Threats Tagged 'cwe-119'

A NETGEAR security issue that could allow an attacker with ability to intercept and tamper with traffic between the router and the Internet to run commands on your device when the device administrator performs certain specific management actions. This issue affects NETGEAR Orbi 370 series devices before V12.1.2.7.

A heap-based buffer overflow in the ionic cloud driver for VMware ESXi could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution.

Software installed and run as a non-privileged user may conduct improper GPU system calls to force GPU to write to arbitrary physical memory pages. Under certain circumstances this exploit could be used to corrupt data pages not allocated by the GPU driver but memory pages in use by the kernel and drivers running on the platform altering their behaviour. This attack can lead the GPU to perform write operations on restricted internal GPU buffers that can lead to a second order affect of corrupted arbitrary physical memory.

A security vulnerability has been detected in Tenda F456 1.0.0.5. This affects the function fromRouteStatic of the file /goform/RouteStatic. The manipulation of the argument page leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used.

A flaw has been found in Tenda F456 1.0.0.5. Affected is the function SafeEmailFilter of the file /goform/SafeEmailFilter. This manipulation of the argument page causes buffer overflow. The attack can be initiated remotely. The exploit has been published and may be used.

A vulnerability has been found in Tenda F456 1.0.0.5. Affected by this vulnerability is the function fromSafeClientFilter of the file /goform/SafeClientFilter. Such manipulation of the argument menufacturer/Go leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

CVE-2026-7057 is a high-severity buffer overflow vulnerability in Tenda F456 version 1.0.0.5. It exists in an unknown function within the /goform/setcfm endpoint of the httpd component. The vulnerability is triggered by manipulating the funcname or funcpara1 arguments remotely, potentially allowing an attacker to cause a buffer overflow. No official patch or remediation guidance is currently available, and no known exploits in the wild have been reported.

CVE-2026-7056 is a high-severity buffer overflow vulnerability in the Tenda F456 router version 1.0.0.5. It affects the fromSafeUrlFilter function in the /goform/SafeUrlFilter component of the httpd service. The vulnerability arises from improper handling of the 'page' argument, allowing remote attackers to cause a buffer overflow. Exploit code is publicly available, but no known exploits in the wild have been reported. No official patch or remediation guidance has been provided by the vendor as of now.

CVE-2026-7055 is a high-severity buffer overflow vulnerability in Tenda F456 version 1.0.0.5. It affects the fromVirtualSer function in the /goform/VirtualSer component of the httpd service. The vulnerability arises from improper handling of the menufacturer/Go argument, allowing remote attackers to cause a buffer overflow. This issue has been publicly disclosed, but no known exploits are currently observed in the wild. No official patch or remediation guidance has been provided by the vendor as of the publication date.

CVE-2026-7054 is a high-severity buffer overflow vulnerability in Tenda F456 version 1.0.0.5. It affects the fromPptpUserAdd function in the /goform/PPTPDClient component of the device's HTTP server. The vulnerability arises from improper handling of the opttype/username argument, allowing remote attackers to cause a buffer overflow. Exploit code has been publicly released, increasing the risk of attacks. No official patch or remediation guidance has been provided by the vendor as of the publication date.