Total
6464 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-37325 | 1 Sangoma | 1 Asterisk | 2025-04-24 | N/A | 7.5 HIGH |
| In Sangoma Asterisk through 16.28.0, 17.x and 18.x through 18.14.0, and 19.x through 19.6.0, an incoming Setup message to addons/ooh323c/src/ooq931.c with a malformed Calling or Called Party IE can cause a crash. | |||||
| CVE-2024-20104 | 5 Google, Linuxfoundation, Mediatek and 2 more | 24 Android, Yocto, Mt6781 and 21 more | 2025-04-24 | N/A | 8.4 HIGH |
| In da, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09073261; Issue ID: MSV-1772. | |||||
| CVE-2022-45283 | 1 Gpac | 1 Gpac | 2025-04-24 | N/A | 7.8 HIGH |
| GPAC MP4box v2.0.0 was discovered to contain a stack overflow in the smil_parse_time_list parameter at /scenegraph/svg_attributes.c. | |||||
| CVE-2022-1304 | 3 E2fsprogs Project, Fedoraproject, Redhat | 3 E2fsprogs, Fedora, Enterprise Linux | 2025-04-23 | 6.8 MEDIUM | 7.8 HIGH |
| An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5. This issue leads to a segmentation fault and possibly arbitrary code execution via a specially crafted filesystem. | |||||
| CVE-2021-44142 | 6 Canonical, Debian, Fedoraproject and 3 more | 23 Ubuntu Linux, Debian Linux, Fedora and 20 more | 2025-04-23 | 9.0 HIGH | 8.8 HIGH |
| The Samba vfs_fruit module uses extended file attributes (EA, xattr) to provide "...enhanced compatibility with Apple SMB clients and interoperability with a Netatalk 3 AFP fileserver." Samba versions prior to 4.13.17, 4.14.12 and 4.15.5 with vfs_fruit configured allow out-of-bounds heap read and write via specially crafted extended file attributes. A remote attacker with write access to extended file attributes can execute arbitrary code with the privileges of smbd, typically root. | |||||
| CVE-2022-40657 | 1 Nikon | 1 Nis-elements Viewer | 2025-04-23 | N/A | 7.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of NIKON NIS-Elements Viewer 1.2100.1483.0. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PSD files. Crafted data in a PSD file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15073. | |||||
| CVE-2023-4504 | 3 Debian, Fedoraproject, Openprinting | 4 Debian Linux, Fedora, Cups and 1 more | 2025-04-23 | N/A | 7.0 HIGH |
| Due to failure in validating the length provided by an attacker-crafted PPD PostScript document, CUPS and libppd are susceptible to a heap-based buffer overflow and possibly code execution. This issue has been fixed in CUPS version 2.4.7, released in September of 2023. | |||||
| CVE-2023-49356 | 1 Glensawyer | 1 Mp3gain | 2025-04-23 | N/A | 7.5 HIGH |
| A stack buffer overflow vulnerability in MP3Gain v1.6.2 allows an attacker to cause a denial of service via the WriteMP3GainAPETag function at apetag.c:592. | |||||
| CVE-2023-2598 | 1 Linux | 1 Linux Kernel | 2025-04-23 | N/A | 7.8 HIGH |
| A flaw was found in the fixed buffer registration code for io_uring (io_sqe_buffer_register in io_uring/rsrc.c) in the Linux kernel that allows out-of-bounds access to physical memory beyond the end of the buffer. This flaw enables full local privilege escalation. | |||||
| CVE-2022-44931 | 1 Tenda | 2 A18, A18 Firmware | 2025-04-23 | N/A | 7.5 HIGH |
| Tenda A18 v15.13.07.09 was discovered to contain a stack overflow via the security_5g parameter at /goform/WifiBasicSet. | |||||
| CVE-2025-3679 | 1 Pcman | 1 Ftp Server | 2025-04-23 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability, which was classified as critical, was found in PCMan FTP Server 2.0.7. Affected is an unknown function of the component HOST Command Handler. The manipulation leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2022-45525 | 1 Tenda | 2 W30e, W30e Firmware | 2025-04-23 | N/A | 7.5 HIGH |
| Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the downaction parameter at /goform/CertListInfo. | |||||
| CVE-2022-45524 | 1 Tenda | 2 W30e, W30e Firmware | 2025-04-23 | N/A | 7.5 HIGH |
| Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the opttype parameter at /goform/IPSECsave. | |||||
| CVE-2022-45523 | 1 Tenda | 2 W30e, W30e Firmware | 2025-04-23 | N/A | 7.5 HIGH |
| Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the page parameter at /goform/L7Im. | |||||
| CVE-2022-45522 | 1 Tenda | 2 W30e, W30e Firmware | 2025-04-23 | N/A | 7.5 HIGH |
| Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the page parameter at /goform/SafeClientFilter. | |||||
| CVE-2022-45521 | 1 Tenda | 2 W30e, W30e Firmware | 2025-04-23 | N/A | 7.5 HIGH |
| Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the page parameter at /goform/SafeUrlFilter. | |||||
| CVE-2022-45520 | 1 Tenda | 2 W30e, W30e Firmware | 2025-04-23 | N/A | 7.5 HIGH |
| Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the page parameter at /goform/qossetting. | |||||
| CVE-2022-45519 | 1 Tenda | 2 W30e, W30e Firmware | 2025-04-23 | N/A | 7.5 HIGH |
| Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the Go parameter at /goform/SafeMacFilter. | |||||
| CVE-2022-45518 | 1 Tenda | 2 W30e, W30e Firmware | 2025-04-23 | N/A | 7.5 HIGH |
| Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the page parameter at /goform/SetIpBind. | |||||
| CVE-2022-45517 | 1 Tenda | 2 W30e, W30e Firmware | 2025-04-23 | N/A | 7.5 HIGH |
| Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the page parameter at /goform/VirtualSer. | |||||