| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
|
Team ENVY, a Security Research TEAM has found a flaw that allows for a remote code execution on the camera. An attacker could inject malicious into http request packets to execute arbitrary code. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer's report for details and workarounds.
|
|
Vladimir Kononovich, a Security Researcher has found a flaw that allows for a remote code execution on the DVR. An attacker could inject malicious HTTP headers into request packets to execute arbitrary code. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer's report for details and workarounds.
|
| Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.3.0-DEV. |
|
Delta Electronics DOPSoft is vulnerable to a stack-based buffer overflow, which may allow for arbitrary code execution if an attacker can lead a legitimate user to execute a specially crafted file.
|
|
KEPServerEX is vulnerable to a buffer overflow which may allow an attacker to crash the product being accessed or leak information.
|
| Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in cgi component in Synology SSL VPN Client before 1.4.7-0687 allows local users to conduct denial-of-service attacks via unspecified vectors. |
| The Business Directory Plugin plugin for WordPress is vulnerable to CSV Injection in versions up to, and including, 6.4.3 via the class-csv-exporter.php file. This allows authenticated attackers, with author-level permissions and above, to embed untrusted input into CSV files exported by administrators, which can result in code execution when these files are downloaded and opened on a local system with a vulnerable configuration. |
| A vulnerability was found in Delta Electronics WPLSoft up to 2.51 and classified as problematic. This issue affects some unknown processing of the component Modbus Data Packet Handler. The manipulation leads to heap-based buffer overflow. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-241583. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. |
| The WS Form LITE plugin for WordPress is vulnerable to CSV Injection in versions up to, and including, 1.9.217. This allows unauthenticated attackers to embed untrusted input into exported CSV files, which can result in code execution when these files are downloaded and opened on a local system with a vulnerable configuration. |
| Controller denial of service due to improper handling of a specially crafted message received by the controller.
See Honeywell Security Notification for recommendations on upgrading and versioning. |
| Server receiving a malformed message can cause a pointer to be overwritten which can result in a remote code execution or failure. See Honeywell Security Notification for recommendations on upgrading and versioning. |
| Server receiving a malformed message based on a using the specified key values can cause a heap overflow vulnerability which could lead to an attacker performing remote code execution or causing a failure.
See Honeywell Security Notification for recommendations on upgrading and versioning.
|
| Out-of-bounds Read in GitHub repository gpac/gpac prior to v2.2.2-DEV. |
| An issue was discovered in Open Design Alliance Drawings SDK before 2024.10. A corrupted value for the start of MiniFat sector in a crafted DGN file leads to an out-of-bounds read. This can allow attackers to cause a crash, potentially enabling a denial-of-service attack (Crash, Exit, or Restart) or possible code execution.
|
| A buffer overflow vulnerability exists in Delta Electronics WPLSoft. An anonymous attacker can exploit this vulnerability by enticing a user to open a specially crafted DVP file to achieve code execution.
|
| A buffer overflow was reported in the FmpSipoCapsuleDriver driver in the IdeaPad Duet 3-10IGL5 that may allow a local attacker with elevated privileges to execute arbitrary code. |
| Possible variant of CVE-2021-3434 in function le_ecred_reconf_req. |
| TCPServer.cpp in SimpleNetwork through 29bc615 has an off-by-one error that causes a buffer overflow when trying to add '\0' to the end of long msg data. It can be exploited via crafted TCP packets. |
| Heap buffer overflow in paddle.repeat_interleave in PaddlePaddle before 2.6.0. This flaw can lead to a denial of service, information disclosure, or more damage is possible.
|
| ehttp 1.0.6 before 17405b9 has a simple_log.cpp _log out-of-bounds-read during error logging for long strings. |
