Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-32664

Summary
Assigner-GitHub_M
Assigner Org ID-a0819718-46f1-4df5-94e2-005712e83aaa
Published At-07 May, 2024 | 14:57
Updated At-02 Aug, 2024 | 02:13
Rejected At-
Credits

Suricata's base64 contains an out of bounds write

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.5 and 6.0.19, specially crafted traffic or datasets can cause a limited buffer overflow. This vulnerability is fixed in 7.0.5 and 6.0.19. Workarounds include not use rules with `base64_decode` keyword with `bytes` option with value 1, 2 or 5 and for 7.0.x, setting `app-layer.protocols.smtp.mime.body-md5` to false.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:GitHub_M
Assigner Org ID:a0819718-46f1-4df5-94e2-005712e83aaa
Published At:07 May, 2024 | 14:57
Updated At:02 Aug, 2024 | 02:13
Rejected At:
▼CVE Numbering Authority (CNA)
Suricata's base64 contains an out of bounds write

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.5 and 6.0.19, specially crafted traffic or datasets can cause a limited buffer overflow. This vulnerability is fixed in 7.0.5 and 6.0.19. Workarounds include not use rules with `base64_decode` keyword with `bytes` option with value 1, 2 or 5 and for 7.0.x, setting `app-layer.protocols.smtp.mime.body-md5` to false.

Affected Products
Vendor
OISF
Product
suricata
Versions
Affected
  • >= 6.0.0, <= 6.0.18
  • >= 7.0.0, <= 7.0.4
Problem Types
TypeCWE IDDescription
CWECWE-122CWE-122: Heap-based Buffer Overflow
CWECWE-120CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Type: CWE
CWE ID: CWE-122
Description: CWE-122: Heap-based Buffer Overflow
Type: CWE
CWE ID: CWE-120
Description: CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Metrics
VersionBase scoreBase severityVector
3.15.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Version: 3.1
Base score: 5.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/OISF/suricata/security/advisories/GHSA-79vh-hpwq-3jh7
x_refsource_CONFIRM
https://github.com/OISF/suricata/commit/311002baf288a225f62cf18a90c5fdd294447379
x_refsource_MISC
https://github.com/OISF/suricata/commit/d5ffecf11ad2c6fe89265e518f5d7443caf26ba4
x_refsource_MISC
Hyperlink: https://github.com/OISF/suricata/security/advisories/GHSA-79vh-hpwq-3jh7
Resource:
x_refsource_CONFIRM
Hyperlink: https://github.com/OISF/suricata/commit/311002baf288a225f62cf18a90c5fdd294447379
Resource:
x_refsource_MISC
Hyperlink: https://github.com/OISF/suricata/commit/d5ffecf11ad2c6fe89265e518f5d7443caf26ba4
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
1. CISA ADP Vulnrichment
Affected Products
Vendor
oisf
Product
suricata
CPEs
  • cpe:2.3:a:oisf:suricata:-:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 6.0.0 through 6.0.18 (custom)
Vendor
oisf
Product
suricata
CPEs
  • cpe:2.3:a:oisf:suricata:-:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 7.0.0 through 7.0.4 (custom)
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
2. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/OISF/suricata/security/advisories/GHSA-79vh-hpwq-3jh7
x_refsource_CONFIRM
x_transferred
https://github.com/OISF/suricata/commit/311002baf288a225f62cf18a90c5fdd294447379
x_refsource_MISC
x_transferred
https://github.com/OISF/suricata/commit/d5ffecf11ad2c6fe89265e518f5d7443caf26ba4
x_refsource_MISC
x_transferred
Hyperlink: https://github.com/OISF/suricata/security/advisories/GHSA-79vh-hpwq-3jh7
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://github.com/OISF/suricata/commit/311002baf288a225f62cf18a90c5fdd294447379
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://github.com/OISF/suricata/commit/d5ffecf11ad2c6fe89265e518f5d7443caf26ba4
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security-advisories@github.com
Published At:07 May, 2024 | 15:15
Updated At:19 Dec, 2024 | 19:46

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.5 and 6.0.19, specially crafted traffic or datasets can cause a limited buffer overflow. This vulnerability is fixed in 7.0.5 and 6.0.19. Workarounds include not use rules with `base64_decode` keyword with `bytes` option with value 1, 2 or 5 and for 7.0.x, setting `app-layer.protocols.smtp.mime.body-md5` to false.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.15.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Primary3.17.3HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Type: Secondary
Version: 3.1
Base score: 5.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Type: Primary
Version: 3.1
Base score: 7.3
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
CPE Matches
oisf
oisf
>>suricata>>Versions from 6.0.0(inclusive) to 6.0.19(exclusive)
cpe:2.3:a:oisf:suricata:*:*:*:*:*:*:*:*
oisf
oisf
>>suricata>>Versions from 7.0.0(inclusive) to 7.0.5(exclusive)
cpe:2.3:a:oisf:suricata:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-120Secondarysecurity-advisories@github.com
CWE-122Secondarysecurity-advisories@github.com
CWE-120Primarynvd@nist.gov
CWE ID: CWE-120
Type: Secondary
Source: security-advisories@github.com
CWE ID: CWE-122
Type: Secondary
Source: security-advisories@github.com
CWE ID: CWE-120
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://github.com/OISF/suricata/commit/311002baf288a225f62cf18a90c5fdd294447379security-advisories@github.com
Patch
https://github.com/OISF/suricata/commit/d5ffecf11ad2c6fe89265e518f5d7443caf26ba4security-advisories@github.com
Patch
https://github.com/OISF/suricata/security/advisories/GHSA-79vh-hpwq-3jh7security-advisories@github.com
Mitigation
Vendor Advisory
https://github.com/OISF/suricata/commit/311002baf288a225f62cf18a90c5fdd294447379af854a3a-2127-422b-91ae-364da2661108
Patch
https://github.com/OISF/suricata/commit/d5ffecf11ad2c6fe89265e518f5d7443caf26ba4af854a3a-2127-422b-91ae-364da2661108
Patch
https://github.com/OISF/suricata/security/advisories/GHSA-79vh-hpwq-3jh7af854a3a-2127-422b-91ae-364da2661108
Mitigation
Vendor Advisory
Hyperlink: https://github.com/OISF/suricata/commit/311002baf288a225f62cf18a90c5fdd294447379
Source: security-advisories@github.com
Resource:
Patch
Hyperlink: https://github.com/OISF/suricata/commit/d5ffecf11ad2c6fe89265e518f5d7443caf26ba4
Source: security-advisories@github.com
Resource:
Patch
Hyperlink: https://github.com/OISF/suricata/security/advisories/GHSA-79vh-hpwq-3jh7
Source: security-advisories@github.com
Resource:
Mitigation
Vendor Advisory
Hyperlink: https://github.com/OISF/suricata/commit/311002baf288a225f62cf18a90c5fdd294447379
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Hyperlink: https://github.com/OISF/suricata/commit/d5ffecf11ad2c6fe89265e518f5d7443caf26ba4
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Hyperlink: https://github.com/OISF/suricata/security/advisories/GHSA-79vh-hpwq-3jh7
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mitigation
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

153Records found
CVE-2024-55627
Matching Score-6
Assigner-GitHub, Inc.
ShareView Details
Matching Score-6
Assigner-GitHub, Inc.
CVSS Score-5.9||MEDIUM
EPSS-0.06% / 17.85%
||
7 Day CHG~0.00%
Published-06 Jan, 2025 | 17:50
Updated-31 Mar, 2025 | 13:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Suricata segfault on StreamingBufferSlideToOffsetWithRegions

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.8, a specially crafted TCP stream can lead to a very large buffer overflow while being zero-filled during initialization with memset due to an unsigned integer underflow. The issue has been addressed in Suricata 7.0.8.

