Total
710 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-27225 | 1 Google | 1 Android | 2025-04-03 | N/A | 4.4 MEDIUM |
| In sendHciCommand of bluetooth_hci.cc, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2024-25984 | 1 Google | 1 Android | 2025-04-03 | N/A | 6.2 MEDIUM |
| In dumpBatteryDefend of dump_power.cpp, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2025-29032 | 1 Tendacn | 2 Ac9, Ac9 Firmware | 2025-04-03 | N/A | 5.9 MEDIUM |
| Tenda AC9 v15.03.05.19(6318) was discovered to contain a buffer overflow via the formWifiWpsOOB function. | |||||
| CVE-2024-35400 | 1 Totolink | 2 Cp900l, Cp900l Firmware | 2025-04-03 | N/A | 5.3 MEDIUM |
| TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a stack overflow via the desc parameter in the function SetPortForwardRules | |||||
| CVE-2024-10559 | 1 Razormist | 1 Airport Booking Management System | 2025-04-03 | 4.3 MEDIUM | 5.3 MEDIUM |
| A vulnerability was found in SourceCodester Airport Booking Management System 1.0 and classified as critical. Affected by this issue is the function Details. The manipulation of the argument passport/name leads to buffer overflow. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. | |||||
| CVE-2023-33302 | 2025-04-01 | N/A | 4.7 MEDIUM | ||
| A buffer copy without checking size of input ('classic buffer overflow') in Fortinet FortiMail webmail and administrative interface version 6.4.0 through 6.4.4 and before 6.2.6 and FortiNDR administrative interface version 7.2.0 and before 7.1.0 allows an authenticated attacker with regular webmail access to trigger a buffer overflow and to possibly execute unauthorized code or commands via specifically crafted HTTP requests. | |||||
| CVE-2024-28759 | 2025-03-28 | N/A | 4.3 MEDIUM | ||
| A crafted network packet may cause a buffer overrun in Wind River VxWorks 7 through 23.09. | |||||
| CVE-2024-28564 | 1 Freeimage Project | 1 Freeimage | 2025-03-28 | N/A | 6.2 MEDIUM |
| Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the Imf_2_2::CharPtrIO::readChars() function when reading images in EXR format. | |||||
| CVE-2024-28565 | 1 Freeimage Project | 1 Freeimage | 2025-03-28 | N/A | 5.5 MEDIUM |
| Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the psdParser::ReadImageData() function when reading images in PSD format. | |||||
| CVE-2024-28570 | 1 Freeimage Project | 1 Freeimage | 2025-03-28 | N/A | 5.5 MEDIUM |
| Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the processMakerNote() function when reading images in JPEG format. | |||||
| CVE-2024-28576 | 1 Freeimage Project | 1 Freeimage | 2025-03-28 | N/A | 5.5 MEDIUM |
| Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the opj_j2k_tcp_destroy() function when reading images in J2K format. | |||||
| CVE-2021-45429 | 1 Virustotal | 1 Yara | 2025-03-27 | 4.3 MEDIUM | 5.5 MEDIUM |
| A Buffer Overflow vulnerablity exists in VirusTotal YARA git commit: 605b2edf07ed8eb9a2c61ba22eb2e7c362f47ba7 via yr_set_configuration in yara/libyara/libyara.c, which could cause a Denial of Service. | |||||
| CVE-2023-42757 | 2025-03-26 | N/A | 4.2 MEDIUM | ||
| Process Explorer before 17.04 allows attackers to make it functionally unavailable (a denial of service for analysis) by renaming an executable file to a new extensionless 255-character name and launching it with NtCreateUserProcess. This can occur through an issue in wcscat_s error handling. | |||||
| CVE-2022-42444 | 3 Ibm, Linux, Microsoft | 4 Aix, App Connect Enterprise, Linux Kernel and 1 more | 2025-03-25 | N/A | 4.9 MEDIUM |
| IBM App Connect Enterprise 11.0.0.8 through 11.0.0.19 and 12.0.1.0 through 12.0.5.0 is vulnerable to a buffer overflow. A remote privileged user could overflow a buffer and cause the application to crash. IBM X-Force ID: 238538. | |||||
| CVE-2024-56557 | 1 Linux | 1 Linux Kernel | 2025-03-24 | N/A | 5.5 MEDIUM |
| In the Linux kernel, the following vulnerability has been resolved: iio: adc: ad7923: Fix buffer overflow for tx_buf and ring_xfer The AD7923 was updated to support devices with 8 channels, but the size of tx_buf and ring_xfer was not increased accordingly, leading to a potential buffer overflow in ad7923_update_scan_mode(). | |||||
| CVE-2024-53192 | 1 Linux | 1 Linux Kernel | 2025-03-24 | N/A | 5.5 MEDIUM |
| In the Linux kernel, the following vulnerability has been resolved: clk: clk-loongson2: Fix potential buffer overflow in flexible-array member access Flexible-array member `hws` in `struct clk_hw_onecell_data` is annotated with the `counted_by()` attribute. This means that when memory is allocated for this array, the _counter_, which in this case is member `num` in the flexible structure, should be set to the maximum number of elements the flexible array can contain, or fewer. In this case, the total number of elements for the flexible array is determined by variable `clks_num` when allocating heap space via `devm_kzalloc()`, as shown below: 289 struct loongson2_clk_provider *clp; ... 296 for (p = data; p->name; p++) 297 clks_num++; 298 299 clp = devm_kzalloc(dev, struct_size(clp, clk_data.hws, clks_num), 300 GFP_KERNEL); So, `clp->clk_data.num` should be set to `clks_num` or less, and not exceed `clks_num`, as is currently the case. Otherwise, if data is written into `clp->clk_data.hws[clks_num]`, the instrumentation provided by the compiler won't detect the overflow, leading to a memory corruption bug at runtime. Fix this issue by setting `clp->clk_data.num` to `clks_num`. | |||||
| CVE-2024-26889 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2025-03-21 | N/A | 5.5 MEDIUM |
| In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_core: Fix possible buffer overflow struct hci_dev_info has a fixed size name[8] field so in the event that hdev->name is bigger than that strcpy would attempt to write past its size, so this fixes this problem by switching to use strscpy. | |||||
| CVE-2023-32423 | 1 Apple | 6 Ipados, Iphone Os, Macos and 3 more | 2025-03-20 | N/A | 6.5 MEDIUM |
| A buffer overflow issue was addressed with improved memory handling. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, Safari 16.5, iOS 16.5 and iPadOS 16.5. Processing web content may disclose sensitive information. | |||||
| CVE-2024-44866 | 2025-03-19 | N/A | 6.8 MEDIUM | ||
| A buffer overflow in the GuitarPro1::read function of MuseScore Studio v4.3.2 allows attackers to to execute arbitrary code or cause a Denial of Service (DoS) via opening a crafted GuitarPro file. | |||||
| CVE-2022-24350 | 1 Insyde | 1 Insydeh2o | 2025-03-19 | N/A | 5.5 MEDIUM |
| An issue was discovered in IhisiSmm in Insyde InsydeH2O with kernel 5.0 through 5.5. Specially formatted buffer contents used for software SMI could cause SMRAM corruption, leading to escalation of privilege. | |||||