Total
14522 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-1352 | 1 Elfutils Project | 1 Elfutils | 2025-11-03 | 5 Medium |
| A vulnerability has been found in GNU elfutils 0.192 and classified as critical. This vulnerability affects the function __libdw_thread_tail in the library libdw_alloc.c of the component eu-readelf. The manipulation of the argument w leads to memory corruption. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The name of the patch is 2636426a091bd6c6f7f02e49ab20d4cdc6bfc753. It is recommended to apply a patch to fix this issue. | ||||
| CVE-2025-2357 | 1 Offis | 1 Dcmtk | 2025-11-03 | 6.3 Medium |
| A vulnerability was found in DCMTK 3.6.9. It has been declared as critical. This vulnerability affects unknown code of the component dcmjpls JPEG-LS Decoder. The manipulation leads to memory corruption. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 3239a7915. It is recommended to apply a patch to fix this issue. | ||||
| CVE-2022-3534 | 1 Linux | 1 Linux Kernel | 2025-11-03 | 5.5 Medium |
| A vulnerability classified as critical has been found in Linux Kernel. Affected is the function btf_dump_name_dups of the file tools/lib/bpf/btf_dump.c of the component libbpf. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211032. | ||||
| CVE-2022-36765 | 2 Redhat, Tianocore | 2 Enterprise Linux, Edk2 | 2025-11-03 | 7 High |
| EDK2 is susceptible to a vulnerability in the CreateHob() function, allowing a user to trigger a integer overflow to buffer overflow via a local network. Successful exploitation of this vulnerability may result in a compromise of confidentiality, integrity, and/or availability. | ||||
| CVE-2022-36764 | 2 Redhat, Tianocore | 2 Enterprise Linux, Edk2 | 2025-11-03 | 7 High |
| EDK2 is susceptible to a vulnerability in the Tcg2MeasurePeImage() function, allowing a user to trigger a heap buffer overflow via a local network. Successful exploitation of this vulnerability may result in a compromise of confidentiality, integrity, and/or availability. | ||||
| CVE-2022-36763 | 2 Redhat, Tianocore | 2 Enterprise Linux, Edk2 | 2025-11-03 | 7 High |
| EDK2 is susceptible to a vulnerability in the Tcg2MeasureGptTable() function, allowing a user to trigger a heap buffer overflow via a local network. Successful exploitation of this vulnerability may result in a compromise of confidentiality, integrity, and/or availability. | ||||
| CVE-2021-38575 | 3 Insyde, Redhat, Tianocore | 5 Kernel, Enterprise Linux, Rhel Eus and 2 more | 2025-11-03 | 8.1 High |
| NetworkPkg/IScsiDxe has remotely exploitable buffer overflows. | ||||
| CVE-2021-30499 | 2 Fedoraproject, Libcaca Project | 2 Fedora, Libcaca | 2025-11-03 | 7.8 High |
| A flaw was found in libcaca. A buffer overflow of export.c in function export_troff might lead to memory corruption and other potential consequences. | ||||
| CVE-2020-36023 | 1 Freedesktop | 1 Poppler | 2025-11-03 | 6.5 Medium |
| An issue was discovered in freedesktop poppler version 20.12.1, allows remote attackers to cause a denial of service (DoS) via crafted .pdf file to FoFiType1C::cvtGlyph function. | ||||
| CVE-2025-62594 | 1 Imagemagick | 1 Imagemagick | 2025-11-03 | 4.7 Medium |
| ImageMagick is a software suite to create, edit, compose, or convert bitmap images. ImageMagick versions prior to 7.1.2-8 are vulnerable to denial-of-service due to unsigned integer underflow and division-by-zero in the CLAHEImage function. When tile width or height is zero, unsigned underflow occurs in pointer arithmetic, leading to out-of-bounds memory access, and division-by-zero causes immediate crashes. This issue has been patched in version 7.1.2-8. | ||||
| CVE-2014-5407 | 1 Schneider-electric | 1 Vampset | 2025-11-03 | N/A |
| Multiple stack-based buffer overflows in Schneider Electric VAMPSET 2.2.136 and earlier allow local users to cause a denial of service (application halt) via a malformed (1) setting file or (2) disturbance recording file. | ||||
| CVE-2021-22894 | 1 Ivanti | 1 Connect Secure | 2025-11-03 | 8.8 High |
| A buffer overflow vulnerability exists in Pulse Connect Secure before 9.1R11.4 allows a remote authenticated attacker to execute arbitrary code as the root user via maliciously crafted meeting room. | ||||
| CVE-2022-22706 | 1 Arm | 3 Bifrost Gpu Kernel Driver, Midgard Gpu Kernel Driver, Valhall Gpu Kernel Driver | 2025-11-03 | 7.8 High |
| Arm Mali GPU Kernel Driver allows a non-privileged user to achieve write access to read-only memory pages. This affects Midgard r26p0 through r31p0, Bifrost r0p0 through r35p0, and Valhall r19p0 through r35p0. | ||||
| CVE-2020-36855 | 2 Dicom, Offis | 2 Dcmtk, Dcmtk | 2025-10-31 | 5.3 Medium |
| A security vulnerability has been detected in DCMTK up to 3.6.5. The affected element is the function parseQuota of the component dcmqrscp. The manipulation of the argument StorageQuota leads to stack-based buffer overflow. Local access is required to approach this attack. The exploit has been disclosed publicly and may be used. Upgrading to version 3.6.6 is sufficient to fix this issue. The identifier of the patch is 0fef9f02e. It is recommended to upgrade the affected component. | ||||
| CVE-2025-8851 | 1 Libtiff | 1 Libtiff | 2025-10-30 | 5.3 Medium |
| A vulnerability was determined in LibTIFF up to 4.5.1. Affected by this issue is the function readSeparateStripsetoBuffer of the file tools/tiffcrop.c of the component tiffcrop. The manipulation leads to stack-based buffer overflow. Local access is required to approach this attack. The patch is identified as 8a7a48d7a645992ca83062b3a1873c951661e2b3. It is recommended to apply a patch to fix this issue. | ||||
| CVE-2023-36794 | 1 Microsoft | 16 .net, .net Framework, Visual Studio 2017 and 13 more | 2025-10-30 | 7.8 High |
| Visual Studio Remote Code Execution Vulnerability | ||||
| CVE-2024-6603 | 2 Mozilla, Redhat | 9 Firefox, Firefox Esr, Thunderbird and 6 more | 2025-10-30 | 7.4 High |
| In an out-of-memory scenario an allocation could fail but free would have been called on the pointer afterwards leading to memory corruption. This vulnerability affects Firefox < 128, Firefox ESR < 115.13, Thunderbird < 115.13, and Thunderbird < 128. | ||||
| CVE-2021-31979 | 1 Microsoft | 22 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 19 more | 2025-10-29 | 7.8 High |
| Windows Kernel Elevation of Privilege Vulnerability | ||||
| CVE-2019-1214 | 1 Microsoft | 16 Windows 10 1507, Windows 10 1607, Windows 10 1703 and 13 more | 2025-10-29 | 7.8 High |
| An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory, aka 'Windows Common Log File System Driver Elevation of Privilege Vulnerability'. | ||||
| CVE-2020-0796 | 1 Microsoft | 4 Windows 10 1903, Windows 10 1909, Windows Server 1903 and 1 more | 2025-10-29 | 10.0 Critical |
| A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests, aka 'Windows SMBv3 Client/Server Remote Code Execution Vulnerability'. | ||||