Total
721 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-5463 | 1 Synology | 4 Bc500, Bc500 Firmware, Tc500 and 1 more | 2025-08-01 | N/A | 6.5 MEDIUM |
| A vulnerability regarding buffer copy without checking the size of input ('Classic Buffer Overflow') has been found in the login component. This allows remote attackers to write specific files containing non-sensitive information and conduct limited denial-of-service attacks via unspecified vectors. This attack only affects the login service which will automatically restart. The following models with Synology Camera Firmware versions before 1.1.1-0383 may be affected: BC500 and TC500. | |||||
| CVE-2025-0689 | 1 Gnu | 1 Grub2 | 2025-07-31 | N/A | 6.4 MEDIUM |
| When reading data from disk, the grub's UDF filesystem module utilizes the user controlled data length metadata to allocate its internal buffers. In certain scenarios, while iterating through disk sectors, it assumes the read size from the disk is always smaller than the allocated buffer size which is not guaranteed. A crafted filesystem image may lead to a heap-based buffer overflow resulting in critical data to be corrupted, resulting in the risk of arbitrary code execution by-passing secure boot protections. | |||||
| CVE-2025-8177 | 2025-07-29 | 4.3 MEDIUM | 5.3 MEDIUM | ||
| A vulnerability was found in LibTIFF up to 4.7.0. It has been rated as critical. This issue affects the function setrow of the file tools/thumbnail.c. The manipulation leads to buffer overflow. An attack has to be approached locally. The patch is named e8c9d6c616b19438695fd829e58ae4fde5bfbc22. It is recommended to apply a patch to fix this issue. This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2023-33302 | 1 Fortinet | 2 Fortimail, Fortindr | 2025-07-23 | N/A | 4.7 MEDIUM |
| A buffer copy without checking size of input ('classic buffer overflow') in Fortinet FortiMail webmail and administrative interface version 6.4.0 through 6.4.4 and before 6.2.6 and FortiNDR administrative interface version 7.2.0 and before 7.1.0 allows an authenticated attacker with regular webmail access to trigger a buffer overflow and to possibly execute unauthorized code or commands via specifically crafted HTTP requests. | |||||
| CVE-2025-29480 | 1 Osgeo | 1 Gdal | 2025-07-23 | N/A | 5.5 MEDIUM |
| Buffer Overflow vulnerability in gdal 3.10.2 allows a local attacker to cause a denial of service via the OGRSpatialReference::Release function. NOTE: the Supplier indicates that the report is invalid and could not be reproduced. | |||||
| CVE-2025-21426 | 1 Qualcomm | 20 Fastconnect 7800, Fastconnect 7800 Firmware, Snapdragon Ar1 Gen 1 Platform and 17 more | 2025-07-21 | N/A | 6.6 MEDIUM |
| Memory corruption while processing camera TPG write request. | |||||
| CVE-2025-46789 | 2025-07-15 | N/A | 6.5 MEDIUM | ||
| Classic buffer overflow in certain Zoom Clients for Windows may allow an authorized user to conduct a denial of service via network access. | |||||
| CVE-2025-49464 | 2025-07-15 | N/A | 6.5 MEDIUM | ||
| Classic buffer overflow in certain Zoom Clients for Windows may allow an authorised user to conduct a denial of service via network access. | |||||
| CVE-2025-24004 | 1 Phoenixcontact | 8 Charx Sec-3000, Charx Sec-3000 Firmware, Charx Sec-3050 and 5 more | 2025-07-11 | N/A | 5.2 MEDIUM |
| A physical attacker with access to the device display via USB-C can send a message to the device which triggers an unsecure copy to a buffer resulting in loss of integrity and a temporary denial-of-service for the stations until they got restarted by the watchdog. | |||||
