Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-47909

Summary
Assigner-ivanti
Assigner Org ID-3c1d8aa1-5a33-4ea4-8992-aadd6440af75
Published At-12 Nov, 2024 | 16:02
Updated At-19 Nov, 2024 | 17:10
Rejected At-
Credits

A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.3 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker with admin privileges to cause a denial of service.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:ivanti
Assigner Org ID:3c1d8aa1-5a33-4ea4-8992-aadd6440af75
Published At:12 Nov, 2024 | 16:02
Updated At:19 Nov, 2024 | 17:10
Rejected At:
▼CVE Numbering Authority (CNA)

A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.3 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker with admin privileges to cause a denial of service.

Affected Products
Vendor
Ivanti SoftwareIvanti
Product
Connect Secure
Default Status
affected
Versions
Unaffected
  • 22.7R2.3 (custom)
Vendor
Ivanti SoftwareIvanti
Product
Policy Secure
Default Status
affected
Versions
Unaffected
  • 22.7R1.2 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-121CWE-121: Stack-based Buffer Overflow
Type: CWE
CWE ID: CWE-121
Description: CWE-121: Stack-based Buffer Overflow
Metrics
VersionBase scoreBase severityVector
3.14.9MEDIUM
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Version: 3.1
Base score: 4.9
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-100CAPEC-100 Overflow Buffers
CAPEC ID: CAPEC-100
Description: CAPEC-100 Overflow Buffers
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Connect-Secure-ICS-Ivanti-Policy-Secure-IPS-Ivanti-Secure-Access-Client-ISAC-Multiple-CVEs
N/A
Hyperlink: https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Connect-Secure-ICS-Ivanti-Policy-Secure-IPS-Ivanti-Secure-Access-Client-ISAC-Multiple-CVEs
Resource: N/A
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:3c1d8aa1-5a33-4ea4-8992-aadd6440af75
Published At:12 Nov, 2024 | 16:15
Updated At:18 Nov, 2024 | 15:09

A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.3 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker with admin privileges to cause a denial of service.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.14.9MEDIUM
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Secondary3.14.9MEDIUM
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Type: Primary
Version: 3.1
Base score: 4.9
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Type: Secondary
Version: 3.1
Base score: 4.9
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
CPE Matches
Ivanti Software
ivanti
>>connect_secure>>Versions before 22.7(exclusive)
cpe:2.3:a:ivanti:connect_secure:*:*:*:*:*:*:*:*
Ivanti Software
ivanti
>>connect_secure>>22.7
cpe:2.3:a:ivanti:connect_secure:22.7:-:*:*:*:*:*:*
Ivanti Software
ivanti
>>connect_secure>>22.7
cpe:2.3:a:ivanti:connect_secure:22.7:r1:*:*:*:*:*:*
Ivanti Software
ivanti
>>connect_secure>>22.7
cpe:2.3:a:ivanti:connect_secure:22.7:r1.1:*:*:*:*:*:*
Ivanti Software
ivanti
>>connect_secure>>22.7
cpe:2.3:a:ivanti:connect_secure:22.7:r1.2:*:*:*:*:*:*
Ivanti Software
ivanti
>>connect_secure>>22.7
cpe:2.3:a:ivanti:connect_secure:22.7:r1.3:*:*:*:*:*:*
Ivanti Software
ivanti
>>connect_secure>>22.7
cpe:2.3:a:ivanti:connect_secure:22.7:r1.4:*:*:*:*:*:*
Ivanti Software
ivanti
>>connect_secure>>22.7
cpe:2.3:a:ivanti:connect_secure:22.7:r1.5:*:*:*:*:*:*
Ivanti Software
ivanti
>>connect_secure>>22.7
cpe:2.3:a:ivanti:connect_secure:22.7:r2:*:*:*:*:*:*
Ivanti Software
ivanti
>>connect_secure>>22.7
cpe:2.3:a:ivanti:connect_secure:22.7:r2.1:*:*:*:*:*:*
Ivanti Software
ivanti
>>connect_secure>>22.7
cpe:2.3:a:ivanti:connect_secure:22.7:r2.2:*:*:*:*:*:*
Ivanti Software
ivanti
>>policy_secure>>Versions before 22.7(exclusive)
cpe:2.3:a:ivanti:policy_secure:*:*:*:*:*:*:*:*
Ivanti Software
ivanti
>>policy_secure>>22.7
cpe:2.3:a:ivanti:policy_secure:22.7:-:*:*:*:*:*:*
Ivanti Software
ivanti
>>policy_secure>>22.7
cpe:2.3:a:ivanti:policy_secure:22.7:r1:*:*:*:*:*:*
Ivanti Software
ivanti
>>policy_secure>>22.7
cpe:2.3:a:ivanti:policy_secure:22.7:r1.1:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-787Primarynvd@nist.gov
CWE-121Secondary3c1d8aa1-5a33-4ea4-8992-aadd6440af75
CWE ID: CWE-787
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-121
Type: Secondary
Source: 3c1d8aa1-5a33-4ea4-8992-aadd6440af75
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Connect-Secure-ICS-Ivanti-Policy-Secure-IPS-Ivanti-Secure-Access-Client-ISAC-Multiple-CVEs3c1d8aa1-5a33-4ea4-8992-aadd6440af75
Vendor Advisory
Hyperlink: https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Connect-Secure-ICS-Ivanti-Policy-Secure-IPS-Ivanti-Secure-Access-Client-ISAC-Multiple-CVEs
Source: 3c1d8aa1-5a33-4ea4-8992-aadd6440af75
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

