Total
3926 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-23093 | 1 Freebsd | 1 Freebsd | 2025-06-04 | 6.5 Medium |
| ping reads raw IP packets from the network to process responses in the pr_pack() function. As part of processing a response ping has to reconstruct the IP header, the ICMP header and if present a "quoted packet," which represents the packet that generated an ICMP error. The quoted packet again has an IP header and an ICMP header. The pr_pack() copies received IP and ICMP headers into stack buffers for further processing. In so doing, it fails to take into account the possible presence of IP option headers following the IP header in either the response or the quoted packet. When IP options are present, pr_pack() overflows the destination buffer by up to 40 bytes. The memory safety bugs described above can be triggered by a remote host, causing the ping program to crash. The ping process runs in a capability mode sandbox on all affected versions of FreeBSD and is thus very constrained in how it can interact with the rest of the system at the point where the bug can occur. | ||||
| CVE-2025-4844 | 1 Freefloat | 1 Ftp Server | 2025-06-04 | 7.3 High |
| A vulnerability classified as critical was found in FreeFloat FTP Server 1.0. Affected by this vulnerability is an unknown functionality of the component CD Command Handler. The manipulation leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-4845 | 1 Freefloat | 1 Ftp Server | 2025-06-04 | 7.3 High |
| A vulnerability, which was classified as critical, has been found in FreeFloat FTP Server 1.0. Affected by this issue is some unknown functionality of the component TRACE Command Handler. The manipulation leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-4847 | 1 Freefloat | 1 Ftp Server | 2025-06-04 | 7.3 High |
| A vulnerability has been found in FreeFloat FTP Server 1.0 and classified as critical. This vulnerability affects unknown code of the component MLS Command Handler. The manipulation leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-4848 | 1 Freefloat | 1 Ftp Server | 2025-06-04 | 7.3 High |
| A vulnerability was found in FreeFloat FTP Server 1.0 and classified as critical. This issue affects some unknown processing of the component RECV Command Handler. The manipulation leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-36650 | 1 Totolink | 2 A3100r, A3100r Firmware | 2025-06-04 | 7.5 High |
| TOTOLINK AC1200 Wireless Dual Band Gigabit Router firmware A3100R V4.1.2cu.5247_B20211129, in the cgi function `setNoticeCfg` of the file `/lib/cste_modules/system.so`, the length of the user input string `NoticeUrl` is not checked. This can lead to a buffer overflow, allowing attackers to construct malicious HTTP or MQTT requests to cause a denial-of-service attack. | ||||
| CVE-2024-52711 | 1 Dlink | 2 Di-8100, Di-8100 Firmware | 2025-06-04 | 5.7 Medium |
| DI-8100 v16.07.26A1 is vulnerable to Buffer Overflow In the ip_position_asp function via the ip parameter. | ||||
| CVE-2024-50305 | 2 Apache, Apache Software Foundation | 2 Traffic Server, Apache Traffic Server | 2025-06-04 | 7.5 High |
| Valid Host header field can cause Apache Traffic Server to crash on some platforms. This issue affects Apache Traffic Server: from 9.2.0 through 9.2.5. Users are recommended to upgrade to version 9.2.6, which fixes the issue, or 10.0.2, which does not have the issue. | ||||
| CVE-2022-25708 | 1 Qualcomm | 34 Sd888 5g, Sd888 5g Firmware, Sd 8 Gen1 5g Firmware and 31 more | 2025-06-04 | 9.8 Critical |
| Memory corruption in WLAN due to buffer copy without checking size of input while parsing keys in Snapdragon Connectivity, Snapdragon Mobile | ||||
| CVE-2024-23621 | 1 Ibm | 1 Merge Efilm Workstation | 2025-06-03 | 10 Critical |
| A buffer overflow exists in IBM Merge Healthcare eFilm Workstation license server. A remote, unauthenticated attacker can exploit this vulnerability to achieve remote code execution. | ||||
| CVE-2025-5156 | 1 H3c | 2 Gr-5400ax, Gr-5400ax Firmware | 2025-06-03 | 8.8 High |
| A vulnerability was found in H3C GR-5400AX up to 100R008 and classified as critical. Affected by this issue is the function EditWlanMacList of the file /routing/goform/aspForm. The manipulation of the argument param leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-32228 | 1 Ffmpeg | 1 Ffmpeg | 2025-06-03 | 6.6 Medium |
| FFmpeg 7.0 is vulnerable to Buffer Overflow. There is a SEGV at libavcodec/hevcdec.c:2947:22 in hevc_frame_end. | ||||
| CVE-2023-49556 | 1 Yasm Project | 1 Yasm | 2025-06-03 | 5.5 Medium |
| Buffer Overflow vulnerability in YASM 1.3.0.86.g9def allows a remote attacker to cause a denial of service via the expr_delete_term function in the libyasm/expr.c component. | ||||
| CVE-2023-33030 | 1 Qualcomm | 596 315 5g Iot Modem, 315 5g Iot Modem Firmware, 9205 Lte Modem and 593 more | 2025-06-03 | 9.3 Critical |
| Memory corruption in HLOS while running playready use-case. | ||||
| CVE-2023-45044 | 1 Qnap | 2 Qts, Quts Hero | 2025-06-03 | 3.8 Low |
| A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.4.2596 build 20231128 and later QuTS hero h5.1.4.2596 build 20231128 and later | ||||
| CVE-2022-48620 | 1 Troglobit | 1 Libeuv | 2025-06-03 | 9.8 Critical |
| uev (aka libuev) before 2.4.1 has a buffer overflow in epoll_wait if maxevents is a large number. | ||||
| CVE-2025-5408 | 2025-06-02 | 9.8 Critical | ||
| A vulnerability was found in WAVLINK QUANTUM D2G, QUANTUM D3G, WL-WN530G3A, WL-WN530HG3, WL-WN532A3 and WL-WN576K1 up to V1410_240222 and classified as critical. Affected by this issue is the function sys_login of the file /cgi-bin/login.cgi of the component HTTP POST Request Handler. The manipulation of the argument login_page leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2011-10005 | 1 Easyftp Server Project | 1 Easyftp Server | 2025-06-02 | 6.3 Medium |
| A vulnerability, which was classified as critical, was found in EasyFTP 1.7.0.2. Affected is an unknown function of the component MKD Command Handler. The manipulation leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250716. | ||||
| CVE-2024-22419 | 1 Vyperlang | 1 Vyper | 2025-06-02 | 7.3 High |
| Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine. The `concat` built-in can write over the bounds of the memory buffer that was allocated for it and thus overwrite existing valid data. The root cause is that the `build_IR` for `concat` doesn't properly adhere to the API of copy functions (for `>=0.3.2` the `copy_bytes` function). A contract search was performed and no vulnerable contracts were found in production. The buffer overflow can result in the change of semantics of the contract. The overflow is length-dependent and thus it might go unnoticed during contract testing. However, certainly not all usages of concat will result in overwritten valid data as we require it to be in an internal function and close to the return statement where other memory allocations don't occur. This issue has been addressed in 0.4.0. | ||||
| CVE-2023-43815 | 1 Deltaww | 1 Dopsoft | 2025-06-02 | 7.1 High |
| A buffer overflow vulnerability exists in Delta Electronics Delta Industrial Automation DOPSoft version 2 when parsing the wScreenDESCTextLen field of a DPS file. An anonymous attacker can exploit this vulnerability by enticing a user to open a specially crafted DPS file to achieve code execution. | ||||