Export limit exceeded: 20655 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (20655 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-9063 | 1 Ncr | 2 Aptra Xfs, Selfserv Atm | 2025-11-04 | 7.6 High |
| NCR SelfServ ATMs running APTRA XFS 05.01.00 or earlier do not authenticate or protect the integrity of USB HID communications between the currency dispenser and the host computer, permitting an attacker with physical access to internal ATM components the ability to inject a malicious payload and execute arbitrary code with SYSTEM privileges on the host computer by causing a buffer overflow on the host. | ||||
| CVE-2020-25687 | 4 Debian, Fedoraproject, Redhat and 1 more | 5 Debian Linux, Fedora, Enterprise Linux and 2 more | 2025-11-04 | 5.9 Medium |
| A flaw was found in dnsmasq before version 2.83. A heap-based buffer overflow was discovered in dnsmasq when DNSSEC is enabled and before it validates the received DNS entries. This flaw allows a remote attacker, who can create valid DNS replies, to cause an overflow in a heap-allocated memory. This flaw is caused by the lack of length checks in rfc1035.c:extract_name(), which could be abused to make the code execute memcpy() with a negative size in sort_rrset() and cause a crash in dnsmasq, resulting in a denial of service. The highest threat from this vulnerability is to system availability. | ||||
| CVE-2020-25683 | 4 Debian, Fedoraproject, Redhat and 1 more | 5 Debian Linux, Fedora, Enterprise Linux and 2 more | 2025-11-04 | 5.9 Medium |
| A flaw was found in dnsmasq before version 2.83. A heap-based buffer overflow was discovered in dnsmasq when DNSSEC is enabled and before it validates the received DNS entries. A remote attacker, who can create valid DNS replies, could use this flaw to cause an overflow in a heap-allocated memory. This flaw is caused by the lack of length checks in rfc1035.c:extract_name(), which could be abused to make the code execute memcpy() with a negative size in get_rdata() and cause a crash in dnsmasq, resulting in a denial of service. The highest threat from this vulnerability is to system availability. | ||||
| CVE-2020-25682 | 4 Debian, Fedoraproject, Redhat and 1 more | 5 Debian Linux, Fedora, Enterprise Linux and 2 more | 2025-11-04 | 8.1 High |
| A flaw was found in dnsmasq before 2.83. A buffer overflow vulnerability was discovered in the way dnsmasq extract names from DNS packets before validating them with DNSSEC data. An attacker on the network, who can create valid DNS replies, could use this flaw to cause an overflow with arbitrary data in a heap-allocated memory, possibly executing code on the machine. The flaw is in the rfc1035.c:extract_name() function, which writes data to the memory pointed by name assuming MAXDNAME*2 bytes are available in the buffer. However, in some code execution paths, it is possible extract_name() gets passed an offset from the base buffer, thus reducing, in practice, the number of available bytes that can be written in the buffer. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | ||||
| CVE-2020-25681 | 4 Debian, Fedoraproject, Redhat and 1 more | 5 Debian Linux, Fedora, Enterprise Linux and 2 more | 2025-11-04 | 8.1 High |
| A flaw was found in dnsmasq before version 2.83. A heap-based buffer overflow was discovered in the way RRSets are sorted before validating with DNSSEC data. An attacker on the network, who can forge DNS replies such as that they are accepted as valid, could use this flaw to cause a buffer overflow with arbitrary data in a heap memory segment, possibly executing code on the machine. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | ||||
| CVE-2025-1365 | 1 Elfutils Project | 1 Elfutils | 2025-11-04 | 5.3 Medium |
