Total
3927 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-40994 | 1 Siretta | 2 Quartz-gold, Quartz-gold Firmware | 2025-11-04 | 9.8 Critical |
| Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.This buffer overflow is in the function that manages the 'no firmwall keyword WORD description (WORD|null)' command template. | ||||
| CVE-2022-40993 | 1 Siretta | 2 Quartz-gold, Quartz-gold Firmware | 2025-11-04 | 9.8 Critical |
| Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.This buffer overflow is in the function that manages the 'firmwall keyword WORD description (WORD|null)' command template. | ||||
| CVE-2022-40992 | 1 Siretta | 2 Quartz-gold, Quartz-gold Firmware | 2025-11-04 | 9.8 Critical |
| Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.This buffer overflow is in the function that manages the 'no firmwall domain WORD description (WORD|null)' command template. | ||||
| CVE-2022-40991 | 1 Siretta | 2 Quartz-gold, Quartz-gold Firmware | 2025-11-04 | 9.8 Critical |
| Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.This buffer overflow is in the function that manages the 'firmwall domain WORD description (WORD|null)' command template. | ||||
| CVE-2022-40990 | 1 Siretta | 2 Quartz-gold, Quartz-gold Firmware | 2025-11-04 | 9.8 Critical |
| Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.This buffer overflow is in the function that manages the 'no bandwidth WORD dlrate <1-9999> dlceil <1-9999> ulrate <1-9999> ulceil <1-9999> priority (highest|high|normal|low|lowest)' command template. | ||||
| CVE-2022-40989 | 1 Siretta | 2 Quartz-gold, Quartz-gold Firmware | 2025-11-04 | 9.8 Critical |
| Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.This buffer overflow is in the function that manages the 'bandwidth WORD dlrate <1-9999> dlceil <1-9999> ulrate <1-9999> ulceil <1-9999> priority (highest|high|normal|low|lowest)' command template. | ||||
| CVE-2022-40988 | 1 Siretta | 2 Quartz-gold, Quartz-gold Firmware | 2025-11-04 | 9.8 Critical |
| Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.This buffer overflow is in the function that manages the 'ipv6 static dns WORD WORD WORD' command template. | ||||
| CVE-2022-40987 | 1 Siretta | 2 Quartz-gold, Quartz-gold Firmware | 2025-11-04 | 9.8 Critical |
| Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.This buffer overflow is in the function that manages the '(ddns1|ddns2) username WORD password CODE' command template. | ||||
| CVE-2022-40986 | 1 Siretta | 2 Quartz-gold, Quartz-gold Firmware | 2025-11-04 | 9.8 Critical |
| Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.This buffer overflow is in the function that manages the '(ddns1|ddns2) mx WORD' command template. | ||||
| CVE-2022-40985 | 1 Siretta | 2 Quartz-gold, Quartz-gold Firmware | 2025-11-04 | 9.8 Critical |
| Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.This buffer overflow is in the function that manages the '(ddns1|ddns2) hostname WORD' command template. | ||||
| CVE-2022-3786 | 4 Fedoraproject, Nodejs, Openssl and 1 more | 4 Fedora, Node.js, Openssl and 1 more | 2025-11-04 | 7.5 High |
| A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed a malicious certificate or for an application to continue certificate verification despite failure to construct a path to a trusted issuer. An attacker can craft a malicious email address in a certificate to overflow an arbitrary number of bytes containing the `.' character (decimal 46) on the stack. This buffer overflow could result in a crash (causing a denial of service). In a TLS client, this can be triggered by connecting to a malicious server. In a TLS server, this can be triggered if the server requests client authentication and a malicious client connects. | ||||
| CVE-2020-9063 | 1 Ncr | 2 Aptra Xfs, Selfserv Atm | 2025-11-04 | 7.6 High |
| NCR SelfServ ATMs running APTRA XFS 05.01.00 or earlier do not authenticate or protect the integrity of USB HID communications between the currency dispenser and the host computer, permitting an attacker with physical access to internal ATM components the ability to inject a malicious payload and execute arbitrary code with SYSTEM privileges on the host computer by causing a buffer overflow on the host. | ||||
| CVE-2025-1365 | 1 Elfutils Project | 1 Elfutils | 2025-11-04 | 5.3 Medium |
| A vulnerability, which was classified as critical, was found in GNU elfutils 0.192. This affects the function process_symtab of the file readelf.c of the component eu-readelf. The manipulation of the argument D/a leads to buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The identifier of the patch is 5e5c0394d82c53e97750fe7b18023e6f84157b81. It is recommended to apply a patch to fix this issue. | ||||
| CVE-2024-28219 | 3 Debian, Python, Redhat | 6 Debian Linux, Pillow, Ansible Automation Platform and 3 more | 2025-11-04 | 6.7 Medium |
| In _imagingcms.c in Pillow before 10.3.0, a buffer overflow exists because strcpy is used instead of strncpy. | ||||
| CVE-2024-25580 | 2 Qt, Redhat | 2 Qt, Enterprise Linux | 2025-11-04 | 6.2 Medium |
| An issue was discovered in gui/util/qktxhandler.cpp in Qt before 5.15.17, 6.x before 6.2.12, 6.3.x through 6.5.x before 6.5.5, and 6.6.x before 6.6.2. A buffer overflow and application crash can occur via a crafted KTX image file. | ||||
| CVE-2024-25395 | 1 Rt-thread | 1 Rt-thread | 2025-11-04 | 8.8 High |
| A buffer overflow occurs in utilities/rt-link/src/rtlink.c in RT-Thread through 5.0.2. | ||||
| CVE-2024-25394 | 1 Rt-thread | 1 Rt-thread | 2025-11-04 | 4.3 Medium |
| A buffer overflow occurs in utilities/ymodem/ry_sy.c in RT-Thread through 5.0.2 because of an incorrect sprintf call or a missing '\0' character. | ||||
| CVE-2024-24479 | 2 Fedoraproject, Wireshark | 2 Fedora, Wireshark | 2025-11-04 | 7.5 High |
| A Buffer Overflow in Wireshark before 4.2.0 allows a remote attacker to cause a denial of service via the wsutil/to_str.c, and format_fractional_part_nsecs components. NOTE: this is disputed by the vendor because neither release 4.2.0 nor any other release was affected. | ||||
| CVE-2024-23286 | 1 Apple | 6 Ipados, Iphone Os, Macos and 3 more | 2025-11-04 | 9.8 Critical |
| A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.7.4, macOS Ventura 13.6.5, macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, iOS 16.7.6 and iPadOS 16.7.6, tvOS 17.4. Processing an image may lead to arbitrary code execution. | ||||
| CVE-2023-6175 | 1 Wireshark | 1 Wireshark | 2025-11-04 | 7.8 High |
| NetScreen file parser crash in Wireshark 4.0.0 to 4.0.10 and 3.6.0 to 3.6.18 allows denial of service via crafted capture file | ||||