Total
11736 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-6111 | 1 Tenda | 2 Fh1205, Fh1205 Firmware | 2025-06-17 | N/A | 8.8 HIGH |
| A vulnerability classified as critical was found in Tenda FH1205 2.0.0.7(775). This vulnerability affects the function fromVirtualSer of the file /goform/VirtualSer. The manipulation of the argument page leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-6110 | 1 Tenda | 2 Fh1201, Fh1201 Firmware | 2025-06-17 | N/A | 8.8 HIGH |
| A vulnerability classified as critical has been found in Tenda FH1201 1.2.0.14(408). This affects an unknown part of the file /goform/SafeMacFilter. The manipulation of the argument page leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2023-50671 | 1 Aertherwide | 1 Exiftags | 2025-06-17 | N/A | 7.8 HIGH |
| In exiftags 1.01, nikon_prop1 in nikon.c has a heap-based buffer overflow (write of size 28) because snprintf can write to an unexpected address. | |||||
| CVE-2020-13878 | 1 Irfanview | 1 B3d | 2025-06-17 | N/A | 9.8 CRITICAL |
| IrfanView B3D PlugIns before version 4.56 has a B3d.dll!+27ef heap-based out-of-bounds write. | |||||
| CVE-2023-32877 | 2 Google, Mediatek | 22 Android, Mt6762, Mt6765 and 19 more | 2025-06-17 | N/A | 6.7 MEDIUM |
| In battery, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08308070; Issue ID: ALPS08308070. | |||||
| CVE-2024-1283 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2025-06-17 | N/A | 9.8 CRITICAL |
| Heap buffer overflow in Skia in Google Chrome prior to 121.0.6167.160 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2024-20002 | 2 Google, Mediatek | 59 Android, Mt5583, Mt5586 and 56 more | 2025-06-17 | N/A | 6.7 MEDIUM |
| In TVAPI, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: DTV03961715; Issue ID: DTV03961715. | |||||
| CVE-2025-43593 | 3 Adobe, Apple, Microsoft | 3 Indesign, Macos, Windows | 2025-06-16 | N/A | 7.8 HIGH |
| InDesign Desktop versions ID20.2, ID19.5.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2025-43590 | 3 Adobe, Apple, Microsoft | 3 Indesign, Macos, Windows | 2025-06-16 | N/A | 7.8 HIGH |
| InDesign Desktop versions ID20.2, ID19.5.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2025-43558 | 3 Adobe, Apple, Microsoft | 3 Indesign, Macos, Windows | 2025-06-16 | N/A | 7.8 HIGH |
| InDesign Desktop versions ID20.2, ID19.5.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2023-32887 | 1 Mediatek | 38 Mt2735, Mt6813, Mt6833 and 35 more | 2025-06-16 | N/A | 7.5 HIGH |
| In Modem IMS Stack, there is a possible system crash due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01161837; Issue ID: MOLY01161837 (MSV-892). | |||||
| CVE-2023-49427 | 1 Tenda | 2 Ax12, Ax12 Firmware | 2025-06-16 | N/A | 7.5 HIGH |
| Buffer Overflow vulnerability in Tenda AX12 V22.03.01.46, allows remote attackers to cause a denial of service (DoS) via list parameter in SetNetControlList function. | |||||
| CVE-2023-38610 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2025-06-16 | N/A | 7.1 HIGH |
| A memory corruption issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sonoma 14, iOS 17 and iPadOS 17. An app may be able to cause unexpected system termination or write kernel memory. | |||||
| CVE-2023-51960 | 1 Tenda | 2 Ax1803, Ax1803 Firmware | 2025-06-16 | N/A | 9.8 CRITICAL |
| Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.city.vlan parameter in the function formGetIptv. | |||||
| CVE-2024-21780 | 1 Kddi | 2 Home Spot Cube 2, Home Spot Cube 2 Firmware | 2025-06-16 | N/A | 7.5 HIGH |
| Stack-based buffer overflow vulnerability exists in HOME SPOT CUBE2 V102 and earlier. Processing a specially crafted command may result in a denial of service (DoS) condition. Note that the affected products are no longer supported. | |||||
| CVE-2024-22562 | 1 Swftools | 1 Swftools | 2025-06-16 | N/A | 7.8 HIGH |
| swftools 0.9.2 was discovered to contain a Stack Buffer Underflow via the function dict_foreach_keyvalue at swftools/lib/q.c. | |||||
| CVE-2023-51968 | 1 Tenda | 2 Ax1803, Ax1803 Firmware | 2025-06-16 | N/A | 9.8 CRITICAL |
| Tenda AX1803 v1.0.0.1 contains a stack overflow via the adv.iptv.stballvlans parameter in the function getIptvInfo. | |||||
| CVE-2023-51889 | 1 Ctan | 1 Mathtex | 2025-06-16 | N/A | 9.8 CRITICAL |
| Stack Overflow vulnerability in the validate() function in Mathtex v.1.05 and before allows a remote attacker to execute arbitrary code via crafted string in the application URL. | |||||
| CVE-2025-25050 | 2025-06-13 | N/A | 8.8 HIGH | ||
| An out-of-bounds write vulnerability exists in the cv_upgrade_sensor_firmware functionality of Dell ControlVault3 prior to 5.15.10.14 and Dell ControlVault 3 Plus prior to 6.2.26.36. A specially crafted ControlVault API call can lead to an out-of-bounds write. An attacker can issue an API call to trigger this vulnerability. | |||||
| CVE-2025-6035 | 2025-06-13 | N/A | 6.6 MEDIUM | ||
| A flaw was found in GIMP. An integer overflow vulnerability exists in the GIMP "Despeckle" plug-in. The issue occurs due to unchecked multiplication of image dimensions, such as width, height, and bytes-per-pixel (img_bpp), which can result in allocating insufficient memory and subsequently performing out-of-bounds writes. This issue could lead to heap corruption, a potential denial of service (DoS), or arbitrary code execution in certain scenarios. | |||||