Total
3841 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-21664 | 1 Qualcomm | 274 Aqt1000, Aqt1000 Firmware, Ar8035 and 271 more | 2025-02-27 | 7.8 High |
| Memory Corruption in Core Platform while printing the response buffer in log. | ||||
| CVE-2023-28544 | 1 Qualcomm | 412 Aqt1000, Aqt1000 Firmware, Ar9380 and 409 more | 2025-02-27 | 7.8 High |
| Memory corruption in WLAN while sending transmit command from HLOS to UTF handlers. | ||||
| CVE-2023-28559 | 1 Qualcomm | 426 Aqt1000, Aqt1000 Firmware, Ar8031 and 423 more | 2025-02-27 | 7.8 High |
| Memory corruption in WLAN FW while processing command parameters from untrusted WMI payload. | ||||
| CVE-2023-28560 | 1 Qualcomm | 534 8098, 8098 Firmware, 8998 and 531 more | 2025-02-27 | 7.8 High |
| Memory corruption in WLAN HAL while processing devIndex from untrusted WMI payload. | ||||
| CVE-2023-28562 | 1 Qualcomm | 136 Aqt1000, Aqt1000 Firmware, Fastconnect 6200 and 133 more | 2025-02-27 | 9.8 Critical |
| Memory corruption while handling payloads from remote ESL. | ||||
| CVE-2023-22384 | 1 Qualcomm | 18 Qca6574au, Qca6574au Firmware, Qca6696 and 15 more | 2025-02-27 | 6.7 Medium |
| Memory Corruption in VR Service while sending data using Fast Message Queue (FMQ). | ||||
| CVE-2023-47610 | 1 Telit | 20 Bgs5, Bgs5 Firmware, Ehs5 and 17 more | 2025-02-27 | 8.1 High |
| A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists in Telit Cinterion EHS5/6/8 that could allow a remote unauthenticated attacker to execute arbitrary code on the targeted system by sending a specially crafted SMS message. | ||||
| CVE-2024-53379 | 2025-02-27 | 7.5 High | ||
| Heap buffer overflow in the server site handshake implementation in Real Time Logic LLC's SharkSSL version (from 05/05/24) commit 64808a5e12c83b38f85c943dee0112e428dc2a43 allows a remote attacker to trigger a Denial-of-Service via a malformed Client-Hello message. | ||||
| CVE-2020-27507 | 1 Kamailio | 1 Kamailio | 2025-02-27 | 9.8 Critical |
| The Kamailio SIP before 5.5.0 server mishandles INVITE requests with duplicated fields and overlength tag, leading to a buffer overflow that crashes the server or possibly have unspecified other impact. | ||||
| CVE-2023-50821 | 1 Siemens | 3 Simatic Pcs 7, Simatic Wincc, Simatic Wincc Runtime Professional | 2025-02-26 | 6.2 Medium |
| A vulnerability has been identified in SIMATIC PCS 7 V9.1 (All versions < V9.1 SP2 UC04), SIMATIC WinCC Runtime Professional V17 (All versions < V17 Update 8), SIMATIC WinCC Runtime Professional V18 (All versions < V18 Update 4), SIMATIC WinCC Runtime Professional V19 (All versions < V19 Update 1), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 16), SIMATIC WinCC V8.0 (All versions < V8.0 Update 5). The affected products do not properly validate the input provided in the login dialog box. An attacker could leverage this vulnerability to cause a persistent denial of service condition. | ||||
| CVE-2023-26767 | 2 Liblouis, Redhat | 2 Liblouis, Enterprise Linux | 2025-02-26 | 7.5 High |
| Buffer Overflow vulnerability found in Liblouis v.3.24.0 allows a remote attacker to cause a denial of service via the lou_logFile function at logginc.c endpoint. | ||||
| CVE-2023-26769 | 2 Liblouis, Redhat | 2 Liblouis, Enterprise Linux | 2025-02-26 | 7.5 High |
| Buffer Overflow vulnerability found in Liblouis Lou_Trace v.3.24.0 allows a remote attacker to cause a denial of service via the resolveSubtable function at compileTranslationTabel.c. | ||||
| CVE-2023-26768 | 2 Liblouis, Redhat | 2 Liblouis, Enterprise Linux | 2025-02-26 | 7.5 High |
