Buffer Overflow

Out-of-bounds read in Windows NTFS allows an authorized attacker to elevate privileges locally. [CVSS 7.8 HIGH]

Windows Extensible File Allocation (exFAT) contains an out-of-bounds read vulnerability affecting Windows Server 2022, Windows 10 1607, and Windows 11 versions 23h2/25h2, enabling authenticated local users to escalate privileges with high impact on confidentiality, integrity, and availability. The vulnerability requires local access and user-level privileges to exploit, with no patch currently available. This flaw carries a CVSS score of 7.8 and affects multiple supported Windows versions across server and client platforms.

Remote code execution in Windows RRAS affects Windows 10 1607 and Windows Server 2022 23h2 through an integer overflow vulnerability exploitable by authenticated network attackers. Public exploit code exists for this vulnerability, enabling authenticated users to execute arbitrary code with high integrity and confidentiality impact. No patch is currently available, making this a critical exposure for affected Windows environments.

Remote code execution in Windows Routing and Remote Access Service (RRAS) across Windows Server 2012, 2022, and 2022 23h2 stems from an integer overflow vulnerability that authenticated network attackers can exploit with user interaction. Public exploit code exists for this vulnerability, enabling attackers to achieve arbitrary code execution with high impact on confidentiality, integrity, and availability. No patch is currently available.

Arbitrary code execution in Fortinet FortiWeb 7.0.2 through 8.0.2 stems from a stack-based buffer overflow triggered by crafted HTTP requests from authenticated attackers who can bypass stack protection mechanisms. The vulnerability affects multiple FortiWeb versions and requires high privileges and specific conditions to exploit, though no patch is currently available. An authenticated attacker with sufficient privileges could leverage this flaw to execute arbitrary commands on affected systems.

Arbitrary code execution in Windows 10 (versions 21H2 and 22H2) via heap buffer overflow in Mobile Broadband functionality requires physical access to a target device. An attacker with direct hardware access can trigger memory corruption to achieve kernel-level code execution with full system privileges. No patch is currently available for this vulnerability.

Privilege escalation in Windows 11 (24h2, 26h1) and Windows Server 2022 (23h2) via heap overflow allows authenticated local users to gain system-level access. The vulnerability requires valid credentials but no user interaction, making it a direct path to complete system compromise. No patch is currently available.

Windows Push Message Routing Service contains an out-of-bounds read vulnerability that enables authenticated local users to access sensitive information on affected systems running Windows 10 and Windows 11. The vulnerability requires valid credentials to exploit and poses a confidentiality risk, though no patch is currently available. This affects multiple Windows versions including 21H2, 22H2, and 23H2 releases.

Windows ReFS contains an out-of-bounds read vulnerability affecting Server 2019, 2022, 2025, and Windows 11 26h1 that enables authenticated local users to escalate privileges with high impact to confidentiality, integrity, and availability. The vulnerability requires low attack complexity and no user interaction, making it exploitable by any authenticated user on the system. No patch is currently available for this HIGH severity issue.

Windows Universal Disk Format File System Driver (UDFS) Elevation of Privilege Vulnerability [CVSS 7.8 HIGH]

Privilege escalation in Azure Linux Virtual Machines results from a heap-based buffer overflow that authenticated local users can exploit to gain elevated system access. An attacker with valid credentials can trigger memory corruption to bypass privilege restrictions and assume administrative control of the affected virtual machine. No patch is currently available, making this a critical risk for organizations running Azure Linux infrastructure.

vulnerability in Fortinet FortiSwitchAXFixed 1.0.0 versions up to 1.0.1 is affected by classic buffer overflow (CVSS 8.8).