Action-Not Available
Vendor-oisfOISF
Product-suricatasuricata
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-191
Integer Underflow (Wrap or Wraparound)
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-48075
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.37% / 58.15%
||
7 Day CHG~0.00%
Published-12 Nov, 2024 | 00:00
Updated-21 Nov, 2024 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Heap buffer overflow in the server-site handshake implementation in Real Time Logic SharkSSL from 09/09/24 and earlier allows a remote attacker to trigger a Denial-of-Service via a malformed TLS Client Key Exchange message.

Action-Not Available
Vendor-n/arealtimelogic
Product-n/asharkssl
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2024-40674
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-5.3||MEDIUM
EPSS-0.09% / 26.34%
||
7 Day CHG+0.01%
Published-28 Jan, 2025 | 19:13
Updated-22 Apr, 2025 | 14:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In validateSsid of WifiConfigurationUtil.java, there is a possible way to overflow a system configuration file due to a logic error in the code. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2024-39129
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.22% / 45.11%
||
7 Day CHG~0.00%
Published-27 Jun, 2024 | 00:00
Updated-06 Dec, 2024 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap Buffer Overflow vulnerability in DumpTS v0.1.0-nightly allows attackers to cause a denial of service via the function PushTSBuf() at /src/PayloadBuf.cpp.

Action-Not Available
Vendor-n/a
Product-n/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2024-35400
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.04% / 11.88%
||
7 Day CHG~0.00%
Published-28 May, 2024 | 14:46
Updated-03 Apr, 2025 | 15:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a stack overflow via the desc parameter in the function SetPortForwardRules

Action-Not Available
Vendor-n/aTOTOLINK
Product-cp900l_firmwarecp900ln/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2024-35823
Matching Score-4
Assigner-kernel.org
ShareView Details
Matching Score-4
Assigner-kernel.org
CVSS Score-5.3||MEDIUM
EPSS-0.30% / 52.84%
||
7 Day CHG~0.00%
Published-17 May, 2024 | 13:23
Updated-04 May, 2025 | 09:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
vt: fix unicode buffer corruption when deleting characters

In the Linux kernel, the following vulnerability has been resolved: vt: fix unicode buffer corruption when deleting characters This is the same issue that was fixed for the VGA text buffer in commit 39cdb68c64d8 ("vt: fix memory overlapping when deleting chars in the buffer"). The cure is also the same i.e. replace memcpy() with memmove() due to the overlaping buffers.

Action-Not Available
Vendor-Linux Kernel Organization, IncDebian GNU/Linux
Product-linux_kerneldebian_linuxLinux
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2024-33505
Matching Score-4
Assigner-Fortinet, Inc.
ShareView Details
Matching Score-4
Assigner-Fortinet, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.22% / 44.53%
||
7 Day CHG~0.00%
Published-12 Nov, 2024 | 18:53
Updated-31 Jan, 2025 | 17:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A heap-based buffer overflow in Fortinet FortiAnalyzer version 7.4.0 through 7.4.2, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, FortiManager version 7.4.0 through 7.4.2, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14 allows attacker to escalation of privilege via specially crafted http requests

Action-Not Available
Vendor-Fortinet, Inc.
Product-fortianalyzerfortimanager_cloudfortimanagerFortiManagerFortiAnalyzer
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-3203
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-7.3||HIGH
EPSS-0.46% / 63.20%
||
7 Day CHG+0.12%
Published-02 Apr, 2024 | 22:00
Updated-25 Apr, 2025 | 14:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
c-blosc2 ndlz8x8.c ndlz8_decompress heap-based overflow

A vulnerability, which was classified as critical, was found in c-blosc2 up to 2.13.2. Affected is the function ndlz8_decompress of the file /src/c-blosc2/plugins/codecs/ndlz/ndlz8x8.c. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 2.14.3 is able to address this issue. It is recommended to upgrade the affected component. VDB-259050 is the identifier assigned to this vulnerability.

Action-Not Available
Vendor-bloscn/a
Product-c-blosc2c-blosc2
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2024-3204
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-7.3||HIGH
EPSS-0.56% / 67.16%
||
7 Day CHG+0.15%
Published-02 Apr, 2024 | 22:00
Updated-25 Apr, 2025 | 14:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
c-blosc2 ndlz4x4.c ndlz4_decompress heap-based overflow

A vulnerability has been found in c-blosc2 up to 2.13.2 and classified as critical. Affected by this vulnerability is the function ndlz4_decompress of the file /src/c-blosc2/plugins/codecs/ndlz/ndlz4x4.c. The manipulation leads to heap-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 2.14.3 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-259051.

Action-Not Available
Vendor-bloscn/ac-blosc2_project
Product-c-blosc2c-blosc2c-blosc2
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2024-21480
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.3||HIGH
EPSS-0.10% / 27.96%
||
7 Day CHG~0.00%
Published-06 May, 2024 | 14:32
Updated-11 Aug, 2025 | 15:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Buffer Copy Without Checking Size of Input (`Classic Buffer Overflow`) in Audio

