Total
152 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-66216 | 2025-12-01 | N/A | N/A | ||
| AIS-catcher is a multi-platform AIS receiver. Prior to version 0.64, a heap buffer overflow vulnerability has been identified in the AIS::Message class of AIS-catcher. This vulnerability allows an attacker to write approximately 1KB of arbitrary data into a 128-byte buffer. This issue has been patched in version 0.64. | |||||
| CVE-2025-61661 | 2025-11-19 | N/A | 4.8 MEDIUM | ||
| A vulnerability has been identified in the GRUB (Grand Unified Bootloader) component. This flaw occurs because the bootloader mishandles string conversion when reading information from a USB device, allowing an attacker to exploit inconsistent length values. A local attacker can connect a maliciously configured USB device during the boot sequence to trigger this issue. A successful exploitation may lead GRUB to crash, leading to a Denial of Service. Data corruption may be also possible, although given the complexity of the exploit the impact is most likely limited. | |||||
| CVE-2025-33126 | 3 Ibm, Linux, Microsoft | 5 Aix, Db2 High Performance Unload Load, Linux On Ibm Z and 2 more | 2025-11-05 | N/A | 6.5 MEDIUM |
| IBM DB2 High Performance Unload 6.1.0.3, 5.1.0.1, 6.1.0.2, 6.5, 6.5.0.0 IF1, 6.1.0.1, 6.1, 5.1, 6.1.0.3, 5.1.0.1, 6.1.0.2, 6.5, 6.5.0.0 IF1, 6.1.0.1, 6.1, 5.1, 6.1.0.3, 5.1.0.1, 6.1.0.2, 6.5, 6.5.0.0 IF1, 6.1.0.1, 6.1, 5.1, 6.1.0.3, 5.1.0.1, 6.1.0.2, 6.5, 6.5.0.0 IF1, 6.1.0.1, 6.1, and 5.1 could allow an authenticated user to cause the program to crash due to the incorrect calculation of a buffer size. | |||||
| CVE-2025-27053 | 1 Qualcomm | 638 215 Mobile Platform, 215 Mobile Platform Firmware, 315 5g Iot Modem and 635 more | 2025-11-05 | N/A | 7.8 HIGH |
| Memory corruption during PlayReady APP usecase while processing TA commands. | |||||
| CVE-2025-27074 | 1 Qualcomm | 190 Apq8064au, Apq8064au Firmware, Csr8811 and 187 more | 2025-11-05 | N/A | 8.8 HIGH |
| Memory corruption while processing a GP command response. | |||||
| CVE-2024-23606 | 2 Fedoraproject, Libbiosig Project | 2 Fedora, Libbiosig | 2025-11-04 | N/A | 9.8 CRITICAL |
| An out-of-bounds write vulnerability exists in the sopen_FAMOS_read functionality of The Biosig Project libbiosig 2.5.0 and Master Branch (ab0ee111). A specially crafted .famos file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability. | |||||
| CVE-2024-42259 | 1 Linux | 1 Linux Kernel | 2025-11-03 | N/A | 5.5 MEDIUM |
| In the Linux kernel, the following vulnerability has been resolved: drm/i915/gem: Fix Virtual Memory mapping boundaries calculation Calculating the size of the mapped area as the lesser value between the requested size and the actual size does not consider the partial mapping offset. This can cause page fault access. Fix the calculation of the starting and ending addresses, the total size is now deduced from the difference between the end and start addresses. Additionally, the calculations have been rewritten in a clearer and more understandable form. [Joonas: Add Requires: tag] Requires: 60a2066c5005 ("drm/i915/gem: Adjust vma offset for framebuffer mmap offset") (cherry picked from commit 97b6784753da06d9d40232328efc5c5367e53417) | |||||
| CVE-2025-1861 | 2 Netapp, Php | 2 Ontap, Php | 2025-11-03 | N/A | 9.8 CRITICAL |
| In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when parsing HTTP redirect in the response to an HTTP request, there is currently limit on the location value size caused by limited size of the location buffer to 1024. However as per RFC9110, the limit is recommended to be 8000. This may lead to incorrect URL truncation and redirecting to a wrong location. | |||||
| CVE-2023-1175 | 1 Vim | 1 Vim | 2025-11-03 | N/A | 6.6 MEDIUM |
| Incorrect Calculation of Buffer Size in GitHub repository vim/vim prior to 9.0.1378. | |||||
