Total
13122 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-9019 | 2025-08-15 | 2.6 LOW | 3.1 LOW | ||
| A vulnerability has been found in tcpreplay 4.5.1. This vulnerability affects the function mask_cidr6 of the file cidr.c of the component tcpprep. The manipulation leads to heap-based buffer overflow. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The researcher is able to reproduce this with the latest official release 4.5.1 and the current master branch. The code maintainer cannot reproduce this for 4.5.2-beta1. In his reply the maintainer explains that "[i]n that case, this is a duplicate that was fixed in 4.5.2." | |||||
| CVE-2025-9023 | 2025-08-15 | 9.0 HIGH | 8.8 HIGH | ||
| A vulnerability has been found in Tenda AC7 and AC18 15.03.05.19/15.03.06.44. Affected is the function formSetSchedLed of the file /goform/SetLEDCfg. The manipulation of the argument Time leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-8810 | 1 Tenda | 2 Ac20, Ac20 Firmware | 2025-08-14 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability classified as critical was found in Tenda AC20 16.03.08.05. Affected by this vulnerability is the function strcpy of the file /goform/SetFirewallCfg. The manipulation of the argument firewallEn leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2016-8596 | 1 Libcsp | 1 Libcsp | 2025-08-14 | 7.5 HIGH | 9.8 CRITICAL |
| Buffer overflow in the csp_can_process_frame in csp_if_can.c in the libcsp library v1.4 and earlier allows hostile components connected to the canbus to execute arbitrary code via a long csp packet. | |||||
| CVE-2016-8598 | 1 Libcsp | 1 Libcsp | 2025-08-14 | 7.5 HIGH | 9.8 CRITICAL |
| Buffer overflow in the zmq interface in csp_if_zmqhub.c in the libcsp library v1.4 and earlier allows hostile computers connected via a zmq interface to execute arbitrary code via a long packet. | |||||
| CVE-2016-8597 | 1 Libcsp | 1 Libcsp | 2025-08-14 | 7.5 HIGH | 9.8 CRITICAL |
| Buffer overflow in the csp_sfp_recv_fp in csp_sfp.c in the libcsp library v1.4 and earlier allows hostile components with network access to the SFP underlying network layers to execute arbitrary code via specially crafted SFP packets. | |||||
| CVE-2025-8958 | 2025-08-14 | 9.0 HIGH | 8.8 HIGH | ||
| A vulnerability was identified in Tenda TX3 16.03.13.11_multi_TDE01. Affected by this vulnerability is an unknown functionality of the file /goform/fast_setting_wifi_set. The manipulation of the argument ssid leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-20053 | 2025-08-13 | N/A | 7.2 HIGH | ||
| Improper buffer restrictions for some Intel(R) Xeon(R) Processor firmware with SGX enabled may allow a privileged user to potentially enable escalation of privilege via local access. | |||||
| CVE-2025-21096 | 2025-08-13 | N/A | 1.9 LOW | ||
| Improper buffer restrictions in the firmware for some Intel(R) TDX may allow a privileged user to potentially enable escalation of privilege via local access. | |||||
| CVE-2025-8760 | 2025-08-13 | 10.0 HIGH | 9.8 CRITICAL | ||
| A vulnerability was identified in INSTAR 2K+ and 4K 3.11.1 Build 1124. This affects the function base64_decode of the component fcgi_server. The manipulation of the argument Authorization leads to buffer overflow. It is possible to initiate the attack remotely. | |||||
| CVE-2025-1215 | 2 Netapp, Vim | 2 Bootstrap Os, Vim | 2025-08-13 | 1.7 LOW | 2.8 LOW |
| A vulnerability classified as problematic was found in vim up to 9.1.1096. This vulnerability affects unknown code of the file src/main.c. The manipulation of the argument --log leads to memory corruption. It is possible to launch the attack on the local host. Upgrading to version 9.1.1097 is able to address this issue. The patch is identified as c5654b84480822817bb7b69ebc97c174c91185e9. It is recommended to upgrade the affected component. | |||||
| CVE-2023-51608 | 1 Tungstenautomation | 1 Power Pdf | 2025-08-13 | N/A | 7.8 HIGH |
| Kofax Power PDF J2K File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of J2K files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-21833. | |||||
| CVE-2025-1095 | 4 Apple, Ibm, Linux and 1 more | 4 Macos, Personal Communications, Linux Kernel and 1 more | 2025-08-13 | N/A | 8.8 HIGH |
| IBM Personal Communications v14 and v15 include a Windows service that is vulnerable to local privilege escalation (LPE). The vulnerability allows any interactively logged in users on the target computer to run commands with full privileges in the context of NT AUTHORITY\SYSTEM. This allows for a low privileged attacker to escalate their privileges. This vulnerability is due to an incomplete fix for CVE-2024-25029. | |||||
| CVE-2025-8816 | 2025-08-12 | 9.0 HIGH | 8.8 HIGH | ||
| A vulnerability was determined in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. Affected is the function setOpMode of the file /goform/setOpMode. The manipulation of the argument ethConv leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-8822 | 2025-08-12 | 9.0 HIGH | 8.8 HIGH | ||
| A vulnerability has been found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. Affected is the function algDisable of the file /goform/setOpMode. The manipulation of the argument opMode leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-8817 | 2025-08-12 | 9.0 HIGH | 8.8 HIGH | ||
| A vulnerability was identified in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. Affected by this vulnerability is the function setLan of the file /goform/setLan. The manipulation of the argument lan2enabled leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-8824 | 2025-08-12 | 9.0 HIGH | 8.8 HIGH | ||
| A vulnerability was determined in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. Affected by this issue is the function setRIP of the file /goform/setRIP. The manipulation of the argument RIPmode/RIPpasswd leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-8820 | 2025-08-12 | 9.0 HIGH | 8.8 HIGH | ||
| A vulnerability was determined in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. This vulnerability affects the function wirelessBasic of the file /goform/wirelessBasic. The manipulation of the argument submit_SSID1 leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-8819 | 2025-08-12 | 9.0 HIGH | 8.8 HIGH | ||
| A vulnerability was found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. This affects the function setWan of the file /goform/setWan. The manipulation of the argument staticIp leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-11611 | 1 Automationdirect | 18 C-more Ea9-rhmi, C-more Ea9-rhmi Firmware, C-more Ea9-t10cl and 15 more | 2025-08-12 | N/A | 7.8 HIGH |
| AutomationDirect C-More EA9 EAP9 File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of AutomationDirect C-More EA9. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of EAP9 files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24774. | |||||