Total
2202 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-27168 | 3 Adobe, Apple, Microsoft | 3 Illustrator, Macos, Windows | 2025-03-31 | N/A | 7.8 HIGH |
| Illustrator versions 29.2.1, 28.7.4 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2023-48906 | 2025-03-28 | N/A | 4.3 MEDIUM | ||
| Stack Overflow vulnerability in Btstack 1.6 and earlier allows attackers to cause a denial of service via crafted input to the char_for_nibble function. | |||||
| CVE-2025-29121 | 1 Tenda | 2 Ac6, Ac6 Firmware | 2025-03-28 | N/A | 7.5 HIGH |
| A vulnerability was found in Tenda AC6 V15.03.05.16. The vulnerability affects the functionality of the /goform/fast_setting_wifi_set file form_fast_setting_wifi_set. Using the timeZone parameter causes a stack-based buffer overflow. | |||||
| CVE-2024-28563 | 1 Freeimage Project | 1 Freeimage | 2025-03-28 | N/A | 5.9 MEDIUM |
| Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the Imf_2_2::DwaCompressor::Classifier::Classifier() function when reading images in EXR format. | |||||
| CVE-2024-28566 | 1 Freeimage Project | 1 Freeimage | 2025-03-28 | N/A | 8.4 HIGH |
| Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to execute arbitrary code via the AssignPixel() function when reading images in TIFF format. | |||||
| CVE-2024-28567 | 1 Freeimage Project | 1 Freeimage | 2025-03-28 | N/A | 6.2 MEDIUM |
| Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the FreeImage_CreateICCProfile() function when reading images in TIFF format. | |||||
| CVE-2024-28568 | 1 Freeimage Project | 1 Freeimage | 2025-03-28 | N/A | 6.2 MEDIUM |
| Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the read_iptc_profile() function when reading images in TIFF format. | |||||
| CVE-2024-28573 | 1 Freeimage Project | 1 Freeimage | 2025-03-28 | N/A | 6.2 MEDIUM |
| Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the jpeg_read_exif_profile() function when reading images in JPEG format. | |||||
| CVE-2024-28574 | 1 Freeimage Project | 1 Freeimage | 2025-03-28 | N/A | 6.2 MEDIUM |
| Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the opj_j2k_copy_default_tcp_and_create_tcd() function when reading images in J2K format. | |||||
| CVE-2024-28575 | 1 Freeimage Project | 1 Freeimage | 2025-03-28 | N/A | 6.2 MEDIUM |
| Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the opj_j2k_read_mct() function when reading images in J2K format. | |||||
| CVE-2024-28580 | 1 Freeimage Project | 1 Freeimage | 2025-03-28 | N/A | 8.4 HIGH |
| Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to execute arbitrary code via the ReadData() function when reading images in RAS format. | |||||
| CVE-2024-28581 | 1 Freeimage Project | 1 Freeimage | 2025-03-28 | N/A | 8.4 HIGH |
| Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to execute arbitrary code via the _assignPixel<>() function when reading images in TARGA format. | |||||
| CVE-2024-28582 | 1 Freeimage Project | 1 Freeimage | 2025-03-28 | N/A | 8.4 HIGH |
| Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to execute arbitrary code via the rgbe_RGBEToFloat() function when reading images in HDR format. | |||||
| CVE-2025-2837 | 2025-03-27 | N/A | 8.8 HIGH | ||
| Silicon Labs Gecko OS HTTP Request Handling Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Silicon Labs Gecko OS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of HTTP requests. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-23245. | |||||
| CVE-2025-26336 | 1 Dell | 4 Chassis Management Controller For Poweredge Fx2, Chassis Management Controller For Poweredge Fx2 Firmware, Chassis Management Controller For Poweredge Vrtx and 1 more | 2025-03-27 | N/A | 8.3 HIGH |
| Dell Chassis Management Controller Firmware for Dell PowerEdge FX2, version(s) prior to 2.40.200.202101130302, and Dell Chassis Management Controller Firmware for Dell PowerEdge VRTX version(s) prior to 3.41.200.202209300499, contain(s) a Stack-based Buffer Overflow vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Remote execution. | |||||
| CVE-2025-29149 | 1 Tenda | 2 I12, I12 Firmware | 2025-03-27 | N/A | 7.5 HIGH |
| Tenda i12 V1.0.0.10(3805) was discovered to contain a buffer overflow via the ping1 parameter in the formSetAutoPing function. | |||||
| CVE-2024-44551 | 1 Tenda | 2 Ax1806, Ax1806 Firmware | 2025-03-26 | N/A | 9.8 CRITICAL |
| Tenda AX1806 v1.0.0.1 contains a stack overflow via the iptv.city.vlan parameter in the function formGetIptv. | |||||
| CVE-2025-2619 | 1 Dlink | 2 Dap-1620, Dap-1620 Firmware | 2025-03-26 | 10.0 HIGH | 9.8 CRITICAL |
| A vulnerability, which was classified as critical, was found in D-Link DAP-1620 1.03. This affects the function check_dws_cookie of the file /storage of the component Cookie Handler. The manipulation leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2025-2620 | 1 Dlink | 2 Dap-1620, Dap-1620 Firmware | 2025-03-26 | 10.0 HIGH | 9.8 CRITICAL |
| A vulnerability has been found in D-Link DAP-1620 1.03 and classified as critical. This vulnerability affects the function mod_graph_auth_uri_handler of the file /storage of the component Authentication Handler. The manipulation leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2025-2621 | 1 Dlink | 2 Dap-1620, Dap-1620 Firmware | 2025-03-26 | 10.0 HIGH | 9.8 CRITICAL |
| A vulnerability was found in D-Link DAP-1620 1.03 and classified as critical. This issue affects the function check_dws_cookie of the file /storage. The manipulation of the argument uid leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. | |||||