| A vulnerability, which was classified as critical, was found in GNU elfutils 0.192. This affects the function process_symtab of the file readelf.c of the component eu-readelf. The manipulation of the argument D/a leads to buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The identifier of the patch is 5e5c0394d82c53e97750fe7b18023e6f84157b81. It is recommended to apply a patch to fix this issue. | ||||
| CVE-2024-3159 | 1 Google | 1 Chrome | 2025-11-04 | 8.8 High |
| Out of bounds memory access in V8 in Google Chrome prior to 123.0.6312.105 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2024-3156 | 1 Google | 1 Chrome | 2025-11-04 | 8.8 High |
| Inappropriate implementation in V8 in Google Chrome prior to 123.0.6312.105 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2024-28219 | 3 Debian, Python, Redhat | 6 Debian Linux, Pillow, Ansible Automation Platform and 3 more | 2025-11-04 | 6.7 Medium |
| In _imagingcms.c in Pillow before 10.3.0, a buffer overflow exists because strcpy is used instead of strncpy. | ||||
| CVE-2024-26593 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2025-11-04 | 7.1 High |
| In the Linux kernel, the following vulnerability has been resolved: i2c: i801: Fix block process call transactions According to the Intel datasheets, software must reset the block buffer index twice for block process call transactions: once before writing the outgoing data to the buffer, and once again before reading the incoming data from the buffer. The driver is currently missing the second reset, causing the wrong portion of the block buffer to be read. | ||||
| CVE-2024-25580 | 2 Qt, Redhat | 2 Qt, Enterprise Linux | 2025-11-04 | 6.2 Medium |
| An issue was discovered in gui/util/qktxhandler.cpp in Qt before 5.15.17, 6.x before 6.2.12, 6.3.x through 6.5.x before 6.5.5, and 6.6.x before 6.6.2. A buffer overflow and application crash can occur via a crafted KTX image file. | ||||
| CVE-2024-25395 | 1 Rt-thread | 1 Rt-thread | 2025-11-04 | 8.8 High |
| A buffer overflow occurs in utilities/rt-link/src/rtlink.c in RT-Thread through 5.0.2. | ||||
| CVE-2024-25394 | 1 Rt-thread | 1 Rt-thread | 2025-11-04 | 4.3 Medium |
| A buffer overflow occurs in utilities/ymodem/ry_sy.c in RT-Thread through 5.0.2 because of an incorrect sprintf call or a missing '\0' character. | ||||
| CVE-2024-25393 | 1 Rt-thread | 1 Rt-thread | 2025-11-04 | 9.8 Critical |
| A stack buffer overflow occurs in net/at/src/at_server.c in RT-Thread through 5.0.2. | ||||
| CVE-2024-25392 | 1 Rt-thread | 1 Rt-thread | 2025-11-04 | 5.9 Medium |
| An out-of-bounds access occurs in utilities/var_export/var_export.c in RT-Thread through 5.0.2. | ||||
| CVE-2024-25391 | 1 Rt-thread | 1 Rt-thread | 2025-11-04 | 8.4 High |
| A stack buffer overflow occurs in libc/posix/ipc/mqueue.c in RT-Thread through 5.0.2. | ||||
| CVE-2024-25390 | 1 Rt-thread | 1 Rt-thread | 2025-11-04 | 8.4 High |
| A heap buffer overflow occurs in finsh/msh_file.c and finsh/msh.c in RT-Thread through 5.0.2. | ||||
| CVE-2024-24479 | 2 Fedoraproject, Wireshark | 2 Fedora, Wireshark | 2025-11-04 | 7.5 High |
| A Buffer Overflow in Wireshark before 4.2.0 allows a remote attacker to cause a denial of service via the wsutil/to_str.c, and format_fractional_part_nsecs components. NOTE: this is disputed by the vendor because neither release 4.2.0 nor any other release was affected. | ||||
| CVE-2024-24476 | 2 Fedoraproject, Wireshark | 2 Fedora, Wireshark | 2025-11-04 | 7.5 High |
| A buffer overflow in Wireshark before 4.2.0 allows a remote attacker to cause a denial of service via the pan/addr_resolv.c, and ws_manuf_lookup_str(), size components. NOTE: this is disputed by the vendor because neither release 4.2.0 nor any other release was affected. | ||||
| CVE-2024-24335 | 1 Rt-thread | 1 Rt-thread | 2025-11-04 | 8.4 High |
| A heap buffer overflow occurs in the dfs_v2 romfs filesystem RT-Thread through 5.0.2. | ||||