Total
13681 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-43839 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2026-03-27 | N/A | 7.8 HIGH |
| In the Linux kernel, the following vulnerability has been resolved: bna: adjust 'name' buf size of bna_tcb and bna_ccb structures To have enough space to write all possible sprintf() args. Currently 'name' size is 16, but the first '%s' specifier may already need at least 16 characters, since 'bnad->netdev->name' is used there. For '%d' specifiers, assume that they require: * 1 char for 'tx_id + tx_info->tcb[i]->id' sum, BNAD_MAX_TXQ_PER_TX is 8 * 2 chars for 'rx_id + rx_info->rx_ctrl[i].ccb->id', BNAD_MAX_RXP_PER_RX is 16 And replace sprintf with snprintf. Detected using the static analysis tool - Svace. | |||||
| CVE-2018-25211 | 1 Alloksoft | 1 Video Splitter | 2026-03-27 | N/A | 7.8 HIGH |
| Allok Video Splitter 3.1.1217 contains a buffer overflow vulnerability that allows local attackers to cause a denial of service or execute arbitrary code by supplying an oversized string in the License Name field. Attackers can craft a malicious payload exceeding 780 bytes, paste it into the License Name registration field, and trigger the overflow when the Register button is clicked. | |||||
| CVE-2018-25213 | 1 Nsasoft | 1 Nsauditor | 2026-03-27 | N/A | 8.4 HIGH |
| Nsauditor 3.0.28.0 contains a structured exception handling buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying malicious input to the DNS Lookup tool. Attackers can craft a payload with SEH chain overwrite and inject shellcode through the DNS Query field to achieve code execution with application privileges. | |||||
| CVE-2018-25214 | 1 Magnetosoft | 1 Megaping | 2026-03-27 | N/A | 6.2 MEDIUM |
| MegaPing contains a local buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized payload to the Destination Address List field in the Finger function. Attackers can paste a crafted buffer exceeding expected input limits into the vulnerable field and trigger the Start button to cause a denial of service crash. | |||||
| CVE-2018-25216 | 1 Powersoftware | 1 Anyburn | 2026-03-27 | N/A | 6.2 MEDIUM |
| AnyBurn 4.3 contains a local buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long string in the image file name field. Attackers can paste a 10000-byte payload into the 'Image file name' parameter during the 'Copy disk to Image' operation to trigger a denial of service condition. | |||||
| CVE-2018-25217 | 1 Rttsoftware | 1 Pdf Explorer | 2026-03-27 | N/A | 8.4 HIGH |
| PDF Explorer 1.5.66.2 contains a structured exception handler (SEH) overflow vulnerability that allows local attackers to execute arbitrary code by overwriting SEH records with malicious data. Attackers can craft a payload with buffer overflow, NSEH jump, and ROP gadget chains that execute when the Custom fields settings dialog processes the malicious input in the Label field. | |||||
| CVE-2020-37140 | 1 Aida64 | 1 Aida64 | 2026-03-27 | N/A | 5.5 MEDIUM |
| Everest, later referred to as AIDA64, 5.50.2100 contains a denial of service vulnerability that allows local attackers to crash the application by manipulating file open functionality. Attackers can generate a 450-byte buffer of repeated characters and paste it into the file open dialog to trigger an application crash. | |||||
| CVE-2019-25631 | 1 Aida64 | 1 Aida64 | 2026-03-27 | N/A | 8.4 HIGH |
| AIDA64 Business 5.99.4900 contains a structured exception handling buffer overflow vulnerability that allows local attackers to execute arbitrary code by overwriting SEH pointers with malicious shellcode. Attackers can inject egg hunter shellcode through the SMTP display name field in preferences or report wizard functionality to trigger the overflow and execute code with application privileges. | |||||
| CVE-2019-25629 | 1 Aida64 | 1 Aida64 | 2026-03-27 | N/A | 8.4 HIGH |
| AIDA64 Extreme 5.99.4900 contains a structured exception handler buffer overflow vulnerability in the logging functionality that allows local attackers to execute arbitrary code by supplying a malicious CSV log file path. Attackers can inject shellcode through the Hardware Monitoring logging preferences to overflow the buffer and trigger code execution when the application processes the log file path. | |||||
