Total
3120 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-29361 | 1 Tendacn | 2 Rx3, Rx3 Firmware | 2025-04-02 | N/A | 7.5 HIGH |
| Tenda RX3 US_RX3V1.0br_V16.03.13.11_multi_TDE01 is vulnerable to Buffer Overflow via the list parameter at /goform/SetVirtualServerCfg. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted packet. | |||||
| CVE-2025-29360 | 1 Tendacn | 2 Rx3, Rx3 Firmware | 2025-04-02 | N/A | 7.5 HIGH |
| Tenda RX3 US_RX3V1.0br_V16.03.13.11_multi_TDE01 is vulnerable to Buffer Overflow via the time and timeZone parameters at /goform/SetSysTimeCfg. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted packet. | |||||
| CVE-2025-29362 | 1 Tendacn | 2 Rx3, Rx3 Firmware | 2025-04-02 | N/A | 7.5 HIGH |
| Tenda RX3 US_RX3V1.0br_V16.03.13.11_multi_TDE01 is vulnerable to Buffer Overflow via the list parameter at /goform/setPptpUserList. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted packet. | |||||
| CVE-2025-29363 | 1 Tendacn | 2 Rx3, Rx3 Firmware | 2025-04-02 | N/A | 7.5 HIGH |
| Tenda RX3 US_RX3V1.0br_V16.03.13.11_multi_TDE01 is vulnerable to buffer overflow via the schedStartTime and schedEndTime parameters at /goform/saveParentControlInfo. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted packet. | |||||
| CVE-2020-5135 | 1 Sonicwall | 2 Sonicos, Sonicosv | 2025-04-02 | 7.5 HIGH | 9.8 CRITICAL |
| A buffer overflow vulnerability in SonicOS allows a remote attacker to cause Denial of Service (DoS) and potentially execute arbitrary code by sending a malicious request to the firewall. This vulnerability affected SonicOS Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version 7.0.0.0. | |||||
| CVE-2024-25196 | 2 Opennav, Openrobotics | 2 Nav2, Robot Operating System | 2025-04-02 | N/A | 3.3 LOW |
| Open Robotics Robotic Operating Sytstem 2 (ROS2) and Nav2 humble versions were discovered to contain a buffer overflow via the nav2_controller process. This vulnerability is triggerd via sending a crafted .yaml file. | |||||
| CVE-2023-52733 | 1 Linux | 1 Linux Kernel | 2025-04-02 | N/A | 7.8 HIGH |
| In the Linux kernel, the following vulnerability has been resolved: s390/decompressor: specify __decompress() buf len to avoid overflow Historically calls to __decompress() didn't specify "out_len" parameter on many architectures including s390, expecting that no writes beyond uncompressed kernel image are performed. This has changed since commit 2aa14b1ab2c4 ("zstd: import usptream v1.5.2") which includes zstd library commit 6a7ede3dfccb ("Reduce size of dctx by reutilizing dst buffer (#2751)"). Now zstd decompression code might store literal buffer in the unwritten portion of the destination buffer. Since "out_len" is not set, it is considered to be unlimited and hence free to use for optimization needs. On s390 this might corrupt initrd or ipl report which are often placed right after the decompressor buffer. Luckily the size of uncompressed kernel image is already known to the decompressor, so to avoid the problem simply specify it in the "out_len" parameter. | |||||
| CVE-2023-52735 | 1 Linux | 1 Linux Kernel | 2025-04-02 | N/A | 9.1 CRITICAL |
| In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Don't let sock_map_{close,destroy,unhash} call itself sock_map proto callbacks should never call themselves by design. Protect against bugs like [1] and break out of the recursive loop to avoid a stack overflow in favor of a resource leak. [1] https://lore.kernel.org/all/00000000000073b14905ef2e7401@google.com/ | |||||
| CVE-2021-47347 | 1 Linux | 1 Linux Kernel | 2025-04-02 | N/A | 8.8 HIGH |
| In the Linux kernel, the following vulnerability has been resolved: wl1251: Fix possible buffer overflow in wl1251_cmd_scan Function wl1251_cmd_scan calls memcpy without checking the length. Harden by checking the length is within the maximum allowed size. | |||||
