Total
3128 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-25474 | 2025-02-20 | N/A | 6.5 MEDIUM | ||
| DCMTK v3.6.9+ DEV was discovered to contain a buffer overflow via the component /dcmimgle/diinpxt.h. | |||||
| CVE-2025-25472 | 2025-02-20 | N/A | 5.3 MEDIUM | ||
| A buffer overflow in DCMTK git master v3.6.9+ DEV allows attackers to cause a Denial of Service (DoS) via a crafted DCM file. | |||||
| CVE-2023-46271 | 2025-02-20 | N/A | 9.8 CRITICAL | ||
| Extreme Networks IQ Engine before 10.6r1a, and through 10.6r4 before 10.6r5, has a buffer overflow. This issue arises from the ah_webui service, which listens on TCP port 3009 by default. | |||||
| CVE-2025-1368 | 2025-02-18 | 1.4 LOW | 2.3 LOW | ||
| A vulnerability was found in MicroWord eScan Antivirus 7.0.32 on Linux. It has been declared as problematic. This vulnerability affects the function ReadConfiguration of the file /opt/MicroWorld/etc/mwav.conf. The manipulation of the argument BasePath leads to buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-1367 | 2025-02-18 | 4.3 MEDIUM | 5.3 MEDIUM | ||
| A vulnerability was found in MicroWord eScan Antivirus 7.0.32 on Linux. It has been classified as critical. This affects the function sprintf of the component USB Password Handler. The manipulation leads to buffer overflow. An attack has to be approached locally. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-6351 | 2025-02-18 | N/A | 4.3 MEDIUM | ||
| A malformed packet can cause a buffer overflow in the NWK/APS layer of the Ember ZNet stack and lead to an assert | |||||
| CVE-2023-28508 | 2 Linux, Rocketsoftware | 3 Linux Kernel, Unidata, Universe | 2025-02-18 | N/A | 8.8 HIGH |
| Rocket Software UniData versions prior to 8.2.4 build 3003 and UniVerse versions prior to 11.3.5 build 1001 or 12.2.1 build 2002 suffer from a heap-based overflow vulnerability, where certain input can corrupt the heap and crash the forked process. | |||||
| CVE-2023-28502 | 2 Linux, Rocketsoftware | 3 Linux Kernel, Unidata, Universe | 2025-02-18 | N/A | 9.8 CRITICAL |
| Rocket Software UniData versions prior to 8.2.4 build 3003 and UniVerse versions prior to 11.3.5 build 1001 or 12.2.1 build 2002 suffer from a stack-based buffer overflow in the "udadmin" service that can lead to remote code execution as the root user. | |||||
| CVE-2020-19692 | 1 Nginx | 1 Njs | 2025-02-18 | N/A | 9.8 CRITICAL |
| Buffer Overflow vulnerabilty found in Nginx NJS v.0feca92 allows a remote attacker to execute arbitrary code via the njs_module_read in the njs_module.c file. | |||||
| CVE-2025-25530 | 2025-02-18 | N/A | 9.8 CRITICAL | ||
| Buffer overflow vulnerability in Digital China DCBI-Netlog-LAB Gateway 1.0 due to the lack of length verification, which is related to saving parental control configuration information. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or execute arbitrary commands. | |||||
| CVE-2024-50282 | 1 Linux | 1 Linux Kernel | 2025-02-18 | N/A | 7.8 HIGH |
| In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: add missing size check in amdgpu_debugfs_gprwave_read() Avoid a possible buffer overflow if size is larger than 4K. (cherry picked from commit f5d873f5825b40d886d03bd2aede91d4cf002434) | |||||
| CVE-2024-50090 | 1 Linux | 1 Linux Kernel | 2025-02-18 | N/A | 5.5 MEDIUM |