Memory corruption while playing audio file having large-sized input buffer.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qca6678aq_firmwareqcm8550_firmwaresa6150p_firmwaresd865_5gsw5100pwsa8832wsa8845_firmwaresnapdragon_480_5g_mobileqca6595srv1mqca6678aqqca8081_firmwarewcd9370snapdragon_x35_5g_modem-rfar8035_firmwareqca6696wcd9340_firmwaresa8530psa4150p_firmwarewcd9395_firmwareqcn6024qcc710_firmwaresnapdragon_8\+_gen_1_mobilewcn6740_firmwarefastconnect_6700snapdragon_685_4g_mobilesa4150pwsa8815_firmwarewsa8832_firmwaresa8195p_firmwareqca8337_firmwareqca8337wcd9395sg8275p_firmwareqcm6490_firmwareqca6574au_firmwaresnapdragon_x72_5g_modem-rfqam8295pqcm4490_firmwareqca6574auwcd9390sa8620p_firmwarewcn3950wsa8810_firmwarewsa8845h_firmwaresa9000p_firmwaresrv1hqca6797aq_firmwaresnapdragon_auto_5g_modem-rf_gen_2_firmwaretalynplus_firmwareqcs5430sa8295p_firmwareqcn6024_firmwaresa4155p_firmwareqcm5430qcm5430_firmwaresa4155psa8770pqca6584auqcn6274_firmwaressg2115pqcc710snapdragon_xr2_5g_firmwaresw5100_firmwaresa8540pwcn6740snapdragon_8_gen_3_mobile_firmwareqfw7114_firmwareqca6595_firmwarefastconnect_7800_firmwarefastconnect_6900snapdragon_w5\+_gen_1_wearable_firmwareqep8111sa7255pqfw7114wcd9385_firmwarefastconnect_6900_firmwareqam8255p_firmwarewcd9380sa6145p_firmwareqam8255psxr2230psnapdragon_xr2_5gsnapdragon_x65_5g_modem-rfsa8150pqcs4490snapdragon_680_4g_mobilewsa8845sa6155psxr1230pwsa8810qam8650psa9000psrv1h_firmwaresw5100qca6595auvideo_collaboration_vc3_platformsnapdragon_4_gen_1_mobile_firmwaresxr2250p_firmwaresa6155p_firmwaresnapdragon_685_4g_mobile_firmwarewsa8840qam8295p_firmwaresrv1m_firmwareqcs8550_firmwaresnapdragon_x35_5g_modem-rf_firmwaresnapdragon_8_gen_2_mobile_firmwareqfw7124_firmwareqca6698aq_firmwaresnapdragon_4_gen_2_mobile_firmwarewcd9385snapdragon_8_gen_1_mobilesnapdragon_695_5g_mobile_firmwareqcs4490_firmwaresnapdragon_680_4g_mobile_firmwaresa8255psxr1230p_firmwarewcd9390_firmwaresnapdragon_8_gen_2_mobileqep8111_firmwaresg8275pwcd9370_firmwaressg2125psa7255p_firmwareqca6574asnapdragon_8\+_gen_2_mobilesnapdragon_x72_5g_modem-rf_firmwareqcm4490qca6174asa8195psnapdragon_x65_5g_modem-rf_firmwarewcd9340snapdragon_480\+_5g_mobile_firmwareqamsrv1msnapdragon_auto_5g_modem-rf_gen_2talynplusqca6174a_firmwareqcm6490sa8540p_firmwareqam8650p_firmwaresm8550p_firmwaresxr2250pqcm8550wcn3988qcs6490_firmwareqcn9024qca6584au_firmwarewcn3980_firmwareqcn6274qca6574qfw7124sa8775psnapdragon_w5\+_gen_1_wearableqca6595au_firmwaresxr2230p_firmwarewsa8835wsa8840_firmwaresw5100p_firmwaresa8775p_firmwareqamsrv1hqca6696_firmwareqcn9024_firmwarewsa8845hwcd9380_firmwaresa6150pqca6574_firmwaresa8155p_firmwareqca8081wsa8815sg4150psa8155psd_8_gen1_5gwsa8830qam8775pqca6797aqsnapdragon_ar2_gen_1_firmwaresm8550psa6145psnapdragon_x75_5g_modem-rfqcm4325_firmwaresa8620psa8255p_firmwarear8035qca6574a_firmwareqamsrv1m_firmwaresnapdragon_4_gen_1_mobilesnapdragon_4_gen_2_mobilesa8650p_firmwareqcm4325sd_8_gen1_5g_firmwarewcd9375_firmwareqcn6224qcs5430_firmwareqca6698aqsg4150p_firmwaressg2125p_firmwarewcn3950_firmwaresa8530p_firmwaresa8295psa8770p_firmwareqcs8550snapdragon_480\+_5g_mobilefastconnect_6200fastconnect_7800sa8145p_firmwaresa8650pqam8775p_firmwaresd865_5g_firmwaresnapdragon_480_5g_mobile_firmwaresnapdragon_8\+_gen_2_mobile_firmwarewcd9375sa8150p_firmwaresnapdragon_ar2_gen_1wcn3988_firmwarefastconnect_6700_firmwareqamsrv1h_firmwarevideo_collaboration_vc3_platform_firmwaresa8145psnapdragon_8\+_gen_1_mobile_firmwaresnapdragon_x75_5g_modem-rf_firmwarewsa8835_firmwaressg2115p_firmwareqcs6490snapdragon_695_5g_mobilesnapdragon_8_gen_3_mobilewcn3980fastconnect_6200_firmwarewsa8830_firmwareqcn6224_firmwaresnapdragon_8_gen_1_mobile_firmwareSnapdragonqam8255p_firmwaresa6155p_firmwareqca8337_firmwareqcm4490_firmwareqcm8550_firmwaresa6150p_firmwareqca6678aq_firmwareqcn6274_firmwareqcs4490_firmwareqcm6490_firmwaresa4155p_firmwarefastconnect_6900_firmwareqcs8550_firmwareqca6797aq_firmwareqcn6224_firmwaresa6145p_firmwarefastconnect_6700_firmwareqcn9024_firmwaresa7255p_firmwarefastconnect_7800_firmwareqca6595au_firmwareqamsrv1m_firmwareqca6698aq_firmwareqcm5430_firmwareqca6174a_firmwareqam8650p_firmwareqam8775p_firmwareqca6584au_firmwareqep8111_firmwareqca6696_firmwareqca6595_firmwareqcs6490_firmwareqfw7114_firmwareqcs5430_firmwarequalcomm_video_collaboration_vc3_platform_firmwareqcn6024_firmwaresa4150p_firmwareqcm4325_firmwareqamsrv1h_firmwareqca6574_firmwareqcc710_firmwareqam8295p_firmwareqca6574a_firmwarefastconnect_6200_firmwareqca6574au_firmwareqca8081_firmwareqfw7124_firmwarear8035_firmware
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2024-21463
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.3||HIGH
EPSS-0.08% / 25.16%
||
7 Day CHG+0.02%
Published-01 Apr, 2024 | 15:06
Updated-13 Jan, 2025 | 21:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Buffer Copy Without Checking Size of Input in Audio

