Export limit exceeded: 22926 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (22926 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-63458 | 1 Tenda | 2 Ax1803, Ax1803 Firmware | 2025-11-05 | 7.5 High |
| Tenda AX-1803 v1.0.0.1 was discovered to contain a stack overflow via the timeZone parameter in the form_fast_setting_wifi_set function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. | ||||
| CVE-2025-27064 | 1 Qualcomm | 155 Fastconnect 6900, Fastconnect 6900 Firmware, Fastconnect 7800 and 152 more | 2025-11-05 | 6.1 Medium |
| Information disclosure while registering commands from clients with diag through diagHal. | ||||
| CVE-2025-47362 | 2 Qnx, Qualcomm | 78 Qnx, Msm8996au, Msm8996au Firmware and 75 more | 2025-11-05 | 6.1 Medium |
| Information disclosure while processing message from client with invalid payload. | ||||
| CVE-2025-54574 | 1 Squid-cache | 1 Squid | 2025-11-05 | 9.3 Critical |
| Squid is a caching proxy for the Web. In versions 6.3 and below, Squid is vulnerable to a heap buffer overflow and possible remote code execution attack when processing URN due to incorrect buffer management. This has been fixed in version 6.4. To work around this issue, disable URN access permissions. | ||||
| CVE-2022-49792 | 1 Linux | 1 Linux Kernel | 2025-11-05 | 7.1 High |
| In the Linux kernel, the following vulnerability has been resolved: iio: adc: mp2629: fix potential array out of bound access Add sentinel at end of maps to avoid potential array out of bound access in iio core. | ||||
| CVE-2025-36092 | 1 Ibm | 1 Cloud Pak For Business Automation | 2025-11-05 | 6.5 Medium |
| IBM Cloud Pak For Business Automation 25.0.0, 24.0.1, and 24.0.0 could allow an authenticated user to cause a denial of service due to the improper validation of input length. | ||||
| CVE-2025-53859 | 2 F5, Nginx | 3 Nginx Open Source, Nginx Plus, Nginx | 2025-11-04 | 3.7 Low |
| NGINX Open Source and NGINX Plus have a vulnerability in the ngx_mail_smtp_module that might allow an unauthenticated attacker to over-read NGINX SMTP authentication process memory; as a result, the server side may leak arbitrary bytes sent in a request to the authentication server. This issue happens during the NGINX SMTP authentication process and requires the attacker to make preparations against the target system to extract the leaked data. The issue affects NGINX only if (1) it is built with the ngx_mail_smtp_module, (2) the smtp_auth directive is configured with method "none," and (3) the authentication server returns the "Auth-Wait" response header. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | ||||
| CVE-2024-34459 | 1 Xmlsoft | 2 Libxml2, Xmllint | 2025-11-04 | 7.5 High |
| An issue was discovered in xmllint (from libxml2) before 2.11.8 and 2.12.x before 2.12.7. Formatting error messages with xmllint --htmlout can result in a buffer over-read in xmlHTMLPrintFileContext in xmllint.c. | ||||
| CVE-2024-24246 | 2 Fedoraproject, Qpdf Project | 2 Fedora, Qpdf | 2025-11-04 | 5.5 Medium |
| Heap Buffer Overflow vulnerability in qpdf 11.9.0 allows attackers to crash the application via the std::__shared_count() function at /bits/shared_ptr_base.h. | ||||
| CVE-2024-22667 | 2 Fedoraproject, Vim | 2 Fedora, Vim | 2025-11-04 | 7.8 High |
| Vim before 9.0.2142 has a stack-based buffer overflow because did_set_langmap in map.c calls sprintf to write to the error buffer that is passed down to the option callback functions. | ||||
| CVE-2024-0911 | 1 Gnu | 1 Indent | 2025-11-04 | 5.5 Medium |
| A flaw was found in indent, a program for formatting C code. This issue may allow an attacker to trick a user into processing a specially crafted file to trigger a heap-based buffer overflow, causing the application to crash. | ||||
| CVE-2023-38709 | 7 Apache, Apple, Broadcom and 4 more | 9 Http Server, Macos, Fabric Operating System and 6 more | 2025-11-04 | 7.3 High |
| Faulty input validation in the core of Apache allows malicious or exploitable backend/content generators to split HTTP responses. This issue affects Apache HTTP Server: through 2.4.58. | ||||
| CVE-2020-0279 | 1 Google | 1 Android | 2025-11-04 | 6.5 Medium |
| In the AAC parser, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-131430997 | ||||
| CVE-2019-3728 | 1 Dell | 3 Bsafe Crypto-c, Bsafe Crypto-c-micro-edition, Bsafe Micro-edition-suite | 2025-11-04 | 7.5 High |
| RSA BSAFE Crypto-C Micro Edition versions from 4.0.0.0 before 4.0.5.4 and from 4.1.0 before 4.1.4, RSA BSAFE Micro Edition Suite versions from 4.0.0 before 4.0.13 and from 4.1.0 before 4.4 and RSA Crypto-C versions from 6.0.0 through 6.4.* are vulnerable to an out-of-bounds read vulnerability when processing DSA signature. A malicious remote user could potentially exploit this vulnerability to cause a crash in the library of the affected system. | ||||
| CVE-2025-11464 | 2 Ashlar, Ashlar Vellum | 2 Cobalt, Cobalt | 2025-11-04 | 7.8 High |
| Ashlar-Vellum Cobalt CO File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of CO files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-26628. | ||||
| CVE-2025-25474 | 2 Debian, Offis | 2 Debian Linux, Dcmtk | 2025-11-04 | 6.5 Medium |
| DCMTK v3.6.9+ DEV was discovered to contain a buffer overflow via the component /dcmimgle/diinpxt.h. | ||||
| CVE-2025-25472 | 2 Debian, Offis | 2 Debian Linux, Dcmtk | 2025-11-04 | 5.3 Medium |
| A buffer overflow in DCMTK git master v3.6.9+ DEV allows attackers to cause a Denial of Service (DoS) via a crafted DCM file. | ||||
| CVE-2025-1372 | 1 Elfutils Project | 1 Elfutils | 2025-11-04 | 5.3 Medium |
| A vulnerability was found in GNU elfutils 0.192. It has been declared as critical. Affected by this vulnerability is the function dump_data_section/print_string_section of the file readelf.c of the component eu-readelf. The manipulation of the argument z/x leads to buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The identifier of the patch is 73db9d2021cab9e23fd734b0a76a612d52a6f1db. It is recommended to apply a patch to fix this issue. | ||||
| CVE-2023-44442 | 2 Gimp, Redhat | 7 Gimp, Enterprise Linux, Rhel Aus and 4 more | 2025-11-04 | 7.8 High |
| GIMP PSD File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PSD files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute arbitrary code in the context of the current process. Was ZDI-CAN-22094. | ||||
| CVE-2023-44441 | 2 Gimp, Redhat | 3 Gimp, Enterprise Linux, Rhel Eus | 2025-11-04 | 7.8 High |
| GIMP DDS File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DDS files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. . Was ZDI-CAN-22093. | ||||