Total
13536 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-42396 | 1 Pdf-xchange | 1 Pdf-xchange Editor | 2025-04-01 | 7.8 High |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of XPS files. The issue results from the lack of proper validation of a user-supplied value prior to dereferencing it as a pointer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18278. | ||||
| CVE-2022-42377 | 1 Pdf-xchange | 1 Pdf-xchange Editor | 2025-04-01 | 7.8 High |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18630. | ||||
| CVE-2024-26335 | 1 Swftools | 1 Swftools | 2025-04-01 | 5.5 Medium |
| swftools v0.9.2 was discovered to contain a segmentation violation via the function state_free at swftools/src/swfc-history.c. | ||||
| CVE-2024-9403 | 2 Mozilla, Redhat | 8 Firefox, Thunderbird, Enterprise Linux and 5 more | 2025-03-31 | 7.3 High |
| Memory safety bugs present in Firefox 130. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 131 and Thunderbird < 131. | ||||
| CVE-2022-42418 | 1 Pdf-xchange | 1 Pdf-xchange Editor | 2025-03-31 | 7.8 High |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of TIF files. The issue results from the lack of proper validation of a user-supplied value prior to dereferencing it as a pointer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18677. | ||||
| CVE-2024-23257 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2025-03-27 | 3.3 Low |
| The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.7.4, macOS Ventura 13.6.5, macOS Sonoma 14.4, visionOS 1.1, iOS 16.7.6 and iPadOS 16.7.6. Processing an image may result in disclosure of process memory. | ||||
| CVE-2022-48303 | 3 Fedoraproject, Gnu, Redhat | 4 Fedora, Tar, Enterprise Linux and 1 more | 2025-03-27 | 5.5 Medium |
| GNU Tar through 1.34 has a one-byte out-of-bounds read that results in use of uninitialized memory for a conditional jump. Exploitation to change the flow of control has not been demonstrated. The issue occurs in from_header in list.c via a V7 archive in which mtime has approximately 11 whitespace characters. | ||||
| CVE-2024-0153 | 1 Arm | 2 5th Gen Gpu Architecture Firmware, Valhall Gpu Firmware | 2025-03-27 | 7.8 High |
| Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Arm Ltd Valhall GPU Firmware, Arm Ltd Arm 5th Gen GPU Architecture Firmware allows a local non-privileged user to make improper GPU processing operations to access a limited amount outside of buffer bounds. If the operations are carefully prepared, then this in turn could give them access to all system memory. This issue affects Valhall GPU Firmware: from r29p0 through r46p0; Arm 5th Gen GPU Architecture Firmware: from r41p0 through r46p0. | ||||
| CVE-2024-1553 | 3 Debian, Mozilla, Redhat | 9 Debian Linux, Firefox, Firefox Esr and 6 more | 2025-03-27 | 8.1 High |
| Memory safety bugs present in Firefox 122, Firefox ESR 115.7, and Thunderbird 115.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 123, Firefox ESR < 115.8, and Thunderbird < 115.8. | ||||
| CVE-2021-37519 | 1 Memcached | 1 Memcached | 2025-03-26 | 5.5 Medium |
| Buffer Overflow vulnerability in authfile.c memcached 1.6.9 allows attackers to cause a denial of service via crafted authenticattion file. | ||||
| CVE-2023-0637 | 1 Trendnet | 2 Tew-811dru, Tew-811dru Firmware | 2025-03-26 | 6.5 Medium |
| A vulnerability, which was classified as critical, was found in TRENDnet TEW-811DRU 1.0.10.0. This affects an unknown part of the file wan.asp of the component Web Management Interface. The manipulation leads to memory corruption. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-220017 was assigned to this vulnerability. | ||||
| CVE-2025-2618 | 1 Dlink | 2 Dap-1620, Dap-1620 Firmware | 2025-03-26 | 9.8 Critical |
| A vulnerability, which was classified as critical, has been found in D-Link DAP-1620 1.03. Affected by this issue is the function set_ws_action of the file /dws/api/ of the component Path Handler. The manipulation leads to heap-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. | ||||
| CVE-2025-2619 | 1 Dlink | 2 Dap-1620, Dap-1620 Firmware | 2025-03-26 | 9.8 Critical |
| A vulnerability, which was classified as critical, was found in D-Link DAP-1620 1.03. This affects the function check_dws_cookie of the file /storage of the component Cookie Handler. The manipulation leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. | ||||
| CVE-2025-2620 | 1 Dlink | 2 Dap-1620, Dap-1620 Firmware | 2025-03-26 | 9.8 Critical |
| A vulnerability has been found in D-Link DAP-1620 1.03 and classified as critical. This vulnerability affects the function mod_graph_auth_uri_handler of the file /storage of the component Authentication Handler. The manipulation leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. | ||||
| CVE-2025-2621 | 1 Dlink | 2 Dap-1620, Dap-1620 Firmware | 2025-03-26 | 9.8 Critical |
| A vulnerability was found in D-Link DAP-1620 1.03 and classified as critical. This issue affects the function check_dws_cookie of the file /storage. The manipulation of the argument uid leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. | ||||
| CVE-2022-34376 | 1 Dell | 160 C4130, C4130 Firmware, C4140 and 157 more | 2025-03-26 | 3.9 Low |
| Dell PowerEdge BIOS and Dell Precision BIOS contain an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by manipulating an SMI to cause a denial of service during SMM. | ||||
| CVE-2022-34377 | 1 Dell | 160 C4130, C4130 Firmware, C4140 and 157 more | 2025-03-26 | 1.9 Low |
| Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM communication buffer verification vulnerability. A local malicious user with high Privileges may potentially exploit this vulnerability to perform arbitrary code execution or cause denial of service. | ||||
| CVE-2023-20605 | 2 Google, Mediatek | 51 Android, Mt6580, Mt6731 and 48 more | 2025-03-26 | 4.4 Medium |
| In keyinstall, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07550104; Issue ID: ALPS07550104. | ||||
| CVE-2022-43762 | 1 Br-automation | 1 Industrial Automation Aprol | 2025-03-25 | 7.5 High |
| Lack of verification in B&R APROL Tbase server versions < R 4.2-07 may lead to memory leaks when receiving messages | ||||
| CVE-2023-3889 | 1 Arm | 1 Valhall Gpu Kernel Driver | 2025-03-24 | 7.8 High |
| A local non-privileged user can make improper GPU memory processing operations. If the operations are carefully prepared, then they could be used to gain access to already freed memory. | ||||