Memory corruption while processing Codec2 during v13k decoder pitch synthesis.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qfw7124_firmwarewcn6740_firmwaresnapdragon_685_4g_mobile_firmwareqcn6274wsa8840_firmwareqam8255p_firmwareqca6797aq_firmwaresa4155p_firmwaresnapdragon_888\+_5g_mobilesrv1hsa7255psnapdragon_8_gen_3_mobile_firmwarewcd9370snapdragon_4_gen_2_mobileqca6595au_firmwaresa8145p_firmwareqfw7114sxr1230pqcn6024snapdragon_4_gen_1_mobile_firmwarewsa8810_firmwareqam8650p_firmwareqca6574_firmwaresnapdragon_8\+_gen_2_mobilesnapdragon_8_gen_1_mobileqcc710_firmwaresa8650p_firmwareqcm4490_firmwareqca6595auar8035sa7255p_firmwarewcd9340sa6145pwcn3950wcd9395_firmwarewsa8845h_firmwaretalynplus_firmwareqca6696qcm4325qca8337ssg2115pqca6584au_firmwareqca6574au_firmwaresnapdragon_685_4g_mobilewsa8845wcd9375_firmwaresxr1230p_firmwaresnapdragon_680_4g_mobile_firmwareqcm4325_firmwaresa6150p_firmwaresnapdragon_888_5g_mobile_firmwarewsa8835_firmwaresnapdragon_4_gen_1_mobilesd_8_gen1_5gqamsrv1hsg4150p_firmwaresnapdragon_x75_5g_modem-rfwcd9390_firmwaresnapdragon_888_5g_mobilewsa8815_firmwaresnapdragon_8_gen_2_mobileqca6574asw5100talynplussnapdragon_8\+_gen_2_mobile_firmwarewsa8815sm8550p_firmwarewcd9385_firmwaresw5100p_firmwaresa8620p_firmwarewcn3950_firmwarewcd9395sw5100pqam8650psa8770psnapdragon_xr2_5g_firmwareqca6574a_firmwaresa8620psa8145psnapdragon_480_5g_mobile_firmwareqca6696_firmwaresnapdragon_w5\+_gen_1_wearable_firmwaresa6155pqep8111sa8150pwsa8830_firmwaresnapdragon_ar2_gen_1qca6698aqqamsrv1h_firmwarewcn3980_firmwareqcs8550qam8775pwcd9380_firmwaresnapdragon_x65_5g_modem-rfsxr2250p_firmwareqca6174a_firmwareqca8081snapdragon_695_5g_mobilewsa8840wcn3988_firmwareqca6574auqcn9024ssg2125par8035_firmwaresa8195psnapdragon_8_gen_3_mobileqca8337_firmwareqamsrv1msxr2230psa8770p_firmwarefastconnect_6700_firmwarewsa8832qcc710qcs4490snapdragon_x35_5g_modem-rffastconnect_7800_firmwaresa8155pqam8255pqfw7124qcm4490srv1h_firmwaresnapdragon_auto_5g_modem-rf_gen_2sg8275p_firmwarewsa8845_firmwareqcn6224sa8255p_firmwarewcn3980snapdragon_4_gen_2_mobile_firmwaresnapdragon_ar2_gen_1_firmwareqcm8550snapdragon_auto_5g_modem-rf_gen_2_firmwaresnapdragon_480\+_5g_mobilewcd9390snapdragon_w5\+_gen_1_wearablewsa8835qca6678aq_firmwaresnapdragon_680_4g_mobilesw5100_firmwarefastconnect_7800qcn6274_firmwaresxr2250pwsa8830sa8295p_firmwareqfw7114_firmwaresa8295pwcd9375qcs8550_firmwarefastconnect_6900snapdragon_xr2_5gsnapdragon_x35_5g_modem-rf_firmwaresa6150psnapdragon_695_5g_mobile_firmwarefastconnect_6200_firmwaresrv1m_firmwaresnapdragon_8_gen_2_mobile_firmwareqca6584auqca6595sa8155p_firmwarewcn6740qca6595_firmwaresnapdragon_480\+_5g_mobile_firmwareqep8111_firmwarefastconnect_6700qcn6224_firmwareqca6174asa8255psnapdragon_480_5g_mobilesnapdragon_x65_5g_modem-rf_firmwarewcn3988sa4155pqcn6024_firmwaressg2115p_firmwareqca6797aqwsa8845hqam8775p_firmwareqamsrv1m_firmwarefastconnect_6900_firmwareqam8295p_firmwaressg2125p_firmwarewcd9380wsa8832_firmwaresa8650pwcd9385sd865_5g_firmwaresm8550pwcd9340_firmwaresg4150psa8195p_firmwaresa4150p_firmwaresnapdragon_x75_5g_modem-rf_firmwareqca6574sa8150p_firmwaresa8775pqca8081_firmwaresa9000p_firmwaresnapdragon_8\+_gen_1_mobile_firmwareqcn9024_firmwareqcs4490_firmwaresa4150psa6155p_firmwaresrv1mqam8295psnapdragon_888\+_5g_mobile_firmwaresa9000psnapdragon_8_gen_1_mobile_firmwaresxr2230p_firmwaresa8775p_firmwareqca6698aq_firmwarefastconnect_6200sd865_5gqca6678aqsg8275pqcm8550_firmwaresa6145p_firmwarewcd9370_firmwaresd_8_gen1_5g_firmwaresnapdragon_8\+_gen_1_mobilewsa8810Snapdragonqam8255p_firmwaretalynplus_firmwareqca8337_firmwarewcd9380_firmwaresa6150p_firmwaresa8145p_firmwaresxr2230p_firmwaresg8275p_firmwarear8035_firmwareqcn6224_firmwaresxr1230p_firmwarewcn3950_firmwaresnapdragon_888_5g_mobile_platform_firmwaresa8150p_firmwareqca6595au_firmwaresnapdragon_4_gen_1_mobile_platform_firmwaresnapdragon_4_gen_2_mobile_platform_firmwaressg2125p_firmwaresnapdragon_480_5g_mobile_platform_firmwareqca6584au_firmwareqep8111_firmwareqfw7114_firmwarewcd9385_firmwareqcn6024_firmwareqcm4325_firmwareqamsrv1h_firmwareqca6574_firmwaresd_8_gen1_5g_firmwarewcd9340_firmwarewsa8845_firmwareqam8295p_firmwaresnapdragon_xr2_5g_platform_firmwaresa9000p_firmwareqca6574a_firmwaresnapdragon_695_5g_mobile_platform_firmwareqca6574au_firmwarefastconnect_6200_firmwarewcd9375_firmwareqca8081_firmwarewsa8845h_firmwarewcn3980_firmwaresnapdragon_680_4g_mobile_platform_firmwarewcn6740_firmwaresa8620p_firmwaresa6155p_firmwaresnapdragon_x65_5g_modem-rf_system_firmwareqcm8550_firmwareqcm4490_firmwaresnapdragon_x35_5g_modem-rf_system_firmwareqca6678aq_firmwareqcn6274_firmwareqcs4490_firmwaresa8775p_firmwarewsa8840_firmwaresa4155p_firmwaresa8650p_firmwarewsa8832_firmwaresnapdragon_x75_5g_modem-rf_system_firmwarefastconnect_6900_firmwaresrv1h_firmwareqcs8550_firmwarewcn3988_firmwareqca6797aq_firmwaresa6145p_firmwaresa8155p_firmwarefastconnect_6700_firmwareqcn9024_firmwaresa7255p_firmwarewsa8810_firmwarefastconnect_7800_firmwaresnapdragon_ar2_gen_1_platform_firmwaresa8255p_firmwarewcd9395_firmwaresw5100p_firmwaresnapdragon_8_gen_1_mobile_platform_firmwareqca6698aq_firmwareqamsrv1m_firmwaresrv1m_firmwareqca6174a_firmwareqam8650p_firmwaresa8770p_firmwaresnapdragon_auto_5g_modem-rf_gen_2_firmwareqam8775p_firmwareqca6696_firmwareqca6595_firmwaresa4150p_firmwarewcd9370_firmwaresm8550p_firmwareqcc710_firmwaresnapdragon_8_gen_3_mobile_platform_firmwarewcd9390_firmwarewsa8830_firmwaresd865_5g_firmwarewsa8815_firmwaresxr2250p_firmwarewsa8835_firmwaresa8195p_firmwaressg2115p_firmwaresw5100_firmwareqfw7124_firmwaresa8295p_firmwaresg4150p_firmwaresnapdragon_8_gen_2_mobile_platform_firmware
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2024-12988
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.22% / 44.42%
||
7 Day CHG~0.00%
Published-27 Dec, 2024 | 17:00
Updated-28 May, 2025 | 20:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Netgear R6900P/R7000P HTTP Header sub_16C4C buffer overflow

A vulnerability has been found in Netgear R6900P and R7000P 1.3.3.154 and classified as critical. Affected by this vulnerability is the function sub_16C4C of the component HTTP Header Handler. The manipulation of the argument Host leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.