74Records found
CVE-2023-29914
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.9||MEDIUM
EPSS-0.06% / 18.20%
||
7 Day CHG~0.00%
Published-21 Apr, 2023 | 00:00
Updated-05 Feb, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

H3C Magic R200 version R200V100R004 was discovered to contain a stack overflow via the DeltriggerList interface at /goform/aspForm.

Action-Not Available
Vendor-n/aNew H3C Technologies Co., Ltd.
Product-magic_r200_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-29909
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.9||MEDIUM
EPSS-0.06% / 18.20%
||
7 Day CHG~0.00%
Published-21 Apr, 2023 | 00:00
Updated-05 Feb, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

H3C Magic R200 version R200V100R004 was discovered to contain a stack overflow via the AddWlanMacList interface at /goform/aspForm.

Action-Not Available
Vendor-n/aNew H3C Technologies Co., Ltd.
Product-magic_r200_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-27802
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.9||MEDIUM
EPSS-0.06% / 18.20%
||
7 Day CHG~0.00%
Published-07 Apr, 2023 | 00:00
Updated-12 Feb, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

H3C Magic R100 R100V100R005.bin was discovered to contain a stack overflow via the EditvsList parameter at /goform/aspForm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted payload.

Action-Not Available
Vendor-n/aNew H3C Technologies Co., Ltd.
Product-magic_r100_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-27803
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.9||MEDIUM
EPSS-0.06% / 18.20%
||
7 Day CHG~0.00%
Published-07 Apr, 2023 | 00:00
Updated-12 Feb, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

H3C Magic R100 R100V100R005.bin was discovered to contain a stack overflow via the EdittriggerList interface at /goform/aspForm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted payload.

Action-Not Available
Vendor-n/aNew H3C Technologies Co., Ltd.
Product-magic_r100_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-27807
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.9||MEDIUM
EPSS-0.06% / 18.20%
||
7 Day CHG~0.00%
Published-07 Apr, 2023 | 00:00
Updated-12 Feb, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

H3C Magic R100 R100V100R005.bin was discovered to contain a stack overflow via the Delstlist interface at /goform/aspForm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted payload.

Action-Not Available
Vendor-n/aNew H3C Technologies Co., Ltd.
Product-magic_r100_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-27804
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.9||MEDIUM
EPSS-0.06% / 18.20%
||
7 Day CHG~0.00%
Published-07 Apr, 2023 | 00:00
Updated-11 Feb, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

H3C Magic R100 R100V100R005.bin was discovered to contain a stack overflow via the DelvsList interface at /goform/aspForm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted payload.