A Stack-based Buffer Overflow vulnerability [CWE-121] vulnerability in Fortinet FortiManager 7.4.0 through 7.4.2, FortiManager 7.2.0 through 7.2.10, FortiManager 6.4 all versions may allow a remote unauthenticated attacker to execute unauthorized commands via crafted requests, if the service is enabled. [CVSS 8.1 HIGH]

Improper Validation of Specified Index, Position, or Offset in Input vulnerability in Mitsubishi Electric CNC M800V Series M800VW and M800VS, M80V Series M80V and M80VW, M800 Series M800W and M800S, M80 Series M80 and M80W, E80 Series E80, C80 Series C80, M700V Series M750VW, M720VW, 730VW, M720VS, M730VS, and M750VS, M70V Series M70V, E70 Series E70, and Software Tools NC Trainer2 and NC Trainer2 plus allows a remote attacker to cause an out-of-bounds read, resulting in a denial-of-service condition by sending specially crafted packets to TCP port 683. [CVSS 5.9 MEDIUM]

Medium severity vulnerability in ImageMagick. A 32-bit unsigned integer overflow in the XWD (X Windows) encoder can cause an undersized heap buffer allocation. When writing a extremely large image an out of bounds heap write can occur.

Medium severity vulnerability in ImageMagick. A crafted image could cause an out of bounds heap write inside the WaveletDenoiseImage method. When processing a crafted image with the -wavelet-denoise operation an out of bounds write can occur.

BilateralBlurImage contains a heap buffer over-read caused by an incorrect conversion. When processing a crafted image with the `-bilateral-blur` operation an out of bounds read can occur. ``` ================================================================= ==676172==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x50a0000079c0 at pc 0x57b483c722f7 bp 0x7fffc0acd380 sp 0x7fffc0acd370 READ of size 4 at 0x50a0000079c0 thread T0 ```

Medium severity vulnerability in ImageMagick. A heap-based buffer overflow in the UHDR encoder can happen due to truncation of a value and it would allow an out of bounds write.

High severity vulnerability in ImageMagick. MagnifyImage uses a fixed-size stack buffer. When using a specific image it is possible to overflow this buffer and corrupt the stack.

ImageMagick is free and open-source software used for editing and manipulating digital images. versions up to 7.1.2-16 is affected by buffer overflow (CVSS 5.7).

Heap over-read in ImageMagick's MAT decoder prior to versions 7.1.2-16 and 6.9.13-41 results from incorrect arithmetic parenthesization, allowing remote attackers to leak sensitive memory contents and cause denial of service through crafted MAT image files. The vulnerability requires no authentication or user interaction and affects systems using vulnerable ImageMagick versions for image processing. No patch is currently available, leaving users dependent on upgrading to patched versions when released.

Medium severity vulnerability in ImageMagick. A stack buffer overflow vulnerability exists in the MNG encoder. There is a bounds checks missing that could corrupting the stack with attacker-controlled data.

Medium severity vulnerability in ImageMagick. A heap-buffer-overflow vulnerability exists in the PCL encode due to an undersized output buffer allocation.

High severity vulnerability in ImageMagick. A stack buffer overflow exists in ImageMagick's morphology kernel parsing functions. User-controlled kernel strings exceeding a buffer are copied into fixed-size stack buffers via memcpy without bounds checking, resulting in stack corruption.

Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formdumpeasysetup. [CVSS 7.5 HIGH]

Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetWAN_Wizard534. [CVSS 7.5 HIGH]

Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetWAN_Wizard52. [CVSS 7.5 HIGH]

GNU Binutils thru 2.45.1 readelf contains a denial-of-service vulnerability when processing a crafted binary with malformed DWARF .debug_rnglists data. [CVSS 6.2 MEDIUM]

The rtsock_msg_buffer() function serializes routing information into a buffer. As a part of this, it copies sockaddr structures into a sockaddr_storage structure on the stack. [CVSS 7.5 HIGH]

Remote code execution in UTT HiPER 810G firmware through version 1.7.7-1711 via a buffer overflow in the /goform/formApMail handler allows authenticated attackers to achieve complete system compromise. Public exploit code exists for this vulnerability, and no patch is currently available, leaving affected devices at elevated risk. The attack requires network access but no user interaction, making it a significant threat to organizations using this device.

