Total
12297 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-20881 | 1 Samsung | 1 Android | 2025-02-12 | N/A | 7.0 HIGH |
| Out-of-bounds write in accessing buffer storing the decoded video frames in libsthmbc.so prior to SMR Jan-2025 Release 1 allows local attackers to execute arbitrary code with privilege. User interaction is required for triggering this vulnerability. | |||||
| CVE-2024-0143 | 2025-02-12 | N/A | 6.8 MEDIUM | ||
| NVIDIA nvJPEG2000 library contains a vulnerability where an attacker can cause an out-of-bounds write issue by means of a specially crafted JPEG2000 file. A successful exploit of this vulnerability might lead to code execution and data tampering. | |||||
| CVE-2024-0142 | 2025-02-12 | N/A | 6.8 MEDIUM | ||
| NVIDIA nvJPEG2000 library contains a vulnerability where an attacker can cause an out-of-bounds write issue by means of a specially crafted JPEG2000 file. A successful exploit of this vulnerability might lead to code execution and data tampering. | |||||
| CVE-2024-24686 | 1 Libigl | 1 Libigl | 2025-02-11 | N/A | 7.8 HIGH |
| Multiple stack-based buffer overflow vulnerabilities exist in the readOFF functionality of libigl v2.5.0. A specially crafted .off file can lead to stack-based buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.This vulnerability concerns the parsing of comments within the faces section of an `.off` file processed via the `readOFF` function. | |||||
| CVE-2024-24685 | 1 Libigl | 1 Libigl | 2025-02-11 | N/A | 7.8 HIGH |
| Multiple stack-based buffer overflow vulnerabilities exist in the readOFF functionality of libigl v2.5.0. A specially crafted .off file can lead to stack-based buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.This vulnerability concerns the parsing of comments within the vertex section of an `.off` file processed via the `readOFF` function. | |||||
| CVE-2025-1240 | 2025-02-11 | N/A | 7.8 HIGH | ||
| WinZip 7Z File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of WinZip. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of 7Z files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24986. | |||||
| CVE-2023-6322 | 3 Roku, Throughtek, Wyze | 5 Indoor Camera Se, Indoor Camera Se Firmware, Kalay Platform and 2 more | 2025-02-11 | N/A | 7.2 HIGH |
| A stack-based buffer overflow vulnerability exists in the message parsing functionality of the Roku Indoor Camera SE version 3.0.2.4679 and Wyze Cam v3 version 4.36.11.5859. A specially crafted message can lead to stack-based buffer overflow. An attacker can make authenticated requests to trigger this vulnerability. | |||||
| CVE-2023-26555 | 1 Ntp | 1 Ntp | 2025-02-11 | N/A | 6.4 MEDIUM |
| praecis_parse in ntpd/refclock_palisade.c in NTP 4.2.8p15 has an out-of-bounds write. Any attack method would be complex, e.g., with a manipulated GPS receiver. | |||||
| CVE-2023-22615 | 1 Insyde | 1 Insydeh2o | 2025-02-11 | N/A | 8.4 HIGH |
| An issue was discovered in IhisiSmm in Insyde InsydeH2O with kernel 5.0 through 5.5. IHISI subfunction execution may corrupt SMRAM. An attacker can pass an address in the RCX save state register that overlaps SMRAM, thereby coercing an IHISI subfunction handler to overwrite private SMRAM. | |||||
| CVE-2024-50664 | 1 Gpac | 1 Gpac | 2025-02-11 | N/A | 7.8 HIGH |
| gpac 2.4 contains a heap-buffer-overflow at isomedia/sample_descs.c:1799 in gf_isom_new_mpha_description in gpac/MP4Box. | |||||
| CVE-2023-27804 | 1 H3c | 1 Magic R100 Firmware | 2025-02-11 | N/A | 4.9 MEDIUM |
| H3C Magic R100 R100V100R005.bin was discovered to contain a stack overflow via the DelvsList interface at /goform/aspForm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted payload. | |||||
| CVE-2023-22614 | 1 Insyde | 1 Insydeh2o | 2025-02-11 | N/A | 8.8 HIGH |
| An issue was discovered in ChipsetSvcSmm in Insyde InsydeH2O with kernel 5.0 through 5.5. There is insufficient input validation in BIOS Guard updates. An attacker can induce memory corruption in SMM by supplying malformed inputs to the BIOS Guard SMI handler. | |||||
| CVE-2023-22613 | 1 Insyde | 1 Insydeh2o | 2025-02-11 | N/A | 8.8 HIGH |
| An issue was discovered in IhisiSmm in Insyde InsydeH2O with kernel 5.0 through 5.5. It is possible to write to an attacker-controlled address. An attacker could invoke an SMI handler with a malformed pointer in RCX that overlaps SMRAM, resulting in SMM memory corruption. | |||||
| CVE-2021-46879 | 1 Treasuredata | 1 Fluent Bit | 2025-02-11 | N/A | 7.8 HIGH |
| An issue was discovered in Treasure Data Fluent Bit 1.7.1, a wrong variable is used to get the msgpack data resulting in a heap overflow in flb_msgpack_gelf_value_ext. An attacker can craft a malicious file and tick the victim to open the file with the software, triggering a heap overflow and execute arbitrary code on the target system. | |||||
| CVE-2022-21882 | 1 Microsoft | 9 Windows 10 1809, Windows 10 1909, Windows 10 20h2 and 6 more | 2025-02-11 | 7.2 HIGH | 7.0 HIGH |
| Win32k Elevation of Privilege Vulnerability | |||||
| CVE-2023-27718 | 1 Dlink | 2 Dir878, Dir878 Firmware | 2025-02-11 | N/A | 9.8 CRITICAL |
| D-Link DIR878 1.30B08 was discovered to contain a stack overflow in the sub_498308 function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload. | |||||
| CVE-2025-21161 | 2025-02-11 | N/A | 7.8 HIGH | ||
| Substance3D - Designer versions 14.0.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2023-22612 | 1 Insyde | 1 Insydeh2o | 2025-02-11 | N/A | 8.8 HIGH |
| An issue was discovered in IhisiSmm in Insyde InsydeH2O with kernel 5.0 through 5.5. A malicious host OS can invoke an Insyde SMI handler with malformed arguments, resulting in memory corruption in SMM. | |||||
| CVE-2022-42858 | 1 Apple | 1 Macos | 2025-02-11 | N/A | 7.8 HIGH |
| A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Ventura 13.1. An app may be able to execute arbitrary code with kernel privileges | |||||
| CVE-2022-46709 | 1 Apple | 1 Iphone Os | 2025-02-11 | N/A | 9.8 CRITICAL |
| A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Ventura 13, iOS 16. An app may be able to execute arbitrary code with kernel privileges | |||||