Total
12910 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-1594 | 1 Ffmpeg | 1 Ffmpeg | 2025-06-03 | 6.3 Medium |
| A vulnerability, which was classified as critical, was found in FFmpeg up to 7.1. This affects the function ff_aac_search_for_tns of the file libavcodec/aacenc_tns.c of the component AAC Encoder. The manipulation leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-7055 | 1 Ffmpeg | 1 Ffmpeg | 2025-06-03 | 6.3 Medium |
| A vulnerability was found in FFmpeg up to 7.0.1. It has been classified as critical. This affects the function pnm_decode_frame in the library /libavcodec/pnmdec.c. The manipulation leads to heap-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 7.0.2 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-273651. | ||||
| CVE-2025-4841 | 1 Dlink | 2 Dcs-932l, Dcs-932l Firmware | 2025-06-03 | 8.8 High |
| A vulnerability was found in D-Link DCS-932L 2.18.01 and classified as critical. Affected by this issue is the function sub_404780 of the file /bin/gpio. The manipulation of the argument CameraName leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. | ||||
| CVE-2025-2146 | 1 Canon | 74 I-sensys Lbp233dw, I-sensys Lbp233dw Firmware, I-sensys Lbp236dw and 71 more | 2025-06-03 | 9.8 Critical |
| Buffer overflow in WebService Authentication processing of Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. *: Satera MF656Cdw/Satera MF654Cdw/Satera MF551dw/Satera MF457dw firmware v05.07 and earlier sold in Japan. Color imageCLASS MF656Cdw/Color imageCLASS MF654Cdw/Color imageCLASS MF653Cdw/Color imageCLASS MF652Cdw/Color imageCLASS LBP633Cdw/Color imageCLASS LBP632Cdw/imageCLASS MF455dw/imageCLASS MF453dw/imageCLASS MF452dw/imageCLASS MF451dw/imageCLASS LBP237dw/imageCLASS LBP236dw/imageCLASS X MF1238 II/imageCLASS X MF1643i II/imageCLASS X MF1643iF II/imageCLASS X LBP1238 II firmware v05.07 and earlier sold in US. i-SENSYS MF657Cdw/i-SENSYS MF655Cdw/i-SENSYS MF651Cdw/i-SENSYS LBP633Cdw/i-SENSYS LBP631Cdw/i-SENSYS MF553dw/i-SENSYS MF552dw/i-SENSYS MF455dw/i-SENSYS MF453dw/i-SENSYS LBP236dw/i-SENSYS LBP233dw/imageRUNNER 1643iF II/imageRUNNER 1643i II/i-SENSYS X 1238iF II/i-SENSYS X 1238i II/i-SENSYS X 1238P II/i-SENSYS X 1238Pr II firmware v05.07 and earlier sold in Europe. | ||||
| CVE-2024-22087 | 1 Alekseykurepin | 1 Pico Http Server In C | 2025-06-03 | 9.8 Critical |
| route in main.c in Pico HTTP Server in C through f3b69a6 has an sprintf stack-based buffer overflow via a long URI, leading to remote code execution. | ||||
| CVE-2023-51971 | 1 Tenda | 2 Ax1803, Ax1803 Firmware | 2025-06-03 | 9.8 Critical |
| Tenda AX1803 v1.0.0.1 contains a stack overflow via the adv.iptv.stbpvid parameter in the function getIptvInfo. | ||||
| CVE-2023-51964 | 1 Tenda | 2 Ax1803, Ax1803 Firmware | 2025-06-03 | 9.8 Critical |
| Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.stb.port parameter in the function setIptvInfo. | ||||
| CVE-2023-51956 | 1 Tenda | 2 Ax1803, Ax1803 Firmware | 2025-06-03 | 9.8 Critical |
| Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.city.vlan parameter in the function formSetIptv | ||||
| CVE-2023-51954 | 1 Tenda | 2 Ax1803, Ax1803 Firmware | 2025-06-03 | 9.8 Critical |
| Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.stb.port parameter in the function formSetIptv. | ||||
| CVE-2023-50585 | 1 Tenda | 2 A18, A18 Firmware | 2025-06-03 | 9.8 Critical |
| Tenda A18 v15.13.07.09 was discovered to contain a stack overflow via the devName parameter in the formSetDeviceName function. | ||||
