Total
3002 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-1786 | 2025-03-03 | 4.3 MEDIUM | 5.3 MEDIUM | ||
| A vulnerability was found in rizinorg rizin up to 0.7.4. It has been rated as critical. This issue affects the function msf_stream_directory_free in the library /librz/bin/pdb/pdb.c. The manipulation of the argument -P leads to buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. Upgrading to version 0.8.0 is able to address this issue. It is recommended to upgrade the affected component. | |||||
| CVE-2021-45423 | 1 Pev Project | 1 Pev | 2025-03-03 | N/A | 9.8 CRITICAL |
| A Buffer Overflow vulnerabilityexists in Pev 0.81 via the pe_exports function from exports.c.. The array offsets_to_Names is dynamically allocated on the stack using exp->NumberOfFunctions as its size. However, the loop uses exp->NumberOfNames to iterate over it and set its components value. Therefore, the loop code assumes that exp->NumberOfFunctions is greater than ordinal at each iteration. This can lead to arbitrary code execution. | |||||
| CVE-2024-8573 | 1 Totolink | 4 T10, T10 Firmware, T8 and 1 more | 2025-03-03 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability, which was classified as critical, was found in TOTOLINK AC1200 T8 and AC1200 T10 4.1.5cu.861_B20230220/4.1.8cu.5207. This affects the function setParentalRules of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument desc/week/sTime/eTime leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-26076 | 1 Samsung | 10 Exynos 1280, Exynos 1280 Firmware, Exynos 2200 and 7 more | 2025-03-03 | N/A | 7.6 HIGH |
| An issue was discovered in Samsung Mobile Chipset and Baseband Modem Chipset for Exynos 1280, Exynos 2200, Exynos Modem 5123, Exynos Modem 5300, and Exynos Auto T5123. An intra-object overflow in the 5G SM message codec can occur due to insufficient parameter validation when decoding reserved options. | |||||
| CVE-2024-43055 | 2025-03-03 | N/A | 7.8 HIGH | ||
| Memory corruption while processing camera use case IOCTL call. | |||||
| CVE-2025-25280 | 2025-03-03 | N/A | 5.3 MEDIUM | ||
| Buffer overflow vulnerability exists in FutureNet AS series (Industrial Routers) and FA series (Protocol Conversion Machine) provided by Century Systems Co., Ltd. If this vulnerability is exploited, a remote unauthenticated attacker may reboot the device by sending a specially crafted request. | |||||
| CVE-2024-57392 | 2025-03-02 | N/A | 7.5 HIGH | ||
| Buffer Overflow vulnerability in Proftpd commit 4017eff8 allows a remote attacker to execute arbitrary code and can cause a Denial of Service (DoS) on the FTP service by sending a maliciously crafted message to the ProFTPD service port. | |||||
| CVE-2024-51139 | 2025-02-28 | N/A | 9.8 CRITICAL | ||
| Buffer Overflow vulnerability in Vigor2620/LTE200 3.9.8.9 and earlier and Vigor2860/2925 3.9.8 and earlier and Vigor2862/2926 3.9.9.5 and earlier and Vigor2133/2762/2832 3.9.9 and earlier and Vigor165/166 4.2.7 and earlier and Vigor2135/2765/2766 4.4.5.1 and earlier and Vigor2865/2866/2927 4.4.5.3 and earlier and Vigor2962/3910 4.3.2.8/4.4.3.1 and earlier and Vigor3912 4.3.6.1 and earlier allows a remote attacker to execute arbitrary code via the CGI parser's handling of the "Content-Length" header of HTTP POST requests. | |||||
| CVE-2023-27853 | 1 Netgear | 2 Rax30, Rax30 Firmware | 2025-02-27 | N/A | 9.8 CRITICAL |
| NETGEAR Nighthawk WiFi6 Router prior to V1.0.10.94 contains a format string vulnerability in a SOAP service that could allow an attacker to execute arbitrary code on the device. | |||||
