Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In February 2025
CVE-2025-25474
DCMTK v3.6.9+ DEV was discovered to contain a buffer overflow via the component /dcmimgle/diinpxt.h.
CVSS Score
6.5
EPSS Score
0.003
Published
2025-02-18
CVE-2025-25475
A NULL pointer dereference in the component /libsrc/dcrleccd.cc of DCMTK v3.6.9+ DEV allows attackers to cause a Denial of Service (DoS) via a crafted DICOM file.
CVSS Score
7.5
EPSS Score
0.006
Published
2025-02-18
CVE-2025-27113
libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a NULL pointer dereference in xmlPatMatch in pattern.c.
CVSS Score
2.9
EPSS Score
0.002
Published
2025-02-18
CVE-2024-57254
An integer overflow in sqfs_inode_size in Das U-Boot before 2025.01-rc1 occurs in the symlink size calculation via a crafted squashfs filesystem.
CVSS Score
7.1
EPSS Score
0.001
Published
2025-02-18
CVE-2024-57255
An integer overflow in sqfs_resolve_symlink in Das U-Boot before 2025.01-rc1 occurs via a crafted squashfs filesystem with an inode size of 0xffffffff, resulting in a malloc of zero and resultant memory overwrite.
CVSS Score
7.1
EPSS Score
0.001
Published
2025-02-18
CVE-2024-57256
An integer overflow in ext4fs_read_symlink in Das U-Boot before 2025.01-rc1 occurs for zalloc (adding one to an le32 variable) via a crafted ext4 filesystem with an inode size of 0xffffffff, resulting in a malloc of zero and resultant memory overwrite.
CVSS Score
7.1
EPSS Score
0.001
Published
2025-02-18
CVE-2024-57257
A stack consumption issue in sqfs_size in Das U-Boot before 2025.01-rc1 occurs via a crafted squashfs filesystem with deep symlink nesting.
CVSS Score
2.0
EPSS Score
0.0
Published
2025-02-18
CVE-2024-57258
Integer overflows in memory allocation in Das U-Boot before 2025.01-rc1 occur for a crafted squashfs filesystem via sbrk, via request2size, or because ptrdiff_t is mishandled on x86_64.
CVSS Score
7.1
EPSS Score
0.0
Published
2025-02-18
CVE-2024-57259
sqfs_search_dir in Das U-Boot before 2025.01-rc1 exhibits an off-by-one error and resultant heap memory corruption for squashfs directory listing because the path separator is not considered in a size calculation.
CVSS Score
7.1
EPSS Score
0.001
Published
2025-02-18
CVE-2025-25894
An OS command injection vulnerability was discovered in D-Link DSL-3782 v1.01 via the samba_wg and samba_nbn parameters. This vulnerability allows attackers to execute arbitrary operating system (OS) commands via a crafted packet.
CVSS Score
8.0
EPSS Score
0.0
Published
2025-02-18


Products
Pricing
Contact Us

Shodan ® - All rights reserved