Vulnerabilities (CVE)

Filtered by CWE-787
Total 12292 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-30900 1 Apple 3 Ipados, Iphone Os, Macos 2025-04-03 9.3 HIGH 7.8 HIGH
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 14.8.1 and iPadOS 14.8.1, iOS 15.1 and iPadOS 15.1. A malicious application may be able to execute arbitrary code with kernel privileges.
CVE-2022-46475 1 Dlink 2 Dir-645, Dir-645 Firmware 2025-04-03 N/A 9.8 CRITICAL
D-Link DIR 645A1 1.06B01_Beta01 was discovered to contain a stack overflow via the service= variable in the genacgi_main function.
CVE-2021-28664 1 Arm 3 Bifrost Gpu Kernel Driver, Midguard Gpu Kernel Driver, Valhall Gpu Kernel Driver 2025-04-03 9.0 HIGH 8.8 HIGH
The Arm Mali GPU kernel driver allows privilege escalation or a denial of service (memory corruption) because an unprivileged user can achieve read/write access to read-only pages. This affects Bifrost r0p0 through r29p0 before r30p0, Valhall r19p0 through r29p0 before r30p0, and Midgard r8p0 through r30p0 before r31p0.
CVE-2021-31755 1 Tenda 2 Ac11, Ac11 Firmware 2025-04-03 10.0 HIGH 9.8 CRITICAL
An issue was discovered on Tenda AC11 devices with firmware through 02.03.01.104_CN. A stack buffer overflow vulnerability in /goform/setmac allows attackers to execute arbitrary code on the system via a crafted post request.
CVE-2023-5217 8 Apple, Debian, Fedoraproject and 5 more 11 Ipados, Iphone Os, Debian Linux and 8 more 2025-04-03 N/A 8.8 HIGH
Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2021-4034 7 Canonical, Oracle, Polkit Project and 4 more 31 Ubuntu Linux, Http Server, Zfs Storage Appliance Kit and 28 more 2025-04-03 7.2 HIGH 7.8 HIGH
A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn't handle the calling parameters count correctly and ends trying to execute environment variables as commands. An attacker can leverage this by crafting environment variables in such a way it'll induce pkexec to execute arbitrary code. When successfully executed the attack can cause a local privilege escalation given unprivileged users administrative rights on the target machine.
CVE-2025-2263 1 Santesoft 1 Sante Pacs Server 2025-04-03 N/A 9.8 CRITICAL
During login to the web server in "Sante PACS Server.exe", OpenSSL function EVP_DecryptUpdate is called to decrypt the username and password. A fixed 0x80-byte stack-based buffer is passed to the function as the output buffer. A stack-based buffer overflow exists if a long encrypted username or password is supplied by an unauthenticated remote attacker.
CVE-2024-12672 2 Microsoft, Rockwellautomation 2 Windows, Arena 2025-04-03 N/A 7.3 HIGH
A third-party vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to write beyond the boundaries of allocated memory in a DOE file. If exploited, a threat actor could leverage this vulnerability to execute arbitrary code. To exploit this vulnerability, a legitimate user must execute the malicious code crafted by the threat actor.
CVE-2025-0243 1 Mozilla 2 Firefox, Thunderbird 2025-04-03 N/A 5.1 MEDIUM
Memory safety bugs present in Firefox 133, Thunderbird 133, Firefox ESR 128.5, and Thunderbird 128.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 134, Firefox ESR < 128.6, Thunderbird < 134, and Thunderbird < 128.6.
CVE-2025-0242 1 Mozilla 2 Firefox, Thunderbird 2025-04-03 N/A 6.5 MEDIUM
Memory safety bugs present in Firefox 133, Thunderbird 133, Firefox ESR 115.18, Firefox ESR 128.5, Thunderbird 115.18, and Thunderbird 128.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 134, Firefox ESR < 128.6, Firefox ESR < 115.19, Thunderbird < 134, and Thunderbird < 128.6.
CVE-2025-0247 1 Mozilla 2 Firefox, Thunderbird 2025-04-03 N/A 9.8 CRITICAL
Memory safety bugs present in Firefox 133 and Thunderbird 133. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 134 and Thunderbird < 134.
CVE-2022-2294 6 Apple, Fedoraproject, Google and 3 more 12 Ipados, Iphone Os, Mac Os X and 9 more 2025-04-03 N/A 8.8 HIGH
Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2024-25993 1 Google 1 Android 2025-04-03 N/A 8.4 HIGH
In tmu_reset_tmu_trip_counter of , there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2024-27204 1 Google 1 Android 2025-04-03 N/A 8.4 HIGH
In tmu_set_gov_active of tmu.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2024-27208 1 Google 1 Android 2025-04-03 N/A 8.4 HIGH
there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2024-27211 1 Google 1 Android 2025-04-03 N/A 7.7 HIGH
In AtiHandleAPOMsgType of ati_Main.c, there is a possible OOB write due to a missing null check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2024-27212 1 Google 1 Android 2025-04-03 N/A 7.8 HIGH
In init_data of , there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2024-27219 1 Google 1 Android 2025-04-03 N/A 8.4 HIGH
In tmu_set_pi of tmu.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2024-27221 1 Google 1 Android 2025-04-03 N/A 7.8 HIGH
In update_policy_data of , there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2024-27226 1 Google 1 Android 2025-04-03 N/A 8.4 HIGH
In tmu_config_gov_params of , there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.