| CVE-2025-57807 | 1 Imagemagick | 1 Imagemagick | 2025-11-03 | N/A | 3.8 LOW |
| ImageMagick is free and open-source software used for editing and manipulating digital images. ImageMagick versions lower than 14.8.2 include insecure functions: SeekBlob(), which permits advancing the stream offset beyond the current end without increasing capacity, and WriteBlob(), which then expands by quantum + length (amortized) instead of offset + length, and copies to data + offset. When offset ≫ extent, the copy targets memory beyond the allocation, producing a deterministic heap write on 64-bit builds. No 2⁶⁴ arithmetic wrap, external delegates, or policy settings are required. This is fixed in version 14.8.2. | |||||
| CVE-2022-39377 | 3 Debian, Fedoraproject, Sysstat Project | 3 Debian Linux, Fedora, Sysstat | 2025-11-03 | N/A | 7.0 HIGH |
| sysstat is a set of system performance tools for the Linux operating system. On 32 bit systems, in versions 9.1.16 and newer but prior to 12.7.1, allocate_structures contains a size_t overflow in sa_common.c. The allocate_structures function insufficiently checks bounds before arithmetic multiplication, allowing for an overflow in the size allocated for the buffer representing system activities. This issue may lead to Remote Code Execution (RCE). This issue has been patched in version 12.7.1. | |||||
| CVE-2020-17087 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1803 and 12 more | 2025-10-29 | 7.2 HIGH | 7.8 HIGH |
| Windows Kernel Local Elevation of Privilege Vulnerability | |||||
| CVE-2023-52557 | 1 Openbsd | 1 Openbsd | 2025-10-10 | N/A | 7.5 HIGH |
| In OpenBSD 7.3 before errata 016, npppd(8) could crash by a l2tp message which has an AVP (Attribute-Value Pair) with wrong length. | |||||
| CVE-2023-52558 | 1 Openbsd | 1 Openbsd | 2025-10-10 | N/A | 7.5 HIGH |
| In OpenBSD 7.4 before errata 002 and OpenBSD 7.3 before errata 019, a network buffer that had to be split at certain length that could crash the kernel after receiving specially crafted escape sequences. | |||||
| CVE-2024-46729 | 1 Linux | 1 Linux Kernel | 2025-09-26 | N/A | 7.8 HIGH |
| In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix incorrect size calculation for loop [WHY] fe_clk_en has size of 5 but sizeof(fe_clk_en) has byte size 20 which is lager than the array size. [HOW] Divide byte size 20 by its element size. This fixes 2 OVERRUN issues reported by Coverity. | |||||
| CVE-2025-27042 | 1 Qualcomm | 688 215 Mobile, 215 Mobile Firmware, 315 5g Iot Modem and 685 more | 2025-09-25 | N/A | 7.8 HIGH |
| Memory corruption while processing video packets received from video firmware. | |||||
| CVE-2024-8361 | 2025-09-16 | N/A | 7.5 HIGH | ||
| In SiWx91x devices, the SHA2/224 algorithm returns a hash of 256 bits instead of 224 bits. This incorrect hash length triggers a software assertion, which subsequently causes a Denial of Service (DoS). If a watchdog is implemented, device will restart after watch dog expires. If watchdog is not implemented, device can be recovered only after a hard reset | |||||
| CVE-2025-30334 | 1 Openbsd | 1 Openbsd | 2025-09-05 | N/A | 6.5 MEDIUM |
| In OpenBSD 7.6 before errata 006 and OpenBSD 7.5 before errata 015, traffic sent over wg(4) could result in kernel crash. | |||||
| CVE-2024-49776 | 1 Justdan96 | 1 Tsmuxer | 2025-09-05 | N/A | 6.5 MEDIUM |
| A negative-size-param in tsMuxer version nightly-2024-04-05-01-53-02 allows attackers to cause Denial of Service (DoS) via a crafted TS video file. | |||||
| CVE-2025-55297 | 2025-08-22 | N/A | N/A | ||
| ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. The BluFi example bundled in ESP-IDF was vulnerable to memory overflows in two areas: Wi-Fi credential handling and Diffie–Hellman key exchange. This vulnerability is fixed in 5.4.1, 5.3.3, 5.1.6, and 5.0.9. | |||||