| CVE-2023-37644 | 1 Swftools | 1 Swftools | 2025-06-03 | 5.5 Medium |
| SWFTools 0.9.2 772e55a allows attackers to trigger a large memory-allocation attempt via a crafted document, as demonstrated by pdf2swf. This occurs in png_read_chunk in lib/png.c. | ||||
| CVE-2023-32886 | 1 Mediatek | 47 Mt2735, Mt6813, Mt6833 and 44 more | 2025-06-03 | 7.5 High |
| In Modem IMS SMS UA, there is a possible out of bounds write due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00730807; Issue ID: MOLY00730807. | ||||
| CVE-2023-32883 | 2 Google, Mediatek | 57 Android, Mt2713, Mt6580 and 54 more | 2025-06-03 | 6.7 Medium |
| In Engineer Mode, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08282249; Issue ID: ALPS08282249. | ||||
| CVE-2023-32872 | 2 Google, Mediatek | 58 Android, Mt6580, Mt6731 and 55 more | 2025-06-03 | 6.7 Medium |
| In keyInstall, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08308607; Issue ID: ALPS08308607. | ||||
| CVE-2023-33030 | 1 Qualcomm | 596 315 5g Iot Modem, 315 5g Iot Modem Firmware, 9205 Lte Modem and 593 more | 2025-06-03 | 9.3 Critical |
| Memory corruption in HLOS while running playready use-case. | ||||
| CVE-2023-37282 | 1 Tonybybell | 1 Gtkwave | 2025-06-03 | 7.8 High |
| An out-of-bounds write vulnerability exists in the VZT LZMA_Read dmem extraction functionality of GTKWave 3.3.115. A specially crafted .vzt file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger this vulnerability. | ||||
| CVE-2023-37416 | 1 Tonybybell | 1 Gtkwave | 2025-06-03 | 7.8 High |
| Multiple out-of-bounds write vulnerabilities exist in the VCD parse_valuechange portdump functionality of GTKWave 3.3.115. A specially crafted .vcd file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the out-of-bounds write when triggered via the GUI's legacy VCD parsing code. | ||||
| CVE-2023-37297 | 1 Ami | 1 Megarac Sp-x | 2025-06-03 | 8.3 High |
| AMI’s SPx contains a vulnerability in the BMC where an Attacker may cause a heap memory corruption via an adjacent network. A successful exploitation of this vulnerability may lead to a loss of confidentiality, integrity, and/or availability. | ||||
| CVE-2024-21594 | 1 Juniper | 1 Junos | 2025-06-03 | 5.5 Medium |
| A Heap-based Buffer Overflow vulnerability in the Network Services Daemon (NSD) of Juniper Networks Junos OS allows authenticated, low privileged, local attacker to cause a Denial of Service (DoS). On an SRX 5000 Series device, when executing a specific command repeatedly, memory is corrupted, which leads to a Flow Processing Daemon (flowd) crash. The NSD process has to be restarted to restore services. If this issue occurs, it can be checked with the following command: user@host> request security policies check The following log message can also be observed: Error: policies are out of sync for PFE node<number>.fpc<number>.pic<number>. This issue affects: Juniper Networks Junos OS on SRX 5000 Series * All versions earlier than 20.4R3-S6; * 21.1 versions earlier than 21.1R3-S5; * 21.2 versions earlier than 21.2R3-S4; * 21.3 versions earlier than 21.3R3-S3; * 21.4 versions earlier than 21.4R3-S3; * 22.1 versions earlier than 22.1R3-S1; * 22.2 versions earlier than 22.2R3; * 22.3 versions earlier than 22.3R2. | ||||
| CVE-2024-27344 | 1 Tungstenautomation | 1 Power Pdf | 2025-06-03 | 7.8 High |
| Kofax Power PDF PDF File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22931. | ||||