Lucene search
+L

132 matches found

CNVD
CNVD
added 2025/08/18 12:0 a.m.4 views

Kenwood DMX958XR Stack Buffer Overflow Vulnerability

The Kenwood DMX958XR is an in-car infotainment system from Kenwood. The Kenwood DMX958XR suffers from a stack buffer overflow vulnerability that stems from JKRadioService not properly validating the length of user-supplied data, which can be exploited by an attacker to execute code in the root...

8.8CVSS7.8AI score0.00326EPSS
Exploits0References1
OSV
OSV
added 2025/08/13 7:33 p.m.8 views

CLSA-2025-1755113613 bluez: Fix of 2 CVEs

CVE-2023-50229: fix heap-based buffer overflow vulnerability in handling Phone Book Access profile by adding proper validation of user-supplied data length before copying to buffer - CVE-2023-50230: fix heap-based buffer overflow vulnerability in Phone Book Access profile to prevent arbitrary...

8CVSS7.7AI score0.0229EPSS
Exploits0References1
OSV
OSV
added 2025/08/06 2:15 a.m.3 views

CVE-2025-8653

Kenwood DMX958XR JKRadioService Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Kenwood DMX958XR. Authentication is not required to exploit this vulnerability. The specific...

8.8CVSS6.4AI score
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2025/06/05 12:0 a.m.8 views

VulnCheck KEV: CVE-2025-0286

Various Paragon Software products contain an arbitrary kernel memory write vulnerability within biontdrv.sys that is caused by a failure to properly validate the length of user supplied data, which can allow an attacker to execute arbitrary code on the victim machine...

8.4CVSS6.2AI score0.00359EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:14 a.m.5 views

CVE-2019-2307

Possible integer underflow due to lack of validation before calculation of data length in 802.11 Rx management configuration in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in MDM9150...

10CVSS7.5AI score0.01621EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/04/23 12:0 a.m.7 views

Luxion KeyShot Viewer 安全漏洞

Luxion KeyShot Viewer is a free, standalone desktop application from Luxion Corporation. A security vulnerability exists in Luxion KeyShot Viewer that stems from a failure to validate the length of user data when parsing KSP files, which could lead to a heap buffer overflow and remote code...

7.8CVSS8.2AI score0.0032EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/03/26 12:0 a.m.4 views

PT-2025-13009 · Silicon · Gecko Os

Name of the Vulnerable Software and Affected Versions: Silicon Labs Gecko OS affected versions not specified Description: This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations. Authentication is not required for exploitation. The issue stems from...

8.8CVSS8AI score0.00474EPSS
Exploits0References9
OSV
OSV
added 2025/03/11 9:15 p.m.4 views

CVE-2025-2019

Ashlar-Vellum Cobalt VC6 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the targ...

7.8CVSS6.2AI score0.00264EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/02/26 12:0 a.m.7 views

Delta Electronics CNCSoft-G2 安全漏洞

Delta Electronics CNCSoft-G2 is a human-machine interface HMI software from Delta Electronics, China. The Delta Electronics CNCSoft-G2 suffers from a buffer overflow vulnerability that originates from insufficient validation of user-supplied data lengths, which can be exploited by an attacker to...

8.4CVSS7.6AI score0.00266EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/01/31 12:0 a.m.6 views

Silicon Gecko OS 安全漏洞

Silicon Gecko OS is a highly optimized but feature-rich IoT operating system from Silicon, Inc. A security vulnerability exists in Silicon Gecko OS that stems from a missing data length validation of the httpdownload command...

8.8CVSS6.5AI score0.00462EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/01/30 12:0 a.m.31 views

AutomationDirect C-More EA9 Programming Software 安全漏洞

AutomationDirect C-More EA9 Programming Software is a programming software from AutomationDirect, Inc. A security vulnerability exists in AutomationDirect C-More EA9 Programming Software that stems from a lack of proper validation of the length of user-supplied data when parsing an EAP9 file,...

7.8CVSS8AI score0.00307EPSS
Exploits0References2
OSV
OSV
added 2024/11/22 9:15 p.m.5 views

CVE-2024-11510

IrfanView WBZ plugin WB1 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must...

7.8CVSS6.3AI score0.00354EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/11/22 9:1 p.m.28 views

CVE-2024-9741 Tungsten Automation Power PDF PDF File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability

Tungsten Automation Power PDF PDF File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tungsten Automation Power PDF. User interaction is required to exploit this vulnerabilit...

7.8CVSS0.00275EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/11/22 12:0 a.m.6 views

Nikon NEF Codec 安全漏洞

Nikon NEF Codec is a codec module from Nikon Japan. A security vulnerability exists in Nikon NEF Codec that originates from the failure to properly validate the length of user-supplied data before copying it to a heap-based buffer. An attacker could exploit the vulnerability to execute arbitrary...

7.8CVSS7.1AI score0.0032EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/10/11 12:0 a.m.8 views

PT-2024-39809 · Tungsten Automation · Tungsten Automation Power Pdf

Name of the Vulnerable Software and Affected Versions: Tungsten Automation Power PDF affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations of Tungsten Automation Power PDF. User interaction is required, where the target...

7.8CVSS7.1AI score0.00275EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2024/09/18 11:46 a.m.5 views

kernel: virtio-net: Add validation for used length

A vulnerability was found in the Linux kernel’s virtio-net driver, where the system does not properly validate the length of data provided by an untrusted device. This lack of validation could lead to data corruption if the length of the data is incorrect or maliciously crafted...

7.8CVSS7.2AI score0.0026EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2024/08/07 2:54 a.m.4 views

SUSE CVE-2024-7543

oFono SimToolKit Heap-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to execute arbitrary code on affected installations of oFono. An attacker must first obtain the ability to execute code on the target modem in order to exploit this...

7.8CVSS7.4AI score0.00294EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/07/09 12:0 a.m.11 views

PT-2024-28706 · Delta Electronics · Cncsoft-G2

Name of the Vulnerable Software and Affected Versions: Delta Electronics CNCSoft-G2 affected versions not specified Description: The issue is related to a lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. This can be exploited ...

8.8CVSS7.1AI score0.00738EPSS
Exploits0References33
CNNVD
CNNVD
added 2024/07/09 12:0 a.m.7 views

SAMSUNG Mobile Processor Security Vulnerability

SAMSUNG Mobile Processor is a family of mobile processors from Samsung South Korea. A security vulnerability exists in SAMSUNG Mobile Processor that stems from not properly checking the length of data, which could result in a denial of service...

7.5CVSS6.7AI score0.00379EPSS
Exploits0References3
Zero Day Initiative
Zero Day Initiative
added 2024/06/21 12:0 a.m.25 views

(Pwn2Own) Sony XAV-AX5500 CarPlay TLV Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Sony XAV-AX5500 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the Apple CarPlay protocol. The issue results...

6.8CVSS7.2AI score0.00755EPSS
Exploits0References1
Rows per page
Query Builder