Total
12749 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-51971 | 1 Tenda | 2 Ax1803, Ax1803 Firmware | 2025-06-03 | 9.8 Critical |
| Tenda AX1803 v1.0.0.1 contains a stack overflow via the adv.iptv.stbpvid parameter in the function getIptvInfo. | ||||
| CVE-2023-51964 | 1 Tenda | 2 Ax1803, Ax1803 Firmware | 2025-06-03 | 9.8 Critical |
| Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.stb.port parameter in the function setIptvInfo. | ||||
| CVE-2023-51956 | 1 Tenda | 2 Ax1803, Ax1803 Firmware | 2025-06-03 | 9.8 Critical |
| Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.city.vlan parameter in the function formSetIptv | ||||
| CVE-2023-51954 | 1 Tenda | 2 Ax1803, Ax1803 Firmware | 2025-06-03 | 9.8 Critical |
| Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.stb.port parameter in the function formSetIptv. | ||||
| CVE-2023-50585 | 1 Tenda | 2 A18, A18 Firmware | 2025-06-03 | 9.8 Critical |
| Tenda A18 v15.13.07.09 was discovered to contain a stack overflow via the devName parameter in the formSetDeviceName function. | ||||
| CVE-2023-37644 | 1 Swftools | 1 Swftools | 2025-06-03 | 5.5 Medium |
| SWFTools 0.9.2 772e55a allows attackers to trigger a large memory-allocation attempt via a crafted document, as demonstrated by pdf2swf. This occurs in png_read_chunk in lib/png.c. | ||||
| CVE-2023-32886 | 1 Mediatek | 47 Mt2735, Mt6813, Mt6833 and 44 more | 2025-06-03 | 7.5 High |
| In Modem IMS SMS UA, there is a possible out of bounds write due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00730807; Issue ID: MOLY00730807. | ||||
| CVE-2023-32883 | 2 Google, Mediatek | 57 Android, Mt2713, Mt6580 and 54 more | 2025-06-03 | 6.7 Medium |
| In Engineer Mode, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08282249; Issue ID: ALPS08282249. | ||||
| CVE-2023-32872 | 2 Google, Mediatek | 58 Android, Mt6580, Mt6731 and 55 more | 2025-06-03 | 6.7 Medium |
| In keyInstall, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08308607; Issue ID: ALPS08308607. | ||||
| CVE-2023-33030 | 1 Qualcomm | 596 315 5g Iot Modem, 315 5g Iot Modem Firmware, 9205 Lte Modem and 593 more | 2025-06-03 | 9.3 Critical |
| Memory corruption in HLOS while running playready use-case. | ||||
| CVE-2023-37282 | 1 Tonybybell | 1 Gtkwave | 2025-06-03 | 7.8 High |
| An out-of-bounds write vulnerability exists in the VZT LZMA_Read dmem extraction functionality of GTKWave 3.3.115. A specially crafted .vzt file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger this vulnerability. | ||||
| CVE-2023-37416 | 1 Tonybybell | 1 Gtkwave | 2025-06-03 | 7.8 High |
| Multiple out-of-bounds write vulnerabilities exist in the VCD parse_valuechange portdump functionality of GTKWave 3.3.115. A specially crafted .vcd file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the out-of-bounds write when triggered via the GUI's legacy VCD parsing code. | ||||
| CVE-2023-37297 | 1 Ami | 1 Megarac Sp-x | 2025-06-03 | 8.3 High |
| AMI’s SPx contains a vulnerability in the BMC where an Attacker may cause a heap memory corruption via an adjacent network. A successful exploitation of this vulnerability may lead to a loss of confidentiality, integrity, and/or availability. | ||||
| CVE-2024-21594 | 1 Juniper | 1 Junos | 2025-06-03 | 5.5 Medium |
| A Heap-based Buffer Overflow vulnerability in the Network Services Daemon (NSD) of Juniper Networks Junos OS allows authenticated, low privileged, local attacker to cause a Denial of Service (DoS). On an SRX 5000 Series device, when executing a specific command repeatedly, memory is corrupted, which leads to a Flow Processing Daemon (flowd) crash. The NSD process has to be restarted to restore services. If this issue occurs, it can be checked with the following command: user@host> request security policies check The following log message can also be observed: Error: policies are out of sync for PFE node<number>.fpc<number>.pic<number>. This issue affects: Juniper Networks Junos OS on SRX 5000 Series * All versions earlier than 20.4R3-S6; * 21.1 versions earlier than 21.1R3-S5; * 21.2 versions earlier than 21.2R3-S4; * 21.3 versions earlier than 21.3R3-S3; * 21.4 versions earlier than 21.4R3-S3; * 22.1 versions earlier than 22.1R3-S1; * 22.2 versions earlier than 22.2R3; * 22.3 versions earlier than 22.3R2. | ||||
| CVE-2024-27344 | 1 Tungstenautomation | 1 Power Pdf | 2025-06-03 | 7.8 High |
| Kofax Power PDF PDF File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22931. | ||||
| CVE-2023-31030 | 1 Nvidia | 2 Dgx A100, Dgx A100 Firmware | 2025-06-03 | 9.3 Critical |
| NVIDIA DGX A100 BMC contains a vulnerability in the host KVM daemon, where an unauthenticated attacker may cause a stack overflow by sending a specially crafted network packet. A successful exploit of this vulnerability may lead to arbitrary code execution, denial of service, information disclosure, and data tampering. | ||||
| CVE-2023-31024 | 1 Nvidia | 2 Dgx A100, Dgx A100 Firmware | 2025-06-03 | 9 Critical |
| NVIDIA DGX A100 BMC contains a vulnerability in the host KVM daemon, where an unauthenticated attacker may cause stack memory corruption by sending a specially crafted network packet. A successful exploit of this vulnerability may lead to arbitrary code execution, denial of service, information disclosure, and data tampering. | ||||
| CVE-2024-0531 | 1 Tenda | 2 A15, A15 Firmware | 2025-06-03 | 7.2 High |
| A vulnerability was found in Tenda A15 15.13.07.13. It has been classified as critical. This affects an unknown part of the file /goform/setBlackRule of the component Web-based Management Interface. The manipulation of the argument deviceList leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250701 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-0539 | 1 Tenda | 2 W9, W9 Firmware | 2025-06-03 | 8.8 High |
| A vulnerability was found in Tenda W9 1.0.0.7(4456) and classified as critical. This issue affects the function formQosManage_user of the component httpd. The manipulation of the argument ssidIndex leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250709 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-27337 | 1 Tungstenautomation | 1 Power Pdf | 2025-06-03 | 7.8 High |
| Kofax Power PDF TIF File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of TIF files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22033. | ||||