| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Shenzhen Tenda Technology Co., Ltd Tenda O3 Wireless Router v1.0.0.5(4180) was discovered to contain multiple stack overflows in the fromVirtualSer function via the puVar2, puVar1, __s2, __s1_00, and puVar3 parameters. These vulnerabilities allow attackers to cause a Denial of Service (DoS) via a crafted HTTP request. |
| Shenzhen Tenda Technology Co., Ltd Tenda W3 Wireless Router v1.0.0.3(2204) was discovered to contain multiple stack overflows in the formwrlSSIDset function via the mit_ssid and mis_ssid_index parameters. These vulnerabilities allow attackers to cause a Denial of Service (DoS) via a crafted HTTP request. |
| Shenzhen Tenda Technology Co., Ltd Tenda W3 Wireless Router v1.0.0.3(2204) was discovered to contain multiple stack overflows in the R7WebsSecurityHandler function via the username and password parameters. These vulnerabilities allow attackers to cause a Denial of Service (DoS) via a crafted HTTP request. |
| Shenzhen Tenda Technology Co., Ltd Tenda PW201A v1.0.5 was discovered to contain a buffer overflow in the page parameter of the SafeMacFilter function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request. |
| No cwe for this issue in Windows DHCP Server allows an unauthorized attacker to perform tampering over a network. |
| Race in V8 in Google Chrome prior to 144.0.7559.99 allowed a remote attacker to potentially exploit type confusion via a crafted HTML page. (Chromium security severity: High) |
| Shenzhen Tenda Technology Co., Ltd Tenda W3 Wireless Router v1.0.0.3(2204) was discovered to contain a stack overflow in the wl_radio parameter of the formWifiRadioSet function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request. |
| Shenzhen Tenda Technology Co., Ltd Tenda W15E v15.11.0.10 was discovered to contain a buffer overflow in the webAuthUserPwd parameter of the formAddWebAuthUser function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request. |
| SpiceDB is an open source database system for creating and managing security-critical application permissions. From version 1.15.0 to before version 1.52.0, caveat structures with nested lists can result in improper cache reuse. This issue has been patched in version 1.52.0. |
| Russh is a Rust SSH client & server library. From version 0.34.0 to before version 0.61.1, when SSH compression is enabled, russh accepted compressed packets whose on-wire size passed the normal transport packet-length checks but whose decompressed size was much larger. This allowed a remote peer to send oversized post-decompression packets that should have been rejected. In current releases, this is a remote denial-of-service / resource-exhaustion issue in the post-decompression receive path. In older releases before 0.58.0, the same remote decompression path used CryptoVec, which appears to make the historical impact worse. This issue has been patched in version 0.61.1. |
| Russh is a Rust SSH client & server library. From version 0.34.0 to before version 0.61.0, several russh client and server message handlers decoded attacker-controlled SSH strings, name-lists, and byte fields into owned allocations before applying field-specific bounds. A remote SSH peer could send oversized, high-fanout, or malformed length-prefixed fields and make the library allocate, attempt to allocate, or split data before rejecting input that should have been rejected earlier. This issue has been patched in version 0.61.0. |
| Yoast Duplicate Post through 4.6 inserts an unescaped post title and permalink into the Classic Editor scheduled republish notice. Attackers can schedule a republish copy with a crafted title to execute script when an administrator views the resulting notice. |
| Shenzhen Tenda Technology Co., Ltd Tenda W3 Wireless Router v1.0.0.3(2204) was discovered to contain a stack overflow in the wl_radio parameter of the formwrlSSIDget function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. |
| An authenticated arbitrary file upload vulnerability in the /api/create-car-image component of bookcars v8.3 allows attackers to execute arbitrary code via uploading a crafted file. |
| Shenzhen Tenda Technology Co., Ltd Tenda W15E v15.11.0.10 was discovered to contain a buffer overflow in the gotoUrl parameter of the formPortalAuth function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request. |
| Shenzhen Tenda Technology Co., Ltd Tenda W15E v15.11.0.10 was discovered to contain a buffer overflow in the hostname parameter of the formSetNetCheckTools function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request. |
| An arbitrary file deletion vulnerability in the /api/delete-temp-license/{file} endpoint of bookcars v8.3 allows unauthenticated attackers to delete arbitrary files via supplying directory traversal sequences. |
| Shenzhen Tenda Technology Co., Ltd Tenda W3 Wireless Router v1.0.0.3(2204) was discovered to contain a stack overflow in the param_1 parameter of the formSetCfm function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request. |
| Shenzhen Tenda Technology Co., Ltd Tenda G0 v15.11.0.5 was discovered to contain a buffer overflow in the portalAuth parameter of the formPortalAuth function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request. |
| Shenzhen Tenda Technology Co., Ltd Tenda G0 v15.11.0.5 was discovered to contain a buffer overflow in the IPMacBindRule parameter of the formIPMacBindAdd function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request. |
