| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| In the Linux kernel, the following vulnerability has been resolved:
partitions: mac: fix handling of bogus partition table
Fix several issues in partition probing:
- The bailout for a bad partoffset must use put_dev_sector(), since the
preceding read_part_sector() succeeded.
- If the partition table claims a silly sector size like 0xfff bytes
(which results in partition table entries straddling sector boundaries),
bail out instead of accessing out-of-bounds memory.
- We must not assume that the partition table contains proper NUL
termination - use strnlen() and strncmp() instead of strlen() and
strcmp(). |
| Comtech Stampede FX-1010 7.4.3 devices allow remote authenticated administrators to achieve remote code execution by navigating to the Diagnostics Trace Route page and entering shell metacharacters in the Target IP address field. (In some cases, authentication can be achieved with the comtech password for the comtech account.) |
| Comtech Stampede FX-1010 7.4.3 devices allow remote authenticated administrators to achieve remote code execution by navigating to the Fetch URL page and entering shell metacharacters in the URL field. (In some cases, authentication can be achieved with the comtech password for the comtech account.) |
| Comtech Stampede FX-1010 7.4.3 devices allow remote authenticated administrators to achieve remote code execution by navigating to the Poll Routes page and entering shell metacharacters in the Router IP Address field. (In some cases, authentication can be achieved with the comtech password for the comtech account.) |
| Comtech Stampede FX-1010 7.4.3 devices allow remote authenticated administrators to execute arbitrary OS commands by navigating to the Diagnostics Ping page and entering shell metacharacters in the Target IP address field. (In some cases, authentication can be achieved with the comtech password for the comtech account.) |
| Soda PDF Desktop PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Soda PDF Desktop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-27120. |
| An OS command injection vulnerability exists in the OptiLink ONT1GEW GPON router firmware version V2.1.11_X101 Build 1127.190306 and earlier. The router’s web management interface fails to properly sanitize user input in the target_addr parameter of the formTracert and formPing administrative endpoints. An authenticated attacker can inject arbitrary operating system commands, which are executed with root privileges, leading to remote code execution. Successful exploitation enables full compromise of the device. Exploitation evidence was observed by the Shadowserver Foundation on 2025-02-04 UTC. |
| In Tiny File Manager before 2.3.9, there is a remote code execution via Upload from URL and Edit/Rename files. Only authenticated users are impacted. |
| BrainyCP 1.0 contains an authenticated remote code execution vulnerability that allows logged-in users to inject arbitrary commands through the crontab configuration interface. Attackers can exploit the crontab endpoint by adding a malicious command that spawns a reverse shell to a specified IP and port. |
| rofl0r/proxychains-ng versions up to and including 4.17 and prior to commit cc005b7 contain a stack-based buffer overflow vulnerability in the function proxy_from_string() located in src/libproxychains.c. When parsing crafted proxy configuration entries containing overly long username or password fields, the application may write beyond the bounds of fixed-size stack buffers, leading to memory corruption or crashes. This vulnerability may allow denial of service and, under certain conditions, could be leveraged for further exploitation depending on the execution environment and applied mitigations. |
| merbanan/rtl_433 versions up to and including 25.02 and prior to commit 25e47f8 contain a stack-based buffer overflow vulnerability in the function parse_rfraw() located in src/rfraw.c. When processing crafted or excessively large raw RF input data, the application may write beyond the bounds of a stack buffer, resulting in memory corruption or a crash. This vulnerability can be exploited to cause a denial of service and, under certain conditions, may be leveraged for further exploitation depending on the execution environment and available mitigations. |
| AMTT Hotel Broadband Operation System (HiBOS) contains an unauthenticated command injection vulnerability in the /manager/radius/server_ping.php endpoint. The application constructs a shell command that includes the user-supplied ip parameter and executes it without proper validation or escaping. An attacker can insert shell metacharacters into the ip parameter to inject and execute arbitrary system commands as the web server user. The initial third-party disclosure in 2016 recommended contacting the vendor for remediation guidance. Additionally, this product may have been rebranded under a different name. VulnCheck has observed this vulnerability being exploited in the wild as of 2025-10-14 at 04:45:53.510819 UTC. |
| Local Agent DVR versions thru 6.6.1.0 are vulnerable to directory traversal that allows an unauthenticated local attacker to gain access to sensitive information, cause a server-side forgery request (SSRF), or execute OS commands. |
| OS Command Injection vulnerability in Ruijie RG-S1930 S1930SWITCH_3.0(1)B11P230 allowing attackers to execute arbitrary commands via a crafted POST request to the module_update in file /usr/local/lua/dev_config/ace_sw.lua. |
| In the Linux kernel, the following vulnerability has been resolved:
misc: fastrpc: fix memory corruption on open
The probe session-duplication overflow check incremented the session
count also when there were no more available sessions so that memory
beyond the fixed-size slab-allocated session array could be corrupted in
fastrpc_session_alloc() on open(). |
| A maliciously crafted MODEL, SLDPRT, or SLDASM file, when parsed in ODXSW_DLL.dll and libodxdll.dll through Autodesk applications, can be used to cause a Heap-based Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process. |
| A maliciously crafted CATPART file when parsed CC5Dll.dll through Autodesk applications can be used to cause a Stack-based Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process. |
| A maliciously crafted SLDPRT file when parsed ODXSW_DLL.dll through Autodesk applications can be used to cause a Stack-based Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process. |
| A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force an Out-of-Bounds Write vulnerability. A malicious actor can leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process. |
| A maliciously crafted DWG file when parsed through Autodesk DWG TrueView can be used to cause a Stack-based Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process. |
