-18 Sep, 2024 | 00:00
Updated-17 Mar, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sStRtMskShow parameter at ipstrt.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.

Action-Not Available
Vendor-n/aDrayTek Corp.
Product-vigor3910vigor3910_firmwaren/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2024-46596
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.20% / 41.81%
||
7 Day CHG~0.00%
Published-18 Sep, 2024 | 00:00
Updated-20 Mar, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sAct parameter at v2x00.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.

Action-Not Available
Vendor-n/aDrayTek Corp.
Product-vigor3910_firmwarevigor3910n/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2024-46595
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.20% / 41.81%
||
7 Day CHG~0.00%
Published-18 Sep, 2024 | 00:00
Updated-13 Mar, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the saveitem parameter at lan2lan.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.

Action-Not Available
Vendor-n/aDrayTek Corp.
Product-vigor3910_firmwarevigor3910n/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2024-46601
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.14% / 34.08%
||
7 Day CHG~0.00%
Published-07 Jan, 2025 | 00:00
Updated-16 Apr, 2025 | 15:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Elspec Engineering G5 Digital Fault Recorder Firmware v1.2.1.12 was discovered to contain a buffer overflow.

Action-Not Available
Vendor-elspec-ltdn/a
Product-g5dfrg5dfr_firmwaren/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2024-46565
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.20% / 41.81%
||
7 Day CHG~0.00%
Published-18 Sep, 2024 | 00:00
Updated-13 Mar, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sSrvName parameter at service.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.

Action-Not Available
Vendor-n/aDrayTek Corp.
Product-vigor3910_firmwarevigor3910n/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2024-46550
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.20% / 41.81%
||
7 Day CHG~0.00%
Published-18 Sep, 2024 | 00:00
Updated-17 Mar, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the CGIbyFieldName parameter at chglog.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.

Action-Not Available
Vendor-n/aDrayTek Corp.
Product-vigor3910vigor3910_firmwaren/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2024-46597
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.20% / 41.81%
||
7 Day CHG~0.00%
Published-18 Sep, 2024 | 00:00
Updated-19 Mar, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sPubKey parameter at dialin.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.

Action-Not Available
Vendor-n/aDrayTek Corp.
Product-vigor3910_firmwarevigor3910n/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2024-46591
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.20% / 41.81%
||
7 Day CHG~0.00%
Published-18 Sep, 2024 | 00:00
Updated-19 Mar, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sDnsPro parameter at v2x00.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.

Action-Not Available
Vendor-n/aDrayTek Corp.
Product-vigor3910_firmwarevigor3910n/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2024-46567
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.20% / 41.81%
||
7 Day CHG~0.00%
Published-18 Sep, 2024 | 00:00
Updated-18 Mar, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the iProfileIdx parameter at v2x00.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.

Action-Not Available
Vendor-n/aDrayTek Corp.
Product-vigor3910_firmwarevigor3910n/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2024-46551
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.20% / 41.81%
||
7 Day CHG~0.00%
Published-18 Sep, 2024 | 00:00
Updated-13 Mar, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sBPA_Pwd parameter at inet15.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.

Action-Not Available
Vendor-n/aDrayTek Corp.
Product-vigor3910_firmwarevigor3910n/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2024-46558
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.20% / 41.81%
||
7 Day CHG~0.00%
Published-18 Sep, 2024 | 00:00
Updated-18 Mar, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the newProname parameter at v2x00.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.

Action-Not Available
Vendor-n/aDrayTek Corp.
Product-vigor3910_firmwarevigor3910n/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
  • Previous
  • 1
  • 2
  • ...
  • 7
  • 8
  • 9
  • ...
  • 13
  • 14
  • Next
Details not found