Total
6875 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-0802 | 1 Microsoft | 3 Office, Office Compatibility Pack, Word | 2025-03-26 | 9.3 HIGH | 7.8 HIGH |
| Equation Editor in Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allow a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE is unique from CVE-2018-0797 and CVE-2018-0812. | |||||
| CVE-2024-22273 | 2 Apple, Vmware | 5 Macos, Cloud Foundation, Esxi and 2 more | 2025-03-26 | N/A | 8.1 HIGH |
| The storage controllers on VMware ESXi, Workstation, and Fusion have out-of-bounds read/write vulnerability. A malicious actor with access to a virtual machine with storage controllers enabled may exploit this issue to create a denial of service condition or execute code on the hypervisor from a virtual machine in conjunction with other issues. | |||||
| CVE-2022-25480 | 1 Realtek | 2 Rtsper, Rtsuer | 2025-03-25 | N/A | 7.8 HIGH |
| Vulnerability in Realtek RtsPer driver for PCIe Card Reader (RtsPer.sys) before 10.0.22000.21355 and Realtek RtsUer driver for USB Card Reader (RtsUer.sys) before 10.0.22000.31274 allows writing to kernel memory beyond the SystemBuffer of the IRP. | |||||
| CVE-2024-29012 | 1 Sonicwall | 22 Nsa 2700, Nsa 3700, Nsa 4700 and 19 more | 2025-03-25 | N/A | 7.5 HIGH |
| Stack-based buffer overflow vulnerability in the SonicOS HTTP server allows an authenticated remote attacker to cause Denial of Service (DoS) via sscanf function. | |||||
| CVE-2024-58069 | 1 Linux | 1 Linux Kernel | 2025-03-25 | N/A | 7.8 HIGH |
| In the Linux kernel, the following vulnerability has been resolved: rtc: pcf85063: fix potential OOB write in PCF85063 NVMEM read The nvmem interface supports variable buffer sizes, while the regmap interface operates with fixed-size storage. If an nvmem client uses a buffer size less than 4 bytes, regmap_read will write out of bounds as it expects the buffer to point at an unsigned int. Fix this by using an intermediary unsigned int to hold the value. | |||||
| CVE-2024-40724 | 1 Assimp | 1 Assimp | 2025-03-25 | N/A | 7.8 HIGH |
| Heap-based buffer overflow vulnerability in Assimp versions prior to 5.4.2 allows a local attacker to execute arbitrary code by inputting a specially crafted file into the product. | |||||
| CVE-2024-45782 | 2 Gnu, Redhat | 3 Grub2, Enterprise Linux, Openshift Container Platform | 2025-03-25 | N/A | 7.8 HIGH |
| A flaw was found in the HFS filesystem. When reading an HFS volume's name at grub_fs_mount(), the HFS filesystem driver performs a strcpy() using the user-provided volume name as input without properly validating the volume name's length. This issue may read to a heap-based out-of-bounds writer, impacting grub's sensitive data integrity and eventually leading to a secure boot protection bypass. | |||||
| CVE-2023-24347 | 1 Dlink | 2 Dir-605l, Dir-605l Firmware | 2025-03-24 | N/A | 8.8 HIGH |
| D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a stack overflow via the webpage parameter at /goform/formSetWanDhcpplus. | |||||
| CVE-2023-24346 | 1 Dlink | 2 Dir-605l, Dir-605l Firmware | 2025-03-24 | N/A | 8.8 HIGH |
| D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a stack overflow via the wan_connected parameter at /goform/formEasySetupWizard3. | |||||
| CVE-2023-24345 | 1 Dlink | 2 Dir-605l, Dir-605l Firmware | 2025-03-24 | N/A | 8.8 HIGH |
| D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a stack overflow via the curTime parameter at /goform/formSetWanDhcpplus. | |||||
| CVE-2023-24344 | 1 Dlink | 2 Dir-605l, Dir-605l Firmware | 2025-03-24 | N/A | 8.8 HIGH |
| D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a stack overflow via the webpage parameter at /goform/formWlanGuestSetup. | |||||
| CVE-2023-24343 | 1 Dlink | 2 Dir-605l, Dir-605l Firmware | 2025-03-24 | N/A | 8.8 HIGH |
| D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a stack overflow via the curTime parameter at /goform/formSchedule. | |||||
| CVE-2025-27598 | 1 Sixlabors | 1 Imagesharp | 2025-03-24 | N/A | 7.5 HIGH |
| ImageSharp is a 2D graphics API. An Out-of-bounds Write vulnerability has been found in the ImageSharp gif decoder, allowing attackers to cause a crash using a specially crafted gif. This can potentially lead to denial of service. The problem has been patched. All users are advised to upgrade to v3.1.7 or v2.1.10. | |||||
| CVE-2024-32901 | 1 Google | 1 Android | 2025-03-24 | N/A | 7.8 HIGH |
| In v4l2_smfc_qbuf of smfc-v4l2-ioctls.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2024-41311 | 2 Debian, Struktur | 2 Debian Linux, Libheif | 2025-03-24 | N/A | 8.1 HIGH |
| In Libheif 1.17.6, insufficient checks in ImageOverlay::parse() decoding a heif file containing an overlay image with forged offsets can lead to an out-of-bounds read and write. | |||||
| CVE-2025-0349 | 1 Tenda | 2 Ac6, Ac6 Firmware | 2025-03-22 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability classified as critical has been found in Tenda AC6 15.03.05.16. Affected is the function GetParentControlInfo of the file /goform/GetParentControlInfo. The manipulation of the argument src/mac leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. | |||||
| CVE-2024-2173 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2025-03-21 | N/A | 8.8 HIGH |
| Out of bounds memory access in V8 in Google Chrome prior to 122.0.6261.111 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2023-22345 | 1 Jtekt | 1 Screen Creator Advance 2 | 2025-03-21 | N/A | 7.8 HIGH |
| Out-of-bound write vulnerability exists in Screen Creator Advance 2 Ver.0.1.1.4 Build01 and earlier due to lack of error handling process when out of specification errors are detected. Having a user of Screen Creator Advance 2 to open a specially crafted project file may lead to information disclosure and/or arbitrary code execution. | |||||
| CVE-2023-20945 | 1 Google | 1 Android | 2025-03-21 | N/A | 7.8 HIGH |
| In phNciNfc_MfCreateXchgDataHdr of phNxpExtns_MifareStd.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-246932269 | |||||
| CVE-2023-52159 | 2 Bizdelnick, Debian | 2 Gross, Debian Linux | 2025-03-20 | N/A | 7.5 HIGH |
| A stack-based buffer overflow vulnerability in gross 0.9.3 through 1.x before 1.0.4 allows remote attackers to trigger a denial of service (grossd daemon crash) or potentially execute arbitrary code in grossd via crafted SMTP transaction parameters that cause an incorrect strncat for a log entry. | |||||