Export limit exceeded: 29948 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 23157 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (23157 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-3649 1 Wireshark 1 Wireshark 2025-11-03 5.3 Medium
iSCSI dissector crash in Wireshark 4.0.0 to 4.0.6 allows denial of service via packet injection or crafted capture file
CVE-2023-32722 1 Zabbix 1 Zabbix 2025-11-03 9.6 Critical
The zabbix/src/libs/zbxjson module is vulnerable to a buffer overflow when parsing JSON files via zbx_json_open.
CVE-2023-2977 2 Opensc Project, Redhat 2 Opensc, Enterprise Linux 2025-11-03 7.1 High
A vulnerbility was found in OpenSC. This security flaw cause a buffer overrun vulnerability in pkcs15 cardos_have_verifyrc_package. The attacker can supply a smart card package with malformed ASN1 context. The cardos_have_verifyrc_package function scans the ASN1 buffer for 2 tags, where remaining length is wrongly caculated due to moved starting pointer. This leads to possible heap-based buffer oob read. In cases where ASAN is enabled while compiling this causes a crash. Further info leak or more damage is possible.
CVE-2023-2858 3 Debian, Redhat, Wireshark 3 Debian Linux, Enterprise Linux, Wireshark 2025-11-03 5.3 Medium
NetScaler file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file
CVE-2023-2856 3 Debian, Redhat, Wireshark 3 Debian Linux, Enterprise Linux, Wireshark 2025-11-03 5.3 Medium
VMS TCPIPtrace file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file
CVE-2023-2855 3 Debian, Redhat, Wireshark 3 Debian Linux, Enterprise Linux, Wireshark 2025-11-03 5.3 Medium
Candump log parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file
CVE-2023-29458 1 Zabbix 1 Zabbix 2025-11-03 5.9 Medium
Duktape is an 3rd-party embeddable JavaScript engine, with a focus on portability and compact footprint. When adding too many values in valstack JavaScript will crash. This issue occurs due to bug in Duktape 2.6 which is an 3rd-party solution that we use.
CVE-2023-1161 2 Debian, Wireshark 2 Debian Linux, Wireshark 2025-11-03 6.3 Medium
ISO 15765 and ISO 10681 dissector crash in Wireshark 4.0.0 to 4.0.3 and 3.6.0 to 3.6.11 allows denial of service via packet injection or crafted capture file
CVE-2023-0668 3 Debian, Redhat, Wireshark 3 Debian Linux, Enterprise Linux, Wireshark 2025-11-03 6.5 Medium
Due to failure in validating the length provided by an attacker-crafted IEEE-C37.118 packet, Wireshark version 4.0.5 and prior, by default, is susceptible to a heap-based buffer overflow, and possibly code execution in the context of the process running Wireshark.
CVE-2023-0667 1 Wireshark 1 Wireshark 2025-11-03 6.5 Medium
Due to failure in validating the length provided by an attacker-crafted MSMMS packet, Wireshark version 4.0.5 and prior, in an unusual configuration, is susceptible to a heap-based buffer overflow, and possibly code execution in the context of the process running Wireshark
CVE-2023-0666 3 Debian, Redhat, Wireshark 3 Debian Linux, Enterprise Linux, Wireshark 2025-11-03 6.5 Medium
Due to failure in validating the length provided by an attacker-crafted RTPS packet, Wireshark version 4.0.5 and prior, by default, is susceptible to a heap-based buffer overflow, and possibly code execution in the context of the process running Wireshark.
CVE-2023-0412 2 Debian, Wireshark 2 Debian Linux, Wireshark 2025-11-03 6.3 Medium
TIPC dissector crash in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file
CVE-2023-0341 1 Editorconfig 1 Editorconfig 2025-11-03 7.8 High
A stack buffer overflow exists in the ec_glob function of editorconfig-core-c before v0.12.6 which allowed an attacker to arbitrarily write to the stack and possibly allows remote code execution. editorconfig-core-c v0.12.6 resolved this vulnerability by bound checking all write operations over the p_pcre buffer.