Unauthenticated remote attackers can achieve complete system compromise (code execution, data theft, and denial of service) against UTT HiPER 810G firmware versions up to 1.7.7-1711 through a buffer overflow in the /goform/getOneApConfTempEntry endpoint. Public exploit code is available and actively being leveraged in attacks. No patch is currently available for affected devices.

Stack-based buffer overflow in Tenda FH1202 firmware version 1.2.0.14(408) allows authenticated remote attackers to achieve complete system compromise through a malformed page parameter in the /goform/P2pListFilter endpoint. Public exploit code exists for this vulnerability, and no patch is currently available, leaving affected devices at immediate risk of code execution and data theft.

A low-privileged remote attacker can trigger a stack-based buffer overflow via a crafted HTTP POST request using the ubr-network method resulting in full device compromise. [CVSS 8.8 HIGH]

Stack overflow in Tenda FH1202 firmware version 1.2.0.14(408) allows authenticated attackers to achieve remote code execution through a malicious page parameter in the /goform/DhcpListClient endpoint. Public exploit code is available and the vulnerability remains unpatched, creating significant risk for deployed devices. This affects both the Tenda FH1202 router and Stack Overflow services with high severity impact on confidentiality, integrity, and availability.

Stack-based buffer overflow in Tenda FH1202 firmware version 1.2.0.14(408) allows remote authenticated attackers to achieve complete system compromise through manipulation of the page parameter in the /goform/NatStaticSetting function. Public exploit code exists for this vulnerability and no patch is currently available. The flaw requires valid credentials but can be exploited over the network with no user interaction.

Stack-based buffer overflow in Tenda FH1202 firmware version 1.2.0.14(408) allows remote authenticated attackers to achieve full system compromise through manipulation of the webSiteId parameter in the /goform/webtypelibrary function. Public exploit code exists for this vulnerability, and no patch is currently available. The high CVSS score of 8.8 reflects the potential for complete confidentiality, integrity, and availability impact.

Unauthenticated remote attackers can exploit a stack-based buffer overflow in Atop EHG2408 series switches to achieve arbitrary code execution and full system compromise. The vulnerability requires only network access and no user interaction, allowing attackers to completely control affected devices. No patch is currently available for this high-severity flaw affecting network infrastructure.

Stack overflow in Tenda FH1202 firmware version 1.2.0.14(408) allows remote attackers with low privileges to execute arbitrary code through crafted mit_ssid parameters sent to the AdvSetWrlsafeset function. Public exploit code exists for this vulnerability and no patch is currently available. The attack requires network access but no user interaction, making it readily exploitable in affected deployments.

Remote code execution in Tenda i3 1.0.0.6(2204) firmware allows unauthenticated attackers to achieve full system compromise through a stack-based buffer overflow in the WifiMacFilterSet function. Public exploit code exists for this vulnerability, increasing the risk of active exploitation. No patch is currently available, requiring immediate mitigation through network segmentation or device isolation.

Remote code execution in Tenda i3 firmware versions up to 1.0.0.6(2204) via stack-based buffer overflow in the WiFi MAC filter function allows unauthenticated attackers to achieve full system compromise over the network. Public exploit code exists for this vulnerability and no patch is currently available. The flaw requires only low complexity to exploit and affects the confidentiality, integrity, and availability of affected devices.

Stack-based buffer overflow in Tenda i3 1.0.0.6(2204) firmware allows authenticated remote attackers to achieve code execution by manipulating the cmdinput parameter in the /goform/exeCommand function. Public exploit code exists for this vulnerability and no patch is currently available, placing affected devices at immediate risk.

Stack-based buffer overflow in Tenda i3 1.0.0.6(2204) firmware allows authenticated remote attackers to achieve complete system compromise through manipulation of ping parameters in the setAutoPing function. Public exploit code exists for this vulnerability and no patch is currently available, creating significant risk for affected deployments.