Action-Not Available
Vendor-NETGEAR, Inc.
Product-r7000p_firmwarer6900p_firmwarer7000pr6900pR6900PR7000P
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-3373
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.09% / 25.62%
||
7 Day CHG~0.00%
Published-07 Apr, 2025 | 15:31
Updated-07 Apr, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PCMan FTP Server SITE CHMOD Command buffer overflow

A vulnerability has been found in PCMan FTP Server 2.0.7 and classified as critical. Affected by this vulnerability is an unknown functionality of the component SITE CHMOD Command Handler. The manipulation leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-PCMan
Product-FTP Server
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2023-43548
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.3||HIGH
EPSS-0.14% / 35.35%
||
7 Day CHG~0.00%
Published-04 Mar, 2024 | 10:48
Updated-11 Aug, 2025 | 15:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Buffer Copy Without Checking Size of Input in Video

Memory corruption while parsing qcp clip with invalid chunk data size.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sw5100pqcs410_firmwaresa6150p_firmwaresd865_5gsxr1120qca6595qcs610_firmwarewcd9335wcd9370snapdragon_670_mobileqca6696wcd9340_firmwarewcd9341_firmwaresnapdragon_8\+_gen_1_mobilewcn6740_firmwarefastconnect_6700wcn3610snapdragon_780g_5g_mobilesnapdragon_685_4g_mobilesa4150psnapdragon_782g_mobile_firmwaresnapdragon_wear_4100\+_firmwarewsa8832_firmwaresnapdragon_665_mobile_firmwareqca6574au_firmwaresnapdragon_690_5g_mobile_firmwareqcn7606_firmwareqam8295pwcd9341qca6574ausnapdragon_888\+_5g_mobile_firmwarewsa8810_firmwaresd730_firmwaresnapdragon_778g_5g_mobile_firmwaresa9000p_firmwaresrv1hwcn3660b_firmwaresd730snapdragon_690_5g_mobilefastconnect_6800_firmwaresd835_firmwarevideo_collaboration_vc1_platform_firmwaresa4155psa8770psnapdragon_678_mobile_firmwaressg2115psnapdragon_xr2_5g_firmwaresnapdragon_xr1_firmwaresxr1120_firmwaresnapdragon_wear_4100\+fastconnect_6900snapdragon_w5\+_gen_1_wearable_firmwarevideo_collaboration_vc1_platformsnapdragon_730_mobile_firmwarewcd9385_firmwareqca6310qam8255p_firmwareqcs4490snapdragon_730_mobilesnapdragon_680_4g_mobilesa6155pwsa8810qam8650psnapdragon_835_mobilesa9000psrv1h_firmwaresnapdragon_888_5g_mobile_firmwareqca6595ausnapdragon_888_5g_mobilesm7315_firmwaresnapdragon_662_mobile_firmwaresa6155p_firmwaresnapdragon_685_4g_mobile_firmwaresnapdragon_845_mobile_firmwarewcd9326_firmwaresrv1m_firmwaresnapdragon_730g_mobilesnapdragon_782g_mobilesd835snapdragon_x55_5g_modem-rfsnapdragon_4_gen_2_mobile_firmwaresnapdragon_695_5g_mobile_firmwareqcs4490_firmwaresnapdragon_x55_5g_modem-rf_firmwaresnapdragon_7c\+_gen_3_compute_firmwarewcn3910_firmwaresnapdragon_460_mobileqca6420wcn3910wcd9370_firmwaresnapdragon_835_mobile_firmwarewcn3660bqca6574asa8195pwcd9340qcm2290qcm6490wcn3988snapdragon_765_5g_mobile_firmwaresnapdragon_662_mobilesa8775pqca6574sxr2230p_firmwaresnapdragon_855_mobile_firmwareqca6430_firmwaresa8775p_firmwareqamsrv1hsa6150pwcd9326qcs410qcm2290_firmwaresa8155p_firmwaresa8155psnapdragon_765g_5g_mobile_firmwarewsa8830sa6145psnapdragon_768g_5g_mobile_firmwaresa8255p_firmwareqamsrv1m_firmwaresnapdragon_4_gen_2_mobilesa8650p_firmwaresnapdragon_865\+_5g_mobile_firmwareqca6698aqssg2125p_firmwaresm6250wcn3950_firmwaresnapdragon_480\+_5g_mobilefastconnect_6200sd670wcn3680bsa8145p_firmwaresm7325p_firmwaresnapdragon_480_5g_mobile_firmwaresnapdragon_660_mobile_firmwaresa8150p_firmwarefastconnect_6700_firmwaresnapdragon_710_mobile_firmwarevideo_collaboration_vc3_platform_firmwarewcn3990sd670_firmwareqcs6490snapdragon_695_5g_mobilesnapdragon_855_mobilesnapdragon_778g_5g_mobilefastconnect_6200_firmwarewsa8830_firmwaresnapdragon_460_mobile_firmwareqca6678aq_firmwaresd660_firmwarewsa8832snapdragon_480_5g_mobilesrv1mqca6678aqsnapdragon_860_mobile_firmwaresnapdragon_778g\+_5g_mobileqca6320sa4150p_firmwaresd888_firmwarewsa8815_firmwaresa8195p_firmwareqcm4290snapdragon_xr2\+_gen_1qcm6490_firmwaresnapdragon_665_mobilesm7250p_firmwareqcm4490_firmwarewcn3950snapdragon_870_5g_mobile_firmwaresnapdragon_730g_mobile_firmwaresnapdragon_7c\+_gen_3_computesnapdragon_732g_mobilesnapdragon_778g\+_5g_mobile_firmwaresa8295p_firmwaresnapdragon_870_5g_mobilesnapdragon_678_mobilesa4155p_firmwaresnapdragon_720g_mobilesm6250_firmwaresm7250pqca6320_firmwaresd888snapdragon_675_mobile_firmwaresw5100_firmwarewcn6740snapdragon_768g_5g_mobilesnapdragon_780g_5g_mobile_firmwareqca6310_firmwaresnapdragon_845_mobilefastconnect_6800qca6595_firmwarefastconnect_7800_firmwaresnapdragon_675_mobilesnapdragon_865_5g_mobile_firmwarefastconnect_6900_firmwarewcd9380sa6145p_firmwareqam8255psxr2230psnapdragon_xr2_5gsa8150psxr1230psw5100video_collaboration_vc3_platformaqt1000snapdragon_4_gen_1_mobile_firmwareqam8295p_firmwaresd855wcn3990_firmwaresm7315snapdragon_660_mobileqca6698aq_firmwareqcs2290snapdragon_888\+_5g_mobileqcn7606wcd9385qcs2290_firmwaresnapdragon_8_gen_1_mobilesnapdragon_xr2\+_gen_1_firmwaresnapdragon_680_4g_mobile_firmwarewcn3610_firmwaresa8255pqcs4290sxr1230p_firmwaresnapdragon_865\+_5g_mobileqca6430snapdragon_855\+_mobilesnapdragon_765_5g_mobilesnapdragon_860_mobilessg2125pqcm4490snapdragon_480\+_5g_mobile_firmwareqamsrv1msm7325psnapdragon_732g_mobile_firmwareqam8650p_firmwaresnapdragon_670_mobile_firmwareqca6420_firmwareaqt1000_firmwareqcs6490_firmwaresd855_firmwarewcd9335_firmwarewcn3980_firmwarewsa8835qca6595au_firmwareqca6391_firmwareqcs610sw5100p_firmwareqca6696_firmwareqcs4290_firmwarewcd9380_firmwareqca6574_firmwarewsa8815sd660sd_8_gen1_5gqam8775pqca6574a_firmwaresnapdragon_4_gen_1_mobileqcm4290_firmwaresnapdragon_720g_mobile_firmwaresnapdragon_865_5g_mobilesnapdragon_855\+_mobile_firmwaresd_8_gen1_5g_firmwarewcd9375_firmwareqca6391snapdragon_710_mobilesa8770p_firmwaresa8295pfastconnect_7800sa8650pqam8775p_firmwaresd865_5g_firmwaresnapdragon_xr1wcd9375snapdragon_765g_5g_mobilewcn3988_firmwareqamsrv1h_firmwaresa8145psnapdragon_8\+_gen_1_mobile_firmwarewsa8835_firmwaressg2115p_firmwarewcn3980wcn3680b_firmwaresnapdragon_w5\+_gen_1_wearablesnapdragon_8_gen_1_mobile_firmwareSnapdragonqca6574a_firmwaresnapdragon_4_gen_1_mobile_platform_firmwarewcn3980_firmwaresnapdragon_720g_mobile_platform_firmwarequalcomm_video_collaboration_vc1_platform_firmwaresnapdragon_xr2_5g_platform_firmwarewsa8832_firmwareqcs4490_firmwarewcn3660b_firmwareqca6696_firmwaresa8150p_firmwaresa8775p_firmwaresd888_firmwaresrv1h_firmwaresd855_firmwaresd670_firmwaresnapdragon_780g_5g_mobile_platform_firmwarewsa8835_firmwaresnapdragon_xr1_platform_firmwaresa8255p_firmwaresm7325p_firmwarewcn3988_firmwarefastconnect_6700_firmwareqca6595au_firmwaresnapdragon_660_mobile_platform_firmwaresnapdragon_855_mobile_platform_firmwareqcm6490_firmwareaqt1000_firmwareqamsrv1h_firmwareqcs6490_firmwaresa8155p_firmwarefastconnect_6200_firmwaresa4155p_firmwaresa6145p_firmwaresnapdragon_835_mobile_pc_platform_firmwaresa8295p_firmwaresm6250_firmwareqca6420_firmwaresnapdragon_845_mobile_platform_firmwaresa4150p_firmwaresnapdragon_888_5g_mobile_platform_firmwaresa6150p_firmwaresxr1230p_firmwaresm7250p_firmwareqca6391_firmwaresnapdragon_675_mobile_platform_firmwaresm7315_firmwareqca6698aq_firmwaresnapdragon_680_4g_mobile_platform_firmwarefastconnect_6900_firmwaresa8770p_firmwaresd835_firmwarewcd9385_firmwarewcd9370_firmwarewcd9380_firmwareqam8775p_firmwaresnapdragon_8_gen_1_mobile_platform_firmwarewsa8810_firmwaresnapdragon_710_mobile_platform_firmwarewcn3610_firmwarefastconnect_7800_firmwaresxr1120_firmwaresw5100p_firmwarewcd9341_firmwaresd730_firmwaresnapdragon_865_5g_mobile_platform_firmwarewsa8830_firmwaresxr2230p_firmwaressg2125p_firmwareqam8295p_firmwaressg2115p_firmwareqca6320_firmwareqca6574_firmwarewcd9335_firmwareqamsrv1m_firmwareqca6595_firmwaresa8145p_firmwarewcd9326_firmwareqam8650p_firmwareqcm4490_firmwareqcm2290_firmwarequalcomm_video_collaboration_vc3_platform_firmwarewcn3950_firmwaresnapdragon_480_5g_mobile_platform_firmwaresnapdragon_670_mobile_platform_firmwaresnapdragon_4_gen_2_mobile_platform_firmwaresnapdragon_778g_5g_mobile_platform_firmwaresnapdragon_662_mobile_platform_firmwareqcs4290_firmwaresnapdragon_x55_5g_modem-rf_system_firmwaresrv1m_firmwareqcs610_firmwarewsa8815_firmwareqcs2290_firmwaresnapdragon_460_mobile_platform_firmwarewcn3990_firmwaresa8195p_firmwarewcn3680b_firmwarewcn3910_firmwareqcn7606_firmwaresnapdragon_690_5g_mobile_platform_firmwaresw5100_firmwaresa9000p_firmwarewcd9340_firmwaresnapdragon_695_5g_mobile_platform_firmwareqca6430_firmwaresd865_5g_firmwarefastconnect_6800_firmwaresnapdragon_665_mobile_platform_firmwaresd660_firmwareqca6574au_firmwareqcs410_firmwareqam8255p_firmwaresa6155p_firmwareqca6310_firmwareqcm4290_firmwaresa8650p_firmwareqca6678aq_firmwarewcn6740_firmwaresd_8_gen1_5g_firmwarewcd9375_firmware
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-0731
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.08% / 25.10%
||
7 Day CHG~0.00%
Published-19 Jan, 2024 | 19:31
Updated-30 May, 2025 | 14:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PCMan FTP Server PUT Command denial of service