CVE-2022-26280 3 Fedoraproject, Libarchive, Redhat 3 Fedora, Libarchive, Enterprise Linux 2025-11-03 6.5 Medium
Libarchive v3.6.0 was discovered to contain an out-of-bounds read via the component zipx_lzma_alone_init.
CVE-2021-4181 4 Debian, Fedoraproject, Oracle and 1 more 5 Debian Linux, Fedora, Http Server and 2 more 2025-11-03 7.5 High
Crash in the Sysdig Event dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file
CVE-2021-36087 3 Fedoraproject, Redhat, Selinux Project 3 Fedora, Enterprise Linux, Selinux 2025-11-03 3.3 Low
The CIL compiler in SELinux 3.2 has a heap-based buffer over-read in ebitmap_match_any (called indirectly from cil_check_neverallow). This occurs because there is sometimes a lack of checks for invalid statements in an optional block.
CVE-2025-21804 1 Linux 1 Linux Kernel 2025-11-03 5.5 Medium
In the Linux kernel, the following vulnerability has been resolved: PCI: rcar-ep: Fix incorrect variable used when calling devm_request_mem_region() The rcar_pcie_parse_outbound_ranges() uses the devm_request_mem_region() macro to request a needed resource. A string variable that lives on the stack is then used to store a dynamically computed resource name, which is then passed on as one of the macro arguments. This can lead to undefined behavior. Depending on the current contents of the memory, the manifestations of errors may vary. One possible output may be as follows: $ cat /proc/iomem 30000000-37ffffff : 38000000-3fffffff : Sometimes, garbage may appear after the colon. In very rare cases, if no NULL-terminator is found in memory, the system might crash because the string iterator will overrun which can lead to access of unmapped memory above the stack. Thus, fix this by replacing outbound_name with the name of the previously requested resource. With the changes applied, the output will be as follows: $ cat /proc/iomem 30000000-37ffffff : memory2 38000000-3fffffff : memory3 [kwilczynski: commit log]
CVE-2025-21782 1 Linux 1 Linux Kernel 2025-11-03 7.1 High
In the Linux kernel, the following vulnerability has been resolved: orangefs: fix a oob in orangefs_debug_write I got a syzbot report: slab-out-of-bounds Read in orangefs_debug_write... several people suggested fixes, I tested Al Viro's suggestion and made this patch.
CVE-2025-21687 1 Linux 1 Linux Kernel 2025-11-03 7.8 High
In the Linux kernel, the following vulnerability has been resolved: vfio/platform: check the bounds of read/write syscalls count and offset are passed from user space and not checked, only offset is capped to 40 bits, which can be used to read/write out of bounds of the device.
CVE-2025-21680 1 Linux 1 Linux Kernel 2025-11-03 7.8 High
In the Linux kernel, the following vulnerability has been resolved: pktgen: Avoid out-of-bounds access in get_imix_entries Passing a sufficient amount of imix entries leads to invalid access to the pkt_dev->imix_entries array because of the incorrect boundary check. UBSAN: array-index-out-of-bounds in net/core/pktgen.c:874:24 index 20 is out of range for type 'imix_pkt [20]' CPU: 2 PID: 1210 Comm: bash Not tainted 6.10.0-rc1 #121 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996) Call Trace: <TASK> dump_stack_lvl lib/dump_stack.c:117 __ubsan_handle_out_of_bounds lib/ubsan.c:429 get_imix_entries net/core/pktgen.c:874 pktgen_if_write net/core/pktgen.c:1063 pde_write fs/proc/inode.c:334 proc_reg_write fs/proc/inode.c:346 vfs_write fs/read_write.c:593 ksys_write fs/read_write.c:644 do_syscall_64 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe arch/x86/entry/entry_64.S:130 Found by Linux Verification Center (linuxtesting.org) with SVACE. [ fp: allow to fill the array completely; minor changelog cleanup ]