Search Results (45955 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-2304 3 Debian, Fedoraproject, Vim 3 Debian Linux, Fedora, Vim 2025-11-03 7.8 High
Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.
CVE-2022-1942 4 Apple, Debian, Fedoraproject and 1 more 4 Macos, Debian Linux, Fedora and 1 more 2025-11-03 7.8 High
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.
CVE-2022-1616 4 Apple, Debian, Fedoraproject and 1 more 4 Macos, Debian Linux, Fedora and 1 more 2025-11-03 7.8 High
Use after free in append_command in GitHub repository vim/vim prior to 8.2.4895. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution
CVE-2022-0572 4 Apple, Debian, Fedoraproject and 1 more 4 Macos, Debian Linux, Fedora and 1 more 2025-11-03 7.8 High
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.
CVE-2022-0417 3 Debian, Fedoraproject, Vim 3 Debian Linux, Fedora, Vim 2025-11-03 7.8 High
Heap-based Buffer Overflow GitHub repository vim/vim prior to 8.2.
CVE-2022-0392 4 Apple, Debian, Redhat and 1 more 4 Macos, Debian Linux, Enterprise Linux and 1 more 2025-11-03 7.8 High
Heap-based Buffer Overflow in GitHub repository vim prior to 8.2.
CVE-2022-0367 3 Debian, Fedoraproject, Libmodbus 4 Debian Linux, Extra Packages For Enterprise Linux, Fedora and 1 more 2025-11-03 7.8 High
A heap-based buffer overflow flaw was found in libmodbus in function modbus_reply() in src/modbus.c.
CVE-2022-0361 4 Apple, Debian, Redhat and 1 more 4 Macos, Debian Linux, Enterprise Linux and 1 more 2025-11-03 7.8 High
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.
CVE-2022-0359 4 Apple, Debian, Redhat and 1 more 4 Macos, Debian Linux, Enterprise Linux and 1 more 2025-11-03 7.8 High
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.
CVE-2022-0351 3 Apple, Debian, Vim 3 Macos, Debian Linux, Vim 2025-11-03 7.8 High
Access of Memory Location Before Start of Buffer in GitHub repository vim/vim prior to 8.2.
CVE-2022-0261 4 Apple, Debian, Redhat and 1 more 5 Mac Os X, Macos, Debian Linux and 2 more 2025-11-03 7.8 High
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.
CVE-2021-42374 3 Busybox, Fedoraproject, Netapp 19 Busybox, Fedora, Cloud Backup and 16 more 2025-11-03 5.3 Medium
An out-of-bounds heap read in Busybox's unlzma applet leads to information leak and denial of service when crafted LZMA-compressed input is decompressed. This can be triggered by any applet/format that
CVE-2021-3872 4 Debian, Fedoraproject, Redhat and 1 more 4 Debian Linux, Fedora, Enterprise Linux and 1 more 2025-11-03 7.8 High
vim is vulnerable to Heap-based Buffer Overflow
CVE-2021-33644 4 Fedoraproject, Feep, Openatom and 1 more 4 Fedora, Libtar, Openeuler and 1 more 2025-11-03 8.1 High
An attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger an calling of malloc(0) for a variable gnu_longname, causing an out-of-bounds read.
CVE-2025-52497 2 Arm, Mbed 2 Mbed Tls, Mbedtls 2025-11-03 4.8 Medium
Mbed TLS before 3.6.4 has a PEM parsing one-byte heap-based buffer underflow, in mbedtls_pem_read_buffer and two mbedtls_pk_parse functions, via untrusted PEM input.
CVE-2025-49133 1 Libtpms Project 1 Libtpms 2025-11-03 5.9 Medium
Libtpms is a library that targets the integration of TPM functionality into hypervisors, primarily into Qemu. Libtpms, which is derived from the TPM 2.0 reference implementation code published by the Trusted Computing Group, is prone to a potential out of bounds (OOB) read vulnerability. The vulnerability occurs in the ‘CryptHmacSign’ function with an inconsistent pairing of the signKey and signScheme parameters, where the signKey is ALG_KEYEDHASH key and inScheme is an ECC or RSA scheme. The reported vulnerability is in the ‘CryptHmacSign’ function, which is defined in the "Part 4: Supporting Routines – Code" document, section "7.151 - /tpm/src/crypt/CryptUtil.c ". This vulnerability can be triggered from user-mode applications by sending malicious commands to a TPM 2.0/vTPM (swtpm) whose firmware is based on an affected TCG reference implementation. The effect on libtpms is that it will cause an abort due to the detection of the out-of-bounds access, thus for example making a vTPM (swtpm) unavailable to a VM. This vulnerability is fixed in 0.7.12, 0.8.10, 0.9.7, and 0.10.1.
CVE-2025-48732 1 Wwbn 1 Avideo 2025-11-03 7.3 High
An incomplete blacklist exists in the .htaccess sample of WWBN AVideo 14.4 and dev master commit 8a8954ff. A specially crafted HTTP request can lead to a arbitrary code execution. An attacker can request a .phar file to trigger this vulnerability.
CVE-2025-48175 1 Aomedia 1 Libavif 2025-11-03 4.5 Medium
In libavif before 1.3.0, avifImageRGBToYUV in reformat.c has integer overflows in multiplications involving rgbRowBytes, yRowBytes, uRowBytes, and vRowBytes.
CVE-2025-48174 1 Aomedia 1 Libavif 2025-11-03 4.5 Medium
In libavif before 1.3.0, makeRoom in stream.c has an integer overflow and resultant buffer overflow in stream->offset+size.
CVE-2025-47779 2 Asterisk, Sangoma 4 Asterisk, Certified Asterisk, Asterisk and 1 more 2025-11-03 7.7 High
Asterisk is an open-source private branch exchange (PBX). Prior to versions 18.26.2, 20.14.1, 21.9.1, and 22.4.1 of Asterisk and versions 18.9-cert14 and 20.7-cert5 of certified-asterisk, SIP requests of the type MESSAGE (RFC 3428) authentication do not get proper alignment. An authenticated attacker can spoof any user identity to send spam messages to the user with their authorization token. Abuse of this security issue allows authenticated attackers to send fake chat messages can be spoofed to appear to come from trusted entities. Even administrators who follow Security best practices and Security Considerations can be impacted. Therefore, abuse can lead to spam and enable social engineering, phishing and similar attacks. Versions 18.26.2, 20.14.1, 21.9.1, and 22.4.1 of Asterisk and versions 18.9-cert14 and 20.7-cert5 of certified-asterisk fix the issue.