Export limit exceeded: 44177 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (44177 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-46292 | 2 Modsecurity, Trustwave | 2 Modsecurity, Modsecurity | 2025-06-17 | 7.5 High |
| A buffer overflow in modsecurity v3.0.12 allows attackers to cause a Denial of Service (DoS) via a crafted input inserted into the name parameter. NOTE: this is disputed by the Supplier because it cannot be reproduced. Also, the product's documentation indicates that it is not guaranteed to be usable with very large values of SecRequestBodyNoFilesLimit (which are required by the claimed issue). | ||||
| CVE-2024-45184 | 1 Samsung | 36 Exynos 1080, Exynos 1080 Firmware, Exynos 1280 and 33 more | 2025-06-17 | 6.2 Medium |
| An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modems with chipset Exynos 9820, 9825, 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 9110, W920, W930, Modem 5123, and Modem 5300. A USAT out-of-bounds write due to a heap buffer overflow can lead to a Denial of Service. | ||||
| CVE-2024-22912 | 1 Swftools | 1 Swftools | 2025-06-17 | 7.8 High |
| A global-buffer-overflow was found in SWFTools v0.9.2, in the function countline at swf5compiler.flex:327. It allows an attacker to cause code execution. | ||||
| CVE-2024-1283 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2025-06-17 | 8.8 High |
| Heap buffer overflow in Skia in Google Chrome prior to 121.0.6167.160 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2024-0213 | 1 Trellix | 1 Agent | 2025-06-17 | 8.2 High |
| A buffer overflow vulnerability in TA for Linux and TA for MacOS prior to 5.8.1 allows a local user to gain elevated permissions, or cause a Denial of Service (DoS), through exploiting a memory corruption issue in the TA service, which runs as root. This may also result in the disabling of event reporting to ePO, caused by failure to validate input from the file correctly. | ||||
| CVE-2024-21616 | 1 Juniper | 1 Junos | 2025-06-17 | 7.5 High |
| An Improper Validation of Syntactic Correctness of Input vulnerability in Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause Denial of Service (DoS). On all Junos OS MX Series and SRX Series platforms, when SIP ALG is enabled, and a specific SIP packet is received and processed, NAT IP allocation fails for genuine traffic, which causes Denial of Service (DoS). Continuous receipt of this specific SIP ALG packet will cause a sustained DoS condition. NAT IP usage can be monitored by running the following command. user@srx> show security nat resource-usage source-pool <source_pool_name> Pool name: source_pool_name .. Address Factor-index Port-range Used Avail Total Usage X.X.X.X 0 Single Ports 50258 52342 62464 96% <<<<< - Alg Ports 0 2048 2048 0% This issue affects: Juniper Networks Junos OS on MX Series and SRX Series * All versions earlier than 21.2R3-S6; * 21.3 versions earlier than 21.3R3-S5; * 21.4 versions earlier than 21.4R3-S5; * 22.1 versions earlier than 22.1R3-S4; * 22.2 versions earlier than 22.2R3-S3; * 22.3 versions earlier than 22.3R3-S1; * 22.4 versions earlier than 22.4R2-S2, 22.4R3; * 23.2 versions earlier than 23.2R1-S1, 23.2R2. | ||||
| CVE-2023-41056 | 3 Fedoraproject, Redhat, Redis | 3 Fedora, Enterprise Linux, Redis | 2025-06-17 | 8.1 High |
| Redis is an in-memory database that persists on disk. Redis incorrectly handles resizing of memory buffers which can result in integer overflow that leads to heap overflow and potential remote code execution. This issue has been patched in version 7.0.15 and 7.2.4. | ||||
| CVE-2024-22207 | 1 Smartbear | 1 Swagger Ui | 2025-06-17 | 5.3 Medium |