Stack overflow in Tenda i3 firmware version 1.0.0.6(2204) allows authenticated remote attackers to achieve full system compromise through a malformed funcpara1 parameter in the /goform/setcfm endpoint. Public exploit code exists for this vulnerability, and no patch is currently available. An attacker with network access and valid credentials can execute arbitrary code with full system privileges.

Delta Electronics COMMGR2 has Buffer Over-read DoS vulnerability. [CVSS 7.5 HIGH]

Stack-based buffer overflow in Delta Electronics COMMGR2 communication management software. ICS vulnerability enabling remote code execution on industrial communication gateways.

Stack-based buffer overflow in Tenda F453 firmware 1.0.0.3 allows remote attackers with valid credentials to achieve unauthenticated code execution through a malformed GO parameter in the WrlclientSet function. Public exploit code exists for this vulnerability, and no patch is currently available. Affected organizations using vulnerable F453 devices should implement network segmentation and access controls to mitigate exploitation risk.

Stack-based buffer overflow in Tenda F453 firmware version 1.0.0.3 allows authenticated remote attackers to achieve complete system compromise through a malformed GO parameter in the WrlExtraSet function. Public exploit code exists for this vulnerability, and no patch is currently available. Affected systems face high risk of unauthorized code execution, data theft, and service disruption.

Stack-based buffer overflow in Tenda F453 firmware allows unauthenticated remote attackers to execute arbitrary code through the cmdinput parameter in the /goform/exeCommand function, with public exploit code already available. The vulnerability affects F453 firmware version 1.0.0.3 and has a CVSS score of 8.8, enabling complete compromise of affected devices without requiring user interaction. No patch is currently available.

Out-of-bounds read in libssh versions up to 0.11.3 allows remote attackers to cause denial of service by manipulating the idx argument in the SFTP extension name handler functions. The vulnerability resides in the sftp_extensions_get_name and sftp_extensions_get_data functions, enabling unauthenticated attackers to trigger memory access violations without user interaction. Upgrading to libssh 0.11.4 or 0.12.0 resolves this issue.

Remote code execution in Tenda F453 firmware versions 1.0.0.3 and 3.As via stack-based buffer overflow in the PPTP client configuration endpoint allows unauthenticated network attackers to achieve full system compromise. Public exploit code exists for this vulnerability, and no patch is currently available, creating significant risk for affected devices.

Stack-based buffer overflow in Tenda F453 firmware versions 1.0.0.3/1.1f allows authenticated remote attackers to execute arbitrary code through malformed funcname/funcpara1 parameters in the /goform/setcfm endpoint. Public exploit code exists for this vulnerability, and no patch is currently available. The high CVSS score of 8.8 reflects the complete compromise potential of affected devices.

Stack-based buffer overflow in Tenda F453 1.0.0.3 firmware allows authenticated attackers to achieve remote code execution through improper input validation in the QuickIndex handler. Public exploit code exists for this vulnerability, and no patch is currently available, leaving affected devices at significant risk of compromise.

Stack-based buffer overflow in Tenda F453 1.0.0.3 firmware allows authenticated remote attackers to achieve full system compromise through a malicious page parameter in the webExcptypemanFilter function. Public exploit code exists for this vulnerability, and no patch is currently available. The attack requires valid credentials but no user interaction, making it a significant risk for affected devices.

Remote code execution in Wavlink WL-WN579X3-C firmware through stack-based buffer overflow in the firewall.cgi module allows unauthenticated attackers to achieve complete system compromise via manipulation of the del_flag parameter. Public exploit code exists for this vulnerability, and no patch is currently available despite vendor notification. Affected users should immediately restrict network access to the affected device until a firmware update becomes available.

Heap buffer overflow in libpng's pnm2png utility (versions up to 1.6.55) allows local attackers to corrupt memory and potentially execute code by supplying malicious width or height parameters. The vulnerability requires local access and public exploit code is available. The maintainers have not yet provided a patch despite early notification.