Action-Not Available
Vendor-n/aNew H3C Technologies Co., Ltd.
Product-magic_r100_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-29907
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.9||MEDIUM
EPSS-0.06% / 18.20%
||
7 Day CHG~0.00%
Published-21 Apr, 2023 | 00:00
Updated-05 Feb, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

H3C Magic R200 version R200V100R004 was discovered to contain a stack overflow via the Edit_BasicSSID_5G interface at /goform/aspForm.

Action-Not Available
Vendor-n/aNew H3C Technologies Co., Ltd.
Product-magic_r200_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-29913
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.9||MEDIUM
EPSS-0.06% / 18.20%
||
7 Day CHG~0.00%
Published-21 Apr, 2023 | 00:00
Updated-05 Feb, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

H3C Magic R200 version R200V100R004 was discovered to contain a stack overflow via the SetAPWifiorLedInfoById interface at /goform/aspForm.

Action-Not Available
Vendor-n/aNew H3C Technologies Co., Ltd.
Product-magic_r200_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-27805
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.9||MEDIUM
EPSS-0.06% / 18.20%
||
7 Day CHG~0.00%
Published-07 Apr, 2023 | 00:00
Updated-12 Feb, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

H3C Magic R100 R100V100R005.bin was discovered to contain a stack overflow via the EditSTList interface at /goform/aspForm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted payload.

Action-Not Available
Vendor-n/aNew H3C Technologies Co., Ltd.
Product-magic_r100_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-27806
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.9||MEDIUM
EPSS-0.06% / 18.20%
||
7 Day CHG~0.00%
Published-07 Apr, 2023 | 00:00
Updated-12 Feb, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

H3C Magic R100 R100V100R005.bin was discovered to contain a stack overflow via the ipqos_lanip_dellist interface at /goform/aspForm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted payload.

Action-Not Available
Vendor-n/aNew H3C Technologies Co., Ltd.
Product-magic_r100_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-27808
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.9||MEDIUM
EPSS-0.06% / 18.20%
||
7 Day CHG~0.00%
Published-07 Apr, 2023 | 00:00
Updated-12 Feb, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

H3C Magic R100 R100V100R005.bin was discovered to contain a stack overflow via the DeltriggerList interface at /goform/aspForm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted payload.

Action-Not Available
Vendor-n/aNew H3C Technologies Co., Ltd.
Product-magic_r100_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-27801
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.9||MEDIUM
EPSS-0.06% / 18.20%
||
7 Day CHG~0.00%
Published-07 Apr, 2023 | 00:00
Updated-12 Feb, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

H3C Magic R100 R100V100R005.bin was discovered to contain a stack overflow via the DelDNSHnList interface at /goform/aspForm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted payload.

Action-Not Available
Vendor-n/aNew H3C Technologies Co., Ltd.
Product-magic_r100_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-27810
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.9||MEDIUM
EPSS-0.06% / 18.20%
||
7 Day CHG~0.00%
Published-07 Apr, 2023 | 00:00
Updated-12 Feb, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

H3C Magic R100 R100V100R005.bin was discovered to contain a stack overflow via the ipqos_lanip_editlist interface at /goform/aspForm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted payload.

Action-Not Available
Vendor-n/aNew H3C Technologies Co., Ltd.
Product-magic_r100_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-24613
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.9||MEDIUM
EPSS-0.31% / 53.57%
||
7 Day CHG~0.00%
Published-03 Feb, 2023 | 00:00
Updated-26 Mar, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The user interface of Array Networks AG Series and vxAG through 9.4.0.470 could allow a remote attacker to use the gdb tool to overwrite the backend function call stack after accessing the system with administrator privileges. A successful exploit could leverage this vulnerability in the backend binary file that handles the user interface to a cause denial of service attack. This is fixed in AG 9.4.0.481.

