Total
13113 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-3534 | 1 Linux | 1 Linux Kernel | 2025-11-03 | N/A | 5.5 MEDIUM |
| A vulnerability classified as critical has been found in Linux Kernel. Affected is the function btf_dump_name_dups of the file tools/lib/bpf/btf_dump.c of the component libbpf. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211032. | |||||
| CVE-2022-36765 | 1 Tianocore | 1 Edk2 | 2025-11-03 | N/A | 7.0 HIGH |
| EDK2 is susceptible to a vulnerability in the CreateHob() function, allowing a user to trigger a integer overflow to buffer overflow via a local network. Successful exploitation of this vulnerability may result in a compromise of confidentiality, integrity, and/or availability. | |||||
| CVE-2022-36764 | 1 Tianocore | 1 Edk2 | 2025-11-03 | N/A | 7.0 HIGH |
| EDK2 is susceptible to a vulnerability in the Tcg2MeasurePeImage() function, allowing a user to trigger a heap buffer overflow via a local network. Successful exploitation of this vulnerability may result in a compromise of confidentiality, integrity, and/or availability. | |||||
| CVE-2022-36763 | 1 Tianocore | 1 Edk2 | 2025-11-03 | N/A | 7.0 HIGH |
| EDK2 is susceptible to a vulnerability in the Tcg2MeasureGptTable() function, allowing a user to trigger a heap buffer overflow via a local network. Successful exploitation of this vulnerability may result in a compromise of confidentiality, integrity, and/or availability. | |||||
| CVE-2021-38575 | 2 Insyde, Tianocore | 2 Kernel, Edk2 | 2025-11-03 | 6.8 MEDIUM | 8.1 HIGH |
| NetworkPkg/IScsiDxe has remotely exploitable buffer overflows. | |||||
| CVE-2021-30499 | 2 Fedoraproject, Libcaca Project | 2 Fedora, Libcaca | 2025-11-03 | 6.8 MEDIUM | 7.8 HIGH |
| A flaw was found in libcaca. A buffer overflow of export.c in function export_troff might lead to memory corruption and other potential consequences. | |||||
| CVE-2025-62594 | 1 Imagemagick | 1 Imagemagick | 2025-11-03 | N/A | 4.7 MEDIUM |
| ImageMagick is a software suite to create, edit, compose, or convert bitmap images. ImageMagick versions prior to 7.1.2-8 are vulnerable to denial-of-service due to unsigned integer underflow and division-by-zero in the CLAHEImage function. When tile width or height is zero, unsigned underflow occurs in pointer arithmetic, leading to out-of-bounds memory access, and division-by-zero causes immediate crashes. This issue has been patched in version 7.1.2-8. | |||||
| CVE-2025-9185 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-11-03 | N/A | 8.1 HIGH |
| Memory safety bugs present in Firefox ESR 115.26, Firefox ESR 128.13, Thunderbird ESR 128.13, Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 142, Firefox ESR < 115.27, Firefox ESR < 128.14, Firefox ESR < 140.2, Thunderbird < 142, Thunderbird < 128.14, and Thunderbird < 140.2. | |||||
| CVE-2025-9179 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-11-03 | N/A | 9.8 CRITICAL |
| An attacker was able to perform memory corruption in the GMP process which processes encrypted media. This process is also heavily sandboxed, but represents slightly different privileges from the content process. This vulnerability affects Firefox < 142, Firefox ESR < 115.27, Firefox ESR < 128.14, Firefox ESR < 140.2, Thunderbird < 142, Thunderbird < 128.14, and Thunderbird < 140.2. | |||||
| CVE-2025-43287 | 1 Apple | 1 Macos | 2025-11-03 | N/A | 7.1 HIGH |
| The issue was addressed with improved memory handling. This issue is fixed in macOS Tahoe 26. Processing a maliciously crafted image may corrupt process memory. | |||||
| CVE-2025-10537 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-11-03 | N/A | 8.8 HIGH |
