Total
13434 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-24164 | 1 Tenda | 2 Ac18, Ac18 Firmware | 2025-03-28 | 9.8 Critical |
| Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via /goform/FUN_000c2318. | ||||
| CVE-2022-48176 | 1 Netgear | 12 Mr60, Mr60 Firmware, Ms60 and 9 more | 2025-03-28 | 7.8 High |
| Netgear routers R7000P before v1.3.3.154, R6900P before v1.3.3.154, R7960P before v1.4.4.94, and R8000P before v1.4.4.94 were discovered to contain a pre-authentication stack overflow. | ||||
| CVE-2024-28562 | 1 Freeimage Project | 1 Freeimage | 2025-03-28 | 6.8 Medium |
| Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to execute arbitrary code via the Imf_2_2::copyIntoFrameBuffer() component when reading images in EXR format. | ||||
| CVE-2023-52386 | 1 Huawei | 2 Emui, Harmonyos | 2025-03-27 | 7.5 High |
| Out-of-bounds write vulnerability in the RSMC module. Impact: Successful exploitation of this vulnerability will affect availability. | ||||
| CVE-2023-52350 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-03-27 | 5.5 Medium |
| In ril service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed | ||||
| CVE-2022-23087 | 1 Freebsd | 1 Freebsd | 2025-03-27 | 8.8 High |
| The e1000 network adapters permit a variety of modifications to an Ethernet packet when it is being transmitted. These include the insertion of IP and TCP checksums, insertion of an Ethernet VLAN header, and TCP segmentation offload ("TSO"). The e1000 device model uses an on-stack buffer to generate the modified packet header when simulating these modifications on transmitted packets. When checksum offload is requested for a transmitted packet, the e1000 device model used a guest-provided value to specify the checksum offset in the on-stack buffer. The offset was not validated for certain packet types. A misbehaving bhyve guest could overwrite memory in the bhyve process on the host, possibly leading to code execution in the host context. The bhyve process runs in a Capsicum sandbox, which (depending on the FreeBSD version and bhyve configuration) limits the impact of exploiting this issue. | ||||
| CVE-2022-42403 | 1 Pdf-xchange | 1 Pdf-xchange Editor | 2025-03-27 | 7.8 High |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18892. | ||||
| CVE-2022-45494 | 1 Json.h Project | 1 Json.h | 2025-03-27 | 7.8 High |
| Buffer overflow vulnerability in function json_parse_object in sheredom json.h before commit 0825301a07cbf51653882bf2b153cc81fdadf41 (November 14, 2022) allows attackers to code arbitrary code and gain escalated privileges. | ||||
| CVE-2022-31902 | 1 Notepad-plus-plus | 1 Notepad\+\+ | 2025-03-27 | 5.5 Medium |
| Notepad++ v8.4.1 was discovered to contain a stack overflow via the component Finder::add(). | ||||
| CVE-2024-3157 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2025-03-27 | 8.1 High |
| Out of bounds memory access in Compositing in Google Chrome prior to 123.0.6312.122 allowed a remote attacker who had compromised the GPU process to potentially perform a sandbox escape via specific UI gestures. (Chromium security severity: High) | ||||
| CVE-2024-20066 | 1 Mediatek | 23 Mt6298, Mt6813, Mt6815 and 20 more | 2025-03-27 | 7.5 High |
| In modem, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is no needed for exploitation. Patch ID: MOLY01267281; Issue ID: MSV-1477. | ||||
| CVE-2025-26336 | 1 Dell | 4 Chassis Management Controller For Poweredge Fx2, Chassis Management Controller For Poweredge Fx2 Firmware, Chassis Management Controller For Poweredge Vrtx and 1 more | 2025-03-27 | 8.3 High |
| Dell Chassis Management Controller Firmware for Dell PowerEdge FX2, version(s) prior to 2.40.200.202101130302, and Dell Chassis Management Controller Firmware for Dell PowerEdge VRTX version(s) prior to 3.41.200.202209300499, contain(s) a Stack-based Buffer Overflow vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Remote execution. | ||||
| CVE-2022-34884 | 1 Lenovo | 196 Thinkagile Hx1021, Thinkagile Hx1021 Firmware, Thinkagile Hx1320 and 193 more | 2025-03-27 | 7.2 High |
| A buffer overflow exists in the Remote Presence subsystem which can potentially allow valid, authenticated users to cause a recoverable subsystem denial of service. | ||||
| CVE-2024-22268 | 3 Apple, Microsoft, Vmware | 4 Macos, Windows, Fusion and 1 more | 2025-03-27 | 7.1 High |
| VMware Workstation and Fusion contain a heap buffer-overflow vulnerability in the Shader functionality. A malicious actor with non-administrative access to a virtual machine with 3D graphics enabled may be able to exploit this vulnerability to create a denial of service condition. | ||||
| CVE-2022-31364 | 1 Infineon | 1 Cypress Bluetooth Mesh Software Development Kit | 2025-03-27 | 8.2 High |
| Cypress : https://www.infineon.com/ Cypress Bluetooth Mesh SDK BSA0107_05.01.00-BX8-AMESH-08 is affected by: Buffer Overflow. The impact is: execute arbitrary code (remote). The component is: affected function is lower_transport_layer_on_seg. ¶¶ In Cypress Bluetooth Mesh SDK, there is an out-of-bound write vulnerability that can be triggered by sending a series of segmented packets with inconsistent SegN. | ||||
| CVE-2022-31363 | 1 Infineon | 1 Cypress Bluetooth Mesh Software Development Kit | 2025-03-27 | 8.2 High |
| Cypress : https://www.infineon.com/ Cypress Bluetooth Mesh SDK BSA0107_05.01.00-BX8-AMESH-08 is affected by: Buffer Overflow. The impact is: execute arbitrary code (remote). The component is: affected function is pb_transport_handle_frag_. ¶¶ In Cypress Bluetooth Mesh SDK, there is an out-of-bound write vulnerability that can be triggered during mesh provisioning. Because there is no check for mismatched SegN and TotalLength in Transaction Start PDU. | ||||
| CVE-2022-30904 | 1 Bestechnic | 2 Bes2300, Bluetooth Mesh Software Development Kit | 2025-03-27 | 8.2 High |
| In Bestechnic Bluetooth Mesh SDK (BES2300) V1.0, a buffer overflow vulnerability can be triggered during provisioning, because there is no check for the SegN field of the Transaction Start PDU. | ||||
| CVE-2022-28331 | 3 Apache, Microsoft, Redhat | 4 Portable Runtime, Windows, Jboss Core Services and 1 more | 2025-03-27 | 9.8 Critical |
| On Windows, Apache Portable Runtime 1.7.0 and earlier may write beyond the end of a stack based buffer in apr_socket_sendv(). This is a result of integer overflow. | ||||
| CVE-2021-36493 | 1 Xpdfreader | 1 Xpdf | 2025-03-27 | 7.5 High |
| Buffer Overflow vulnerability in pdfimages in xpdf 4.03 allows attackers to crash the application via crafted command. | ||||
| CVE-2021-36489 | 1 Liballeg | 1 Allegro | 2025-03-27 | 6.5 Medium |
| Buffer Overflow vulnerability in Allegro through 5.2.6 allows attackers to cause a denial of service via crafted PCX/TGA/BMP files to allegro_image addon. | ||||