Total
14050 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-50671 | 1 Aertherwide | 1 Exiftags | 2025-06-17 | 7.8 High |
| In exiftags 1.01, nikon_prop1 in nikon.c has a heap-based buffer overflow (write of size 28) because snprintf can write to an unexpected address. | ||||
| CVE-2024-1283 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2025-06-17 | 8.8 High |
| Heap buffer overflow in Skia in Google Chrome prior to 121.0.6167.160 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2023-32877 | 2 Google, Mediatek | 22 Android, Mt6762, Mt6765 and 19 more | 2025-06-17 | 6.7 Medium |
| In battery, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08308070; Issue ID: ALPS08308070. | ||||
| CVE-2020-13878 | 1 Irfanview | 1 B3d | 2025-06-17 | 9.8 Critical |
| IrfanView B3D PlugIns before version 4.56 has a B3d.dll!+27ef heap-based out-of-bounds write. | ||||
| CVE-2024-20002 | 2 Google, Mediatek | 59 Android, Mt5583, Mt5586 and 56 more | 2025-06-17 | 6.7 Medium |
| In TVAPI, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: DTV03961715; Issue ID: DTV03961715. | ||||
| CVE-2023-49427 | 1 Tenda | 2 Ax12, Ax12 Firmware | 2025-06-16 | 7.5 High |
| Buffer Overflow vulnerability in Tenda AX12 V22.03.01.46, allows remote attackers to cause a denial of service (DoS) via list parameter in SetNetControlList function. | ||||
| CVE-2023-32887 | 1 Mediatek | 38 Mt2735, Mt6813, Mt6833 and 35 more | 2025-06-16 | 7.5 High |
| In Modem IMS Stack, there is a possible system crash due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01161837; Issue ID: MOLY01161837 (MSV-892). | ||||
| CVE-2024-22562 | 1 Swftools | 1 Swftools | 2025-06-16 | 7.8 High |
| swftools 0.9.2 was discovered to contain a Stack Buffer Underflow via the function dict_foreach_keyvalue at swftools/lib/q.c. | ||||
| CVE-2024-21780 | 1 Kddi | 2 Home Spot Cube 2, Home Spot Cube 2 Firmware | 2025-06-16 | 7.5 High |
| Stack-based buffer overflow vulnerability exists in HOME SPOT CUBE2 V102 and earlier. Processing a specially crafted command may result in a denial of service (DoS) condition. Note that the affected products are no longer supported. | ||||
| CVE-2023-51968 | 1 Tenda | 2 Ax1803, Ax1803 Firmware | 2025-06-16 | 9.8 Critical |
| Tenda AX1803 v1.0.0.1 contains a stack overflow via the adv.iptv.stballvlans parameter in the function getIptvInfo. | ||||
| CVE-2023-51960 | 1 Tenda | 2 Ax1803, Ax1803 Firmware | 2025-06-16 | 9.8 Critical |
| Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.city.vlan parameter in the function formGetIptv. | ||||
| CVE-2023-51889 | 1 Ctan | 1 Mathtex | 2025-06-16 | 9.8 Critical |
| Stack Overflow vulnerability in the validate() function in Mathtex v.1.05 and before allows a remote attacker to execute arbitrary code via crafted string in the application URL. | ||||
| CVE-2024-0992 | 1 Tenda | 2 I6, I6 Firmware | 2025-06-16 | 7.2 High |
| A vulnerability was found in Tenda i6 1.0.0.9(3857) and classified as critical. This issue affects the function formwrlSSIDset of the file /goform/wifiSSIDset of the component httpd. The manipulation of the argument index leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-252257 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2023-33032 | 1 Qualcomm | 234 9205 Lte Modem, 9205 Lte Modem Firmware, Aqt1000 and 231 more | 2025-06-16 | 9.3 Critical |
| Memory corruption in TZ Secure OS while requesting a memory allocation from TA region. | ||||
| CVE-2023-52307 | 1 Paddlepaddle | 1 Paddlepaddle | 2025-06-16 | 8.2 High |
| Stack overflow in paddle.linalg.lu_unpack in PaddlePaddle before 2.6.0. This flaw can lead to a denial of service, or even more damage. | ||||
| CVE-2024-0533 | 1 Tenda | 2 A15, A15 Firmware | 2025-06-13 | 7.2 High |
| A vulnerability was found in Tenda A15 15.13.07.13. It has been rated as critical. This issue affects some unknown processing of the file /goform/SetOnlineDevName of the component Web-based Management Interface. The manipulation of the argument devName leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250703. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2023-4280 | 1 Silabs | 1 Gecko Software Development Kit | 2025-06-13 | 9.3 Critical |
| An unvalidated input in Silicon Labs TrustZone implementation in v4.3.x and earlier of the Gecko SDK allows an attacker to access the trusted region of memory from the untrusted region. | ||||
| CVE-2025-23099 | 1 Samsung | 4 Exynos 1480, Exynos 1480 Firmware, Exynos 2400 and 1 more | 2025-06-13 | 9.1 Critical |
| An issue was discovered in Samsung Mobile Processor Exynos 1480 and 2400. The lack of a length check leads to out-of-bounds writes. | ||||
| CVE-2023-6779 | 3 Fedoraproject, Gnu, Redhat | 3 Fedora, Glibc, Enterprise Linux | 2025-06-13 | 8.2 High |
| An off-by-one heap-based buffer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when these functions are called with a message bigger than INT_MAX bytes, leading to an incorrect calculation of the buffer size to store the message, resulting in an application crash. This issue affects glibc 2.37 and newer. | ||||
| CVE-2024-48241 | 1 Radare | 1 Radare2 | 2025-06-13 | 5.5 Medium |
| An issue in radare2 v5.8.0 through v5.9.4 allows a local attacker to cause a denial of service via the __bf_div function. | ||||