| CVE-2025-29137 | 1 Tenda | 2 Ac7, Ac7 Firmware | 2025-04-01 | N/A | 9.8 CRITICAL |
| Tenda AC7 V1.0 V15.03.06.44 found a buffer overflow caused by the timeZone parameter in the form_fast_setting_wifi_set function, which can cause RCE. | |||||
| CVE-2023-33302 | 2025-04-01 | N/A | 4.7 MEDIUM | ||
| A buffer copy without checking size of input ('classic buffer overflow') in Fortinet FortiMail webmail and administrative interface version 6.4.0 through 6.4.4 and before 6.2.6 and FortiNDR administrative interface version 7.2.0 and before 7.1.0 allows an authenticated attacker with regular webmail access to trigger a buffer overflow and to possibly execute unauthorized code or commands via specifically crafted HTTP requests. | |||||
| CVE-2024-38576 | 1 Linux | 1 Linux Kernel | 2025-04-01 | N/A | 7.1 HIGH |
| In the Linux kernel, the following vulnerability has been resolved: rcu: Fix buffer overflow in print_cpu_stall_info() The rcuc-starvation output from print_cpu_stall_info() might overflow the buffer if there is a huge difference in jiffies difference. The situation might seem improbable, but computers sometimes get very confused about time, which can result in full-sized integers, and, in this case, buffer overflow. Also, the unsigned jiffies difference is printed using %ld, which is normally for signed integers. This is intentional for debugging purposes, but it is not obvious from the code. This commit therefore changes sprintf() to snprintf() and adds a clarifying comment about intention of %ld format. Found by Linux Verification Center (linuxtesting.org) with SVACE. | |||||
| CVE-2024-50667 | 1 Trendnet | 2 Tew-820ap, Tew-820ap Firmware | 2025-04-01 | N/A | 9.8 CRITICAL |
| The boa httpd of Trendnet TEW-820AP 1.01.B01 has a stack overflow vulnerability in /boafrm/formIPv6Addr, /boafrm/formIpv6Setup, /boafrm/formDnsv6. The reason is that the check of ipv6 address is not sufficient, which allows attackers to construct payloads for attacks. | |||||
| CVE-2024-42813 | 1 Trendnet | 2 Tew-752dru, Tew-752dru Firmware | 2025-04-01 | N/A | 9.8 CRITICAL |
| In TRENDnet TEW-752DRU FW1.03B01, there is a buffer overflow vulnerability due to the lack of length verification for the service field in gena.cgi. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or execute arbitrary commands. | |||||
| CVE-2025-27830 | 1 Artifex | 1 Ghostscript | 2025-04-01 | N/A | 7.8 HIGH |
| An issue was discovered in Artifex Ghostscript before 10.05.0. A buffer overflow occurs during serialization of DollarBlend in a font, for base/write_t1.c and psi/zfapi.c. | |||||
| CVE-2025-27831 | 1 Artifex | 1 Ghostscript | 2025-04-01 | N/A | 9.8 CRITICAL |
| An issue was discovered in Artifex Ghostscript before 10.05.0. The DOCXWRITE TXTWRITE device has a text buffer overflow via long characters to devices/vector/doc_common.c. | |||||
| CVE-2025-27832 | 1 Artifex | 1 Ghostscript | 2025-04-01 | N/A | 9.8 CRITICAL |
| An issue was discovered in Artifex Ghostscript before 10.05.0. The NPDL device has a Compression buffer overflow for contrib/japanese/gdevnpdl.c. | |||||
| CVE-2025-27833 | 1 Artifex | 1 Ghostscript | 2025-04-01 | N/A | 7.8 HIGH |
| An issue was discovered in Artifex Ghostscript before 10.05.0. A buffer overflow occurs for a long TTF font name to pdf/pdf_fmap.c. | |||||
| CVE-2025-27834 | 1 Artifex | 1 Ghostscript | 2025-04-01 | N/A | 7.8 HIGH |
| An issue was discovered in Artifex Ghostscript before 10.05.0. A buffer overflow occurs via an oversized Type 4 function in a PDF document to pdf/pdf_func.c. | |||||
| CVE-2025-27835 | 1 Artifex | 1 Ghostscript | 2025-04-01 | N/A | 7.8 HIGH |
| An issue was discovered in Artifex Ghostscript before 10.05.0. A buffer overflow occurs when converting glyphs to Unicode in psi/zbfont.c. | |||||