Total
1461 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2025-23388 | 2025-04-11 | N/A | 8.2 HIGH | ||
A Stack-based Buffer Overflow vulnerability in SUSE rancher allows for denial of service.This issue affects rancher: from 2.8.0 before 2.8.13, from 2.9.0 before 2.9.7, from 2.10.0 before 2.10.3. | |||||
CVE-2025-30298 | 2 Adobe, Microsoft | 2 Framemaker, Windows | 2025-04-11 | N/A | 7.8 HIGH |
Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
CVE-2023-34095 | 1 Openprinting | 1 Cpdb-libs | 2025-04-10 | N/A | 9.8 CRITICAL |
cpdb-libs provides frontend and backend libraries for the Common Printing Dialog Backends (CPDB) project. In versions 1.0 through 2.0b4, cpdb-libs is vulnerable to buffer overflows via improper use of `scanf(3)`. cpdb-libs uses the `fscanf()` and `scanf()` functions to parse command lines and configuration files, dropping the read string components into fixed-length buffers, but does not limit the length of the strings to be read by `fscanf()` and `scanf()` causing buffer overflows when a string is longer than 1023 characters. A patch for this issue is available at commit f181bd1f14757c2ae0f17cc76dc20421a40f30b7. As all buffers have a length of 1024 characters, the patch limits the maximum string length to be read to 1023 by replacing all occurrences of `%s` with `%1023s` in all calls of the `fscanf()` and `scanf()` functions. | |||||
CVE-2025-1163 | 1 Code-projects | 1 Vehicle Parking Management System | 2025-04-10 | 4.3 MEDIUM | 5.3 MEDIUM |
A vulnerability classified as critical was found in code-projects Vehicle Parking Management System 1.0. This vulnerability affects the function login of the component Authentication. The manipulation of the argument username leads to stack-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. | |||||
CVE-2024-28877 | 1 Microdicom | 1 Dicom Viewer | 2025-04-10 | N/A | 8.8 HIGH |
MicroDicom DICOM Viewer is vulnerable to a stack-based buffer overflow, which may allow an attacker to execute arbitrary code on affected installations of DICOM Viewer. User interaction is required to exploit this vulnerability. | |||||
CVE-2025-25634 | 1 Tenda | 2 Ac15, Ac15 Firmware | 2025-04-10 | N/A | 6.5 MEDIUM |
A vulnerability has been found in Tenda AC15 15.03.05.19 in the function GetParentControlInfo of the file /goform/GetParentControlInfo. The manipulation of the argument src leads to stack-based buffer overflow. | |||||
CVE-2024-41586 | 1 Draytek | 2 Vigor3910, Vigor3910 Firmware | 2025-04-10 | N/A | 8.0 HIGH |
A stack-based Buffer Overflow vulnerability in DrayTek Vigor310 devices through 4.3.2.6 allows a remote attacker to execute arbitrary code via a long query string to the cgi-bin/ipfedr.cgi component. | |||||
CVE-2024-33835 | 1 Tenda | 2 Ac18, Ac18 Firmware | 2025-04-10 | N/A | 9.8 CRITICAL |
Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in the remoteIp parameter from formSetSafeWanWebMan function. | |||||
CVE-2025-25679 | 1 Tenda | 2 I12, I12 Firmware | 2025-04-10 | N/A | 8.0 HIGH |
Tenda i12 V1.0.0.10(3805) was discovered to contain a buffer overflow via the index parameter in the formWifiMacFilterSet function. | |||||
CVE-2025-1851 | 1 Tenda | 2 Ac7, Ac7 Firmware | 2025-04-10 | 9.0 HIGH | 8.8 HIGH |
A vulnerability, which was classified as critical, was found in Tenda AC7 up to 15.03.06.44. This affects the function formSetFirewallCfg of the file /goform/SetFirewallCfg. The manipulation of the argument firewallEn leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
CVE-2025-26688 | 2025-04-09 | N/A | 7.8 HIGH | ||
Stack-based buffer overflow in Microsoft Virtual Hard Drive allows an authorized attacker to elevate privileges locally. | |||||
CVE-2025-27481 | 2025-04-09 | N/A | 8.8 HIGH | ||
Stack-based buffer overflow in Windows Telephony Service allows an unauthorized attacker to execute code over a network. | |||||
CVE-2025-29988 | 2025-04-09 | N/A | 6.9 MEDIUM | ||
Dell Client Platform BIOS contains a Stack-based Buffer Overflow Vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary code execution. | |||||
CVE-2024-44859 | 1 Tenda | 2 Fh1201, Fh1201 Firmware | 2025-04-09 | N/A | 8.0 HIGH |
Tenda FH1201 v1.2.0.14 has a stack buffer overflow vulnerability in `formWrlExtraGet`. | |||||
CVE-2025-3161 | 1 Tenda | 2 Ac10, Ac10 Firmware | 2025-04-09 | 9.0 HIGH | 8.8 HIGH |
A vulnerability was found in Tenda AC10 16.03.10.13 and classified as critical. This issue affects the function ShutdownSetAdd of the file /goform/ShutdownSetAdd. The manipulation of the argument list leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
CVE-2024-20998 | 2 Netapp, Oracle | 5 Active Iq Unified Manager, Oncommand Insight, Oncommand Workflow Automation and 2 more | 2025-04-09 | N/A | 4.9 MEDIUM |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | |||||
CVE-2024-21054 | 2 Netapp, Oracle | 5 Active Iq Unified Manager, Oncommand Insight, Oncommand Workflow Automation and 2 more | 2025-04-09 | N/A | 4.9 MEDIUM |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | |||||
CVE-2024-21053 | 2 Netapp, Oracle | 4 Active Iq Unified Manager, Oncommand Insight, Oncommand Workflow Automation and 1 more | 2025-04-09 | N/A | 4.9 MEDIUM |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.34 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | |||||
CVE-2022-40517 | 1 Qualcomm | 362 Aqt1000, Aqt1000 Firmware, Ar8031 and 359 more | 2025-04-09 | N/A | 8.4 HIGH |
Memory corruption in core due to stack-based buffer overflow | |||||
CVE-2022-40516 | 1 Qualcomm | 368 Aqt1000, Aqt1000 Firmware, Ar8031 and 365 more | 2025-04-09 | N/A | 8.4 HIGH |
Memory corruption in Core due to stack-based buffer overflow. |