Wavlink NU516U1 firmware 251208 has a buffer overflow enabling remote code execution through crafted HTTP requests to the CGI interface.

Remote code execution in H3C Magic B1 firmware through a buffer overflow in the SSID configuration function allows unauthenticated attackers to gain complete system compromise over the network. Public exploit code exists for this vulnerability, and no patch is currently available from the vendor despite early disclosure notification. The flaw affects firmware versions up to 100R004 and requires only low complexity to exploit with valid credentials.

Remote code execution in UTT HiPER 810G firmware up to version 1.7.7-171114 through a stack buffer overflow in the DNS filter configuration function allows authenticated attackers to execute arbitrary commands with full system privileges. Public exploit code is available for this vulnerability, increasing the risk of active exploitation. No patch is currently available, requiring organizations to implement network-level mitigations or device replacement until a fix is released.

Remote code execution in UTT HiPER 810G firmware through version 1.7.7-171114 stems from an unsafe strcpy operation in the /goform/formRemoteControl function that enables unauthenticated attackers to trigger a buffer overflow. Public exploit code exists for this vulnerability, and no patch is currently available, leaving affected devices at immediate risk.

A buffer overflow in the NTP configuration handler of UTT HiPER 810G firmware versions up to 1.7.7-171114 enables authenticated remote attackers to achieve complete system compromise through memory corruption. Public exploit code exists for this vulnerability, and no patch is currently available. Affected devices face immediate risk of remote code execution with high privileges from any authenticated user.

Stack Overflow's Language Package Configuration Handler contains a stack-based buffer overflow in the httpd component that can be triggered by manipulating the Language parameter, allowing authenticated remote attackers to achieve code execution. The vulnerability affects Planet ICG-2510 1.0_20250811 and currently lacks an available patch. An attacker with valid credentials can exploit this remotely without user interaction to potentially compromise the affected system.

Crypt::Sodium::XS versions through 0.001000 for Perl has potential integer overflows. Combined aead encryption, combined signature creation, and bin2hex functions do not check that output size will be less than SIZE_MAX, which could lead to integer wraparound causing an undersized output buffer. [CVSS 7.5 HIGH]

Perl Crypt::NaCl::Sodium module through 2.002 has potential integer overflows in cryptographic operations that could weaken security guarantees.

Remote code execution in Tenda FH451 firmware via stack-based buffer overflow in the QuickIndex function allows unauthenticated attackers to execute arbitrary code by sending crafted requests with oversized PPPOEPassword parameters. Public exploit code exists for this vulnerability, and no patch is currently available. The attack requires network access and affects firmware version 1.0.0.9 and potentially other versions.

Remote code execution in Tenda FH451 firmware via stack-based buffer overflow in the WAN configuration endpoint allows unauthenticated attackers to achieve full system compromise through malicious wanmode or PPPOEPassword parameters. Public exploit code exists for this vulnerability, and no patch is currently available. Stack Overflow products are also reported as affected.

Stack overflow in Tenda FH451 firmware's setcfm function allows authenticated remote attackers to achieve complete system compromise through malicious funcname or funcpara1 parameters. Public exploit code exists for this vulnerability, and no patch is currently available. The flaw affects firmware version 1.0.0.9 and enables remote code execution with high impact to confidentiality, integrity, and availability.

A vulnerability was determined in xlnt-community xlnt up to 1.6.1. Impacted is the function xlnt::detail::compound_document::read_directory of the file source/detail/cryptography/compound_document.cpp of the component Encrypted XLSX File Parser. [CVSS 3.3 LOW]

A vulnerability was found in xlnt-community xlnt up to 1.6.1. This issue affects the function xlnt::detail::compound_document_istreambuf::xsgetn of the file source/detail/cryptography/compound_document.cpp of the component XLSX File Parser. [CVSS 3.3 LOW]

eToolz 3.4.8.0 contains a denial of service vulnerability that allows local attackers to crash the application by supplying oversized input buffers. Attackers can create a payload file containing 255 bytes of data that triggers a buffer overflow condition when processed by the application. [CVSS 6.2 MEDIUM]

PJSIP versions prior to 2.17 are vulnerable to a stack buffer overflow in the RTP payload parsing mechanism when processing more frames than allocated buffers can accommodate, enabling remote denial of service attacks over the network without authentication. An attacker can trigger a crash by sending specially crafted RTP packets containing excessive frame data, causing the application to become unavailable.