| In the Linux kernel, the following vulnerability has been resolved: drm/xe/oa: Fix overflow in oa batch buffer By default xe_bb_create_job() appends a MI_BATCH_BUFFER_END to batch buffer, this is not a problem if batch buffer is only used once but oa reuses the batch buffer for the same metric and at each call it appends a MI_BATCH_BUFFER_END, printing the warning below and then overflowing. [ 381.072016] ------------[ cut here ]------------ [ 381.072019] xe 0000:00:02.0: [drm] Assertion `bb->len * 4 + bb_prefetch(q->gt) <= size` failed! platform: LUNARLAKE subplatform: 1 graphics: Xe2_LPG / Xe2_HPG 20.04 step B0 media: Xe2_LPM / Xe2_HPM 20.00 step B0 tile: 0 VRAM 0 B GT: 0 type 1 So here checking if batch buffer already have MI_BATCH_BUFFER_END if not append it. v2: - simply fix, suggestion from Ashutosh (cherry picked from commit 9ba0e0f30ca42a98af3689460063edfb6315718a) | |||||
| CVE-2023-28506 | 2 Linux, Rocketsoftware | 3 Linux Kernel, Unidata, Universe | 2025-02-18 | N/A | 8.8 HIGH |
| Rocket Software UniData versions prior to 8.2.4 build 3003 and UniVerse versions prior to 11.3.5 build 1001 or 12.2.1 build 2002 suffer from a stack-based buffer overflow, where a string is copied into a buffer using a memcpy-like function and a user-provided length. This requires a valid login to exploit. | |||||
| CVE-2023-28505 | 2 Linux, Rocketsoftware | 3 Linux Kernel, Unidata, Universe | 2025-02-18 | N/A | 8.8 HIGH |
| Rocket Software UniData versions prior to 8.2.4 build 3003 and UniVerse versions prior to 11.3.5 build 1001 or 12.2.1 build 2002 suffer from a buffer overflow in an API function, where a string is copied into a caller-provided buffer without checking the length. This requires a valid login to exploit. | |||||
| CVE-2023-28504 | 2 Linux, Rocketsoftware | 3 Linux Kernel, Unidata, Universe | 2025-02-18 | N/A | 9.8 CRITICAL |
| Rocket Software UniData versions prior to 8.2.4 build 3003 and UniVerse versions prior to 11.3.5 build 1001 or 12.2.1 build 2002 suffer from a stack-based buffer overflow that can lead to remote code execution as the root user. | |||||
| CVE-2023-39454 | 1 Elecom | 6 Wrc-x1800gs-b, Wrc-x1800gs-b Firmware, Wrc-x1800gsa-b and 3 more | 2025-02-17 | N/A | 9.8 CRITICAL |
| Buffer overflow vulnerability exists in ELECOM wireless LAN routers, which may allow an unauthenticated attacker to execute arbitrary code. | |||||
| CVE-2025-1372 | 2025-02-17 | 4.3 MEDIUM | 5.3 MEDIUM | ||
| A vulnerability was found in GNU elfutils 0.192. It has been declared as critical. Affected by this vulnerability is the function dump_data_section/print_string_section of the file readelf.c of the component eu-readelf. The manipulation of the argument z/x leads to buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The identifier of the patch is 73db9d2021cab9e23fd734b0a76a612d52a6f1db. It is recommended to apply a patch to fix this issue. | |||||
| CVE-2025-1365 | 2025-02-17 | 4.3 MEDIUM | 5.3 MEDIUM | ||
| A vulnerability, which was classified as critical, was found in GNU elfutils 0.192. This affects the function process_symtab of the file readelf.c of the component eu-readelf. The manipulation of the argument D/a leads to buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The identifier of the patch is 5e5c0394d82c53e97750fe7b18023e6f84157b81. It is recommended to apply a patch to fix this issue. | |||||
| CVE-2020-19695 | 1 Nginx | 1 Njs | 2025-02-14 | N/A | 9.8 CRITICAL |
| Buffer Overflow found in Nginx NJS allows a remote attacker to execute arbitrary code via the njs_object_property parameter of the njs/njs_vm.c function. | |||||
| CVE-2019-11043 | 6 Canonical, Debian, Fedoraproject and 3 more | 23 Ubuntu Linux, Debian Linux, Fedora and 20 more | 2025-02-14 | 7.5 HIGH | 8.7 HIGH |
| In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code execution. | |||||