Action-Not Available
Vendor-arraynetworksn/a
Product-ag1100v5ag1000tag1500ag1600v5ag1200ag1000v5ag1500v5arrayos_agag1500fipsag1200v5ag1150vxagag1000ag1600n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-29012
Matching Score-4
Assigner-SonicWall, Inc.
ShareView Details
Matching Score-4
Assigner-SonicWall, Inc.
CVSS Score-4.9||MEDIUM
EPSS-2.50% / 84.71%
||
7 Day CHG~0.00%
Published-20 Jun, 2024 | 08:11
Updated-25 Mar, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack-based buffer overflow vulnerability in the SonicOS HTTP server allows an authenticated remote attacker to cause Denial of Service (DoS) via sscanf function.

Action-Not Available
Vendor-SonicWall Inc.
Product-tz670nssp_11700nssp_10700tz270nsa_2700nsv_470tz470nsa_6700tz270wtz570ptz570nsv_270sonicosnssp_13700tz370tz470wnsa_3700tz370wnsa_5700nsa_4700nsv_870tz570wSonicOS
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-29906
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.9||MEDIUM
EPSS-0.06% / 18.20%
||
7 Day CHG~0.00%
Published-21 Apr, 2023 | 00:00
Updated-05 Feb, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

H3C Magic R200 version R200V100R004 was discovered to contain a stack overflow via the Edit_BasicSSID interface at /goform/aspForm.

Action-Not Available
Vendor-n/aNew H3C Technologies Co., Ltd.
Product-magic_r200_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-42444
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-4.9||MEDIUM
EPSS-0.06% / 19.23%
||
7 Day CHG~0.00%
Published-06 Feb, 2023 | 20:38
Updated-25 Mar, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM App Connect Enterprise denial of service

IBM App Connect Enterprise 11.0.0.8 through 11.0.0.19 and 12.0.1.0 through 12.0.5.0 is vulnerable to a buffer overflow. A remote privileged user could overflow a buffer and cause the application to crash. IBM X-Force ID: 238538.

Action-Not Available
Vendor-IBM CorporationMicrosoft CorporationLinux Kernel Organization, Inc
Product-app_connect_enterpriseaixwindowslinux_kernelApp Connect Enterprise
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2024-52754
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-3.5||LOW
EPSS-0.17% / 38.85%
||
7 Day CHG~0.00%
Published-20 Nov, 2024 | 00:00
Updated-22 Nov, 2024 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

D-LINK DI-8003 v16.07.16A1 was discovered to contain a buffer overflow via the fn parameter in the tgfile_htm function.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-di-8003_firmwaredi-8003n/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-21054
Matching Score-4
Assigner-Oracle
ShareView Details
Matching Score-4
Assigner-Oracle
CVSS Score-4.9||MEDIUM
EPSS-0.15% / 36.13%
||
7 Day CHG~0.00%
Published-16 Apr, 2024 | 21:26
Updated-13 Feb, 2025 | 17:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Action-Not Available
Vendor-Oracle Corporation
Product-MySQL Servermysql_server
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2024-52755
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-3.5||LOW
EPSS-0.29% / 52.15%
||
7 Day CHG~0.00%
Published-20 Nov, 2024 | 00:00
Updated-22 Nov, 2024 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

D-LINK DI-8003 v16.07.26A1 was discovered to contain a buffer overflow via the host_ip parameter in the ipsec_road_asp function.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-di-8003_firmwaredi-8003n/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-33008
Matching Score-4
Assigner-SAP SE
ShareView Details
Matching Score-4
Assigner-SAP SE
CVSS Score-4.9||MEDIUM
EPSS-0.10% / 27.53%
||
7 Day CHG~0.00%
Published-14 May, 2024 | 03:46
Updated-26 Sep, 2024 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Memory Corruption vulnerability in SAP Replication Server

SAP Replication Server allows an attacker to use gateway for executing some commands to RSSD. This could result in crashing the Replication Server due to memory corruption with high impact on Availability of the system.