A vulnerability has been found in PCMan FTP Server 2.0.7 and classified as problematic. This vulnerability affects unknown code of the component PUT Command Handler. The manipulation leads to denial of service. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-251554 is the identifier assigned to this vulnerability.

Action-Not Available
Vendor-pcman_ftp_server_projectPCMan
Product-pcman_ftp_serverFTP Server
CWE ID-CWE-404
Improper Resource Shutdown or Release
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2024-0732
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.08% / 25.10%
||
7 Day CHG~0.00%
Published-19 Jan, 2024 | 20:00
Updated-09 May, 2025 | 15:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PCMan FTP Server STOR Command denial of service

A vulnerability was found in PCMan FTP Server 2.0.7 and classified as problematic. This issue affects some unknown processing of the component STOR Command Handler. The manipulation leads to denial of service. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-251555.

Action-Not Available
Vendor-pcman_ftp_server_projectPCMan
Product-pcman_ftp_serverFTP Server
CWE ID-CWE-404
Improper Resource Shutdown or Release
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2023-7104
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.5||MEDIUM
EPSS-0.09% / 27.21%
||
7 Day CHG-0.01%
Published-25 Dec, 2023 | 21:00
Updated-13 Feb, 2025 | 17:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SQLite SQLite3 make alltest sqlite3session.c sessionReadRecord heap-based overflow

A vulnerability was found in SQLite SQLite3 up to 3.43.0 and classified as critical. This issue affects the function sessionReadRecord of the file ext/session/sqlite3session.c of the component make alltest Handler. The manipulation leads to heap-based buffer overflow. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-248999.

Action-Not Available
Vendor-sqliteSQLiteFedora Project
Product-sqlitefedoraSQLite3
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2023-7158
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-7.3||HIGH
EPSS-0.24% / 47.67%
||
7 Day CHG~0.00%
Published-29 Dec, 2023 | 06:31
Updated-13 Feb, 2025 | 17:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
MicroPython objslice.c slice_indices heap-based overflow

A vulnerability was found in MicroPython up to 1.21.0. It has been classified as critical. Affected is the function slice_indices of the file objslice.c. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.22.0 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-249180.

Action-Not Available
Vendor-micropythonn/a
Product-micropythonMicroPython
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-0725
Matching Score-4
Assigner-curl
ShareView Details
Matching Score-4
Assigner-curl
CVSS Score-7.3||HIGH
EPSS-0.28% / 51.18%
||
7 Day CHG~0.00%
Published-05 Feb, 2025 | 09:18
Updated-27 Jun, 2025 | 19:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
gzip integer overflow

When libcurl is asked to perform automatic gzip decompression of content-encoded HTTP responses with the `CURLOPT_ACCEPT_ENCODING` option, **using zlib 1.2.0.3 or older**, an attacker-controlled integer overflow would make libcurl perform a buffer overflow.

