Total
3106 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-45708 | 1 Ip-com | 2 M50, M50 Firmware | 2025-04-15 | N/A | 9.8 CRITICAL |
| IP-COM M50 V15.11.0.33(10768) was discovered to contain a buffer overflow via the sPortMapIndex parameter in the formDelPortMapping function. | |||||
| CVE-2022-45707 | 1 Ip-com | 2 M50, M50 Firmware | 2025-04-15 | N/A | 9.8 CRITICAL |
| IP-COM M50 V15.11.0.33(10768) was discovered to contain a buffer overflow via the rules parameter in the formAddDnsHijack function. | |||||
| CVE-2022-45706 | 1 Ip-com | 2 M50, M50 Firmware | 2025-04-15 | N/A | 9.8 CRITICAL |
| IP-COM M50 V15.11.0.33(10768) was discovered to contain a buffer overflow via the hostname parameter in the formSetNetCheckTools function. | |||||
| CVE-2022-45721 | 1 Ip-com | 2 M50, M50 Firmware | 2025-04-15 | N/A | 9.8 CRITICAL |
| IP-COM M50 V15.11.0.33(10768) was discovered to contain a buffer overflow via the picName parameter in the formDelWewifiPic function. | |||||
| CVE-2022-45720 | 1 Ip-com | 2 M50, M50 Firmware | 2025-04-15 | N/A | 9.8 CRITICAL |
| IP-COM M50 V15.11.0.33(10768) was discovered to contain multiple buffer overflows via the ip, mac, and remark parameters in the formIPMacBindModify function. | |||||
| CVE-2022-45719 | 1 Ip-com | 2 M50, M50 Firmware | 2025-04-15 | N/A | 9.8 CRITICAL |
| IP-COM M50 V15.11.0.33(10768) was discovered to contain a buffer overflow via the gotoUrl parameter in the formPortalAuth function. | |||||
| CVE-2022-45718 | 1 Ip-com | 2 M50, M50 Firmware | 2025-04-15 | N/A | 9.8 CRITICAL |
| IP-COM M50 V15.11.0.33(10768) was discovered to contain a buffer overflow via the rules parameter in the formIPMacBindAdd function. | |||||
| CVE-2022-45716 | 1 Ip-com | 2 M50, M50 Firmware | 2025-04-15 | N/A | 9.8 CRITICAL |
| IP-COM M50 V15.11.0.33(10768) was discovered to contain a buffer overflow via the indexSet parameter in the formIPMacBindDel function. | |||||
| CVE-2022-45715 | 1 Ip-com | 2 M50, M50 Firmware | 2025-04-15 | N/A | 9.8 CRITICAL |
| IP-COM M50 V15.11.0.33(10768) was discovered to contain multiple buffer overflows via the pLanPortRange and pWanPortRange parameters in the formSetPortMapping function. | |||||
| CVE-2022-45714 | 1 Ip-com | 2 M50, M50 Firmware | 2025-04-15 | N/A | 9.8 CRITICAL |
| IP-COM M50 V15.11.0.33(10768) was discovered to contain a buffer overflow via the indexSet parameter in the formQOSRuleDel function. | |||||
| CVE-2025-28395 | 1 Dlink | 2 Di-8100, Di-8100 Firmware | 2025-04-15 | N/A | 7.1 HIGH |
| D-LINK DI-8100 16.07.26A1 is vulnerable to Buffer Overflow in the ipsec_road_asp function via the host_ip parameter. | |||||
| CVE-2025-28398 | 1 Dlink | 2 Di-8100, Di-8100 Firmware | 2025-04-15 | N/A | 7.1 HIGH |
| D-LINK DI-8100 16.07.26A1 is vulnerable to Buffer Overflow in the ipsec_net_asp function via the remot_ip parameter. | |||||
| CVE-2022-49754 | 1 Linux | 1 Linux Kernel | 2025-04-14 | N/A | 7.8 HIGH |
| In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Fix a buffer overflow in mgmt_mesh_add() Smatch Warning: net/bluetooth/mgmt_util.c:375 mgmt_mesh_add() error: __memcpy() 'mesh_tx->param' too small (48 vs 50) Analysis: 'mesh_tx->param' is array of size 48. This is the destination. u8 param[sizeof(struct mgmt_cp_mesh_send) + 29]; // 19 + 29 = 48. But in the caller 'mesh_send' we reject only when len > 50. len > (MGMT_MESH_SEND_SIZE + 31) // 19 + 31 = 50. | |||||