| Memory safety bugs present in Firefox ESR 140.2, Thunderbird ESR 140.2, Firefox 142 and Thunderbird 142. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 143, Firefox ESR < 140.3, Thunderbird < 143, and Thunderbird < 140.3. | |||||
| CVE-2014-5407 | 1 Schneider-electric | 1 Vampset | 2025-11-03 | 4.1 MEDIUM | N/A |
| Multiple stack-based buffer overflows in Schneider Electric VAMPSET 2.2.136 and earlier allow local users to cause a denial of service (application halt) via a malformed (1) setting file or (2) disturbance recording file. | |||||
| CVE-2025-20053 | 2025-11-03 | N/A | 7.2 HIGH | ||
| Improper buffer restrictions for some Intel(R) Xeon(R) Processor firmware with SGX enabled may allow a privileged user to potentially enable escalation of privilege via local access. | |||||
| CVE-2025-11715 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-11-03 | N/A | 8.8 HIGH |
| Memory safety bugs present in Firefox ESR 140.3, Thunderbird ESR 140.3, Firefox 143 and Thunderbird 143. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 144, Firefox ESR < 140.4, Thunderbird < 144, and Thunderbird < 140.4. | |||||
| CVE-2025-11714 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-11-03 | N/A | 8.8 HIGH |
| Memory safety bugs present in Firefox ESR 115.28, Firefox ESR 140.3, Thunderbird ESR 140.3, Firefox 143 and Thunderbird 143. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 144, Firefox ESR < 115.29, Firefox ESR < 140.4, Thunderbird < 144, and Thunderbird < 140.4. | |||||
| CVE-2021-22894 | 1 Ivanti | 1 Connect Secure | 2025-11-03 | 9.0 HIGH | 8.8 HIGH |
| A buffer overflow vulnerability exists in Pulse Connect Secure before 9.1R11.4 allows a remote authenticated attacker to execute arbitrary code as the root user via maliciously crafted meeting room. | |||||
| CVE-2022-22706 | 1 Arm | 3 Bifrost Gpu Kernel Driver, Midgard Gpu Kernel Driver, Valhall Gpu Kernel Driver | 2025-11-03 | 4.6 MEDIUM | 7.8 HIGH |
| Arm Mali GPU Kernel Driver allows a non-privileged user to achieve write access to read-only memory pages. This affects Midgard r26p0 through r31p0, Bifrost r0p0 through r35p0, and Valhall r19p0 through r35p0. | |||||
| CVE-2020-36855 | 1 Offis | 1 Dcmtk | 2025-10-31 | 4.3 MEDIUM | 5.3 MEDIUM |
| A security vulnerability has been detected in DCMTK up to 3.6.5. The affected element is the function parseQuota of the component dcmqrscp. The manipulation of the argument StorageQuota leads to stack-based buffer overflow. Local access is required to approach this attack. The exploit has been disclosed publicly and may be used. Upgrading to version 3.6.6 is sufficient to fix this issue. The identifier of the patch is 0fef9f02e. It is recommended to upgrade the affected component. | |||||
| CVE-2025-8851 | 1 Libtiff | 1 Libtiff | 2025-10-30 | 4.3 MEDIUM | 5.3 MEDIUM |
| A vulnerability was determined in LibTIFF up to 4.5.1. Affected by this issue is the function readSeparateStripsetoBuffer of the file tools/tiffcrop.c of the component tiffcrop. The manipulation leads to stack-based buffer overflow. Local access is required to approach this attack. The patch is identified as 8a7a48d7a645992ca83062b3a1873c951661e2b3. It is recommended to apply a patch to fix this issue. | |||||
| CVE-2025-12322 | 1 Tenda | 2 Ch22, Ch22 Firmware | 2025-10-30 | 9.0 HIGH | 8.8 HIGH |
| A flaw has been found in Tenda CH22 1.0.0.1. Affected by this issue is the function fromNatStaticSetting of the file /goform/NatStaticSetting. Executing manipulation of the argument page can lead to buffer overflow. It is possible to launch the attack remotely. The exploit has been published and may be used. | |||||