Total
13838 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-14015 | 1 H3c | 1 Magic | 2025-12-05 | 8.8 High |
| A weakness has been identified in H3C Magic B0 up to 100R002. This impacts the function EditWlanMacList of the file /goform/aspForm. This manipulation of the argument param causes buffer overflow. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2020-36881 | 1 Flexsense | 1 Diskboss | 2025-12-05 | N/A |
| Flexsense DiskBoss 7.7.14 contains a local buffer overflow vulnerability in the 'Input Directory' component that allows unauthenticated attackers to execute arbitrary code on the system. Attackers can exploit this by pasting a specially crafted directory path into the 'Add Input Directory' field. | ||||
| CVE-2020-36880 | 1 Flexsense | 1 Diskboss | 2025-12-05 | N/A |
| Flexsense DiskBoss 7.7.14 contains a local buffer overflow vulnerability in the 'Reports and Data Directory' field that allows an attacker to execute arbitrary code on the system. | ||||
| CVE-2025-53965 | 1 Samsung | 40 Exynos, Exynos 1280, Exynos 1280 Firmware and 37 more | 2025-12-05 | 5.3 Medium |
| An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, 2500, W920, W930, W1000, Modem 5123, Modem 5300, and Modem 5400. The function used to decode the SOR transparent container lacks bounds checking, which can cause a fatal error. | ||||
| CVE-2021-39261 | 3 Debian, Redhat, Tuxera | 4 Debian Linux, Advanced Virtualization, Enterprise Linux and 1 more | 2025-12-05 | 6.7 Medium |
| A crafted NTFS image can cause a heap-based buffer overflow in ntfs_compressed_pwrite in NTFS-3G < 2021.8.22. | ||||
| CVE-2017-20005 | 2 Debian, F5 | 2 Debian Linux, Nginx | 2025-12-05 | 9.8 Critical |
| NGINX before 1.13.6 has a buffer overflow for years that exceed four digits, as demonstrated by a file with a modification date in 1969 that causes an integer overflow (or a false modification date far in the future), when encountered by the autoindex module. | ||||
| CVE-2014-3478 | 3 Christos Zoulas, Php, Redhat | 4 File, Php, Enterprise Linux and 1 more | 2025-12-04 | 6.5 Medium |
| Buffer overflow in the mconvert function in softmagic.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, allows remote attackers to cause a denial of service (application crash) via a crafted Pascal string in a FILE_PSTRING conversion. | ||||
| CVE-2014-0207 | 6 Christos Zoulas, Debian, Opensuse and 3 more | 7 File, Debian Linux, Opensuse and 4 more | 2025-12-04 | 6.5 Medium |
| The cdf_read_short_sector function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted CDF file. | ||||
| CVE-2012-1571 | 3 Christos Zoulas, Redhat, Tim Robbins | 3 File, Enterprise Linux, Libmagic | 2025-12-04 | 6.5 Medium |
| file before 5.11 and libmagic allow remote attackers to cause a denial of service (crash) via a crafted Composite Document File (CDF) file that triggers (1) an out-of-bounds read or (2) an invalid pointer dereference. | ||||
| CVE-2016-1834 | 6 Apple, Canonical, Debian and 3 more | 16 Iphone Os, Mac Os X, Tvos and 13 more | 2025-12-04 | 7.8 High |
| Heap-based buffer overflow in the xmlStrncat function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document. | ||||
| CVE-2025-13120 | 1 Mruby | 1 Mruby | 2025-12-04 | 5.3 Medium |
| A vulnerability has been found in mruby up to 3.4.0. This vulnerability affects the function sort_cmp of the file src/array.c. Such manipulation leads to use after free. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The name of the patch is eb398971bfb43c38db3e04528b68ac9a7ce509bc. It is advisable to implement a patch to correct this issue. | ||||
