Search

Search Results (363345 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-27316 4 Apache, Fedoraproject, Netapp and 1 more 7 Http Server, Fedora, Ontap and 4 more 2025-11-04 7.5 High
HTTP/2 incoming headers exceeding the limit are temporarily buffered in nghttp2 in order to generate an informative HTTP 413 response. If a client does not stop sending headers, this leads to memory exhaustion.
CVE-2024-26811 1 Linux 1 Linux Kernel 2025-11-04 5.5 Medium
In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate payload size in ipc response If installing malicious ksmbd-tools, ksmbd.mountd can return invalid ipc response to ksmbd kernel server. ksmbd should validate payload size of ipc response from ksmbd.mountd to avoid memory overrun or slab-out-of-bounds. This patch validate 3 ipc response that has payload.
CVE-2024-25713 3 Fedoraproject, Ibireme, Yyjson 3 Fedora, Yyjson, Yyjson 2025-11-04 8.6 High
yyjson through 0.8.0 has a double free, leading to remote code execution in some cases, because the pool_free function lacks loop checks. (pool_free is part of the pool series allocator, along with pool_malloc and pool_realloc.)
CVE-2024-24246 2 Fedoraproject, Qpdf Project 2 Fedora, Qpdf 2025-11-04 5.5 Medium
Heap Buffer Overflow vulnerability in qpdf 11.9.0 allows attackers to crash the application via the std::__shared_count() function at /bits/shared_ptr_base.h.
CVE-2024-22871 2 Clojure, Fedoraproject 2 Clojure, Fedora 2025-11-04 7.5 High
An issue in Clojure versions 1.20 to 1.12.0-alpha5 allows an attacker to cause a denial of service (DoS) via the clojure.core$partial$fn__5920 function.
CVE-2024-22667 2 Fedoraproject, Vim 2 Fedora, Vim 2025-11-04 7.8 High
Vim before 9.0.2142 has a stack-based buffer overflow because did_set_langmap in map.c calls sprintf to write to the error buffer that is passed down to the option callback functions.
CVE-2024-22368 1 Tozt 1 Spreadsheet\ 2025-11-04 5.5 Medium
The Spreadsheet::ParseXLSX package before 0.28 for Perl can encounter an out-of-memory condition during parsing of a crafted XLSX document. This occurs because the memoize implementation does not have appropriate constraints on merged cells.
CVE-2024-0911 1 Gnu 1 Indent 2025-11-04 5.5 Medium
A flaw was found in indent, a program for formatting C code. This issue may allow an attacker to trick a user into processing a specially crafted file to trigger a heap-based buffer overflow, causing the application to crash.
CVE-2023-52339 1 Matroska 1 Libebml 2025-11-04 6.5 Medium
In libebml before 1.4.5, an integer overflow in MemIOCallback.cpp can occur when reading or writing. It may result in buffer overflows.
CVE-2023-52161 1 Intel 1 Inet Wireless Daemon 2025-11-04 7.5 High
The Access Point functionality in eapol_auth_key_handle in eapol.c in iNet wireless daemon (IWD) before 2.14 allows attackers to gain unauthorized access to a protected Wi-Fi network. An attacker can complete the EAPOL handshake by skipping Msg2/4 and instead sending Msg4/4 with an all-zero key.
CVE-2023-51764 3 Fedoraproject, Postfix, Redhat 3 Fedora, Postfix, Enterprise Linux 2025-11-04 5.3 Medium
Postfix through 3.8.5 allows SMTP smuggling unless configured with smtpd_data_restrictions=reject_unauth_pipelining and smtpd_discard_ehlo_keywords=chunking (or certain other options that exist in recent versions). Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. This occurs because Postfix supports <LF>.<CR><LF> but some other popular e-mail servers do not. To prevent attack variants (by always disallowing <LF> without <CR>), a different solution is required, such as the smtpd_forbid_bare_newline=yes option with a Postfix minimum version of 3.5.23, 3.6.13, 3.7.9, 3.8.4, or 3.9.
CVE-2023-51257 1 Jasper Project 1 Jasper 2025-11-04 7.8 High
An invalid memory write issue in Jasper-Software Jasper v.4.1.1 and before allows a local attacker to execute arbitrary code.
CVE-2023-50967 3 Fedoraproject, Latchset, Redhat 3 Fedora, Jose, Enterprise Linux 2025-11-04 7.5 High
latchset jose through version 11 allows attackers to cause a denial of service (CPU consumption) via a large p2c (aka PBES2 Count) value.
CVE-2023-50471 2 Davegamble, Redhat 3 Cjson, Satellite, Satellite Capsule 2025-11-04 7.5 High
cJSON v1.7.16 was discovered to contain a segmentation violation via the function cJSON_InsertItemInArray at cJSON.c.
CVE-2023-48107 1 Zlib-ng 1 Minizip-ng 2025-11-04 8.8 High
Buffer Overflow vulnerability in zlib-ng minizip-ng v.4.0.2 allows an attacker to execute arbitrary code via a crafted file to the mz_path_has_slash function in the mz_os.c file.
CVE-2023-43361 2 Redhat, Xiph 2 Enterprise Linux, Vorbis-tools 2025-11-04 7.8 High
Buffer Overflow vulnerability in Vorbis-tools v.1.4.2 allows a local attacker to execute arbitrary code and cause a denial of service during the conversion of wav files to ogg files.
CVE-2023-42465 2 Redhat, Sudo Project 4 Enterprise Linux, Openshift Data Foundation, Rhel Eus and 1 more 2025-11-04 7.0 High
Sudo before 1.9.15 might allow row hammer attacks (for authentication bypass or privilege escalation) because application logic sometimes is based on not equaling an error value (instead of equaling a success value), and because the values do not resist flips of a single bit.
CVE-2023-38852 1 Libxls Project 1 Libxls 2025-11-04 6.5 Medium
Buffer Overflow vulnerability in libxlsv.1.6.2 allows a remote attacker to execute arbitrary code and cause a denial of service via a crafted XLS file to the unicode_decode_wcstombs function in xlstool.c:266.
CVE-2023-38709 7 Apache, Apple, Broadcom and 4 more 9 Http Server, Macos, Fabric Operating System and 6 more 2025-11-04 7.3 High
Faulty input validation in the core of Apache allows malicious or exploitable backend/content generators to split HTTP responses. This issue affects Apache HTTP Server: through 2.4.58.
CVE-2023-21282 1 Google 1 Android 2025-11-04 8.8 High
In TRANSPOSER_SETTINGS of lpp_tran.h, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.