| CVE-2026-20698 | 1 Apple | 6 Ipados, Iphone Os, Macos and 3 more | 2026-03-26 | N/A | 7.8 HIGH |
| The issue was addressed with improved memory handling. This issue is fixed in iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, watchOS 26.4. An app may be able to cause unexpected system termination or corrupt kernel memory. | |||||
| CVE-2026-33854 | 1 Molotovcherry | 1 Android-imagemagick7 | 2026-03-26 | N/A | 8.8 HIGH |
| Out-of-bounds Write vulnerability in MolotovCherry Android-ImageMagick7.This issue affects Android-ImageMagick7: before 7.1.2-10. | |||||
| CVE-2023-52356 | 2 Libtiff, Redhat | 2 Libtiff, Enterprise Linux | 2026-03-26 | N/A | 7.5 HIGH |
| A segment fault (SEGV) flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFReadRGBATileExt() API. This flaw allows a remote attacker to cause a heap-buffer overflow, leading to a denial of service. | |||||
| CVE-2026-4756 | 1 Molotovcherry | 1 Android-imagemagick7 | 2026-03-26 | N/A | 7.8 HIGH |
| Out-of-bounds Write vulnerability in MolotovCherry Android-ImageMagick7.This issue affects Android-ImageMagick7: before 7.1.2-11. | |||||
| CVE-2026-28857 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2026-03-26 | N/A | 6.5 MEDIUM |
| The issue was addressed with improved memory handling. This issue is fixed in Safari 26.4, iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, visionOS 26.4. Processing maliciously crafted web content may lead to an unexpected process crash. | |||||
| CVE-2026-3849 | 1 Wolfssl | 1 Wolfssl | 2026-03-26 | N/A | 9.8 CRITICAL |
| Stack Buffer Overflow in wc_HpkeLabeledExtract via Oversized ECH Config. A vulnerability existed in wolfSSL 5.8.4 ECH (Encrypted Client Hello) support, where a maliciously crafted ECH config could cause a stack buffer overflow on the client side, leading to potential remote execution and client program crash. This could be exploited by a malicious TLS server supporting ECH. Note that ECH is off by default, and is only enabled with enable-ech. | |||||
| CVE-2026-20657 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2026-03-26 | N/A | 6.5 MEDIUM |
| The issue was addressed with improved memory handling. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, macOS Sequoia 15.7.5, macOS Sonoma 14.8.5. Parsing a maliciously crafted file may lead to an unexpected app termination. | |||||
| CVE-2019-25633 | 1 Aida64 | 1 Aida64 | 2026-03-26 | N/A | 8.4 HIGH |
| AIDA64 Extreme 5.99.4900 contains a structured exception handling buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying malicious input through the email preferences and report wizard interfaces. Attackers can inject crafted payloads into the Display name field and Load from file parameter to trigger the overflow and execute shellcode with application privileges. | |||||
| CVE-2019-25649 | 2026-03-26 | N/A | 5.5 MEDIUM | ||
| River Past Audio Converter 7.7.16 contains a local buffer overflow vulnerability in the activation code field that allows local attackers to crash the application by supplying an oversized input string. Attackers can paste a large payload of repeated characters into the 'E-Mail and Activation Code' field and click 'Activate' to trigger a denial of service condition. | |||||
| CVE-2018-25218 | 2026-03-26 | N/A | 8.4 HIGH | ||
| PassFab RAR Password Recovery 9.3.2 contains a structured exception handler (SEH) buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious payload. Attackers can craft a payload with a buffer overflow, NSEH jump, and shellcode, then paste it into the 'Licensed E-mail and Registration Code' field during registration to trigger code execution. | |||||
| CVE-2018-25215 | 2026-03-26 | N/A | 5.5 MEDIUM | ||
| Excel Password Recovery Professional 8.2.0.0 contains a local buffer overflow vulnerability that allows attackers to cause a denial of service by supplying an excessively long string to the 'E-Mail and Registrations Code' field. Attackers can paste a crafted payload containing 5000 bytes of data into the registration field to trigger a crash when the Register button is clicked. | |||||