Export limit exceeded: 345193 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 45459 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 43051 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 21442 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (21442 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-50208 | 1 Dlink | 2 G416, G416 Firmware | 2025-03-10 | 8.8 High |
| D-Link G416 ovpncfg Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link G416 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HTTP service listening on TCP port 80. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-21441. | ||||
| CVE-2023-50210 | 1 Dlink | 2 G416, G416 Firmware | 2025-03-10 | 8.8 High |
| D-Link G416 httpd API-AUTH Digest Processing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link G416 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HTTP service listening on TCP port 80. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-21662. | ||||
| CVE-2023-50211 | 1 Dlink | 2 G416, G416 Firmware | 2025-03-10 | 8.8 High |
| D-Link G416 httpd API-AUTH Timestamp Processing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link G416 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HTTP service listening on TCP port 80. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-21663. | ||||
| CVE-2023-1170 | 1 Vim | 1 Vim | 2025-03-07 | 6.6 Medium |
| Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1376. | ||||
| CVE-2023-22421 | 1 Jtekt | 1 Kostac Plc Programming Software | 2025-03-07 | 7.8 High |
| Out-of-bounds read vulnerability exists in Kostac PLC Programming Software (Former name: Koyo PLC Programming Software) Version 1.6.9.0 and earlier. The insufficient buffer size for the PLC program instructions leads to out-of-bounds read. As a result, opening a specially crafted project file may lead to information disclosure and/or arbitrary code execution. | ||||
| CVE-2023-22754 | 1 Arubanetworks | 2 Arubaos, Sd-wan | 2025-03-07 | 8.1 High |
| There are buffer overflow vulnerabilities in multiple underlying operating system processes that could lead to unauthenticated remote code execution by sending specially crafted packets via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system. | ||||
| CVE-2023-22755 | 1 Arubanetworks | 2 Arubaos, Sd-wan | 2025-03-07 | 8.1 High |
| There are buffer overflow vulnerabilities in multiple underlying operating system processes that could lead to unauthenticated remote code execution by sending specially crafted packets via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system. | ||||
| CVE-2023-22756 | 1 Arubanetworks | 2 Arubaos, Sd-wan | 2025-03-07 | 8.1 High |
| There are buffer overflow vulnerabilities in multiple underlying operating system processes that could lead to unauthenticated remote code execution by sending specially crafted packets via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system. | ||||
| CVE-2023-22757 | 1 Arubanetworks | 2 Arubaos, Sd-wan | 2025-03-07 | 8.1 High |
| There are buffer overflow vulnerabilities in multiple underlying operating system processes that could lead to unauthenticated remote code execution by sending specially crafted packets via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system. | ||||
| CVE-2023-0656 | 1 Sonicwall | 32 Nsa 2700, Nsa 3700, Nsa 4700 and 29 more | 2025-03-07 | 7.5 High |
| A Stack-based buffer overflow vulnerability in the SonicOS allows a remote unauthenticated attacker to cause Denial of Service (DoS), which could cause an impacted firewall to crash. | ||||
| CVE-2022-47664 | 1 Struktur | 1 Libde265 | 2025-03-07 | 7.8 High |
| Libde265 1.0.9 is vulnerable to Buffer Overflow in ff_hevc_put_hevc_qpel_pixels_8_sse | ||||
| CVE-2023-20633 | 2 Google, Mediatek | 25 Android, Mt6580, Mt6735 and 22 more | 2025-03-06 | 6.7 Medium |
| In usb, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628508; Issue ID: ALPS07628508. | ||||
| CVE-2023-20624 | 2 Google, Mediatek | 16 Android, Mt6789, Mt6833 and 13 more | 2025-03-06 | 6.7 Medium |
| In vow, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628530; Issue ID: ALPS07628530. | ||||
| CVE-2023-34058 | 5 Debian, Fedoraproject, Microsoft and 2 more | 10 Debian Linux, Fedora, Windows and 7 more | 2025-03-06 | 7.1 High |
| VMware Tools contains a SAML token signature bypass vulnerability. A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html in a target virtual machine may be able to elevate their privileges if that target virtual machine has been assigned a more privileged Guest Alias https://vdc-download.vmware.com/vmwb-repository/dcr-public/d1902b0e-d479-46bf-8ac9-cee0e31e8ec0/07ce8dbd-db48-4261-9b8f-c6d3ad8ba472/vim.vm.guest.AliasManager.html . | ||||
| CVE-2023-22419 | 1 Jtekt | 1 Kostac Plc Programming Software | 2025-03-06 | 7.8 High |
| Out-of-bounds read vulnerability exists in Kostac PLC Programming Software (Former name: Koyo PLC Programming Software) Version 1.6.9.0 and earlier. When processing a comment block in stage information, the end of data cannot be verified and out-of-bounds read occurs. As a result, opening a specially crafted project file may lead to information disclosure and/or arbitrary code execution. | ||||
| CVE-2025-0848 | 1 Tenda | 2 A18, A18 Firmware | 2025-03-06 | 6.5 Medium |
| A vulnerability was found in Tenda A18 up to 15.13.07.09. It has been rated as critical. This issue affects the function SetCmdlineRun of the file /goform/SetCmdlineRun of the component HTTP POST Request Handler. The manipulation of the argument wpapsk_crypto5g leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2023-0193 | 3 Linux, Microsoft, Nvidia | 3 Linux Kernel, Windows, Cuda Toolkit | 2025-03-05 | 4.4 Medium |
| NVIDIA CUDA Toolkit SDK contains a vulnerability in cuobjdump, where a local user running the tool against a malicious binary may cause an out-of-bounds read, which may result in a limited denial of service and limited information disclosure. | ||||
| CVE-2022-33256 | 1 Qualcomm | 130 Ar8035, Ar8035 Firmware, Qca6390 and 127 more | 2025-03-05 | 9.8 Critical |
| Memory corruption due to improper validation of array index in Multi-mode call processor. | ||||
| CVE-2023-29419 | 1 Bzip3 Project | 1 Bzip3 | 2025-03-05 | 6.5 Medium |
| An issue was discovered in libbzip3.a in bzip3 before 1.2.3. There is a bz3_decode_block out-of-bounds read. | ||||
| CVE-2023-29418 | 1 Bzip3 Project | 1 Bzip3 | 2025-03-05 | 6.5 Medium |
| An issue was discovered in libbzip3.a in bzip3 before 1.2.3. There is an xwrite out-of-bounds read. | ||||