Total
1845 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-54484 | 1 Libbiosig Project | 1 Libbiosig | 2025-09-02 | N/A | 9.8 CRITICAL |
| A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.This vulnerability manifests on line 8779 of biosig.c on the current master branch (35a819fa), when the Tag is 6: else if (tag==6) // 0x06 "number of sequences" { // NRec if (len>4) fprintf(stderr,"Warning MFER tag6 incorrect length %i>4\n",len); curPos += ifread(buf,1,len,hdr); | |||||
| CVE-2025-54483 | 1 Libbiosig Project | 1 Libbiosig | 2025-09-02 | N/A | 9.8 CRITICAL |
| A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.This vulnerability manifests on line 8759 of biosig.c on the current master branch (35a819fa), when the Tag is 5: else if (tag==5) //0x05: number of channels { uint16_t oldNS=hdr->NS; if (len>4) fprintf(stderr,"Warning MFER tag5 incorrect length %i>4\n",len); curPos += ifread(buf,1,len,hdr); | |||||
| CVE-2025-54482 | 1 Libbiosig Project | 1 Libbiosig | 2025-09-02 | N/A | 9.8 CRITICAL |
| A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.This vulnerability manifests on line 8751 of biosig.c on the current master branch (35a819fa), when the Tag is 4: else if (tag==4) { // SPR if (len>4) fprintf(stderr,"Warning MFER tag4 incorrect length %i>4\n",len); curPos += ifread(buf,1,len,hdr); | |||||
| CVE-2025-54481 | 1 Libbiosig Project | 1 Libbiosig | 2025-09-02 | N/A | 9.8 CRITICAL |
| A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.This vulnerability manifests on line 8744 of biosig.c on the current master branch (35a819fa), when the Tag is 3: else if (tag==3) { // character code char v[17]; // [1] if (len>16) fprintf(stderr,"Warning MFER tag2 incorrect length %i>16\n",len); curPos += ifread(&v,1,len,hdr); v[len] = 0; In this case, the overflowed buffer is the newly-declared `v` \[1\] instead of `buf`. Since `v` is only 17 bytes large, much smaller values of `len` (even those encoded using a single octet) can trigger an overflow in this code path. | |||||
| CVE-2025-54480 | 1 Libbiosig Project | 1 Libbiosig | 2025-09-02 | N/A | 9.8 CRITICAL |
| A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.This vulnerability manifests on line 8719 of biosig.c on the current master branch (35a819fa), when the Tag is 0: if (tag==0) { if (len!=1) fprintf(stderr,"Warning MFER tag0 incorrect length %i!=1\n",len); curPos += ifread(buf,1,len,hdr); } | |||||
| CVE-2023-38581 | 2 Intel, Microsoft | 2 Power Gadget, Windows | 2025-09-02 | N/A | 8.8 HIGH |
| Buffer overflow in Intel(R) Power Gadget software for Windows all versions may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2025-34165 | 2025-09-02 | N/A | N/A | ||
| A stack-based buffer overflow vulnerability in NetSupport ManagerĀ 14.x versions prior to 14.12.0000 allows a remote, unauthenticated attacker to cause a denial of service (DoS) or potentially leak a limited amount of memory. | |||||
| CVE-2009-20009 | 2025-09-02 | N/A | N/A | ||
| Belkin Bulldog Plus version 4.0.2 build 1219 contains a stack-based buffer overflow vulnerability in its web service authentication handler. When a specially crafted HTTP request is sent with an oversized Authorization header, the application fails to properly validate the input length before copying it into a fixed-size buffer, resulting in memory corruption and potential remote code execution. Exploitation requires network access and does not require prior authentication. | |||||
| CVE-2009-20008 | 2025-09-02 | N/A | N/A | ||
| Green Dam Youth Escort version 3.17 is vulnerable to a stack-based buffer overflow when processing overly long URLs. The flaw resides in the URL filtering component, which fails to properly validate input length before copying user-supplied data into a fixed-size buffer. A remote attacker can exploit this vulnerability by enticing a user to visit a specially crafted webpage containing a long URL, resulting in arbitrary code execution. | |||||
