Search Results (14528 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2017-5842 2 Gstreamer, Redhat 2 Gstreamer, Enterprise Linux 2026-03-17 N/A
The html_context_handle_element function in gst/subparse/samiparse.c in gst-plugins-base in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted SMI file, as demonstrated by OneNote_Manager.smi.
CVE-2023-37328 2 Gstreamer, Redhat 2 Gstreamer, Enterprise Linux 2026-03-17 8.8 High
GStreamer PGS File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the parsing of PGS subtitle files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. . Was ZDI-CAN-20994.
CVE-2024-0444 2 Gstreamer, Redhat 2 Gstreamer, Enterprise Linux 2026-03-17 8.8 High
GStreamer AV1 Video Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the parsing of tile list data within AV1-encoded video files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22873.
CVE-2019-9928 3 Canonical, Debian, Gstreamer 3 Ubuntu Linux, Debian Linux, Gstreamer 2026-03-17 N/A
GStreamer before 1.16.0 has a heap-based buffer overflow in the RTSP connection parser via a crafted response from a server, potentially allowing remote code execution.
CVE-2023-44429 2 Gstreamer, Redhat 3 Gstreamer, Enterprise Linux, Rhel Eus 2026-03-17 8.8 High
GStreamer AV1 Codec Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the parsing of AV1 encoded video files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22226.
CVE-2016-9447 2 Gstreamer, Redhat 2 Gstreamer, Enterprise Linux 2026-03-17 N/A
The ROM mappings in the NSF decoder in gstreamer 0.10.x allow remote attackers to cause a denial of service (out-of-bounds read or write) and possibly execute arbitrary code via a crafted NSF music file.
CVE-2023-37329 1 Gstreamer 1 Gstreamer 2026-03-17 8.8 High
GStreamer SRT File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the parsing of SRT subtitle files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-20968.
CVE-2025-27243 1 Intel 13 Ethernet Controller, Ethernet Controller E810, Ethernet Network Adapter E810-2cqda2 and 10 more 2026-03-17 6 Medium
Out-of-bounds write in the firmware for some Intel(R) Ethernet Controller E810 before version cvl fw 1.7.8.x within Ring 0: Bare Metal OS may allow a denial of service. System software adversary with a privileged user combined with a low complexity attack may enable denial of service. This result may potentially occur via local access when attack requirements are not present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (none), integrity (none) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts.
CVE-2025-54820 1 Fortinet 1 Fortimanager 2026-03-12 7 High
A Stack-based Buffer Overflow vulnerability [CWE-121] vulnerability in Fortinet FortiManager 7.4.0 through 7.4.2, FortiManager 7.2.0 through 7.2.10, FortiManager 6.4 all versions may allow a remote unauthenticated attacker to execute unauthorized commands via crafted requests, if the service is enabled. The success of the attack depends on the ability to bypass the stack protection mechanisms.
CVE-2025-36920 1 Google 1 Android 2026-03-12 8.4 High
In hyp_alloc of arch/arm64/kvm/hyp/nvhe/alloc.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2025-41766 2 Mbs, Mbs-solutions 7 Ubr-01 Mk Ii, Ubr-02, Ubr-lon and 4 more 2026-03-11 8.8 High
A low-privileged remote attacker can trigger a stack-based buffer overflow via a crafted HTTP POST request using the ubr-network method resulting in full device compromise.
CVE-2025-70241 2 D-link, Dlink 3 Dir-513, Dir-513, Dir-513 Firmware 2026-03-09 7.5 High
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetWANType_Wizard5.
CVE-2025-70240 2 D-link, Dlink 3 Dir-513, Dir-513, Dir-513 Firmware 2026-03-09 7.5 High
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetWAN_Wizard51.
CVE-2025-70239 2 D-link, Dlink 3 Dir-513, Dir-513, Dir-513 Firmware 2026-03-09 7.5 High
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetWAN_Wizard55.
CVE-2025-70237 2 D-link, Dlink 3 Dir-513, Dir-513, Dir-513 Firmware 2026-03-09 7.5 High
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetPortTr.
CVE-2025-70234 2 D-link, Dlink 3 Dir-513, Dir-513, Dir-513 Firmware 2026-03-09 7.5 High
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetQoS.
CVE-2025-47373 1 Qualcomm 377 Ar8035, Ar8035 Firmware, Cologne and 374 more 2026-03-09 7.8 High
Memory Corruption when accessing buffers with invalid length during TA invocation.
CVE-2025-32313 1 Google 1 Android 2026-03-06 8.4 High
In UsageEvents of UsageEvents.java, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2023-54330 2 Inbit, Yahoo 2 Inbit Messenger, Messenger 2026-03-05 9.8 Critical
Inbit Messenger versions 4.6.0 to 4.9.0 contain a remote stack-based buffer overflow vulnerability that allows unauthenticated attackers to execute arbitrary code by sending malformed network packets. Attackers can craft a specially designed payload targeting the messenger's network handler to overwrite the Structured Exception Handler (SEH) and execute shellcode on vulnerable Windows systems.
CVE-2023-54329 2 Inbit, Yahoo 2 Inbit Messenger, Messenger 2026-03-05 9.8 Critical
Inbit Messenger 4.6.0 - 4.9.0 contains a remote command execution vulnerability that allows unauthenticated attackers to execute arbitrary commands by exploiting a stack overflow in the messenger's protocol. Attackers can send specially crafted XML packets to port 10883 with a malicious payload to trigger the vulnerability and execute commands with system privileges.