Search Results (22052 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-10464 2 Mozilla, Redhat 9 Firefox, Firefox Esr, Thunderbird and 6 more 2025-11-03 7.5 High
Repeated writes to history interface attributes could have been used to cause a Denial of Service condition in the browser. This was addressed by introducing rate-limiting to this API. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132.
CVE-2023-51713 1 Proftpd 1 Proftpd 2025-11-03 7.5 High
make_ftp_cmd in main.c in ProFTPD before 1.3.8a has a one-byte out-of-bounds read, and daemon crash, because of mishandling of quote/backslash semantics.
CVE-2023-42119 1 Exim 1 Exim 2025-11-03 3.1 Low
Exim dnsdb Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Exim. Authentication is not required to exploit this vulnerability. The specific flaw exists within the smtp service, which listens on TCP port 25 by default. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the service account. . Was ZDI-CAN-17643.
CVE-2023-3649 1 Wireshark 1 Wireshark 2025-11-03 5.3 Medium
iSCSI dissector crash in Wireshark 4.0.0 to 4.0.6 allows denial of service via packet injection or crafted capture file
CVE-2023-32722 1 Zabbix 1 Zabbix 2025-11-03 9.6 Critical
The zabbix/src/libs/zbxjson module is vulnerable to a buffer overflow when parsing JSON files via zbx_json_open.
CVE-2023-2977 2 Opensc Project, Redhat 2 Opensc, Enterprise Linux 2025-11-03 7.1 High
A vulnerbility was found in OpenSC. This security flaw cause a buffer overrun vulnerability in pkcs15 cardos_have_verifyrc_package. The attacker can supply a smart card package with malformed ASN1 context. The cardos_have_verifyrc_package function scans the ASN1 buffer for 2 tags, where remaining length is wrongly caculated due to moved starting pointer. This leads to possible heap-based buffer oob read. In cases where ASAN is enabled while compiling this causes a crash. Further info leak or more damage is possible.
CVE-2023-2858 3 Debian, Redhat, Wireshark 3 Debian Linux, Enterprise Linux, Wireshark 2025-11-03 5.3 Medium
NetScaler file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file
CVE-2023-2856 3 Debian, Redhat, Wireshark 3 Debian Linux, Enterprise Linux, Wireshark 2025-11-03 5.3 Medium
VMS TCPIPtrace file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file
CVE-2023-2855 3 Debian, Redhat, Wireshark 3 Debian Linux, Enterprise Linux, Wireshark 2025-11-03 5.3 Medium
Candump log parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file
CVE-2023-29458 1 Zabbix 1 Zabbix 2025-11-03 5.9 Medium
Duktape is an 3rd-party embeddable JavaScript engine, with a focus on portability and compact footprint. When adding too many values in valstack JavaScript will crash. This issue occurs due to bug in Duktape 2.6 which is an 3rd-party solution that we use.
CVE-2023-1161 2 Debian, Wireshark 2 Debian Linux, Wireshark 2025-11-03 6.3 Medium
ISO 15765 and ISO 10681 dissector crash in Wireshark 4.0.0 to 4.0.3 and 3.6.0 to 3.6.11 allows denial of service via packet injection or crafted capture file
CVE-2023-0668 3 Debian, Redhat, Wireshark 3 Debian Linux, Enterprise Linux, Wireshark 2025-11-03 6.5 Medium
Due to failure in validating the length provided by an attacker-crafted IEEE-C37.118 packet, Wireshark version 4.0.5 and prior, by default, is susceptible to a heap-based buffer overflow, and possibly code execution in the context of the process running Wireshark.
CVE-2023-0667 1 Wireshark 1 Wireshark 2025-11-03 6.5 Medium
Due to failure in validating the length provided by an attacker-crafted MSMMS packet, Wireshark version 4.0.5 and prior, in an unusual configuration, is susceptible to a heap-based buffer overflow, and possibly code execution in the context of the process running Wireshark
CVE-2023-0666 3 Debian, Redhat, Wireshark 3 Debian Linux, Enterprise Linux, Wireshark 2025-11-03 6.5 Medium
Due to failure in validating the length provided by an attacker-crafted RTPS packet, Wireshark version 4.0.5 and prior, by default, is susceptible to a heap-based buffer overflow, and possibly code execution in the context of the process running Wireshark.
CVE-2023-0412 2 Debian, Wireshark 2 Debian Linux, Wireshark 2025-11-03 6.3 Medium
TIPC dissector crash in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file
CVE-2023-0341 1 Editorconfig 1 Editorconfig 2025-11-03 7.8 High
A stack buffer overflow exists in the ec_glob function of editorconfig-core-c before v0.12.6 which allowed an attacker to arbitrarily write to the stack and possibly allows remote code execution. editorconfig-core-c v0.12.6 resolved this vulnerability by bound checking all write operations over the p_pcre buffer.
CVE-2022-26280 3 Fedoraproject, Libarchive, Redhat 3 Fedora, Libarchive, Enterprise Linux 2025-11-03 6.5 Medium
Libarchive v3.6.0 was discovered to contain an out-of-bounds read via the component zipx_lzma_alone_init.
CVE-2021-4181 4 Debian, Fedoraproject, Oracle and 1 more 5 Debian Linux, Fedora, Http Server and 2 more 2025-11-03 7.5 High
Crash in the Sysdig Event dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file
CVE-2021-36087 3 Fedoraproject, Redhat, Selinux Project 3 Fedora, Enterprise Linux, Selinux 2025-11-03 3.3 Low
The CIL compiler in SELinux 3.2 has a heap-based buffer over-read in ebitmap_match_any (called indirectly from cil_check_neverallow). This occurs because there is sometimes a lack of checks for invalid statements in an optional block.
CVE-2025-21804 1 Linux 1 Linux Kernel 2025-11-03 5.5 Medium
In the Linux kernel, the following vulnerability has been resolved: PCI: rcar-ep: Fix incorrect variable used when calling devm_request_mem_region() The rcar_pcie_parse_outbound_ranges() uses the devm_request_mem_region() macro to request a needed resource. A string variable that lives on the stack is then used to store a dynamically computed resource name, which is then passed on as one of the macro arguments. This can lead to undefined behavior. Depending on the current contents of the memory, the manifestations of errors may vary. One possible output may be as follows: $ cat /proc/iomem 30000000-37ffffff : 38000000-3fffffff : Sometimes, garbage may appear after the colon. In very rare cases, if no NULL-terminator is found in memory, the system might crash because the string iterator will overrun which can lead to access of unmapped memory above the stack. Thus, fix this by replacing outbound_name with the name of the previously requested resource. With the changes applied, the output will be as follows: $ cat /proc/iomem 30000000-37ffffff : memory2 38000000-3fffffff : memory3 [kwilczynski: commit log]