Total
13324 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-40485 | 1 Nemetschek | 1 Cinema 4d | 2025-05-27 | N/A | 7.8 HIGH |
| Maxon Cinema 4D SKP File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Maxon Cinema 4D. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SKP files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-21433. | |||||
| CVE-2023-49417 | 1 Totolink | 2 A7000r, A7000r Firmware | 2025-05-27 | N/A | 9.8 CRITICAL |
| TOTOLink A7000R V9.1.0u.6115_B20201022 has a stack overflow vulnerability via setOpModeCfg. | |||||
| CVE-2022-40869 | 1 Tendacn | 4 Ac15, Ac15 Firmware, Ac18 and 1 more | 2025-05-27 | N/A | 9.8 CRITICAL |
| Tenda AC15 and AC18 routers V15.03.05.19 contain stack overflow vulnerabilities in the function fromDhcpListClient with a combined parameter "list*" ("%s%d","list"). | |||||
| CVE-2022-40865 | 1 Tendacn | 4 Ac15, Ac15 Firmware, Ac18 and 1 more | 2025-05-27 | N/A | 9.8 CRITICAL |
| Tenda AC15 and AC18 routers V15.03.05.19 contain heap overflow vulnerabilities in the function setSchedWifi with the request /goform/openSchedWifi/ | |||||
| CVE-2022-37235 | 1 Netgear | 2 R7000, R7000 Firmware | 2025-05-27 | N/A | 9.8 CRITICAL |
| Netgear Nighthawk AC1900 Smart WiFi Dual Band Gigabit Router R7000-V1.0.11.134_10.2.119 is vulnerable to Buffer Overflow via the wl binary in firmware. There is a stack overflow vulnerability caused by strncat | |||||
| CVE-2022-37234 | 1 Netgear | 2 R7000, R7000 Firmware | 2025-05-27 | N/A | 7.8 HIGH |
| Netgear Nighthawk AC1900 Smart WiFi Dual Band Gigabit Router R7000-V1.0.11.134_10.2.119 is vulnerable to Buffer Overflow via the wl binary in firmware. There is a stack overflow vulnerability caused by strncpy. | |||||
| CVE-2022-31937 | 1 Netgear | 2 Wnr2000v4, Wnr2000v4 Firmware | 2025-05-27 | N/A | 9.8 CRITICAL |
| Netgear N300 wireless router wnr2000v4-V1.0.0.70 was discovered to contain a stack overflow via strcpy in uhttpd. | |||||
| CVE-2025-4810 | 1 Tenda | 2 Ac7, Ac7 Firmware | 2025-05-24 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was found in Tenda AC7 15.03.06.44. It has been declared as critical. Affected by this vulnerability is the function formSetRebootTimer of the file /goform/SetRebootTimer. The manipulation of the argument reboot_time leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-4809 | 1 Tenda | 2 Ac7, Ac7 Firmware | 2025-05-24 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was found in Tenda AC7 15.03.06.44. It has been classified as critical. Affected is the function fromSafeSetMacFilter of the file /goform/setMacFilterCfg. The manipulation of the argument deviceList leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2022-40151 | 1 Xstream | 1 Xstream | 2025-05-23 | N/A | 6.5 MEDIUM |
| Those using Xstream to seralize XML data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack. | |||||
| CVE-2022-40152 | 2 Fasterxml, Xstream | 2 Woodstox, Xstream | 2025-05-23 | N/A | 6.5 MEDIUM |
| Those using Woodstox to parse XML data may be vulnerable to Denial of Service attacks (DOS) if DTD support is enabled. If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack. | |||||
| CVE-2022-35096 | 1 Swftools | 1 Swftools | 2025-05-23 | N/A | 5.5 MEDIUM |
| SWFTools commit 772e55a2 was discovered to contain a heap-buffer overflow via draw_stroke at /gfxpoly/stroke.c. | |||||
| CVE-2022-35095 | 1 Swftools | 1 Swftools | 2025-05-23 | N/A | 5.5 MEDIUM |
| SWFTools commit 772e55a2 was discovered to contain a segmentation violation via InfoOutputDev::type3D1 at /pdf/InfoOutputDev.cc. | |||||
| CVE-2022-35094 | 1 Swftools | 1 Swftools | 2025-05-23 | N/A | 5.5 MEDIUM |
| SWFTools commit 772e55a2 was discovered to contain a heap-buffer overflow via DCTStream::readHuffSym(DCTHuffTable*) at /xpdf/Stream.cc. | |||||
| CVE-2022-35093 | 1 Swftools | 1 Swftools | 2025-05-23 | N/A | 5.5 MEDIUM |
| SWFTools commit 772e55a2 was discovered to contain a global buffer overflow via DCTStream::transformDataUnit at /xpdf/Stream.cc. | |||||
| CVE-2025-4788 | 1 Freefloat | 1 Freefloat Ftp Server | 2025-05-23 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability classified as critical was found in FreeFloat FTP Server 1.0. Affected by this vulnerability is an unknown functionality of the component DELETE Command Handler. The manipulation leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-4789 | 1 Freefloat | 1 Freefloat Ftp Server | 2025-05-23 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability, which was classified as critical, has been found in FreeFloat FTP Server 1.0. Affected by this issue is some unknown functionality of the component LCD Command Handler. The manipulation leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-4790 | 1 Freefloat | 1 Freefloat Ftp Server | 2025-05-23 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability, which was classified as critical, was found in FreeFloat FTP Server 1.0. This affects an unknown part of the component GLOB Command Handler. The manipulation leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-4791 | 1 Freefloat | 1 Freefloat Ftp Server | 2025-05-23 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability has been found in FreeFloat FTP Server 1.0 and classified as critical. This vulnerability affects unknown code of the component HASH Command Handler. The manipulation leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-36761 | 1 Gfx-rs | 2 Naga, Wgpu | 2025-05-23 | N/A | 9.8 CRITICAL |
| naga v0.14.0 was discovered to contain a stack overflow via the component /wgsl/parse/mod.rs. | |||||