| CVE-2025-48386 | 2025-07-10 | N/A | 6.3 MEDIUM | ||
| Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. The wincred credential helper uses a static buffer (target) as a unique key for storing and comparing against internal storage. This credential helper does not properly bounds check the available space remaining in the buffer before appending to it with wcsncat(), leading to potential buffer overflows. This vulnerability is fixed in v2.43.7, v2.44.4, v2.45.4, v2.46.4, v2.47.3, v2.48.2, v2.49.1, and v2.50.1. | |||||
| CVE-2024-47248 | 1 Apache | 1 Nimble | 2025-07-08 | N/A | 6.3 MEDIUM |
| Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in Apache NimBLE. Specially crafted MESH message could result in memory corruption when non-default build configuration is used. This issue affects Apache NimBLE: through 1.7.0. Users are recommended to upgrade to version 1.8.0, which fixes the issue. | |||||
| CVE-2025-50641 | 1 Tenda | 2 Ac6, Ac6 Firmware | 2025-07-07 | N/A | 6.5 MEDIUM |
| Tenda AC6 15.03.05.16_multi is vulnerable to Buffer Overflow in the addWifiMacFilter function via the parameter deviceId. | |||||
| CVE-2024-31670 | 1 Rizin | 1 Rizin | 2025-07-02 | N/A | 6.3 MEDIUM |
| rizin before v0.6.3 is vulnerable to Buffer Overflow via create_cache_bins, read_cache_accel, and rz_dyldcache_new_buf functions in librz/bin/format/mach0/dyldcache.c. | |||||
| CVE-2024-46657 | 1 Artifex | 1 Mupdf | 2025-07-01 | N/A | 5.5 MEDIUM |
| Artifex Software mupdf v1.24.9 was discovered to contain a segmentation fault via the component /tools/pdfextract.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted PDF file. | |||||
| CVE-2023-28904 | 2025-06-30 | N/A | 5.2 MEDIUM | ||
| A logic flaw leading to a RAM buffer overflow in the bootloader component of the MIB3 infotainment unit allows an attacker with physical access to the MIB3 ECU to bypass firmware signature verification and run arbitrary code in the infotainment system at boot process. | |||||
| CVE-2013-1424 | 2025-06-30 | N/A | 5.6 MEDIUM | ||
| Buffer overflow vulnerability in matplotlib.This issue affects matplotlib: before upstream commit ba4016014cb4fb4927e36ce8ea429fed47dcb787. | |||||
| CVE-2025-41418 | 2025-06-30 | N/A | 5.3 MEDIUM | ||
| Buffer Overflow vulnerability exists in multiple versions of TB-eye network recorders and AHD recorders. The CGI process may be terminated abnormally by processing a specially crafted request. | |||||
| CVE-2024-25580 | 1 Qt | 1 Qt | 2025-06-30 | N/A | 6.2 MEDIUM |
| An issue was discovered in gui/util/qktxhandler.cpp in Qt before 5.15.17, 6.x before 6.2.12, 6.3.x through 6.5.x before 6.5.5, and 6.6.x before 6.6.2. A buffer overflow and application crash can occur via a crafted KTX image file. | |||||
| CVE-2024-57184 | 1 Gpac | 1 Gpac | 2025-06-27 | N/A | 5.5 MEDIUM |
| An issue was discovered in GPAC v0.8.0, as demonstrated by MP4Box. It contains a heap-based buffer overflow in gf_m2ts_process_pmt in media_tools/mpegts.c:2163 that can cause a denial of service (DOS) via a crafted MP4 file. | |||||
| CVE-2025-1367 | 1 Escanav | 1 Escan Anti-virus | 2025-06-27 | 4.3 MEDIUM | 5.3 MEDIUM |
| A vulnerability was found in MicroWord eScan Antivirus 7.0.32 on Linux. It has been classified as critical. This affects the function sprintf of the component USB Password Handler. The manipulation leads to buffer overflow. An attack has to be approached locally. The vendor was contacted early about this disclosure but did not respond in any way. | |||||