Total
12427 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-1330 | 1 Ibm | 1 Cics Tx | 2025-05-10 | 7.8 High |
| IBM CICS TX Standard 11.1 and IBM CICS TX Advanced 10.1 and 11.1 could allow a local user to execute arbitrary code on the system due to failure to handle DNS return requests by the gethostbyname function. | ||||
| CVE-2025-1329 | 1 Ibm | 1 Cics Tx | 2025-05-10 | 7.8 High |
| IBM CICS TX Standard 11.1 and IBM CICS TX Advanced 10.1 and 11.1 could allow a local user to execute arbitrary code on the system due to failure to handle DNS return requests by the gethostbyaddr function. | ||||
| CVE-2025-4029 | 1 Fabian | 1 Personal Diary Management System | 2025-05-10 | 5.3 Medium |
| A vulnerability was found in code-projects Personal Diary Management System 1.0 and classified as critical. Affected by this issue is the function addrecord of the component New Record Handler. The manipulation of the argument filename leads to stack-based buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-4038 | 1 Fabian | 1 Train Ticket Reservation System | 2025-05-10 | 5.3 Medium |
| A vulnerability was found in code-projects Train Ticket Reservation System 1.0. It has been declared as critical. Affected by this vulnerability is the function Reservation of the component Ticket Reservation. The manipulation of the argument Name leads to stack-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2022-3725 | 2 Fedoraproject, Wireshark | 2 Fedora, Wireshark | 2025-05-09 | 6.3 Medium |
| Crash in the OPUS protocol dissector in Wireshark 3.6.0 to 3.6.8 allows denial of service via packet injection or crafted capture file | ||||
| CVE-2021-26937 | 4 Debian, Fedoraproject, Gnu and 1 more | 7 Debian Linux, Fedora, Screen and 4 more | 2025-05-09 | 9.8 Critical |
| encoding.c in GNU Screen through 4.8.0 allows remote attackers to cause a denial of service (invalid write access and application crash) or possibly have unspecified other impact via a crafted UTF-8 character sequence. | ||||
| CVE-2024-58099 | 1 Linux | 1 Linux Kernel | 2025-05-09 | 5.5 Medium |
| In the Linux kernel, the following vulnerability has been resolved: vmxnet3: Fix packet corruption in vmxnet3_xdp_xmit_frame Andrew and Nikolay reported connectivity issues with Cilium's service load-balancing in case of vmxnet3. If a BPF program for native XDP adds an encapsulation header such as IPIP and transmits the packet out the same interface, then in case of vmxnet3 a corrupted packet is being sent and subsequently dropped on the path. vmxnet3_xdp_xmit_frame() which is called e.g. via vmxnet3_run_xdp() through vmxnet3_xdp_xmit_back() calculates an incorrect DMA address: page = virt_to_page(xdpf->data); tbi->dma_addr = page_pool_get_dma_addr(page) + VMXNET3_XDP_HEADROOM; dma_sync_single_for_device(&adapter->pdev->dev, tbi->dma_addr, buf_size, DMA_TO_DEVICE); The above assumes a fixed offset (VMXNET3_XDP_HEADROOM), but the XDP BPF program could have moved xdp->data. While the passed buf_size is correct (xdpf->len), the dma_addr needs to have a dynamic offset which can be calculated as xdpf->data - (void *)xdpf, that is, xdp->data - xdp->data_hard_start. | ||||
| CVE-2025-4061 | 1 Fabian | 1 Clothing Store Management System | 2025-05-09 | 5.3 Medium |
| A vulnerability, which was classified as critical, was found in code-projects Clothing Store Management System up to 1.0. Affected is the function add_item. The manipulation of the argument st.productname leads to stack-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-4062 | 1 Fabian | 1 Theater Seat Booking System | 2025-05-09 | 5.3 Medium |
| A vulnerability has been found in code-projects Theater Seat Booking System 1.0 and classified as critical. Affected by this vulnerability is the function cancel. The manipulation of the argument cancelcustomername leads to stack-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-4063 | 1 Fabian | 1 Student Information Management System | 2025-05-09 | 5.3 Medium |
| A vulnerability was found in code-projects Student Information Management System 1.0 and classified as critical. Affected by this issue is the function cancel. The manipulation of the argument first_name/last_name leads to stack-based buffer overflow. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-46585 | 1 Huawei | 1 Harmonyos | 2025-05-09 | 7.5 High |
| Out-of-bounds array read/write vulnerability in the kernel module Impact: Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2024-45563 | 1 Qualcomm | 28 Fastconnect 6900, Fastconnect 6900 Firmware, Fastconnect 7800 and 25 more | 2025-05-09 | 6.6 Medium |
| Memory corruption while handling schedule request in Camera Request Manager(CRM) due to invalid link count in the corresponding session. | ||||
| CVE-2022-33185 | 1 Broadcom | 1 Fabric Operating System | 2025-05-09 | 7.8 High |
| Several commands in Brocade Fabric OS before Brocade Fabric OS v.9.0.1e, and v9.1.0 use unsafe string functions to process user input. Authenticated local attackers could abuse these vulnerabilities to exploit stack-based buffer overflows, allowing arbitrary code execution as the root user account. | ||||
| CVE-2024-45577 | 1 Qualcomm | 20 Fastconnect 6900, Fastconnect 6900 Firmware, Fastconnect 7800 and 17 more | 2025-05-09 | 7.8 High |
| Memory corruption while invoking IOCTL calls from userspace to camera kernel driver to dump request information. | ||||
| CVE-2025-27132 | 1 Openatom | 1 Openharmony | 2025-05-09 | 3.8 Low |
| in OpenHarmony v5.0.3 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through out-of-bounds write. This vulnerability can be exploited only in restricted scenarios. | ||||
| CVE-2024-45581 | 1 Qualcomm | 60 Mdm9628, Mdm9628 Firmware, Qam8295p and 57 more | 2025-05-09 | 6.6 Medium |
| Memory corruption while sound model registration for voice activation with audio kernel driver. | ||||
| CVE-2024-45579 | 1 Qualcomm | 20 Fastconnect 6900, Fastconnect 6900 Firmware, Fastconnect 7800 and 17 more | 2025-05-09 | 7.8 High |
| Memory corruption may occur when invoking IOCTL calls from userspace to the camera kernel driver to dump request information, due to a missing memory requirement check. | ||||
| CVE-2024-49835 | 1 Qualcomm | 424 Aqt1000, Aqt1000 Firmware, Ar8035 and 421 more | 2025-05-09 | 7.8 High |
| Memory corruption while reading secure file. | ||||
| CVE-2024-49844 | 1 Qualcomm | 362 Ar8035, Ar8035 Firmware, Fastconnect 6200 and 359 more | 2025-05-09 | 7.8 High |
| Memory corruption while triggering commands in the PlayReady Trusted application. | ||||
| CVE-2024-49845 | 1 Qualcomm | 292 Ar8035, Ar8035 Firmware, Fastconnect 6200 and 289 more | 2025-05-09 | 7.8 High |
| Memory corruption during the FRS UDS generation process. | ||||