Stack-based buffer overflow in Wavlink WL-NU516U1 firmware's login.cgi allows remote attackers with high privileges to achieve complete system compromise through a malformed ipaddr parameter. Public exploit code exists for this vulnerability, and no patch is currently available. The flaw enables unauthenticated remote code execution with full read, write, and execution capabilities on affected devices.

A vulnerability has been found in Ettercap 0.8.4-Garofalo. Affected by this vulnerability is the function add_data_segment of the file src/ettercap/utils/etterfilter/ef_output.c of the component etterfilter. [CVSS 3.3 LOW]

A stack buffer overflow vulnerability exists in the Wincor Nixdorf wnBios64.sys kernel driver (version 1.2.0.0) in the IOCTL handler for code 0x80102058. [CVSS 7.8 HIGH]

Stack buffer overflow in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetEnableWizard. Part of a family of 15+ critical buffer overflows in this router.

Stack buffer overflow in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetMACFilter. Part of a family of 15+ critical buffer overflows in this router.

Stack buffer overflow in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetDDNS. Part of a family of 15+ critical buffer overflows in this router.

Stack buffer overflow in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSchedule. Part of a family of 15+ critical buffer overflows in this router.

Vulnerability of uninitialized pointer access in the scanning module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 6.8 MEDIUM]

Buffer overflow vulnerability in the scanning module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 5.9 MEDIUM]

Out-of-bounds write vulnerability in the IMS module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 6.5 MEDIUM]

Out-of-bounds character read vulnerability in Bluetooth. Impact: Successful exploitation of this vulnerability may affect service confidentiality. [CVSS 4.0 MEDIUM]

NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Platform. [CVSS 5.3 MEDIUM]

Stack buffer overflow in D-Link DIR-513 v1.10 via the curTime parameter to goform/formLogin,goform/getAuthCode. Part of a family of 15+ critical buffer overflows in this router.

Stack buffer overflow in D-Link DIR-513 v1.10 via the curTime parameter to goform/formEasySetupWWConfig. Part of a family of 15+ critical buffer overflows in this router.

Stack buffer overflow in D-Link DIR-513 v1.10 via the curTime parameter to goform/formLogin. Part of a family of 15+ critical buffer overflows in this router.

D-link Dir-513 A1FW110 is vulnerable to Buffer Overflow in the function formTcpipSetup. [CVSS 9.8 CRITICAL]

Google Chrome versions before 145.0.7632.159 contain a heap buffer overflow in the WebCodecs component that enables remote attackers to write data outside allocated memory bounds through malicious HTML pages. An unauthenticated attacker can exploit this vulnerability with minimal user interaction to achieve arbitrary code execution on affected systems. A patch is available in Chrome 145.0.7632.159 and later.

Stack buffer overflow in D-Link DIR-513 v1.10 via the curTime parameter to goform/formDeviceReboot. Part of a family of 15+ critical buffer overflows in this router.

Insufficient input validation in Cisco Secure Firewall ASA and Secure FTD OSPF implementations allows adjacent attackers to trigger denial of service by sending malformed OSPF update packets that cause device reloads. Authentication bypass is possible if OSPF authentication is disabled, though knowing the secret key is required when authentication is enabled. No patch is currently available for this medium-severity vulnerability.

Stack buffer overflow in D-Link DIR-513 v1.10 via the curTime parameter to goform/formEasySetupWizard. Part of a family of 15+ critical buffer overflows in this router.