Total
2602 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-28639 | 1 Totolink | 4 A7000r, A7000r Firmware, X5000r and 1 more | 2025-03-26 | N/A | 9.8 CRITICAL |
| Buffer Overflow vulnerability in TOTOLink X5000R V9.1.0u.6118-B20201102 and A7000R V9.1.0u.6115-B20201022, allow remote attackers to execute arbitrary code and cause a denial of service (DoS) via the IP field. | |||||
| CVE-2022-42444 | 3 Ibm, Linux, Microsoft | 4 Aix, App Connect Enterprise, Linux Kernel and 1 more | 2025-03-25 | N/A | 6.5 MEDIUM |
| IBM App Connect Enterprise 11.0.0.8 through 11.0.0.19 and 12.0.1.0 through 12.0.5.0 is vulnerable to a buffer overflow. A remote privileged user could overflow a buffer and cause the application to crash. IBM X-Force ID: 238538. | |||||
| CVE-2024-24418 | 1 Linuxfoundation | 1 Magma | 2025-03-24 | N/A | 7.5 HIGH |
| The Linux Foundation Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) was discovered to contain a buffer overflow in the decode_pdn_address function at /nas/ies/PdnAddress.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted NAS packet. | |||||
| CVE-2021-4207 | 3 Debian, Qemu, Redhat | 3 Debian Linux, Qemu, Enterprise Linux | 2025-03-21 | 4.6 MEDIUM | 8.2 HIGH |
| A flaw was found in the QXL display device emulation in QEMU. A double fetch of guest controlled values `cursor->header.width` and `cursor->header.height` can lead to the allocation of a small cursor object followed by a subsequent heap-based buffer overflow. A malicious privileged guest user could use this flaw to crash the QEMU process on the host or potentially execute arbitrary code within the context of the QEMU process. | |||||
| CVE-2021-4206 | 3 Debian, Qemu, Redhat | 3 Debian Linux, Qemu, Enterprise Linux | 2025-03-21 | 4.6 MEDIUM | 8.2 HIGH |
| A flaw was found in the QXL display device emulation in QEMU. An integer overflow in the cursor_alloc() function can lead to the allocation of a small cursor object followed by a subsequent heap-based buffer overflow. This flaw allows a malicious privileged guest user to crash the QEMU process on the host or potentially execute arbitrary code within the context of the QEMU process. | |||||
| CVE-2011-0213 | 1 Apple | 3 Mac Os X, Mac Os X Server, Quicktime | 2025-03-20 | 6.8 MEDIUM | N/A |
| Buffer overflow in QuickTime in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JPEG file. | |||||
| CVE-2024-46596 | 1 Draytek | 2 Vigor3910, Vigor3910 Firmware | 2025-03-20 | N/A | 7.5 HIGH |
| Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sAct parameter at v2x00.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. | |||||
| CVE-2023-32423 | 1 Apple | 6 Ipados, Iphone Os, Macos and 3 more | 2025-03-20 | N/A | 6.5 MEDIUM |
| A buffer overflow issue was addressed with improved memory handling. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, Safari 16.5, iOS 16.5 and iPadOS 16.5. Processing web content may disclose sensitive information. | |||||
| CVE-2024-46553 | 1 Draytek | 2 Vigor3910, Vigor3910 Firmware | 2025-03-19 | N/A | 7.5 HIGH |
| Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the ipaddrmsk%d parameter at v2x00.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. | |||||
| CVE-2024-46561 | 1 Draytek | 2 Vigor3910, Vigor3910 Firmware | 2025-03-19 | N/A | 7.5 HIGH |
| Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the queryret parameter at v2x00.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. | |||||
| CVE-2022-24350 | 1 Insyde | 1 Insydeh2o | 2025-03-19 | N/A | 5.5 MEDIUM |
| An issue was discovered in IhisiSmm in Insyde InsydeH2O with kernel 5.0 through 5.5. IHISI function 0x17 verifies that the output buffer lies within the command buffer but does not verify that output data does not go beyond the end of the command buffer. In particular, the GetFlashTable function is called directly on the Command Buffer before the DataSize is check, leading to possible circumstances where the data immediately following the command buffer could be destroyed before returning a buffer size error. | |||||
| CVE-2024-46591 | 1 Draytek | 2 Vigor3910, Vigor3910 Firmware | 2025-03-19 | N/A | 7.5 HIGH |
| Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sDnsPro parameter at v2x00.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. | |||||
| CVE-2024-46594 | 1 Draytek | 2 Vigor3910, Vigor3910 Firmware | 2025-03-19 | N/A | 7.5 HIGH |
| Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the saveVPNProfile parameter at v2x00.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. | |||||
| CVE-2024-34727 | 1 Google | 1 Android | 2025-03-19 | N/A | 7.5 HIGH |
| In sdpu_compare_uuid_with_attr of sdp_utils.cc, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2024-46597 | 1 Draytek | 2 Vigor3910, Vigor3910 Firmware | 2025-03-19 | N/A | 7.5 HIGH |
| Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sPubKey parameter at dialin.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. | |||||
| CVE-2024-46589 | 1 Draytek | 2 Vigor3910, Vigor3910 Firmware | 2025-03-19 | N/A | 7.5 HIGH |
| Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sIpv6AiccuUser parameter at inetipv6.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. | |||||
| CVE-2024-46564 | 1 Draytek | 2 Vigor3910, Vigor3910 Firmware | 2025-03-19 | N/A | 7.5 HIGH |
| Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sProfileName parameter at fextobj.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. | |||||
| CVE-2024-46558 | 1 Draytek | 2 Vigor3910, Vigor3910 Firmware | 2025-03-18 | N/A | 7.5 HIGH |
| Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the newProname parameter at v2x00.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. | |||||
| CVE-2024-24419 | 1 Linuxfoundation | 1 Magma | 2025-03-18 | N/A | 7.5 HIGH |
| The Linux Foundation Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) was discovered to contain a buffer overflow in the decode_traffic_flow_template_packet_filter function at /3gpp/3gpp_24.008_sm_ies.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted NAS packet. | |||||
| CVE-2024-46566 | 1 Draytek | 2 Vigor3910, Vigor3910 Firmware | 2025-03-18 | N/A | 7.5 HIGH |
| Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sAppName parameter at sslapp.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. | |||||