| CVE-2011-10032 | 2025-09-02 | N/A | N/A | ||
| Sunway ForceControl version 6.1 SP3 and earlier contains a stack-based buffer overflow vulnerability in the SNMP NetDBServer service, which listens on TCP port 2001. The flaw is triggered when the service receives a specially crafted packet using opcode 0x57 with an overly long payload. Due to improper bounds checking during packet parsing, attacker-controlled data overwrites the Structured Exception Handler (SEH), allowing arbitrary code execution in the context of the service. This vulnerability can be exploited remotely without authentication and may lead to full system compromise on affected Windows hosts. | |||||
| CVE-2025-9526 | 2025-08-29 | 9.0 HIGH | 8.8 HIGH | ||
| A vulnerability has been found in Linksys E1700 1.0.0.4.003. Affected by this issue is the function setSysAdm of the file /goform/setSysAdm. Such manipulation of the argument rm_port leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-9525 | 2025-08-29 | 9.0 HIGH | 8.8 HIGH | ||
| A flaw has been found in Linksys E1700 1.0.0.4.003. Affected by this vulnerability is the function setWan of the file /goform/setWan. This manipulation of the argument DeviceName/lanIp causes stack-based buffer overflow. The attack can be initiated remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-9527 | 2025-08-29 | 9.0 HIGH | 8.8 HIGH | ||
| A vulnerability was found in Linksys E1700 1.0.0.4.003. This affects the function QoSSetup of the file /goform/QoSSetup. Performing manipulation of the argument ack_policy results in stack-based buffer overflow. The attack may be initiated remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-37003 | 1 Autodesk | 9 Advance Steel, Autocad, Autocad Architecture and 6 more | 2025-08-27 | N/A | 7.8 HIGH |
| A maliciously crafted DWG and SLDPRT file, when parsed in opennurbs.dll and ODXSW_DLL.dll through Autodesk applications, can be used to cause a Stack-based Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process. | |||||
| CVE-2024-23934 | 2025-08-26 | N/A | 8.8 HIGH | ||
| Sony XAV-AX5500 WMV/ASF Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sony XAV-AX5500 devices. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of WMV/ASF files. A crafted Extended Content Description Object in a WMV media file can trigger an overflow of a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the device. . Was ZDI-CAN-22994. | |||||
| CVE-2024-23933 | 2025-08-26 | N/A | 6.8 MEDIUM | ||
| Sony XAV-AX5500 CarPlay TLV Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Sony XAV-AX5500 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the Apple CarPlay protocol. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-23238 | |||||
| CVE-2024-23138 | 1 Autodesk | 11 Advance Steel, Autocad, Autocad Architecture and 8 more | 2025-08-26 | N/A | 7.8 HIGH |
| A maliciously crafted DWG file when parsed through Autodesk DWG TrueView can be used to cause a Stack-based Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process. | |||||
| CVE-2024-23126 | 1 Autodesk | 9 Advance Steel, Autocad, Autocad Architecture and 6 more | 2025-08-26 | N/A | 7.8 HIGH |
| A maliciously crafted CATPART file when parsed CC5Dll.dll through Autodesk applications can be used to cause a Stack-based Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process. | |||||
| CVE-2024-23125 | 1 Autodesk | 9 Advance Steel, Autocad, Autocad Architecture and 6 more | 2025-08-26 | N/A | 7.8 HIGH |
| A maliciously crafted SLDPRT file when parsed ODXSW_DLL.dll through Autodesk applications can be used to cause a Stack-based Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process. | |||||
| CVE-2025-46411 | 1 Libbiosig Project | 1 Libbiosig | 2025-08-26 | N/A | 8.1 HIGH |
| A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability. | |||||