Search Results (4683 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-37457 2 Digium, Sangoma 2 Asterisk, Certified Asterisk 2025-02-13 7.5 High
Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk versions 18.20.0 and prior, 20.5.0 and prior, and 21.0.0; as well as ceritifed-asterisk 18.9-cert5 and prior, the 'update' functionality of the PJSIP_HEADER dialplan function can exceed the available buffer space for storing the new value of a header. By doing so this can overwrite memory or cause a crash. This is not externally exploitable, unless dialplan is explicitly written to update a header based on data from an outside source. If the 'update' functionality is not used the vulnerability does not occur. A patch is available at commit a1ca0268254374b515fa5992f01340f7717113fa.
CVE-2023-3725 1 Zephyrproject 1 Zephyr 2025-02-13 7.6 High
Potential buffer overflow vulnerability in the Zephyr CAN bus subsystem
CVE-2023-37211 3 Debian, Mozilla, Redhat 9 Debian Linux, Firefox, Firefox Esr and 6 more 2025-02-13 8.8 High
Memory safety bugs present in Firefox 114, Firefox ESR 102.12, and Thunderbird 102.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 115, Firefox ESR < 102.13, and Thunderbird < 102.13.
CVE-2023-34832 1 Tp-link 2 Archer Ax10, Archer Ax10 Firmware 2025-02-13 9.8 Critical
TP-Link Archer AX10(EU)_V1.2_230220 was discovered to contain a buffer overflow via the function FUN_131e8 - 0x132B4.
CVE-2023-32379 1 Apple 1 Macos 2025-02-13 7.8 High
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.4. An app may be able to execute arbitrary code with kernel privileges.
CVE-2022-23085 1 Freebsd 1 Freebsd 2025-02-13 9.8 Critical
A user-provided integer option was passed to nmreq_copyin() without checking if it would overflow. This insufficient bounds checking could lead to kernel memory corruption. On systems configured to include netmap in their devfs_ruleset, a privileged process running in a jail can affect the host environment.
CVE-2023-26733 1 Tinytiff Project 1 Tinytiff 2025-02-13 7.8 High
Buffer Overflow vulnerability found in tinyTIFF v.3.0 allows a local attacker to cause a denial of service via the TinyTiffReader_readNextFrame function in tinytiffreader.c file.
CVE-2024-34905 2 Cloudwise, Flyfish 2 Flyfish, Flyfish 2025-02-13 7.5 High
FlyFish v3.0.0 was discovered to contain a buffer overflow via the password parameter on the login page. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.
CVE-2024-24192 1 Robertdavidgraham 1 Robdns 2025-02-13 2.7 Low
robdns commit d76d2e6 was discovered to contain a heap overflow via the component block->filename at /src/zonefile-insertion.c.
CVE-2025-0303 1 Openatom 1 Openharmony 2025-02-12 8.8 High
in OpenHarmony v4.1.2 and prior versions allow a local attacker cause the common permission is upgraded to root and sensitive information leak through buffer overflow.
CVE-2023-21504 1 Samsung 1 Android 2025-02-12 5.6 Medium
Potential buffer overflow vulnerability in mm_Plmncoordination.c in Shannon baseband prior to SMR May-2023 Release 1 allows remote attackers to cause invalid memory access.
CVE-2023-21503 1 Samsung 2 Android, Exynos 2025-02-12 5.6 Medium
Potential buffer overflow vulnerability in mm_LteInterRatManagement.c in Shannon baseband prior to SMR May-2023 Release 1 allows remote attackers to cause invalid memory access.
CVE-2023-22915 1 Zyxel 24 Usg 20w-vpn, Usg 20w-vpn Firmware, Usg Flex 100 and 21 more 2025-02-12 7.5 High
A buffer overflow vulnerability in the “fbwifi_forward.cgi” CGI program of Zyxel USG FLEX series firmware versions 4.50 through 5.35, USG FLEX 50(W) firmware versions 4.30 through 5.35, USG20(W)-VPN firmware versions 4.30 through 5.35, and VPN series firmware versions 4.30 through 5.35, which could allow a remote unauthenticated attacker to cause DoS conditions by sending a crafted HTTP request if the Facebook WiFi function were enabled on an affected device.
CVE-2023-21494 1 Samsung 2 Android, Exynos 2025-02-12 5.6 Medium
Potential buffer overflow vulnerability in auth api in mm_Authentication.c in Shannon baseband prior to SMR May-2023 Release 1 allows remote attackers to cause invalid memory access.
CVE-2023-22917 1 Zyxel 36 Atp100, Atp100 Firmware, Atp100w and 33 more 2025-02-12 7.5 High
A buffer overflow vulnerability in the “sdwan_iface_ipc” binary of Zyxel ATP series firmware versions 5.10 through 5.32, USG FLEX series firmware versions 5.00 through 5.32, USG FLEX 50(W) firmware versions 5.10 through 5.32, USG20(W)-VPN firmware versions 5.10 through 5.32, and VPN series firmware versions 5.00 through 5.35, which could allow a remote unauthenticated attacker to cause a core dump with a request error message on a vulnerable device by uploading a crafted configuration file.
CVE-2024-50664 1 Gpac 1 Gpac 2025-02-11 7.8 High
gpac 2.4 contains a heap-buffer-overflow at isomedia/sample_descs.c:1799 in gf_isom_new_mpha_description in gpac/MP4Box.
CVE-2020-24736 2 Ghost, Redhat 3 Sqlite3, Enterprise Linux, Rhel Eus 2025-02-11 5.5 Medium
Buffer Overflow vulnerability found in SQLite3 v.3.27.1 and before allows a local attacker to cause a denial of service via a crafted script.
CVE-2023-0977 3 Linux, Microsoft, Trellix 3 Linux Kernel, Windows, Agent 2025-02-11 6.7 Medium
A heap-based overflow vulnerability in Trellix Agent (Windows and Linux) version 5.7.8 and earlier, allows a remote user to alter the page heap in the macmnsvc process memory block resulting in the service becoming unavailable.
CVE-2022-47336 2 Google, Unisoc 14 Android, S8000, Sc7731e and 11 more 2025-02-10 5.5 Medium
In telecom service, there is a missing permission check. This could lead to local denial of service in telecom service.
CVE-2022-47335 2 Google, Unisoc 14 Android, S8000, Sc7731e and 11 more 2025-02-10 5.5 Medium
In telecom service, there is a missing permission check. This could lead to local denial of service in telecom service.