Total
12297 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-1380 | 1 Microsoft | 16 Internet Explorer, Windows 10 1507, Windows 10 1607 and 13 more | 2025-02-11 | 7.6 HIGH | 7.8 HIGH |
| A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website. An attacker could also embed an ActiveX control marked "safe for initialization" in an application or Microsoft Office document that hosts the IE rendering engine. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability. The security update addresses the vulnerability by modifying how the scripting engine handles objects in memory. | |||||
| CVE-2021-1732 | 1 Microsoft | 9 Windows 10 1803, Windows 10 1809, Windows 10 1909 and 6 more | 2025-02-11 | 4.6 MEDIUM | 7.8 HIGH |
| Windows Win32k Elevation of Privilege Vulnerability | |||||
| CVE-2023-26554 | 1 Ntp | 1 Ntp | 2025-02-11 | N/A | 5.6 MEDIUM |
| mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write when adding a '\0' character. An adversary may be able to attack a client ntpq process, but cannot attack ntpd. | |||||
| CVE-2023-26553 | 1 Ntp | 1 Ntp | 2025-02-11 | N/A | 5.6 MEDIUM |
| mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write when copying the trailing number. An adversary may be able to attack a client ntpq process, but cannot attack ntpd. | |||||
| CVE-2023-26552 | 1 Ntp | 1 Ntp | 2025-02-11 | N/A | 5.6 MEDIUM |
| mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write when adding a decimal point. An adversary may be able to attack a client ntpq process, but cannot attack ntpd. | |||||
| CVE-2023-26551 | 1 Ntp | 1 Ntp | 2025-02-11 | N/A | 5.6 MEDIUM |
| mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write in the cp<cpdec while loop. An adversary may be able to attack a client ntpq process, but cannot attack ntpd. | |||||
| CVE-2023-26064 | 1 Lexmark | 217 6500e, B2236, B2338 and 214 more | 2025-02-11 | N/A | 9.8 CRITICAL |
| Certain Lexmark devices through 2023-02-19 have an Out-of-bounds Write. | |||||
| CVE-2024-12695 | 1 Google | 1 Chrome | 2025-02-11 | N/A | 8.8 HIGH |
| Out of bounds write in V8 in Google Chrome prior to 131.0.6778.204 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2023-52432 | 1 Samsung | 1 Android | 2025-02-10 | N/A | 5.9 MEDIUM |
| Improper input validation in IpcTxSndSetLoopbackCtrl in libsec-ril prior to SMR Sep-2023 Release 1 allows local attackers to write out-of-bounds memory. | |||||
| CVE-2024-20880 | 1 Samsung | 1 Android | 2025-02-10 | N/A | 6.4 MEDIUM |
| Stack-based buffer overflow vulnerability in bootloader prior to SMR Jun-2024 Release 1 allows physical attackers to overwrite memory. | |||||
| CVE-2024-20878 | 1 Samsung | 1 Android | 2025-02-10 | N/A | 7.3 HIGH |
| Heap out-of-bound write vulnerability in parsing grid image in libsavscmn.so prior to SMR June-2024 Release 1 allows local attackers to execute arbitrary code. | |||||
| CVE-2024-49410 | 1 Samsung | 1 Android | 2025-02-10 | N/A | 5.9 MEDIUM |
| Out-of-bounds write in libswmfextractor.so prior to SMR Dec-2024 Release 1 allows local attackers to execute arbitrary code. | |||||
| CVE-2024-49415 | 1 Samsung | 1 Android | 2025-02-10 | N/A | 8.1 HIGH |
| Out-of-bound write in libsaped.so prior to SMR Dec-2024 Release 1 allows remote attackers to execute arbitrary code. | |||||
| CVE-2024-20832 | 1 Samsung | 1 Android | 2025-02-10 | N/A | 6.4 MEDIUM |
| Heap overflow in Little Kernel in bootloader prior to SMR Mar-2024 Release 1 allows local privileged attackers to execute arbitrary code. | |||||
| CVE-2024-20831 | 1 Samsung | 1 Android | 2025-02-10 | N/A | 6.4 MEDIUM |
| Stack overflow in Little Kernel in bootloader prior to SMR Mar-2024 Release 1 allows local privileged attackers to execute arbitrary code. | |||||
| CVE-2024-20877 | 1 Samsung | 1 Android | 2025-02-10 | N/A | 7.3 HIGH |
| Heap out-of-bound write vulnerability in parsing grid image header in libsavscmn.so prior to SMR Jun-2024 Release 1 allows local attackers to execute arbitrary code. | |||||
| CVE-2024-20873 | 1 Samsung | 2 Android, Exynos 1280 | 2025-02-10 | N/A | 4.2 MEDIUM |
| Improper input validation vulnerability in caminfo driver prior to SMR Jun-2024 Release 1 allows local privileged attackers to write out-of-bounds memory. | |||||
| CVE-2024-20863 | 1 Samsung | 1 Android | 2025-02-10 | N/A | 6.7 MEDIUM |
| Out of bounds write vulnerability in SNAP in HAL prior to SMR May-2024 Release 1 allows local privileged attackers to execute arbitrary code. | |||||
| CVE-2024-20862 | 1 Samsung | 1 Android | 2025-02-10 | N/A | 6.0 MEDIUM |
| Out-of-bounds write in SveService prior to SMR May-2024 Release 1 allows local privileged attackers to execute arbitrary code. | |||||
| CVE-2024-9996 | 1 Autodesk | 10 Autocad, Autocad Advance Steel, Autocad Architecture and 7 more | 2025-02-10 | N/A | 7.8 HIGH |
| A maliciously crafted DWG file, when parsed in acdb25.dll through Autodesk AutoCAD, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process. | |||||