Export limit exceeded: 21334 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (21334 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-3864 | 3 Debian, Mozilla, Redhat | 9 Debian Linux, Firefox, Firefox Esr and 6 more | 2025-04-01 | 8.1 High |
| Memory safety bug present in Firefox 124, Firefox ESR 115.9, and Thunderbird 115.9. This bug showed evidence of memory corruption and we presume that with enough effort this could have been exploited to run arbitrary code. This vulnerability affects Firefox < 125, Firefox ESR < 115.10, and Thunderbird < 115.10. | ||||
| CVE-2024-2608 | 3 Debian, Mozilla, Redhat | 9 Debian Linux, Firefox, Firefox Esr and 6 more | 2025-04-01 | 8.4 High |
| `AppendEncodedAttributeValue(), ExtraSpaceNeededForAttrEncoding()` and `AppendEncodedCharacters()` could have experienced integer overflows, causing underallocation of an output buffer leading to an out of bounds write. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9. | ||||
| CVE-2024-2607 | 3 Debian, Mozilla, Redhat | 9 Debian Linux, Firefox, Firefox Esr and 6 more | 2025-04-01 | 8.1 High |
| Return registers were overwritten which could have allowed an attacker to execute arbitrary code. *Note:* This issue only affected Armv7-A systems. Other operating systems are unaffected. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9. | ||||
| CVE-2024-29943 | 1 Mozilla | 1 Firefox | 2025-04-01 | 9.8 Critical |
| An attacker was able to perform an out-of-bounds read or write on a JavaScript object by fooling range-based bounds check elimination. This vulnerability affects Firefox < 124.0.1. | ||||
| CVE-2025-27833 | 1 Artifex | 1 Ghostscript | 2025-04-01 | 7.8 High |
| An issue was discovered in Artifex Ghostscript before 10.05.0. A buffer overflow occurs for a long TTF font name to pdf/pdf_fmap.c. | ||||
| CVE-2025-27834 | 1 Artifex | 1 Ghostscript | 2025-04-01 | 7.8 High |
| An issue was discovered in Artifex Ghostscript before 10.05.0. A buffer overflow occurs via an oversized Type 4 function in a PDF document to pdf/pdf_func.c. | ||||
| CVE-2025-26002 | 1 Telesquare | 2 Tlr-2005ksh, Tlr-2005ksh Firmware | 2025-04-01 | 9.8 Critical |
| Telesquare TLR-2005KSH 1.1.4 is affected by an unauthorized stack overflow vulnerability when requesting the admin.cgi parameter with setSyncTimeHost. | ||||
| CVE-2025-26004 | 1 Telesquare | 2 Tlr-2005ksh, Tlr-2005ksh Firmware | 2025-04-01 | 9.8 Critical |
| Telesquare TLR-2005KSH 1.1.4 is vulnerable to unauthorized stack buffer overflow vulnerability when requesting admin.cgi parameter with setDdns. | ||||
| CVE-2025-26005 | 1 Telesquare | 2 Tlr-2005ksh, Tlr-2005ksh Firmware | 2025-04-01 | 9.8 Critical |
| Telesquare TLR-2005KSH 1.1.4 is vulnerable to unauthorized stack overflow vulnerability when requesting admin.cgi parameter with setNtp. | ||||
| CVE-2025-26006 | 1 Telesquare | 2 Tlr-2005ksh, Tlr-2005ksh Firmware | 2025-04-01 | 9.8 Critical |
| Telesquare TLR-2005KSH 1.1.4 has an unauthorized stack overflow vulnerability when requesting the admin.cgi parameter with setAutorest. | ||||
| CVE-2025-26007 | 1 Telesquare | 2 Tlr-2005ksh, Tlr-2005ksh Firmware | 2025-04-01 | 9.8 Critical |
| Telesquare TLR-2005KSH 1.1.4 has an unauthorized stack overflow vulnerability in the login interface when requesting systemtil.cgi. | ||||
| CVE-2025-26008 | 1 Telesquare | 2 Tlr-2005ksh, Tlr-2005ksh Firmware | 2025-04-01 | 9.8 Critical |
| In Telesquare TLR-2005KSH 1.1.4, an unauthorized stack overflow vulnerability exists when requesting admin.cgi parameter with setSyncTimeHost. | ||||
| CVE-2025-28361 | 1 Telesquare | 2 Tlr-2005ksh, Tlr-2005ksh Firmware | 2025-04-01 | 7.5 High |
| Unauthorized stack overflow vulnerability in Telesquare TLR-2005KSH v.1.1.4 allows a remote attacker to obtain sensitive information via the systemutil.cgi component. | ||||
| CVE-2025-26011 | 1 Telesquare | 2 Tlr-2005ksh, Tlr-2005ksh Firmware | 2025-04-01 | 9.8 Critical |
| Telesquare TLR-2005KSH 1.1.4 has an unauthorized stack overflow vulnerability when requesting the admin.cgi parameter with setUsernamePassword. | ||||
| CVE-2024-1783 | 1 Totolink | 2 Lr1200gb, Lr1200gb Firmware | 2025-04-01 | 9.8 Critical |
| A vulnerability classified as critical has been found in Totolink LR1200GB 9.1.0u.6619_B20230130/9.3.5u.6698_B20230810. Affected is the function loginAuth of the file /cgi-bin/cstecgi.cgi of the component Web Interface. The manipulation of the argument http_host leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-254574 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2022-40717 | 1 Dlink | 2 Dir-2150, Dir-2150 Firmware | 2025-04-01 | 8.8 High |
| This vulnerability allows network-adjacent attackers to execute arbitrary code on affected D-Link DIR-2150 4.0.1 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the anweb service, which listens on TCP ports 80 and 443 by default. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15727. | ||||
| CVE-2022-40718 | 1 Dlink | 2 Dir-2150, Dir-2150 Firmware | 2025-04-01 | 8.8 High |
| This vulnerability allows network-adjacent attackers to execute arbitrary code on affected D-Link DIR-2150 4.0.1 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the anweb service, which listens on TCP ports 80 and 443 by default. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15728. | ||||
| CVE-2022-41140 | 1 Dlink | 6 Dir-867, Dir-867 Firmware, Dir-878 and 3 more | 2025-04-01 | 8.8 High |
| This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of multiple D-Link routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the lighttpd service, which listens on TCP port 80 by default. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-13796. | ||||
| CVE-2022-42387 | 1 Pdf-xchange | 1 Pdf-xchange Editor | 2025-04-01 | 5.5 Medium |
| This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D files. Crafted data in a U3D file can trigger a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-18656. | ||||
| CVE-2022-42388 | 1 Pdf-xchange | 1 Pdf-xchange Editor | 2025-04-01 | 5.5 Medium |
| This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D files. Crafted data in a U3D file can trigger a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-18657. | ||||