Search Results (45922 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-35268 4 Debian, Fedoraproject, Redhat and 1 more 5 Debian Linux, Fedora, Advanced Virtualization and 2 more 2025-12-02 6.7 Medium
In NTFS-3G versions < 2021.8.22, when a specially crafted NTFS inode is loaded in the function ntfs_inode_real_open, a heap buffer overflow can occur allowing for code execution and escalation of privileges.
CVE-2023-3341 4 Debian, Fedoraproject, Isc and 1 more 9 Debian Linux, Fedora, Bind and 6 more 2025-12-02 7.5 High
The code that processes control channel messages sent to `named` calls certain functions recursively during packet parsing. Recursion depth is only limited by the maximum accepted packet size; depending on the environment, this may cause the packet-parsing code to run out of available stack memory, causing `named` to terminate unexpectedly. Since each incoming control channel message is fully parsed before its contents are authenticated, exploiting this flaw does not require the attacker to hold a valid RNDC key; only network access to the control channel's configured TCP port is necessary. This issue affects BIND 9 versions 9.2.0 through 9.16.43, 9.18.0 through 9.18.18, 9.19.0 through 9.19.16, 9.9.3-S1 through 9.16.43-S1, and 9.18.0-S1 through 9.18.18-S1.
CVE-2023-2603 4 Debian, Fedoraproject, Libcap Project and 1 more 5 Debian Linux, Fedora, Libcap and 2 more 2025-12-02 7.8 High
A vulnerability was found in libcap. This issue occurs in the _libcap_strdup() function and can lead to an integer overflow if the input string is close to 4GiB.
CVE-2022-4904 3 C-ares Project, Fedoraproject, Redhat 6 C-ares, Fedora, Enterprise Linux and 3 more 2025-12-02 8.6 High
A flaw was found in the c-ares package. The ares_set_sortlist is missing checks about the validity of the input string, which allows a possible arbitrary length stack overflow. This issue may cause a denial of service or a limited impact on confidentiality and integrity.
CVE-2022-30789 4 Debian, Fedoraproject, Redhat and 1 more 4 Debian Linux, Fedora, Enterprise Linux and 1 more 2025-12-02 6.7 Medium
A crafted NTFS image can cause a heap-based buffer overflow in ntfs_check_log_client_array in NTFS-3G through 2021.8.22.
CVE-2022-30788 4 Debian, Fedoraproject, Redhat and 1 more 4 Debian Linux, Fedora, Enterprise Linux and 1 more 2025-12-02 6.7 Medium
A crafted NTFS image can cause a heap-based buffer overflow in ntfs_mft_rec_alloc in NTFS-3G through 2021.8.22.
CVE-2022-30786 4 Debian, Fedoraproject, Redhat and 1 more 4 Debian Linux, Fedora, Enterprise Linux and 1 more 2025-12-02 6.7 Medium
A crafted NTFS image can cause a heap-based buffer overflow in ntfs_names_full_collate in NTFS-3G through 2021.8.22.
CVE-2022-30784 4 Debian, Fedoraproject, Redhat and 1 more 4 Debian Linux, Fedora, Enterprise Linux and 1 more 2025-12-02 6.7 Medium
A crafted NTFS image can cause heap exhaustion in ntfs_get_attribute_value in NTFS-3G through 2021.8.22.
CVE-2021-43666 2 Arm, Debian 2 Mbed Tls, Debian Linux 2025-12-02 7.5 High
A Denial of Service vulnerability exists in mbed TLS 3.0.0 and earlier in the mbedtls_pkcs12_derivation function when an input password's length is 0.
CVE-2021-3999 4 Debian, Gnu, Netapp and 1 more 16 Debian Linux, Glibc, E-series Performance Analyzer and 13 more 2025-12-02 7.8 High
A flaw was found in glibc. An off-by-one buffer overflow and underflow in getcwd() may lead to memory corruption when the size of the buffer is exactly 1. A local attacker who can control the input buffer and size passed to getcwd() in a setuid program could use this flaw to potentially execute arbitrary code and escalate their privileges on the system.
CVE-2021-39263 3 Debian, Redhat, Tuxera 4 Debian Linux, Advanced Virtualization, Enterprise Linux and 1 more 2025-12-02 6.7 Medium
A crafted NTFS image can trigger a heap-based buffer overflow, caused by an unsanitized attribute in ntfs_get_attribute_value, in NTFS-3G < 2021.8.22.
CVE-2021-39262 3 Debian, Redhat, Tuxera 4 Debian Linux, Advanced Virtualization, Enterprise Linux and 1 more 2025-12-02 6.7 Medium
A crafted NTFS image can cause an out-of-bounds access in ntfs_decompress in NTFS-3G < 2021.8.22.
CVE-2025-51735 1 Hcltech 1 Unica 2025-12-02 7.5 High
CSV formula injection vulnerability in HCL Technologies Ltd. Unica 12.0.0.
CVE-2025-52666 2 Revive, Revive-adserver 2 Adserver, Revive Adserver 2025-12-02 N/A
Improper neutralisation of format characters in the settings of Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes an administrator user to disable the admin user console due to a fatal PHP error.
CVE-2025-33194 1 Nvidia 3 Dgx, Dgx Os, Dgx Spark 2025-12-02 5.7 Medium
NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, where an attacker could cause improper processing of input data. A successful exploit of this vulnerability might lead to information disclosure or denial of service.
CVE-2025-62608 1 Ml-explore 1 Mlx 2025-12-02 9.1 Critical
MLX is an array framework for machine learning on Apple silicon. Prior to version 0.29.4, there is a heap buffer overflow in mlx::core::load() when parsing malicious NumPy .npy files. Attacker-controlled file causes 13-byte out-of-bounds read, leading to crash or information disclosure. This issue has been patched in version 0.29.4.
CVE-2025-36149 1 Ibm 1 Concert 2025-12-02 6.3 Medium
IBM Concert Software 1.0.0 through 2.0.0 could allow a remote attacker to hijack the clicking action of the victim.
CVE-2024-52059 1 Rti 1 Connext Professional 2025-12-02 7.8 High
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'), Heap-based Buffer Overflow, Integer Overflow or Wraparound vulnerability in RTI Connext Professional (Security Plugins) allows Overflow Variables and Tags.This issue affects Connext Professional: from 7.0.0 before 7.3.0.2, from 6.1.0 before 6.1.2.17.
CVE-2025-13547 2 D-link, Dlink 6 Dir-822, Dwr-920, Dir-822k and 3 more 2025-12-02 8.8 High
A flaw has been found in D-Link DIR-822K and DWR-M920 1.00_20250513164613/1.1.50. This affects an unknown part of the file /boafrm/formDdns. This manipulation of the argument submit-url causes memory corruption. The attack may be initiated remotely. The exploit has been published and may be used.
CVE-2025-13549 2 D-link, Dlink 3 Dir-822, Dir-822k, Dir-822k Firmware 2025-12-02 8.8 High
A vulnerability was found in D-Link DIR-822K 1.00. This issue affects the function sub_455524 of the file /boafrm/formNtp. Performing manipulation of the argument submit-url results in buffer overflow. Remote exploitation of the attack is possible. The exploit has been made public and could be used.