Total
3613 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-29022 | 1 Openrazer Project | 1 Openrazer | 2025-11-03 | 7.5 HIGH | 9.8 CRITICAL |
| A buffer overflow vulnerability exists in the razeraccessory driver of OpenRazer up to version v3.3.0 allows attackers to cause a Denial of Service (DoS) and possibly escalate their privileges via a crafted buffer sent to the matrix_custom_frame device. | |||||
| CVE-2022-29021 | 1 Openrazer Project | 1 Openrazer | 2025-11-03 | 7.5 HIGH | 9.8 CRITICAL |
| A buffer overflow vulnerability exists in the razerkbd driver of OpenRazer up to version v3.3.0 allows attackers to cause a Denial of Service (DoS) and possibly escalate their privileges via a crafted buffer sent to the matrix_custom_frame device. | |||||
| CVE-2021-36051 | 2 Adobe, Debian | 2 Xmp Toolkit Software Development Kit, Debian Linux | 2025-11-03 | 6.8 MEDIUM | 7.8 HIGH |
| XMP Toolkit SDK version 2020.1 (and earlier) is affected by a buffer overflow vulnerability potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a specially-crafted .cpp file. | |||||
| CVE-2019-11043 | 6 Canonical, Debian, Fedoraproject and 3 more | 23 Ubuntu Linux, Debian Linux, Fedora and 20 more | 2025-11-03 | 7.5 HIGH | 8.7 HIGH |
| In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code execution. | |||||
| CVE-2025-9962 | 2025-11-03 | N/A | N/A | ||
| A buffer overflow vulnerability in Novakon P series allows attackers to gain root permission without prior authentication.This issue affects P series: P – V2001.A.C518o2. | |||||
| CVE-2025-43370 | 1 Apple | 1 Xcode | 2025-11-03 | N/A | 4.0 MEDIUM |
| A path handling issue was addressed with improved validation. This issue is fixed in Xcode 26. Processing an overly large path value may crash a process. | |||||
| CVE-2022-34973 | 1 Dlink | 2 Dir-820l, Dir-820l Firmware | 2025-11-03 | N/A | 7.5 HIGH |
| D-Link DIR820LA1_FW106B02 was discovered to contain a buffer overflow via the nextPage parameter at ping.ccp. | |||||
| CVE-2025-7345 | 2025-11-03 | N/A | 7.5 HIGH | ||
| A flaw exists in gdk‑pixbuf within the gdk_pixbuf__jpeg_image_load_increment function (io-jpeg.c) and in glib’s g_base64_encode_step (glib/gbase64.c). When processing maliciously crafted JPEG images, a heap buffer overflow can occur during Base64 encoding, allowing out-of-bounds reads from heap memory, potentially causing application crashes or arbitrary code execution. | |||||
| CVE-2025-41707 | 2025-11-03 | N/A | 5.3 MEDIUM | ||
| The websocket handler is vulnerable to a denial of service condition. An unauthenticated remote attacker can send a crafted websocket message to trigger the issue without affecting the core functionality. | |||||
| CVE-2025-41706 | 2025-11-03 | N/A | 5.3 MEDIUM | ||
| The webserver is vulnerable to a denial of service condition. An unauthenticated remote attacker can craft a special GET request with an over-long content-length to trigger the issue without affecting the core functionality. | |||||
| CVE-2022-39377 | 3 Debian, Fedoraproject, Sysstat Project | 3 Debian Linux, Fedora, Sysstat | 2025-11-03 | N/A | 7.0 HIGH |
| sysstat is a set of system performance tools for the Linux operating system. On 32 bit systems, in versions 9.1.16 and newer but prior to 12.7.1, allocate_structures contains a size_t overflow in sa_common.c. The allocate_structures function insufficiently checks bounds before arithmetic multiplication, allowing for an overflow in the size allocated for the buffer representing system activities. This issue may lead to Remote Code Execution (RCE). This issue has been patched in version 12.7.1. | |||||
