132 matches found
Kenwood DMX958XR Stack Buffer Overflow Vulnerability
The Kenwood DMX958XR is an in-car infotainment system from Kenwood. The Kenwood DMX958XR suffers from a stack buffer overflow vulnerability that stems from JKRadioService not properly validating the length of user-supplied data, which can be exploited by an attacker to execute code in the root...
CLSA-2025-1755113613 bluez: Fix of 2 CVEs
CVE-2023-50229: fix heap-based buffer overflow vulnerability in handling Phone Book Access profile by adding proper validation of user-supplied data length before copying to buffer - CVE-2023-50230: fix heap-based buffer overflow vulnerability in Phone Book Access profile to prevent arbitrary...
CVE-2025-8653
Kenwood DMX958XR JKRadioService Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Kenwood DMX958XR. Authentication is not required to exploit this vulnerability. The specific...
VulnCheck KEV: CVE-2025-0286
Various Paragon Software products contain an arbitrary kernel memory write vulnerability within biontdrv.sys that is caused by a failure to properly validate the length of user supplied data, which can allow an attacker to execute arbitrary code on the victim machine...
CVE-2019-2307
Possible integer underflow due to lack of validation before calculation of data length in 802.11 Rx management configuration in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in MDM9150...
Luxion KeyShot Viewer 安全漏洞
Luxion KeyShot Viewer is a free, standalone desktop application from Luxion Corporation. A security vulnerability exists in Luxion KeyShot Viewer that stems from a failure to validate the length of user data when parsing KSP files, which could lead to a heap buffer overflow and remote code...
PT-2025-13009 · Silicon · Gecko Os
Name of the Vulnerable Software and Affected Versions: Silicon Labs Gecko OS affected versions not specified Description: This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations. Authentication is not required for exploitation. The issue stems from...
CVE-2025-2019
Ashlar-Vellum Cobalt VC6 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the targ...
Delta Electronics CNCSoft-G2 安全漏洞
Delta Electronics CNCSoft-G2 is a human-machine interface HMI software from Delta Electronics, China. The Delta Electronics CNCSoft-G2 suffers from a buffer overflow vulnerability that originates from insufficient validation of user-supplied data lengths, which can be exploited by an attacker to...
Silicon Gecko OS 安全漏洞
Silicon Gecko OS is a highly optimized but feature-rich IoT operating system from Silicon, Inc. A security vulnerability exists in Silicon Gecko OS that stems from a missing data length validation of the httpdownload command...
AutomationDirect C-More EA9 Programming Software 安全漏洞
AutomationDirect C-More EA9 Programming Software is a programming software from AutomationDirect, Inc. A security vulnerability exists in AutomationDirect C-More EA9 Programming Software that stems from a lack of proper validation of the length of user-supplied data when parsing an EAP9 file,...
CVE-2024-11510
IrfanView WBZ plugin WB1 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must...
CVE-2024-9741 Tungsten Automation Power PDF PDF File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
Tungsten Automation Power PDF PDF File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tungsten Automation Power PDF. User interaction is required to exploit this vulnerabilit...
Nikon NEF Codec 安全漏洞
Nikon NEF Codec is a codec module from Nikon Japan. A security vulnerability exists in Nikon NEF Codec that originates from the failure to properly validate the length of user-supplied data before copying it to a heap-based buffer. An attacker could exploit the vulnerability to execute arbitrary...
PT-2024-39809 · Tungsten Automation · Tungsten Automation Power Pdf
Name of the Vulnerable Software and Affected Versions: Tungsten Automation Power PDF affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations of Tungsten Automation Power PDF. User interaction is required, where the target...
kernel: virtio-net: Add validation for used length
A vulnerability was found in the Linux kernel’s virtio-net driver, where the system does not properly validate the length of data provided by an untrusted device. This lack of validation could lead to data corruption if the length of the data is incorrect or maliciously crafted...
SUSE CVE-2024-7543
oFono SimToolKit Heap-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to execute arbitrary code on affected installations of oFono. An attacker must first obtain the ability to execute code on the target modem in order to exploit this...
PT-2024-28706 · Delta Electronics · Cncsoft-G2
Name of the Vulnerable Software and Affected Versions: Delta Electronics CNCSoft-G2 affected versions not specified Description: The issue is related to a lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. This can be exploited ...
SAMSUNG Mobile Processor Security Vulnerability
SAMSUNG Mobile Processor is a family of mobile processors from Samsung South Korea. A security vulnerability exists in SAMSUNG Mobile Processor that stems from not properly checking the length of data, which could result in a denial of service...
(Pwn2Own) Sony XAV-AX5500 CarPlay TLV Stack-based Buffer Overflow Remote Code Execution Vulnerability
This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Sony XAV-AX5500 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the Apple CarPlay protocol. The issue results...