Total
3829 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-40241 | 1 Xfig Project | 1 Xfig | 2025-05-07 | 9.8 Critical |
| xfig 3.2.7 is vulnerable to Buffer Overflow. | ||||
| CVE-2024-26327 | 2 Qemu, Redhat | 2 Qemu, Enterprise Linux | 2025-05-07 | 5.3 Medium |
| An issue was discovered in QEMU 7.1.0 through 8.2.1. register_vfs in hw/pci/pcie_sriov.c mishandles the situation where a guest writes NumVFs greater than TotalVFs, leading to a buffer overflow in VF implementations. | ||||
| CVE-2025-28018 | 1 Totolink | 2 A800r, A800r Firmware | 2025-05-06 | 7.3 High |
| TOTOLINK A800R V4.1.2cu.5137_B20200730 was found to contain a buffer overflow vulnerability in downloadFile.cgi through the v14 parameter. | ||||
| CVE-2025-28019 | 1 Totolink | 2 A800r, A800r Firmware | 2025-05-06 | 7.3 High |
| TOTOLINK A800R V4.1.2cu.5137_B20200730 was found to contain a buffer overflow vulnerability in the downloadFile.cgi component | ||||
| CVE-2025-28020 | 1 Totolink | 2 A800r, A800r Firmware | 2025-05-06 | 7.3 High |
| TOTOLINK A800R V4.1.2cu.5137_B20200730 was found to contain a buffer overflow vulnerability in downloadFile.cgi through the v25 parameter. | ||||
| CVE-2025-28021 | 1 Totolink | 2 A810r, A810r Firmware | 2025-05-06 | 7.3 High |
| TOTOLINK A810R V4.1.2cu.5182_B20201026 was found to contain a buffer overflow vulnerability in the downloadFile.cgi through the v14 and v3 parameters | ||||
| CVE-2025-28022 | 1 Totolink | 2 A810r, A810r Firmware | 2025-05-06 | 7.3 High |
| TOTOLINK A810R V4.1.2cu.5182_B20201026 was found to contain a buffer overflow vulnerability in downloadFile.cgi through the v25 parameter. | ||||
| CVE-2025-28025 | 1 Totolink | 8 A3000ru, A3000ru Firmware, A3100r and 5 more | 2025-05-06 | 7.3 High |
| TOTOLINK A830R V4.1.2cu.5182_B20201102, A950RG V4.1.2cu.5161_B20200903, A3000RU V5.9c.5185_B20201128, and A3100R V4.1.2cu.5247_B20211129 were found to contain a buffer overflow vulnerability in downloadFile.cgi through the v14 parameter. | ||||
| CVE-2025-28028 | 1 Totolink | 8 A3000ru, A3000ru Firmware, A3100r and 5 more | 2025-05-06 | 7.3 High |
| TOTOLINK A830R V4.1.2cu.5182_B20201102, A950RG V4.1.2cu.5161_B20200903, A3000RU V5.9c.5185_B20201128, and A3100R V4.1.2cu.5247_B20211129 were found to contain a buffer overflow vulnerability in downloadFile.cgi through the v5 parameter. | ||||
| CVE-2022-43752 | 2 Common Desktop Environment Project, Oracle | 2 Common Desktop Environment, Solaris | 2025-05-06 | 7.8 High |
| Oracle Solaris version 10 1/13, when using the Common Desktop Environment (CDE), is vulnerable to a privilege escalation vulnerability. A low privileged user can escalate to root by crafting a malicious printer and double clicking on the the crafted printer's icon. | ||||
| CVE-2025-28220 | 1 Tenda | 2 W6-s, W6-s Firmware | 2025-05-06 | 7.5 High |
| Tenda W6_S v1.0.0.4_510 has a Buffer Overflow vulnerability in the setcfm function, which allows remote attackers to cause web server crash via parameter funcpara1 passed to the binary through a POST request. | ||||
| CVE-2022-32941 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2025-05-06 | 9.8 Critical |
| The issue was addressed with improved bounds checks. This issue is fixed in iOS 15.7.1 and iPadOS 15.7.1, macOS Ventura 13, iOS 16.1 and iPadOS 16, macOS Monterey 12.6.1, macOS Big Sur 11.7.1. A buffer overflow may result in arbitrary code execution. | ||||
| CVE-2023-52346 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-05-06 | 4.4 Medium |
| In modem driver, there is a possible system crash due to improper input validation. This could lead to local information disclosure with System execution privileges needed | ||||
| CVE-2024-50839 | 2 Kashipara, Lopalopa | 2 E Learning Management System Project, E-learning Management System | 2025-05-06 | 5.4 Medium |
| A Stored Cross-Site Scripting (XSS) vulnerability was found in /admin/add_subject.php in KASHIPARA E-learning Management System Project 1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the subject_code and title parameters. | ||||
| CVE-2024-50840 | 2 Kashipara, Lopalopa | 2 E Learning Management System Project, E-learning Management System | 2025-05-06 | 5.4 Medium |
| A Stored Cross-Site Scripting (XSS) vulnerability was found in /admin/class.php in KASHIPARA E-learning Management System Project 1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the class_name parameter. | ||||
| CVE-2024-50838 | 2 Kashipara, Lopalopa | 2 E Learning Management System Project, E-learning Management System | 2025-05-06 | 5.4 Medium |
| A Stored Cross-Site Scripting (XSS) vulnerability was found in /admin/department.php in KASHIPARA E-learning Management System Project 1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the d and pi parameters. | ||||
| CVE-2024-25165 | 1 Swftools | 1 Swftools | 2025-05-05 | 7.8 High |
| A global-buffer-overflow vulnerability was found in SWFTools v0.9.2, in the function LineText at lib/swf5compiler.flex. | ||||
| CVE-2022-23219 | 4 Debian, Gnu, Oracle and 1 more | 9 Debian Linux, Glibc, Communications Cloud Native Core Binding Support Function and 6 more | 2025-05-05 | 9.8 Critical |
| The deprecated compatibility function clnt_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its hostname argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution. | ||||
| CVE-2022-23218 | 4 Debian, Gnu, Oracle and 1 more | 5 Debian Linux, Glibc, Communications Cloud Native Core Unified Data Repository and 2 more | 2025-05-05 | 9.8 Critical |
| The deprecated compatibility function svcunix_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its path argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution. | ||||
| CVE-2021-38111 | 1 Defcon | 2 Def Con 27, Def Con 27 Firmware | 2025-05-05 | 8.8 High |
| The DEF CON 27 badge allows remote attackers to exploit a buffer overflow by sending an oversized packet via the NFMI (Near Field Magnetic Induction) protocol. | ||||