CVE-2025-2875

CVE-2025-20654 - In wlan service, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ...
8 months ago

CVE-2025-2875 - CWE-610: Externally Controlled Reference to a Resource in Another Sphere vulnerability exists that could ...
7 months ago

CVE-2014-2875 - The session.lua library in CGILua 5.2 alpha 1 and 5.2 alpha 2 uses weak session IDs generated based on OS time, which allows remote attackers to hijack arbitrary sessions via a brute force attack. NOTE: CVE-2014-10399 and CVE-2014-10400 were SPLIT ...
3 years ago

CVE-2014-10399 - The session.lua library in CGILua 5.1.x uses the same ID for each session, which allows remote attackers to hijack arbitrary sessions. NOTE: this vulnerability was SPLIT from CVE-2014-2875. ...
5 years ago

CVE-2014-10400 - The session.lua library in CGILua 5.0.x uses sequential session IDs, which makes it easier for remote attackers to predict the session ID and hijack arbitrary sessions. NOTE: this vulnerability was SPLIT from CVE-2014-2875. ...
5 years ago

CVE-2024-2875 - Rejected reason: ** REJECT ** Duplicate reservation. Please use CVE-2024-4258 instead. ...
1 year ago

CVE-2005-2875 - Py2Play allows remote attackers to execute arbitrary Python code via pickled objects, which Py2Play unpickles and executes. ...
17 years ago

CVE-2015-2875 - Absolute path traversal vulnerability on Seagate GoFlex Satellite, Seagate Wireless Mobile Storage, Seagate Wireless Plus Mobile Storage, and LaCie FUEL devices with firmware before 3.4.1.105 allows remote attackers to read arbitrary files via a full ...
9 years ago

CVE-2016-2875 - IBM Security QRadar SIEM 7.1.x and 7.2.x before 7.2.7 allows remote authenticated users to execute arbitrary OS commands as root via unspecified vectors. ...
9 years ago

CVE-2009-2875 - Buffer overflow in atas32.dll in the Cisco WebEx WRF Player 26.x before 26.49.32 for Windows, 27.x before 27.10.x for Windows, 26.x before 26.49.35 for Mac OS X and Linux, and 27.x before 27.11.8 for Mac OS X and Linux allows remote attackers to ...
8 years ago

CVE-2010-2875 - Integer signedness error in Adobe Shockwave Player before 11.5.8.612 allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a length value associated with the tSAC chunk in a Director movie. ...
2 years ago

CVE-2012-2875 - Multiple unspecified vulnerabilities in the PDF functionality in Google Chrome before 22.0.1229.79 allow remote attackers to have an unknown impact via a crafted document. ...
8 years ago

CVE-2013-2875 - core/rendering/svg/SVGInlineTextBox.cpp in the SVG implementation in Blink, as used in Google Chrome before 28.0.1500.71, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. ...
8 years ago

CVE-2008-2875 - SQL injection vulnerability in index.php in Webdevindo-CMS 1.0.0 allows remote attackers to execute arbitrary SQL commands via the hal parameter. ...
8 years ago

CVE-2006-2875 - Stack-based buffer overflow in the CL_ParseDownload function of Quake 3 Engine 1.32c and earlier, as used in multiple products, allows remote attackers to execute arbitrary code via a svc_download command with compressed data that triggers the ...
7 years ago

CVE-2007-2875 - Integer underflow in the cpuset_tasks_read function in the Linux kernel before 2.6.20.13, and 2.6.21.x before 2.6.21.4, when the cpuset filesystem is mounted, allows local users to obtain kernel memory contents by using a large offset when reading ...
7 years ago

CVE-2015-5416 - Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x before 10.24.0.1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2875. ...
6 years ago

CVE-2011-2875 - Google V8, as used in Google Chrome before 14.0.835.163, does not properly perform object sealing, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that leverage "type ...
5 years ago

CVE-2018-2875 - Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows low privileged attacker having Create Session privilege with network access ...
6 years ago

CVE-2020-2875 - Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.14 and prior and 5.1.48 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network ...
3 years ago

CVE-2019-2875 - Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.2.32 and prior to 6.0.10. Easily exploitable vulnerability allows low privileged attacker with ...
4 years ago

CVE-2017-2875 - An exploitable buffer overflow vulnerability exists in the Multi-Camera interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. A specially crafted request on port 10000 can cause a buffer overflow resulting in ...
3 years ago

CVE-2023-2875 - A vulnerability, which was classified as problematic, was found in eScan Antivirus 22.0.1400.2443. Affected is the function 0x22E008u in the library PROCOBSRVESX.SYS of the component IoControlCode Handler. The manipulation leads to null pointer ...
2 years ago

CVE-2023-52772 - In the Linux kernel, the following vulnerability has been resolved: af_unix: fix use-after-free in unix_stream_read_actor() syzbot reported the following crash [1] After releasing unix socket lock, u->oob_skb can be changed by another thread. We must ...
1 year ago Tenable.com

CISA Releases Thirteen Industrial Control Systems Focusing Vulnerabilities & Exploits - An improper output neutralization for logs vulnerability CVE-2024-5594 in Siemens SINEMA Remote Connect Server.  It allows a malicious OpenVPN peer to send garbage to the OpenVPN log or cause high CPU load. The advisory includes missing ...
9 months ago Cybersecuritynews.com CVE-2024-5594