Total
13899 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-25709 | 1 Qualcomm | 136 Ar8035, Ar8035 Firmware, Qca6174a and 133 more | 2025-03-05 | 8.4 High |
| Memory corruption in modem due to use of out of range pointer offset while processing qmi msg | ||||
| CVE-2025-1895 | 1 Tenda | 2 Tx3, Tx3 Firmware | 2025-03-05 | 6.5 Medium |
| A vulnerability classified as critical has been found in Tenda TX3 16.03.13.11_multi. This affects an unknown part of the file /goform/setMacFilterCfg. The manipulation of the argument deviceList leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-0840 | 1 Gnu | 1 Binutils | 2025-03-04 | 5 Medium |
| A vulnerability, which was classified as problematic, was found in GNU Binutils up to 2.43. This affects the function disassemble_bytes of the file binutils/objdump.c. The manipulation of the argument buf leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. Upgrading to version 2.44 is able to address this issue. The identifier of the patch is baac6c221e9d69335bf41366a1c7d87d8ab2f893. It is recommended to upgrade the affected component. | ||||
| CVE-2025-1788 | 2025-03-03 | 5.3 Medium | ||
| A vulnerability, which was classified as critical, was found in rizinorg rizin up to 0.8.0. This affects the function rz_utf8_encode in the library /librz/util/utf8.c. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. | ||||
| CVE-2025-1786 | 2025-03-03 | 5.3 Medium | ||
| A vulnerability was found in rizinorg rizin up to 0.7.4. It has been rated as critical. This issue affects the function msf_stream_directory_free in the library /librz/bin/pdb/pdb.c. The manipulation of the argument -P leads to buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. Upgrading to version 0.8.0 is able to address this issue. It is recommended to upgrade the affected component. | ||||
| CVE-2024-8573 | 1 Totolink | 6 Ac1200 T10 Firmware, Ac1200 T8 Firmware, T10 and 3 more | 2025-03-03 | 8.8 High |
| A vulnerability, which was classified as critical, was found in TOTOLINK AC1200 T8 and AC1200 T10 4.1.5cu.861_B20230220/4.1.8cu.5207. This affects the function setParentalRules of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument desc/week/sTime/eTime leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-1179 | 1 Gnu | 1 Binutils | 2025-03-03 | 5 Medium |
| A vulnerability was found in GNU Binutils 2.43. It has been rated as critical. Affected by this issue is the function bfd_putl64 of the file bfd/libbfd.c of the component ld. The manipulation leads to memory corruption. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. Upgrading to version 2.44 is able to address this issue. It is recommended to upgrade the affected component. The code maintainer explains, that "[t]his bug has been fixed at some point between the 2.43 and 2.44 releases". | ||||
| CVE-2025-1866 | 2025-03-03 | 8.0 High | ||
| Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in warmcat libwebsockets allows Pointer Manipulation, potentially leading to out-of-bounds memory access. This issue affects libwebsockets before 4.3.4 and is present in code built specifically for the Win32 platform. By default, the affected code is not executed unless one of the following conditions is met: LWS_WITHOUT_EXTENSIONS (default ON) is manually set to OFF in CMake. LWS_WITH_HTTP_STREAM_COMPRESSION (default OFF) is manually set to ON in CMake. Despite these conditions, when triggered in affected configurations, this vulnerability may allow attackers to manipulate pointers, potentially leading to memory corruption or unexpected behavior. | ||||
| CVE-2025-0870 | 1 Axiosys | 1 Bento4 | 2025-02-28 | 5.6 Medium |
| A vulnerability was found in Axiomatic Bento4 up to 1.6.0-641. It has been rated as critical. Affected by this issue is the function AP4_DataBuffer::GetData in the library Ap4DataBuffer.h. The manipulation leads to heap-based buffer overflow. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. | ||||
| CVE-2025-0751 | 1 Axiosys | 1 Bento4 | 2025-02-28 | 6.3 Medium |
| A vulnerability classified as critical has been found in Axiomatic Bento4 up to 1.6.0. This affects the function AP4_BitReader::ReadBits of the component mp42aac. The manipulation leads to heap-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-0753 | 1 Axiosys | 1 Bento4 | 2025-02-28 | 6.3 Medium |
| A vulnerability classified as critical was found in Axiomatic Bento4 up to 1.6.0. This vulnerability affects the function AP4_StdcFileByteStream::ReadPartial of the component mp42aac. The manipulation leads to heap-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2021-3549 | 1 Gnu | 1 Binutils | 2025-02-28 | 7.1 High |
| An out of bounds flaw was found in GNU binutils objdump utility version 2.36. An attacker could use this flaw and pass a large section to avr_elf32_load_records_from_section() probably resulting in a crash or in some cases memory corruption. The highest threat from this vulnerability is to integrity as well as system availability. | ||||
| CVE-2023-28549 | 1 Qualcomm | 450 315 5g Iot Modem, 315 5g Iot Modem Firmware, Aqt1000 and 447 more | 2025-02-27 | 7.8 High |
| Memory corruption in WLAN HAL while parsing Rx buffer in processing TLV payload. | ||||
| CVE-2023-28581 | 1 Qualcomm | 52 Fastconnect 6800, Fastconnect 6800 Firmware, Fastconnect 6900 and 49 more | 2025-02-27 | 9.8 Critical |
| Memory corruption in WLAN Firmware while parsing receieved GTK Keys in GTK KDE. | ||||
| CVE-2023-4967 | 1 Citrix | 2 Netscaler Application Delivery Controller, Netscaler Gateway | 2025-02-27 | 8.2 High |
| Denial of Service in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA Virtual Server | ||||
| CVE-2023-27403 | 1 Siemens | 1 Tecnomatix Plant Simulation | 2025-02-27 | 7.8 High |
| A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). The affected application contains a memory corruption vulnerability while parsing specially crafted SPP files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-20303, ZDI-CAN-20348) | ||||
| CVE-2023-22881 | 1 Zoom | 1 Zoom | 2025-02-26 | 6.5 Medium |
| Zoom clients before version 5.13.5 contain a STUN parsing vulnerability. A malicious actor could send specially crafted UDP traffic to a victim Zoom client to remotely cause the client to crash, causing a denial of service. | ||||
| CVE-2023-22882 | 1 Zoom | 1 Zoom | 2025-02-26 | 6.5 Medium |
| Zoom clients before version 5.13.5 contain a STUN parsing vulnerability. A malicious actor could send specially crafted UDP traffic to a victim Zoom client to remotely cause the client to crash, causing a denial of service. | ||||
| CVE-2022-34412 | 1 Dell | 160 C4130, C4130 Firmware, C4140 and 157 more | 2025-02-26 | 7.5 High |
| Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM communication buffer verification vulnerability. A local malicious user with high Privileges may potentially exploit this vulnerability to perform arbitrary code execution or cause denial of service. | ||||
| CVE-2022-34406 | 1 Dell | 160 C4130, C4130 Firmware, C4140 and 157 more | 2025-02-26 | 7.5 High |
| Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM communication buffer verification vulnerability. A local malicious user with high Privileges may potentially exploit this vulnerability to perform arbitrary code execution or cause denial of service. | ||||