Total
12866 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-26208 | 1 Jhead Project | 1 Jhead | 2025-05-05 | 5.3 Medium |
| JHEAD is a simple command line tool for displaying and some manipulation of EXIF header data embedded in Jpeg images from digital cameras. In affected versions there is a heap-buffer-overflow on jhead-3.04/jpgfile.c:285 ReadJpegSections. Crafted jpeg images can be provided to the user resulting in a program crash or potentially incorrect exif information retrieval. Users are advised to upgrade. There is no known workaround for this issue. | ||||
| CVE-2020-10828 | 1 Draytek | 6 Vigor2960, Vigor2960 Firmware, Vigor300b and 3 more | 2025-05-05 | 9.8 Critical |
| A stack-based buffer overflow in cvmd on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve code execution via a remote HTTP request. | ||||
| CVE-2020-10827 | 1 Draytek | 6 Vigor2960, Vigor2960 Firmware, Vigor300b and 3 more | 2025-05-05 | 9.8 Critical |
| A stack-based buffer overflow in apmd on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve code execution via a remote HTTP request. | ||||
| CVE-2020-10825 | 1 Draytek | 6 Vigor2960, Vigor2960 Firmware, Vigor300b and 3 more | 2025-05-05 | 9.8 Critical |
| A stack-based buffer overflow in /cgi-bin/activate.cgi while base64 decoding ticket parameter on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve code execution via a remote HTTP request (issue 3 of 3). | ||||
| CVE-2020-10824 | 1 Draytek | 6 Vigor2960, Vigor2960 Firmware, Vigor300b and 3 more | 2025-05-05 | 9.8 Critical |
| A stack-based buffer overflow in /cgi-bin/activate.cgi through ticket parameter on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve code execution via a remote HTTP request (issue 2 of 3). | ||||
| CVE-2020-10823 | 1 Draytek | 6 Vigor2960, Vigor2960 Firmware, Vigor300b and 3 more | 2025-05-05 | 9.8 Critical |
| A stack-based buffer overflow in /cgi-bin/activate.cgi through var parameter on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve code execution via a remote HTTP request (issue 1 of 3). | ||||
| CVE-2019-8246 | 3 Adobe, Apple, Microsoft | 3 Media Encoder, Macos, Windows | 2025-05-05 | 9.8 Critical |
| Adobe Media Encoder versions 13.1 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution . | ||||
| CVE-2024-4323 | 1 Treasuredata | 1 Fluent Bit | 2025-05-05 | 9.8 Critical |
| A memory corruption vulnerability in Fluent Bit versions 2.0.7 thru 3.0.3. This issue lies in the embedded http server’s parsing of trace requests and may result in denial of service conditions, information disclosure, or remote code execution. | ||||
| CVE-2024-38065 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2025-05-05 | 6.8 Medium |
| Secure Boot Security Feature Bypass Vulnerability | ||||
| CVE-2024-38032 | 1 Microsoft | 5 Windows 10 21h2, Windows 10 22h2, Windows 11 21h2 and 2 more | 2025-05-05 | 7.1 High |
| Microsoft Xbox Remote Code Execution Vulnerability | ||||
| CVE-2024-38060 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2025-05-05 | 8.8 High |
| Windows Imaging Component Remote Code Execution Vulnerability | ||||
| CVE-2024-38054 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2025-05-05 | 7.8 High |
| Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability | ||||
| CVE-2024-38051 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2025-05-05 | 7.8 High |
| Windows Graphics Component Remote Code Execution Vulnerability | ||||
| CVE-2024-38025 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2025-05-05 | 7.2 High |
| Microsoft Windows Performance Data Helper Library Remote Code Execution Vulnerability | ||||
| CVE-2023-4355 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2025-05-05 | 8.8 High |
| Out of bounds memory access in V8 in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2023-4354 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2025-05-05 | 8.8 High |
| Heap buffer overflow in Skia in Google Chrome prior to 116.0.5845.96 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2023-35788 | 5 Canonical, Debian, Linux and 2 more | 20 Ubuntu Linux, Debian Linux, Linux Kernel and 17 more | 2025-05-05 | 7.8 High |
| An issue was discovered in fl_set_geneve_opt in net/sched/cls_flower.c in the Linux kernel before 6.3.7. It allows an out-of-bounds write in the flower classifier code via TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets. This may result in denial of service or privilege escalation. | ||||
| CVE-2023-34417 | 1 Mozilla | 1 Firefox | 2025-05-05 | 9.8 Critical |
| Memory safety bugs present in Firefox 113. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 114. | ||||
| CVE-2023-2934 | 1 Google | 1 Chrome | 2025-05-05 | 8.8 High |
| Out of bounds memory access in Mojo in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2023-2929 | 1 Google | 1 Chrome | 2025-05-05 | 8.8 High |
| Out of bounds write in Swiftshader in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||