Total
12292 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-30900 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2025-04-03 | 9.3 HIGH | 7.8 HIGH |
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 14.8.1 and iPadOS 14.8.1, iOS 15.1 and iPadOS 15.1. A malicious application may be able to execute arbitrary code with kernel privileges. | |||||
CVE-2022-46475 | 1 Dlink | 2 Dir-645, Dir-645 Firmware | 2025-04-03 | N/A | 9.8 CRITICAL |
D-Link DIR 645A1 1.06B01_Beta01 was discovered to contain a stack overflow via the service= variable in the genacgi_main function. | |||||
CVE-2021-28664 | 1 Arm | 3 Bifrost Gpu Kernel Driver, Midguard Gpu Kernel Driver, Valhall Gpu Kernel Driver | 2025-04-03 | 9.0 HIGH | 8.8 HIGH |
The Arm Mali GPU kernel driver allows privilege escalation or a denial of service (memory corruption) because an unprivileged user can achieve read/write access to read-only pages. This affects Bifrost r0p0 through r29p0 before r30p0, Valhall r19p0 through r29p0 before r30p0, and Midgard r8p0 through r30p0 before r31p0. | |||||
CVE-2021-31755 | 1 Tenda | 2 Ac11, Ac11 Firmware | 2025-04-03 | 10.0 HIGH | 9.8 CRITICAL |
An issue was discovered on Tenda AC11 devices with firmware through 02.03.01.104_CN. A stack buffer overflow vulnerability in /goform/setmac allows attackers to execute arbitrary code on the system via a crafted post request. | |||||
CVE-2023-5217 | 8 Apple, Debian, Fedoraproject and 5 more | 11 Ipados, Iphone Os, Debian Linux and 8 more | 2025-04-03 | N/A | 8.8 HIGH |
Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||||
CVE-2021-4034 | 7 Canonical, Oracle, Polkit Project and 4 more | 31 Ubuntu Linux, Http Server, Zfs Storage Appliance Kit and 28 more | 2025-04-03 | 7.2 HIGH | 7.8 HIGH |
A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn't handle the calling parameters count correctly and ends trying to execute environment variables as commands. An attacker can leverage this by crafting environment variables in such a way it'll induce pkexec to execute arbitrary code. When successfully executed the attack can cause a local privilege escalation given unprivileged users administrative rights on the target machine. | |||||
CVE-2025-2263 | 1 Santesoft | 1 Sante Pacs Server | 2025-04-03 | N/A | 9.8 CRITICAL |
During login to the web server in "Sante PACS Server.exe", OpenSSL function EVP_DecryptUpdate is called to decrypt the username and password. A fixed 0x80-byte stack-based buffer is passed to the function as the output buffer. A stack-based buffer overflow exists if a long encrypted username or password is supplied by an unauthenticated remote attacker. | |||||
CVE-2024-12672 | 2 Microsoft, Rockwellautomation | 2 Windows, Arena | 2025-04-03 | N/A | 7.3 HIGH |
A third-party vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to write beyond the boundaries of allocated memory in a DOE file. If exploited, a threat actor could leverage this vulnerability to execute arbitrary code. To exploit this vulnerability, a legitimate user must execute the malicious code crafted by the threat actor. | |||||
CVE-2025-0243 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-04-03 | N/A | 5.1 MEDIUM |
Memory safety bugs present in Firefox 133, Thunderbird 133, Firefox ESR 128.5, and Thunderbird 128.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 134, Firefox ESR < 128.6, Thunderbird < 134, and Thunderbird < 128.6. | |||||
CVE-2025-0242 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-04-03 | N/A | 6.5 MEDIUM |
Memory safety bugs present in Firefox 133, Thunderbird 133, Firefox ESR 115.18, Firefox ESR 128.5, Thunderbird 115.18, and Thunderbird 128.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 134, Firefox ESR < 128.6, Firefox ESR < 115.19, Thunderbird < 134, and Thunderbird < 128.6. | |||||
CVE-2025-0247 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-04-03 | N/A | 9.8 CRITICAL |
Memory safety bugs present in Firefox 133 and Thunderbird 133. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 134 and Thunderbird < 134. | |||||
CVE-2022-2294 | 6 Apple, Fedoraproject, Google and 3 more | 12 Ipados, Iphone Os, Mac Os X and 9 more | 2025-04-03 | N/A | 8.8 HIGH |
Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
CVE-2024-25993 | 1 Google | 1 Android | 2025-04-03 | N/A | 8.4 HIGH |
In tmu_reset_tmu_trip_counter of , there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
CVE-2024-27204 | 1 Google | 1 Android | 2025-04-03 | N/A | 8.4 HIGH |
In tmu_set_gov_active of tmu.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
CVE-2024-27208 | 1 Google | 1 Android | 2025-04-03 | N/A | 8.4 HIGH |
there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
CVE-2024-27211 | 1 Google | 1 Android | 2025-04-03 | N/A | 7.7 HIGH |
In AtiHandleAPOMsgType of ati_Main.c, there is a possible OOB write due to a missing null check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
CVE-2024-27212 | 1 Google | 1 Android | 2025-04-03 | N/A | 7.8 HIGH |
In init_data of , there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
CVE-2024-27219 | 1 Google | 1 Android | 2025-04-03 | N/A | 8.4 HIGH |
In tmu_set_pi of tmu.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
CVE-2024-27221 | 1 Google | 1 Android | 2025-04-03 | N/A | 7.8 HIGH |
In update_policy_data of , there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
CVE-2024-27226 | 1 Google | 1 Android | 2025-04-03 | N/A | 8.4 HIGH |
In tmu_config_gov_params of , there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. |