Action-Not Available
Vendor-zlibNetApp, Inc.CURL
Product-hci_h610s_firmwarehci_baseboard_management_controllersolidfire_\&_hci_management_nodezlibcurlsolidfire_\&_hci_storage_nodelibcurlhci_h610chci_h610shci_h615c_firmwarehci_h610c_firmwarehci_h615ccurl
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2025-5636
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.07% / 20.79%
||
7 Day CHG~0.00%
Published-05 Jun, 2025 | 04:31
Updated-05 Jun, 2025 | 20:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PCMan FTP Server SET Command buffer overflow

A vulnerability, which was classified as critical, has been found in PCMan FTP Server 2.0.7. This issue affects some unknown processing of the component SET Command Handler. The manipulation leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-PCMan
Product-FTP Server
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2025-5635
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.07% / 20.79%
||
7 Day CHG~0.00%
Published-05 Jun, 2025 | 04:00
Updated-05 Jun, 2025 | 20:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PCMan FTP Server PLS Command buffer overflow

A vulnerability classified as critical was found in PCMan FTP Server 2.0.7. This vulnerability affects unknown code of the component PLS Command Handler. The manipulation leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-PCMan
Product-FTP Server
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2025-5667
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.07% / 20.79%
||
7 Day CHG~0.00%
Published-05 Jun, 2025 | 16:00
Updated-13 Jun, 2025 | 19:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
FreeFloat FTP Server REIN Command buffer overflow

A vulnerability was found in FreeFloat FTP Server 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the component REIN Command Handler. The manipulation leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-FreeFloat
Product-FTP Server
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2025-5634
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.07% / 20.79%
||
7 Day CHG~0.00%
Published-05 Jun, 2025 | 04:00
Updated-05 Jun, 2025 | 20:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PCMan FTP Server NOOP Command buffer overflow

A vulnerability classified as critical has been found in PCMan FTP Server 2.0.7. This affects an unknown part of the component NOOP Command Handler. The manipulation leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-PCMan
Product-FTP Server
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2023-52365
Matching Score-4
Assigner-Huawei Technologies
ShareView Details
Matching Score-4
Assigner-Huawei Technologies
CVSS Score-7.7||HIGH
EPSS-0.03% / 6.01%
||
7 Day CHG~0.00%
Published-18 Feb, 2024 | 03:04
Updated-13 Mar, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-of-bounds read vulnerability in the smart activity recognition module.Successful exploitation of this vulnerability may cause features to perform abnormally.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-emuiharmonyosHarmonyOSEMUI
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-5665
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.07% / 20.79%
||
7 Day CHG~0.00%
Published-05 Jun, 2025 | 15:00
Updated-05 Jun, 2025 | 20:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
FreeFloat FTP Server XCWD Command buffer overflow

A vulnerability was found in FreeFloat FTP Server 1.0. It has been classified as critical. Affected is an unknown function of the component XCWD Command Handler. The manipulation leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-FreeFloat
Product-FTP Server
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2025-5666
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.07% / 20.79%
||
7 Day CHG~0.00%
Published-05 Jun, 2025 | 15:31
Updated-05 Jun, 2025 | 20:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
FreeFloat FTP Server XMKD Command buffer overflow

A vulnerability was found in FreeFloat FTP Server 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component XMKD Command Handler. The manipulation leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-FreeFloat
Product-FTP Server
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2025-5664
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.07% / 20.79%
||
7 Day CHG~0.00%
Published-05 Jun, 2025 | 14:31
Updated-05 Jun, 2025 | 20:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
FreeFloat FTP Server RESTART Command buffer overflow

A vulnerability was found in FreeFloat FTP Server 1.0 and classified as critical. This issue affects some unknown processing of the component RESTART Command Handler. The manipulation leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-FreeFloat
Product-FTP Server
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2025-5637
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.07% / 20.79%
||
7 Day CHG~0.00%
Published-05 Jun, 2025 | 04:31
Updated-05 Jun, 2025 | 20:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PCMan FTP Server SYSTEM Command buffer overflow

A vulnerability, which was classified as critical, was found in PCMan FTP Server 2.0.7. Affected is an unknown function of the component SYSTEM Command Handler. The manipulation leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-PCMan
Product-FTP Server
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2025-5221
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.07% / 20.79%
||
7 Day CHG~0.00%
Published-27 May, 2025 | 02:00
Updated-28 May, 2025 | 15:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
FreeFloat FTP Server QUOTE Command buffer overflow

A vulnerability was found in FreeFloat FTP Server 1.0.0. It has been classified as critical. This affects an unknown part of the component QUOTE Command Handler. The manipulation leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-FreeFloat
Product-FTP Server
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2023-26109
Matching Score-4
Assigner-Snyk
ShareView Details
Matching Score-4
Assigner-Snyk
CVSS Score-7.3||HIGH
EPSS-0.08% / 24.63%
||
7 Day CHG~0.00%
Published-09 Mar, 2023 | 05:00
Updated-28 Feb, 2025 | 21:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

All versions of the package node-bluetooth-serial-port are vulnerable to Buffer Overflow via the findSerialPortChannel method due to improper user input length validation.

Action-Not Available
Vendor-node-bluetooth-serial-port_projectn/a
Product-node-bluetooth-serial-portnode-bluetooth-serial-port
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2025-5593
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.07% / 20.79%
||
7 Day CHG~0.00%
Published-04 Jun, 2025 | 15:31
Updated-13 Jun, 2025 | 01:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
FreeFloat FTP Server HOST Command buffer overflow

A vulnerability, which was classified as critical, was found in FreeFloat FTP Server 1.0. This affects an unknown part of the component HOST Command Handler. The manipulation leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-freefloatFreeFloat
Product-freefloat_ftp_serverFTP Server
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2025-5547
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.07% / 20.79%
||
7 Day CHG~0.00%
Published-04 Jun, 2025 | 00:00
Updated-04 Jun, 2025 | 14:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
FreeFloat FTP Server CDUP Command buffer overflow

A vulnerability, which was classified as critical, has been found in FreeFloat FTP Server 1.0. This issue affects some unknown processing of the component CDUP Command Handler. The manipulation leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-FreeFloat
Product-FTP Server
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2025-5551
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.07% / 20.79%
||
7 Day CHG~0.00%
Published-04 Jun, 2025 | 01:31
Updated-04 Jun, 2025 | 14:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
FreeFloat FTP Server SYSTEM Command buffer overflow

A vulnerability was found in FreeFloat FTP Server 1.0. It has been classified as critical. This affects an unknown part of the component SYSTEM Command Handler. The manipulation leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-FreeFloat
Product-FTP Server
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2025-5549
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.07% / 20.79%
||
7 Day CHG~0.00%
Published-04 Jun, 2025 | 01:00
Updated-04 Jun, 2025 | 14:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
FreeFloat FTP Server PASV Command buffer overflow

A vulnerability has been found in FreeFloat FTP Server 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the component PASV Command Handler. The manipulation leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-FreeFloat
Product-FTP Server
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2025-5594
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.07% / 20.79%
||
7 Day CHG~0.00%
Published-04 Jun, 2025 | 16:00
Updated-13 Jun, 2025 | 00:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
FreeFloat FTP Server SET Command buffer overflow

A vulnerability has been found in FreeFloat FTP Server 1.0 and classified as critical. This vulnerability affects unknown code of the component SET Command Handler. The manipulation leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-freefloatFreeFloat
Product-freefloat_ftp_serverFTP Server
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2025-5595
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.07% / 20.79%
||
7 Day CHG~0.00%
Published-04 Jun, 2025 | 16:31
Updated-05 Jun, 2025 | 20:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
FreeFloat FTP Server PROGRESS Command buffer overflow