| CVE-2023-27852 | 1 Netgear | 2 Rax30, Rax30 Firmware | 2025-02-27 | N/A | 9.8 CRITICAL |
| NETGEAR Nighthawk WiFi6 Router prior to V1.0.10.94 contains a buffer overflow vulnerability in various CGI mechanisms that could allow an attacker to execute arbitrary code on the device. | |||||
| CVE-2023-27065 | 1 Tenda | 2 W15e, W15e Firmware | 2025-02-27 | N/A | 7.5 HIGH |
| Tenda V15V1.0 V15.11.0.14(1521_3190_1058) was discovered to contain a buffer overflow vulnerability via the picName parameter in the formDelWewifiPi function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. | |||||
| CVE-2023-27064 | 1 Tenda | 2 W15e, W15e Firmware | 2025-02-27 | N/A | 7.5 HIGH |
| Tenda V15V1.0 V15.11.0.14(1521_3190_1058) was discovered to contain a buffer overflow vulnerability via the index parameter in the formDelDnsForward function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. | |||||
| CVE-2023-27063 | 1 Tenda | 2 W15e, W15e Firmware | 2025-02-27 | N/A | 9.8 CRITICAL |
| Tenda V15V1.0 V15.11.0.14(1521_3190_1058) was discovered to contain a buffer overflow vulnerability via the DNSDomainName parameter in the formModifyDnsForward function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. | |||||
| CVE-2023-27062 | 1 Tenda | 2 W15e, W15e Firmware | 2025-02-27 | N/A | 7.5 HIGH |
| Tenda V15V1.0 was discovered to contain a buffer overflow vulnerability via the gotoUrl parameter in the formPortalAuth function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. | |||||
| CVE-2023-27061 | 1 Tenda | 2 W15e, W15e Firmware | 2025-02-27 | N/A | 9.8 CRITICAL |
| Tenda V15V1.0 V15.11.0.14(1521_3190_1058) was discovered to contain a buffer overflow vulnerability via the wifiFilterListRemark parameter in the modifyWifiFilterRules function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. | |||||
| CVE-2023-26075 | 1 Samsung | 18 Exynos 1080, Exynos 1080 Firmware, Exynos 1280 and 15 more | 2025-02-27 | N/A | 7.6 HIGH |
| An issue was discovered in Samsung Mobile Chipset and Baseband Modem Chipset for Exynos 850, Exynos 980, Exynos 1080, Exynos 1280, Exynos 2200, Exynos Modem 5123, Exynos Modem 5300, and Exynos Auto T5123. An intra-object overflow in the 5G MM message codec can occur due to insufficient parameter validation when decoding the Service Area List. | |||||
| CVE-2024-53379 | 2025-02-27 | N/A | 7.5 HIGH | ||
| Heap buffer overflow in the server site handshake implementation in Real Time Logic LLC's SharkSSL version (from 05/05/24) commit 64808a5e12c83b38f85c943dee0112e428dc2a43 allows a remote attacker to trigger a Denial-of-Service via a malformed Client-Hello message. | |||||
| CVE-2020-27507 | 1 Kamailio | 1 Kamailio | 2025-02-27 | N/A | 9.8 CRITICAL |
| The Kamailio SIP before 5.5.0 server mishandles INVITE requests with duplicated fields and overlength tag, leading to a buffer overflow that crashes the server or possibly have unspecified other impact. | |||||
| CVE-2023-52612 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2025-02-27 | N/A | 7.8 HIGH |
| In the Linux kernel, the following vulnerability has been resolved: crypto: scomp - fix req->dst buffer overflow The req->dst buffer size should be checked before copying from the scomp_scratch->dst to avoid req->dst buffer overflow problem. | |||||
| CVE-2023-26768 | 1 Liblouis | 1 Liblouis | 2025-02-26 | N/A | 7.5 HIGH |
| Buffer Overflow vulnerability found in Liblouis v.3.24.0 allows a remote attacker to cause a denial of service via the compileTranslationTable.c and lou_setDataPath functions. | |||||