Total
263 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-25178 | 2025-04-15 | N/A | 7.8 HIGH | ||
|
Software installed and run as a non-privileged user may conduct improper GPU system calls to cause kernel system memory corruption.
|
|||||
| CVE-2022-37312 | 1 Open-xchange | 1 Open-xchange Appsuite | 2025-04-14 | N/A | 5.3 MEDIUM |
|
OX App Suite through 7.10.6 has Uncontrolled Resource Consumption via a large request body containing a redirect URL to the deferrer servlet.
|
|||||
| CVE-2022-37311 | 1 Open-xchange | 1 Open-xchange Appsuite | 2025-04-14 | N/A | 5.3 MEDIUM |
|
OX App Suite through 7.10.6 has Uncontrolled Resource Consumption via a large location request parameter to the redirect servlet.
|
|||||
| CVE-2008-1440 | 1 Microsoft | 2 Windows Server 2003, Windows Xp | 2025-04-09 | 7.1 HIGH | N/A |
|
Microsoft Windows XP SP2 and SP3, and Server 2003 SP1 and SP2, does not properly validate the option length field in Pragmatic General Multicast (PGM) packets, which allows remote attackers to cause a denial of service (infinite loop and system hang) via a crafted PGM packet, aka the "PGM Invalid Length Vulnerability."
|
|||||
| CVE-2008-2374 | 2 Bluez, Fedoraproject | 3 Bluez-libs, Bluez-utils, Fedora | 2025-04-09 | 7.5 HIGH | 9.8 CRITICAL |
|
src/sdp.c in bluez-libs 3.30 in BlueZ, and other bluez-libs before 3.34 and bluez-utils before 3.34 versions, does not validate string length fields in SDP packets, which allows remote SDP servers to cause a denial of service or possibly have unspecified other impact via a crafted length field that triggers excessive memory allocation or a buffer over-read.
|
|||||
| CVE-2009-4488 | 1 Varnish.projects.linpro | 1 Varnish | 2025-04-09 | 5.0 MEDIUM | 9.8 CRITICAL |
|
Varnish 2.0.6 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator. NOTE: the vendor disputes the significance of this report, stating that "This is not a security problem in Varnish or any other piece of software which writes a logfile. The real problem is the mistaken belief that yo ...
Show More |
|||||
| CVE-2022-20493 | 1 Google | 1 Android | 2025-04-03 | N/A | 7.8 HIGH |
|
In Condition of Condition.java, there is a possible way to grant notification access due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-242846316
|
|||||
| CVE-2024-45351 | 2025-03-27 | N/A | 7.8 HIGH | ||
|
A code execution vulnerability exists in the Xiaomi Game center application product. The vulnerability is caused by improper input validation and can be exploited by attackers to execute malicious code.
|
|||||
| CVE-2024-31957 | 1 Samsung | 4 Exynos 2200, Exynos 2200 Firmware, Exynos 2400 and 1 more | 2025-03-25 | N/A | 6.2 MEDIUM |
|
A vulnerability was discovered in Samsung Mobile Processors Exynos 2200 and Exynos 2400 where they lack a check for the validation of native handles, which can result in a DoS(Denial of Service) attack by unmapping an invalid length.
|
|||||
| CVE-2022-48298 | 1 Huawei | 2 Emui, Harmonyos | 2025-03-25 | N/A | 7.5 HIGH |
|
The geofencing kernel code does not verify the length of the input data. Successful exploitation of this vulnerability may cause out-of-bounds memory access.
|
|||||
| CVE-2022-48297 | 1 Huawei | 2 Emui, Harmonyos | 2025-03-25 | N/A | 7.5 HIGH |
|
The geofencing kernel code has a vulnerability of not verifying the length of the input data. Successful exploitation of this vulnerability may cause out-of-bounds memory access.