| CVE-2021-30481 | 1 Valvesoftware | 1 Steam Client | 2025-11-03 | 6.0 MEDIUM | 8.0 HIGH |
| Valve Steam before 2021-04-17, when a Source engine game is installed, allows remote authenticated users to execute arbitrary code because of a buffer overflow that occurs for a Steam invite after one click. | |||||
| CVE-2020-5135 | 1 Sonicwall | 2 Sonicos, Sonicosv | 2025-10-31 | 7.5 HIGH | 9.8 CRITICAL |
| A buffer overflow vulnerability in SonicOS allows a remote attacker to cause Denial of Service (DoS) and potentially execute arbitrary code by sending a malicious request to the firewall. This vulnerability affected SonicOS Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version 7.0.0.0. | |||||
| CVE-2025-12322 | 1 Tenda | 2 Ch22, Ch22 Firmware | 2025-10-30 | 9.0 HIGH | 8.8 HIGH |
| A flaw has been found in Tenda CH22 1.0.0.1. Affected by this issue is the function fromNatStaticSetting of the file /goform/NatStaticSetting. Executing manipulation of the argument page can lead to buffer overflow. It is possible to launch the attack remotely. The exploit has been published and may be used. | |||||
| CVE-2025-33131 | 2025-10-30 | N/A | 6.5 MEDIUM | ||
| IBM DB2 High Performance Unload 6.1.0.3, 5.1.0.1, 6.1.0.2, 6.5, 6.5.0.0 IF1, 6.1.0.1, 6.1, and 5.1 could allow an authenticated user to cause the program to crash due to a buffer being overwritten when it is allocated on the stack. | |||||
| CVE-2025-12142 | 2025-10-30 | N/A | 6.1 MEDIUM | ||
| Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in ABB Terra AC wallbox.This issue affects Terra AC wallbox: through 1.8.33. | |||||
| CVE-2023-22745 | 1 Tpm2 Software Stack Project | 1 Tpm2 Software Stack | 2025-10-29 | N/A | 6.4 MEDIUM |
| tpm2-tss is an open source software implementation of the Trusted Computing Group (TCG) Trusted Platform Module (TPM) 2 Software Stack (TSS2). In affected versions `Tss2_RC_SetHandler` and `Tss2_RC_Decode` both index into `layer_handler` with an 8 bit layer number, but the array only has `TPM2_ERROR_TSS2_RC_LAYER_COUNT` entries, so trying to add a handler for higher-numbered layers or decode a response code with such a layer number reads/writes past the end of the buffer. This Buffer overrun, could result in arbitrary code execution. An example attack would be a MiTM bus attack that returns 0xFFFFFFFF for the RC. Given the common use case of TPM modules an attacker must have local access to the target machine with local system privileges which allows access to the TPM system. Usually TPM access requires administrative privilege. | |||||
| CVE-2025-60340 | 1 Tenda | 2 Ac6, Ac6 Firmware | 2025-10-28 | N/A | 7.5 HIGH |
| Multiple buffer overflows in the SetClientState function of Tenda AC6 v.15.03.06.50 allows attackers to cause a Denial of Service (DoS) via injecting a crafted payload into the limitSpeed, deviceId, and limitSpeedUp parameters. | |||||
| CVE-2025-20333 | 1 Cisco | 2 Adaptive Security Appliance Software, Firepower Threat Defense | 2025-10-28 | N/A | 9.9 CRITICAL |
| A vulnerability in the VPN web server of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an authenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to improper validation of user-supplied input in HTTP(S) requests. An attacker with valid VPN user credentials could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as root, possibly resulting in the complete compromise of the affected device. | |||||
| CVE-2025-60548 | 1 Dlink | 2 Dir-600l, Dir-600l Firmware | 2025-10-28 | N/A | 9.8 CRITICAL |
| D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formLanSetupRouterSettings. | |||||