| CVE-2022-47949 | 1 Nintendo | 9 Animal Crossing\, Arms, Mario Kart 7 and 6 more | 2025-04-14 | N/A | 9.8 CRITICAL |
| The Nintendo NetworkBuffer class, as used in Animal Crossing: New Horizons before 2.0.6 and other products, allows remote attackers to execute arbitrary code via a large UDP packet that causes a buffer overflow, aka ENLBufferPwn. The victim must join a game session with the attacker. Other affected products include Mario Kart 7 before 1.2, Mario Kart 8, Mario Kart 8 Deluxe before 2.1.0, ARMS before 5.4.1, Splatoon, Splatoon 2 before 5.5.1, Splatoon 3 before late 2022, Super Mario Maker 2 before 3.0.2, and Nintendo Switch Sports before late 2022. | |||||
| CVE-2022-4172 | 2 Fedoraproject, Qemu | 2 Fedora, Qemu | 2025-04-14 | N/A | 6.5 MEDIUM |
| An integer overflow and buffer overflow issues were found in the ACPI Error Record Serialization Table (ERST) device of QEMU in the read_erst_record() and write_erst_record() functions. Both issues may allow the guest to overrun the host buffer allocated for the ERST memory device. A malicious guest could use these flaws to crash the QEMU process on the host. | |||||
| CVE-2024-52531 | 2025-04-14 | N/A | 6.5 MEDIUM | ||
| GNOME libsoup before 3.6.1 allows a buffer overflow in applications that perform conversion to UTF-8 in soup_header_parse_param_list_strict. There is a plausible way to reach this remotely via soup_message_headers_get_content_type (e.g., an application may want to retrieve the content type of a request or response). | |||||
| CVE-2024-24479 | 2 Fedoraproject, Wireshark | 2 Fedora, Wireshark | 2025-04-14 | N/A | 7.5 HIGH |
| A Buffer Overflow in Wireshark before 4.2.0 allows a remote attacker to cause a denial of service via the wsutil/to_str.c, and format_fractional_part_nsecs components. NOTE: this is disputed by the vendor because neither release 4.2.0 nor any other release was affected. | |||||
| CVE-2014-1509 | 5 Canonical, Mozilla, Opensuse and 2 more | 16 Ubuntu Linux, Firefox, Firefox Esr and 13 more | 2025-04-12 | 6.8 MEDIUM | 8.8 HIGH |
| Buffer overflow in the _cairo_truetype_index_to_ucs4 function in cairo, as used in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25, allows remote attackers to execute arbitrary code via a crafted extension that renders fonts in a PDF document. | |||||
| CVE-2016-9033 | 1 Joyent | 1 Smartos | 2025-04-12 | 6.9 MEDIUM | 7.0 HIGH |
| An exploitable buffer overflow exists in the Joyent SmartOS 20161110T013148Z Hyprlofs file system. The vulnerability is present in the Ioctl system call with the command HYPRLOFS_ADD_ENTRIES when dealing with native file systems. An attacker can craft an input that can cause a buffer overflow in the path variable leading to an out of bounds memory access and could result in potential privilege escalation. This vulnerability is distinct from CVE-2016-9035. | |||||
| CVE-2016-4002 | 4 Canonical, Debian, Fedoraproject and 1 more | 4 Ubuntu Linux, Debian Linux, Fedora and 1 more | 2025-04-12 | 6.8 MEDIUM | 9.8 CRITICAL |
| Buffer overflow in the mipsnet_receive function in hw/net/mipsnet.c in QEMU, when the guest NIC is configured to accept large packets, allows remote attackers to cause a denial of service (memory corruption and QEMU crash) or possibly execute arbitrary code via a packet larger than 1514 bytes. | |||||