A vulnerability was found in FreeFloat FTP Server 1.0 and classified as critical. This issue affects some unknown processing of the component PROGRESS Command Handler. The manipulation leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-FreeFloat
Product-FTP Server
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2023-23384
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.3||HIGH
EPSS-0.80% / 73.01%
||
7 Day CHG~0.00%
Published-11 Apr, 2023 | 19:13
Updated-23 Jan, 2025 | 01:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft SQL Server Remote Code Execution Vulnerability

Microsoft SQL Server Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-sql_serverMicrosoft SQL Server 2016 Service Pack 3 Azure Connect Feature PackMicrosoft SQL Server 2014 Service Pack 3 (GDR)Microsoft SQL Server 2012 Service Pack 4 (QFE)Microsoft SQL Server 2019 (GDR)Microsoft SQL Server 2017 (CU 31)Microsoft SQL Server 2022 (GDR)Microsoft SQL Server 2012 for x64-based Systems Service Pack 4 (QFE)Microsoft SQL Server 2014 Service Pack 3 (CU 4)Microsoft SQL Server 2017 (GDR)Microsoft SQL Server 2016 Service Pack 3 (GDR)Microsoft SQL Server 2019 (CU 18)Microsoft SQL Server 2008 Service Pack 4 (QFE)Microsoft SQL Server 2008 R2 Service Pack 3 (QFE)
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2023-23582
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-5.3||MEDIUM
EPSS-0.09% / 25.82%
||
7 Day CHG~0.00%
Published-30 Jan, 2023 | 22:08
Updated-07 Nov, 2023 | 04:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Snap One Wattbox WB-300-IP-3 versions WB10.9a17 and prior are vulnerable to a heap-based buffer overflow, which could allow an attacker to execute arbitrary code or crash the device remotely.

Action-Not Available
Vendor-snapavSnap One
Product-wattbox_wb-300-ip-3_firmwarewattbox_wb-300-ip-3Wattbox WB-300-IP-3
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-5548
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-2.10% / 83.36%
||
7 Day CHG~0.00%
Published-04 Jun, 2025 | 00:31
Updated-04 Jun, 2025 | 14:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
FreeFloat FTP Server NOOP Command buffer overflow

A vulnerability, which was classified as critical, was found in FreeFloat FTP Server 1.0. Affected is an unknown function of the component NOOP Command Handler. The manipulation leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-FreeFloat
Product-FTP Server
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2025-5592
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.07% / 20.79%
||
7 Day CHG~0.00%
Published-04 Jun, 2025 | 14:00
Updated-09 Jun, 2025 | 15:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
FreeFloat FTP Server PASSIVE Command buffer overflow

A vulnerability, which was classified as critical, has been found in FreeFloat FTP Server 1.0. Affected by this issue is some unknown functionality of the component PASSIVE Command Handler. The manipulation leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-freefloatFreeFloat
Product-ftp_serverFTP Server
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2025-5596
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.07% / 20.79%
||
7 Day CHG~0.00%
Published-04 Jun, 2025 | 17:00
Updated-05 Jun, 2025 | 20:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
FreeFloat FTP Server REGET Command buffer overflow

A vulnerability was found in FreeFloat FTP Server 1.0. It has been classified as critical. Affected is an unknown function of the component REGET Command Handler. The manipulation leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-FreeFloat
Product-FTP Server
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2025-5550
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.07% / 20.79%
||
7 Day CHG~0.00%
Published-04 Jun, 2025 | 01:00
Updated-04 Jun, 2025 | 14:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
FreeFloat FTP Server PBSZ Command buffer overflow

A vulnerability was found in FreeFloat FTP Server 1.0 and classified as critical. Affected by this issue is some unknown functionality of the component PBSZ Command Handler. The manipulation leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-FreeFloat
Product-FTP Server
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2025-5218
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.07% / 20.79%
||
7 Day CHG~0.00%
Published-27 May, 2025 | 01:00
Updated-05 Jun, 2025 | 15:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
FreeFloat FTP Server LITERAL Command buffer overflow

A vulnerability, which was classified as critical, was found in FreeFloat FTP Server 1.0.0. Affected is an unknown function of the component LITERAL Command Handler. The manipulation leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-freefloatFreeFloat
Product-ftp_serverFTP Server
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2024-40536
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.21% / 43.97%
||
7 Day CHG+0.04%
Published-16 Jul, 2024 | 00:00
Updated-20 Aug, 2025 | 15:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Shenzhen Libituo Technology Co., Ltd LBT-T300-T400 v3.2 were discovered to contain a stack overflow via the pin_3g_code parameter in the config_3g_para function.

Action-Not Available
Vendor-szlbtn/a
Product-lbt-t300-t400lbt-t300-t400_firmwaren/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2025-5295
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.07% / 20.79%
||
7 Day CHG~0.00%
Published-28 May, 2025 | 11:00
Updated-28 May, 2025 | 15:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
FreeFloat FTP Server PORT Command buffer overflow

A vulnerability classified as critical was found in FreeFloat FTP Server 1.0.0. This vulnerability affects unknown code of the component PORT Command Handler. The manipulation leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-FreeFloat
Product-FTP Server
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2025-5356
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.07% / 20.79%
||
7 Day CHG~0.00%
Published-30 May, 2025 | 16:31
Updated-02 Jun, 2025 | 17:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
FreeFloat FTP Server BYE Command buffer overflow

A vulnerability was found in FreeFloat FTP Server 1.0. It has been classified as critical. Affected is an unknown function of the component BYE Command Handler. The manipulation leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-FreeFloat
Product-FTP Server
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2025-5217
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.07% / 20.79%
||
7 Day CHG~0.00%
Published-27 May, 2025 | 00:31
Updated-05 Jun, 2025 | 15:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
FreeFloat FTP Server RMDIR Command buffer overflow

A vulnerability, which was classified as critical, has been found in FreeFloat FTP Server 1.0.0. This issue affects some unknown processing of the component RMDIR Command Handler. The manipulation leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-freefloatFreeFloat
Product-ftp_serverFTP Server
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2025-5219
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.07% / 20.79%
||
7 Day CHG~0.00%
Published-27 May, 2025 | 01:00
Updated-09 Jun, 2025 | 18:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
FreeFloat FTP Server ASCII Command buffer overflow

A vulnerability has been found in FreeFloat FTP Server 1.0.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the component ASCII Command Handler. The manipulation leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-freefloatFreeFloat
Product-ftp_serverFTP Server
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2025-5220
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.07% / 20.79%
||
7 Day CHG~0.00%
Published-27 May, 2025 | 01:31
Updated-09 Jun, 2025 | 18:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
FreeFloat FTP Server GET Command buffer overflow

A vulnerability was found in FreeFloat FTP Server 1.0.0 and classified as critical. Affected by this issue is some unknown functionality of the component GET Command Handler. The manipulation leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-freefloatFreeFloat
Product-ftp_serverFTP Server
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2025-3680
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.09% / 25.62%
||
7 Day CHG~0.00%
Published-16 Apr, 2025 | 09:31
Updated-29 Apr, 2025 | 20:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PCMan FTP Server LANG Command buffer overflow

A vulnerability has been found in PCMan FTP Server 2.0.7 and classified as critical. Affected by this vulnerability is an unknown functionality of the component LANG Command Handler. The manipulation leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-pcmanPCMan
Product-ftp_serverFTP Server
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
  • Previous
  • 1
  • 2
  • 3
  • 4
  • Next
Details not found