|
|||||
| CVE-2022-3411 | 1 Gitlab | 1 Gitlab | 2025-03-21 | N/A | 6.5 MEDIUM |
|
A lack of length validation in GitLab CE/EE affecting all versions from 12.4 before 15.6.7, 15.7 before 15.7.6, and 15.8 before 15.8.1 allows an authenticated attacker to create a large Issue description via GraphQL which, when repeatedly requested, saturates CPU usage.
|
|||||
| CVE-2024-27362 | 1 Samsung | 10 Exynos 1280, Exynos 1280 Firmware, Exynos 1330 and 7 more | 2025-03-20 | N/A | 4.4 MEDIUM |
|
A vulnerability was discovered in Samsung Mobile Processors Exynos 1280, Exynos 2200, Exynos 1330, Exynos 1380, and Exynos 2400 where they do not properly check the length of the data, which can lead to a Information disclosure.
|
|||||
| CVE-2024-8000 | 2025-03-04 | N/A | 5.3 MEDIUM | ||
|
On affected platforms running Arista EOS with 802.1X configured, certain conditions may occur where a dynamic ACL is received from the AAA server resulting in only the first line of the ACL being installed after an Accelerated Software Upgrade (ASU) restart.
Note: supplicants with pending captive-portal authentication during ASU would be impacted with this bug.
|
|||||
| CVE-2023-34188 | 1 Cesanta | 1 Mongoose | 2025-02-28 | N/A | 7.5 HIGH |
|
The HTTP server in Mongoose before 7.10 accepts requests containing negative Content-Length headers. By sending a single attack payload over TCP, an attacker can cause an infinite loop in which the server continuously reparses that payload, and does not respond to any other requests.
|
|||||
| CVE-2024-7316 | 2025-02-21 | N/A | 5.9 MEDIUM | ||
|
Improper Validation of Specified Quantity in Input vulnerability in Mitsubishi Electric CNC Series allows a remote unauthenticated attacker to cause Denial of Service (DoS) condition on the product by sending specially crafted packets to TCP port 683, causing an emergency stop.
|
|||||
| CVE-2023-20508 | 2025-02-12 | N/A | 5.0 MEDIUM | ||
|
Improper access control in the ASP could allow a privileged attacker to perform an out-of-bounds write to a memory location not controlled by the attacker, potentially leading to loss of confidentiality, integrity, or availability.
|
|||||
| CVE-2023-31331 | 2025-02-11 | N/A | 3.0 LOW | ||
|
Improper access control in the DRTM firmware could allow a privileged attacker to perform multiple driver initializations, resulting in stack memory corruption that could potentially lead to loss of integrity or availability.
|
|||||
| CVE-2023-20582 | 2025-02-11 | N/A | 5.3 MEDIUM | ||
|
Improper handling of invalid nested page table entries in the IOMMU may allow a privileged attacker to induce page table entry (PTE) faults to bypass RMP checks in SEV-SNP, potentially leading to a loss of guest memory integrity.
|
|||||
| CVE-2023-20581 | 2025-02-11 | N/A | 2.5 LOW | ||
|
Improper access control in the IOMMU may allow a privileged attacker to bypass RMP checks, potentially leading to a loss of guest memory integrity.
|
|||||
| CVE-2023-20515 | 2025-02-11 | N/A | 5.7 MEDIUM | ||
|
Improper access control in the fTPM driver in the trusted OS could allow a privileged attacker to corrupt system memory, potentially leading to loss of integrity, confidentiality, or availability.
|
|||||
| CVE-2023-30269 | 1 Cltphp | 1 Cltphp | 2025-02-03 | N/A | 8.1 HIGH |
|
CLTPHP <=6.0 is vulnerable to Improper Input Validation via application/admin/controller/Template.php.
|
|||||
| CVE-2023-21111 | 1 Google | 1 Android | 2025-01-31 | N/A | 5.5 MEDIUM |
|
In several functions of PhoneAccountRegistrar.java, there is a possible way to prevent an access to emergency services due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-256819769
|
|||||
| CVE-2022-26047 | 1 Intel | 352 Converged Security And Manageability Engine, Core I3-1000g1 Firmware, Core I3-1000g4 Firmware and 349 more | 2025-01-29 | N/A | 4.3 MEDIUM |
|
Improper input validation for some Intel(R) PROSet/Wireless WiFi, Intel vPro(R) CSME WiFi and Killer(TM) WiFi products may allow unauthenticated user to potentially enable denial of service via local access.