| fastify-swagger-ui is a Fastify plugin for serving Swagger UI. Prior to 2.1.0, the default configuration of `@fastify/swagger-ui` without `baseDir` set will lead to all files in the module's directory being exposed via http routes served by the module. The vulnerability is fixed in v2.1.0. Setting the `baseDir` option can also work around this vulnerability. | ||||
| CVE-2025-4215 | 2 Debian, Ublockorigin | 2 Debian Linux, Ublock Origin | 2025-06-17 | 3.1 Low |
| A vulnerability was found in gorhill uBlock Origin up to 1.63.3b16. It has been classified as problematic. Affected is the function currentStateChanged of the file src/js/1p-filters.js of the component UI. The manipulation leads to inefficient regular expression complexity. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. Upgrading to version 1.63.3b17 is able to address this issue. The patch is identified as eaedaf5b10d2f7857c6b77fbf7d4a80681d4d46c. It is recommended to upgrade the affected component. | ||||
| CVE-2025-5001 | 1 Gnu | 1 Pspp | 2025-06-17 | 3.3 Low |
| A vulnerability was found in GNU PSPP 82fb509fb2fedd33e7ac0c46ca99e108bb3bdffb. It has been declared as problematic. This vulnerability affects the function calloc of the file pspp-convert.c. The manipulation of the argument -l leads to integer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-29243 | 1 Szlbt | 3 Lbt-t300-mini1, Lbt-t300-mini1 Firmware, Lbt-t300-mini Firmware | 2025-06-17 | 9.8 Critical |
| Shenzhen Libituo Technology Co., Ltd LBT-T300-mini v1.2.9 was discovered to contain a buffer overflow via the vpn_client_ip parameter at /apply.cgi. | ||||
| CVE-2024-29244 | 1 Szlbt | 2 Lbt-t300-mini1, Lbt-t300-mini1 Firmware | 2025-06-17 | 5.3 Medium |
| Shenzhen Libituo Technology Co., Ltd LBT-T300-mini v1.2.9 was discovered to contain a buffer overflow via the pin_code_3g parameter at /apply.cgi. | ||||
| CVE-2024-28756 | 1 Solaredge | 1 Mysolaredge | 2025-06-17 | 5.9 Medium |
| The SolarEdge mySolarEdge application before 2.20.1 for Android has a certificate verification issue that allows a Machine-in-the-middle (MitM) attacker to read and alter all network traffic between the application and the server. | ||||
| CVE-2024-29646 | 1 Radare | 1 Radare2 | 2025-06-17 | 9.8 Critical |
| Buffer Overflow vulnerability in radarorg radare2 v.5.8.8 allows an attacker to execute arbitrary code via the name, type, or group fields. | ||||
| CVE-2024-35410 | 1 Kanaka | 1 Wac | 2025-06-17 | 6.2 Medium |
| wac commit 385e1 was discovered to contain a heap overflow via the interpret function at /wac-asan/wa.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted wasm file. | ||||
| CVE-2024-35418 | 1 Kanaka | 1 Wac | 2025-06-17 | 6.2 Medium |
| wac commit 385e1 was discovered to contain a heap overflow via the setup_call function at /wac-asan/wa.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted wasm file. | ||||
| CVE-2024-35419 | 1 Kanaka | 1 Wac | 2025-06-17 | 5.5 Medium |
| wac commit 385e1 was discovered to contain a heap overflow via the load_module function at /wac-asan/wa.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted wasm file. | ||||
| CVE-2024-35420 | 1 Kanaka | 1 Wac | 2025-06-17 | 6.2 Medium |
| wac commit 385e1 was discovered to contain a heap overflow. | ||||
| CVE-2024-52533 | 4 Debian, Gnome, Netapp and 1 more | 5 Debian Linux, Glib, Active Iq Unified Manager and 2 more | 2025-06-17 | 9.8 Critical |
| gio/gsocks4aproxy.c in GNOME GLib before 2.82.1 has an off-by-one error and resultant buffer overflow because SOCKS4_CONN_MSG_LEN is not sufficient for a trailing '\0' character. | ||||
| CVE-2024-33781 | 2 Csiro, Data61 | 2 Multi-protocol Spdz, Mp-spdz | 2025-06-16 | 7.5 High |
| MP-SPDZ v0.3.8 was discovered to contain a stack overflow via the function octetStream::get_bytes in /Tools/octetStream.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted message. | ||||