Total
3464 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-13550 | 1 Dlink | 4 Dir-822k, Dir-822k Firmware, Dwr-m920 and 1 more | 2025-12-02 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was determined in D-Link DIR-822K and DWR-M920 1.00_20250513164613/1.1.50. Impacted is an unknown function of the file /boafrm/formVpnConfigSetup. Executing manipulation of the argument submit-url can lead to buffer overflow. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. | |||||
| CVE-2025-13551 | 1 Dlink | 4 Dir-822k, Dir-822k Firmware, Dwr-m920 and 1 more | 2025-12-02 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was identified in D-Link DIR-822K and DWR-M920 1.00_20250513164613/1.1.50. The affected element is an unknown function of the file /boafrm/formWanConfigSetup. The manipulation of the argument submit-url leads to buffer overflow. The attack is possible to be carried out remotely. The exploit is publicly available and might be used. | |||||
| CVE-2025-13552 | 1 Dlink | 4 Dir-822k, Dir-822k Firmware, Dwr-m920 and 1 more | 2025-12-02 | 9.0 HIGH | 8.8 HIGH |
| A security flaw has been discovered in D-Link DIR-822K and DWR-M920 1.00_20250513164613/1.1.50. The impacted element is an unknown function of the file /boafrm/formWlEncrypt. The manipulation of the argument submit-url results in buffer overflow. The attack may be performed from remote. The exploit has been released to the public and may be exploited. | |||||
| CVE-2025-9557 | 2025-12-01 | N/A | 7.6 HIGH | ||
| An out-of-bound write can lead to an arbitrary code execution. Even on devices with some form of memory protection, this can still lead to a crash and a resultant denial of service. | |||||
| CVE-2025-9558 | 2025-12-01 | N/A | 7.6 HIGH | ||
| There is a potential OOB Write vulnerability in the gen_prov_start function in pb_adv.c. The full length of the received data is copied into the link.rx.buf receiver buffer without any validation on the data size. | |||||
| CVE-2025-52960 | 2025-12-01 | N/A | 5.9 MEDIUM | ||
| A Buffer Copy without Checking Size of Input vulnerability in the Session Initialization Protocol (SIP) ALG of Juniper Networks Junos OS on MX Series and SRX Series allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). When memory utilization is high, and specific SIP packets are received, flowd/mspmand crashes. While the system recovers automatically, the disruption can significantly impact service stability. Continuous receipt of these specific SIP packets, while high utilization is present, will cause a sustained DoS condition. The utilization is outside the attackers control, so they would not be able to deterministically exploit this. This issue affects Junos OS on SRX Series and MX Series: * All versions before 22.4R3-S7, * from 23.2 before 23.2R2-S4, * from 23.4 before 23.4R2-S5, * from 24.2 before 24.2R2. | |||||
| CVE-2025-12970 | 1 Treasuredata | 1 Fluent Bit | 2025-11-28 | N/A | 8.8 HIGH |
| The extract_name function in Fluent Bit in_docker input plugin copies container names into a fixed size stack buffer without validating length. An attacker who can create containers or control container names, can supply a long name that overflows the buffer, leading to process crash or arbitrary code execution. | |||||
| CVE-2025-13553 | 1 Dlink | 2 Dwr-m920, Dwr-m920 Firmware | 2025-11-26 | 9.0 HIGH | 8.8 HIGH |
| A weakness has been identified in D-Link DWR-M920 1.1.50. This affects the function sub_41C7FC of the file /boafrm/formPinManageSetup. This manipulation of the argument submit-url causes buffer overflow. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be exploited. | |||||
| CVE-2025-32732 | 1 Intel | 1 Quickassist Technology | 2025-11-26 | N/A | 6.6 MEDIUM |
| Buffer overflow for some Intel(R) QAT Windows software before version 2.6.0. within Ring 3: User Applications may allow a denial of service. System software adversary with an authenticated user combined with a low complexity attack may enable denial of service. This result may potentially occur via local access when attack requirements are present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (low), integrity (low) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts. | |||||
| CVE-2025-24519 | 1 Intel | 1 Quickassist Technology | 2025-11-26 | N/A | 6.5 MEDIUM |
| Buffer overflow for some Intel(R) QAT Windows software before version 2.6.0. within Ring 3: User Applications may allow an escalation of privilege. System software adversary with an authenticated user combined with a low complexity attack may enable data manipulation. This result may potentially occur via local access when attack requirements are not present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (none), integrity (high) and availability (none) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts. | |||||