| Buffer Overflow vulnerability found in Liblouis v.3.24.0 allows a remote attacker to cause a denial of service via the compileTranslationTable.c and lou_setDataPath functions. | ||||
| CVE-2023-27585 | 1 Teluu | 1 Pjsip | 2025-02-25 | 7.5 High |
| PJSIP is a free and open source multimedia communication library written in C. A buffer overflow vulnerability in versions 2.13 and prior affects applications that use PJSIP DNS resolver. It doesn't affect PJSIP users who do not utilise PJSIP DNS resolver. This vulnerability is related to CVE-2022-24793. The difference is that this issue is in parsing the query record `parse_query()`, while the issue in CVE-2022-24793 is in `parse_rr()`. A patch is available as commit `d1c5e4d` in the `master` branch. A workaround is to disable DNS resolution in PJSIP config (by setting `nameserver_count` to zero) or use an external resolver implementation instead. | ||||
| CVE-2023-27590 | 1 Rizin | 1 Rizin | 2025-02-25 | 7.8 High |
| Rizin is a UNIX-like reverse engineering framework and command-line toolset. In version 0.5.1 and prior, converting a GDB registers profile file into a Rizin register profile can result in a stack-based buffer overflow when the `name`, `type`, or `groups` fields have longer values than expected. Users opening untrusted GDB registers files (e.g. with the `drpg` or `arpg` commands) are affected by this flaw. Commit d6196703d89c84467b600ba2692534579dc25ed4 contains a patch for this issue. As a workaround, review the GDB register profiles before loading them with `drpg`/`arpg` commands. | ||||
| CVE-2023-28116 | 1 Contiki-ng | 1 Contiki-ng | 2025-02-25 | 8.1 High |
| Contiki-NG is an open-source, cross-platform operating system for internet of things (IoT) devices. In versions 4.8 and prior, an out-of-bounds write can occur in the BLE L2CAP module of the Contiki-NG operating system. The network stack of Contiki-NG uses a global buffer (packetbuf) for processing of packets, with the size of PACKETBUF_SIZE. In particular, when using the BLE L2CAP module with the default configuration, the PACKETBUF_SIZE value becomes larger then the actual size of the packetbuf. When large packets are processed by the L2CAP module, a buffer overflow can therefore occur when copying the packet data to the packetbuf. The vulnerability has been patched in the "develop" branch of Contiki-NG, and will be included in release 4.9. The problem can be worked around by applying the patch manually. | ||||
| CVE-2024-2614 | 3 Debian, Mozilla, Redhat | 9 Debian Linux, Firefox, Firefox Esr and 6 more | 2025-02-25 | 8.8 High |
| Memory safety bugs present in Firefox 123, Firefox ESR 115.8, and Thunderbird 115.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9. | ||||
| CVE-2024-3120 | 1 Irontec | 1 Sngrep | 2025-02-21 | 9 Critical |
| A stack-buffer overflow vulnerability exists in all versions of sngrep since v1.4.1. The flaw is due to inadequate bounds checking when copying 'Content-Length' and 'Warning' headers into fixed-size buffers in the sip_validate_packet and sip_parse_extra_headers functions within src/sip.c. This vulnerability allows remote attackers to execute arbitrary code or cause a denial of service (DoS) via crafted SIP messages. | ||||
| CVE-2025-25474 | 2025-02-20 | 6.5 Medium | ||
| DCMTK v3.6.9+ DEV was discovered to contain a buffer overflow via the component /dcmimgle/diinpxt.h. | ||||
| CVE-2025-25472 | 2025-02-20 | 5.3 Medium | ||
| A buffer overflow in DCMTK git master v3.6.9+ DEV allows attackers to cause a Denial of Service (DoS) via a crafted DCM file. | ||||