| CVE-2025-43458 | 1 Apple | 7 Ios, Ipados, Iphone Os and 4 more | 2025-12-04 | 4.3 Medium |
| This issue was addressed through improved state management. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2. Processing maliciously crafted web content may lead to an unexpected process crash. | ||||
| CVE-2018-14879 | 7 Apple, Debian, F5 and 4 more | 7 Mac Os X, Debian Linux, Traffix Signaling Delivery Controller and 4 more | 2025-12-03 | 7 High |
| The command-line argument parser in tcpdump before 4.9.3 has a buffer overflow in tcpdump.c:get_next_file(). | ||||
| CVE-2019-15166 | 8 Apple, Canonical, Debian and 5 more | 10 Mac Os X, Ubuntu Linux, Debian Linux and 7 more | 2025-12-03 | 1.6 Low |
| lmp_print_data_link_subobjs() in print-lmp.c in tcpdump before 4.9.3 lacks certain bounds checks. | ||||
| CVE-2025-64713 | 1 Bytecodealliance | 1 Webassembly Micro Runtime | 2025-12-03 | 5.1 Medium |
| WebAssembly Micro Runtime (WAMR) is a lightweight standalone WebAssembly (Wasm) runtime. Prior to version 2.4.4, an out-of-bounds array access issue exists in WAMR's fast interpreter mode during WASM bytecode loading. When frame_ref_bottom and frame_offset_bottom arrays are at capacity and a GET_GLOBAL(I32) opcode is encountered, frame_ref_bottom is expanded but frame_offset_bottom may not be. If this is immediately followed by an if opcode that triggers preserve_local_for_block, the function traverses arrays using stack_cell_num as the upper bound, causing out-of-bounds access to frame_offset_bottom since it wasn't expanded to match the increased stack_cell_num. This issue has been patched in version 2.4.4. | ||||
| CVE-2021-33287 | 4 Debian, Fedoraproject, Redhat and 1 more | 5 Debian Linux, Fedora, Advanced Virtualization and 2 more | 2025-12-03 | 6.7 Medium |
| In NTFS-3G versions < 2021.8.22, when specially crafted NTFS attributes are read in the function ntfs_attr_pread_i, a heap buffer overflow can occur and allow for writing to arbitrary memory or denial of service of the application. | ||||
| CVE-2021-33285 | 4 Debian, Fedoraproject, Redhat and 1 more | 5 Debian Linux, Fedora, Advanced Virtualization and 2 more | 2025-12-03 | 6.7 Medium |
| In NTFS-3G versions < 2021.8.22, when a specially crafted NTFS attribute is supplied to the function ntfs_get_attribute_value, a heap buffer overflow can occur allowing for memory disclosure or denial of service. The vulnerability is caused by an out-of-bound buffer access which can be triggered by mounting a crafted ntfs partition. The root cause is a missing consistency check after reading an MFT record : the "bytes_in_use" field should be less than the "bytes_allocated" field. When it is not, the parsing of the records proceeds into the wild. | ||||
| CVE-2021-39260 | 3 Debian, Redhat, Tuxera | 4 Debian Linux, Advanced Virtualization, Enterprise Linux and 1 more | 2025-12-02 | 6.7 Medium |
| A crafted NTFS image can cause an out-of-bounds access in ntfs_inode_sync_standard_information in NTFS-3G < 2021.8.22. | ||||
| CVE-2021-39259 | 3 Debian, Redhat, Tuxera | 4 Debian Linux, Advanced Virtualization, Enterprise Linux and 1 more | 2025-12-02 | 6.7 Medium |
| A crafted NTFS image can trigger an out-of-bounds access, caused by an unsanitized attribute length in ntfs_inode_lookup_by_name, in NTFS-3G < 2021.8.22. | ||||
| CVE-2021-39258 | 3 Debian, Redhat, Tuxera | 4 Debian Linux, Advanced Virtualization, Enterprise Linux and 1 more | 2025-12-02 | 6.7 Medium |
| A crafted NTFS image can cause out-of-bounds reads in ntfs_attr_find and ntfs_external_attr_find in NTFS-3G < 2021.8.22. | ||||