| CVE-2025-65102 | 2025-11-25 | N/A | N/A | ||
| PJSIP is a free and open source multimedia communication library. Prior to version 2.16, Opus PLC may zero-fill the input frame as long as the decoder ptime, while the input frame length, which is based on stream ptime, may be less than that. This issue affects PJSIP users who use the Opus audio codec in receiving direction. The vulnerability can lead to unexpected application termination due to a memory overwrite. This issue has been patched in version 2.16. | |||||
| CVE-2025-39727 | 1 Linux | 1 Linux Kernel | 2025-11-25 | N/A | 7.8 HIGH |
| In the Linux kernel, the following vulnerability has been resolved: mm: swap: fix potential buffer overflow in setup_clusters() In setup_swap_map(), we only ensure badpages are in range (0, last_page]. As maxpages might be < last_page, setup_clusters() will encounter a buffer overflow when a badpage is >= maxpages. Only call inc_cluster_info_page() for badpage which is < maxpages to fix the issue. | |||||
| CVE-2014-1524 | 7 Canonical, Debian, Fedoraproject and 4 more | 15 Ubuntu Linux, Debian Linux, Fedora and 12 more | 2025-11-25 | 7.5 HIGH | 9.8 CRITICAL |
| The nsXBLProtoImpl::InstallImplementation function in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 does not properly check whether objects are XBL objects, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow) via crafted JavaScript code that accesses a non-XBL object as if it were an XBL object. | |||||
| CVE-2014-1509 | 5 Canonical, Mozilla, Opensuse and 2 more | 15 Ubuntu Linux, Firefox, Seamonkey and 12 more | 2025-11-25 | 6.8 MEDIUM | 8.8 HIGH |
| Buffer overflow in the _cairo_truetype_index_to_ucs4 function in cairo, as used in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25, allows remote attackers to execute arbitrary code via a crafted extension that renders fonts in a PDF document. | |||||
| CVE-2023-22745 | 1 Tpm2 Software Stack Project | 1 Tpm2 Software Stack | 2025-11-21 | N/A | 6.4 MEDIUM |
| tpm2-tss is an open source software implementation of the Trusted Computing Group (TCG) Trusted Platform Module (TPM) 2 Software Stack (TSS2). In versions prior to 4.1.0-rc0, 4.0.1, and 3.2.2-rc1, `Tss2_RC_SetHandler` and `Tss2_RC_Decode` both index into `layer_handler` with an 8 bit layer number, but the array only has `TPM2_ERROR_TSS2_RC_LAYER_COUNT` entries, so trying to add a handler for higher-numbered layers or decode a response code with such a layer number reads/writes past the end of the buffer. This Buffer overrun, could result in arbitrary code execution. An example attack would be a MiTM bus attack that returns 0xFFFFFFFF for the RC. Given the common use case of TPM modules an attacker must have local access to the target machine with local system privileges which allows access to the TPM system. Usually TPM access requires administrative privilege. Versions 4.1.0-rc0, 4.0.1, and 3.2.2-rc1 fix the issue. | |||||
| CVE-2025-5601 | 1 Wireshark | 1 Wireshark | 2025-11-21 | N/A | 7.8 HIGH |
| Column handling crashes in Wireshark 4.4.0 to 4.4.6 and 4.2.0 to 4.2.12 allows denial of service via packet injection or crafted capture file | |||||
| CVE-2025-65226 | 1 Tenda | 2 Ac21, Ac21 Firmware | 2025-11-21 | N/A | 4.3 MEDIUM |
| Tenda AC21 V16.03.08.16 is vulnerable to Buffer Overflow via the deviceId parameter in /goform/saveParentControlInfo. | |||||
| CVE-2025-46397 | 2 Fig2dev Project, Redhat | 2 Fig2dev, Enterprise Linux | 2025-11-21 | N/A | 7.8 HIGH |
| A flaw was found in xfig. This vulnerability allows possible code execution via local input manipulation via bezier_spline function. | |||||
| CVE-2025-13400 | 1 Tenda | 2 Ch22, Ch22 Firmware | 2025-11-20 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was detected in Tenda CH22 1.0.0.1. Affected is the function formWrlExtraGet of the file /goform/WrlExtraGet. Performing manipulation of the argument chkHz results in buffer overflow. Remote exploitation of the attack is possible. The exploit is now public and may be used. | |||||
| CVE-2025-46776 | 1 Fortinet | 2 Fortiextender, Fortiextender Firmware | 2025-11-20 | N/A | 6.4 MEDIUM |
| A buffer copy without checking size of input ('classic buffer overflow') in Fortinet FortiExtender 7.6.0 through 7.6.1, FortiExtender 7.4.0 through 7.4.6, FortiExtender 7.2 all versions, FortiExtender 7.0 all versions may allow an authenticated user to execute arbitrary code or commands via crafted CLI commands. | |||||