Action-Not Available
Vendor-SAP SE
Product-SAP Replication Server
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-37280
Matching Score-4
Assigner-Elastic
ShareView Details
Matching Score-4
Assigner-Elastic
CVSS Score-4.9||MEDIUM
EPSS-0.23% / 45.90%
||
7 Day CHG~0.00%
Published-13 Jun, 2024 | 16:26
Updated-03 Oct, 2024 | 19:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Elasticsearch StackOverflow vulnerability

A flaw was discovered in Elasticsearch, affecting document ingestion when an index template contains a dynamic field mapping of “passthrough” type. Under certain circumstances, ingesting documents in this index would cause a StackOverflow exception to be thrown and ultimately lead to a Denial of Service. Note that passthrough fields is an experimental feature.

Action-Not Available
Vendor-Elasticsearch BV
Product-elasticsearchElasticsearch
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-38266
Matching Score-4
Assigner-Zyxel Corporation
ShareView Details
Matching Score-4
Assigner-Zyxel Corporation
CVSS Score-4.9||MEDIUM
EPSS-0.18% / 39.39%
||
7 Day CHG~0.00%
Published-24 Sep, 2024 | 01:26
Updated-22 Jan, 2025 | 22:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An improper restriction of operations within the bounds of a memory buffer in the parameter type parser of the Zyxel VMG8825-T50K firmware versions through 5.50(ABOM.8)C0 could allow an authenticated attacker with administrator privileges to cause potential memory corruptions, resulting in a thread crash on an affected device.

Action-Not Available
Vendor-Zyxel Networks Corporation
Product-ex3510-b1_firmwarevmg8825-t50kvmg3625-t50b_firmwareex3501-t0pm3100-t0ex5510-b0_firmwarewx3401-b0_firmwareex5401-b0vmg4005-b60avmg3927-t50kex5401-b1_firmwarescr50axeex3300-t0_firmwaredx5401-b0_firmwarevmg8623-t50b_firmwaredx4510-b1_firmwareex3600-t0_firmwarepm7300-t0vmg4005-b50avmg4005-b60a_firmwarepx3321-t1_firmwareex5601-t0_firmwareex5401-b0_firmwareex3301-t0ex3510-b1emg5723-t50kdx3300-t1wx3100-t0_firmwarevmg8825-t50k_firmwareemg3525-t50bdx5401-b1_firmwareex5601-t1ex3300-t0ex5512-t0_firmwarewx5600-t0wx3401-b0ex7710-b0_firmwareax7501-b1_firmwareex3301-t0_firmwaredx4510-b0_firmwareemg5523-t50bdx5401-b1emg5523-t50b_firmwarepm5100-t0_firmwaredx4510-b0ex7710-b0pm7300-t0_firmwareax7501-b1ex3300-t1dx3300-t1_firmwareex3510-b0_firmwarevmg3625-t50bex5401-b1emg5723-t50k_firmwaredx3301-t0ex5510-b0wx5600-t0_firmwareex5601-t0ax7501-b0_firmwareex5601-t1_firmwarevmg8623-t50bpm3100-t0_firmwareex3510-b0ex7501-b0vmg3927-t50k_firmwarewx3100-t0vmg4005-b50a_firmwareemg3525-t50b_firmwaredx3301-t0_firmwaredx3300-t0ax7501-b0scr50axe_firmwareex5512-t0ex3500-t0ex3300-t1_firmwarepm5100-t0ex3500-t0_firmwareex3600-t0dx5401-b0dx4510-b1dx3300-t0_firmwareex3501-t0_firmwarepx3321-t1ex7501-b0_firmwareVMG8825-T50K firmware
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-4839
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-4.9||MEDIUM
EPSS-0.71% / 71.21%
||
7 Day CHG~0.00%
Published-25 May, 2021 | 16:00
Updated-16 Sep, 2024 | 20:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Host firmware for LC-class Systems is vulnerable to a stack based buffer overflow, caused by improper bounds checking. A remote privileged attacker could exploit this vulnerability and cause a denial of service. IBM X-Force ID: 190037.

Action-Not Available
Vendor-IBM Corporation
Product-8335-gta8335-gtb8335-gca8335-gtb_firmware8335-gca_firmware8335-gta_firmware8335-GTB8335-GTA8335-GCA
CWE ID-CWE-787
Out-of-bounds Write
  • Previous
  • 1
  • 2
  • Next
Details not found