|
|||||
| CVE-2023-27961 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2025-01-29 | N/A | 5.5 MEDIUM |
|
Multiple validation issues were addressed with improved input sanitization. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, iOS 15.7.4 and iPadOS 15.7.4, macOS Monterey 12.6.4, watchOS 9.4, macOS Big Sur 11.7.5. Importing a maliciously crafted calendar invitation may exfiltrate user information.
|
|||||
| CVE-2023-27941 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2025-01-29 | N/A | 5.5 MEDIUM |
|
A validation issue was addressed with improved input sanitization. This issue is fixed in macOS Ventura 13.3, iOS 15.7.4 and iPadOS 15.7.4, macOS Monterey 12.6.4, macOS Big Sur 11.7.5. An app may be able to disclose kernel memory.
|
|||||
| CVE-2023-20709 | 2 Google, Mediatek | 52 Android, Mt6580, Mt6731 and 49 more | 2025-01-24 | N/A | 4.4 MEDIUM |
|
In keyinstall, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07576951; Issue ID: ALPS07576951.
|
|||||
| CVE-2023-20708 | 2 Google, Mediatek | 52 Android, Mt6580, Mt6731 and 49 more | 2025-01-24 | N/A | 6.7 MEDIUM |
|
In keyinstall, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07581655; Issue ID: ALPS07581655.
|
|||||
| CVE-2023-20707 | 2 Google, Mediatek | 43 Android, Mt6735, Mt6737 and 40 more | 2025-01-24 | N/A | 6.7 MEDIUM |
|
In ril, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628556; Issue ID: ALPS07628556.
|
|||||
| CVE-2023-20705 | 2 Google, Mediatek | 14 Android, Mt6853, Mt6853t and 11 more | 2025-01-24 | N/A | 5.5 MEDIUM |
|
In apu, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07767870; Issue ID: ALPS07767870.
|
|||||
| CVE-2023-20704 | 2 Google, Mediatek | 14 Android, Mt6853, Mt6853t and 11 more | 2025-01-24 | N/A | 5.5 MEDIUM |
|
In apu, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07767826; Issue ID: ALPS07767826.
|
|||||
| CVE-2023-20722 | 2 Google, Mediatek | 4 Android, Mt6765, Mt6768 and 1 more | 2025-01-24 | N/A | 6.7 MEDIUM |
|
In m4u, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07771518; Issue ID: ALPS07680084.
|
|||||
| CVE-2023-20710 | 2 Google, Mediatek | 52 Android, Mt6580, Mt6731 and 49 more | 2025-01-24 | N/A | 4.4 MEDIUM |
|
In keyinstall, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07576935; Issue ID: ALPS07576935.
|
|||||
| CVE-2022-47029 | 1 Actionlauncher | 1 Action Launcher | 2025-01-14 | N/A | 7.8 HIGH |
|
An issue was found in Action Launcher v50.5 allows an attacker to escalate privilege via modification of the intent string to function update.
|
|||||
| CVE-2022-46143 | 1 Siemens | 202 Ruggedcom Rm1224 Lte\(4g\) Eu, Ruggedcom Rm1224 Lte\(4g\) Eu Firmware, Ruggedcom Rm1224 Lte\(4g\) Nam and 199 more | 2025-01-14 | N/A | 2.7 LOW |
|
Affected devices do not check the TFTP blocksize correctly. This could allow an authenticated attacker to read from an uninitialized buffer that potentially contains previously allocated data.
|
|||||
| CVE-2023-25731 | 1 Mozilla | 1 Firefox | 2025-01-10 | N/A | 8.8 HIGH |
|
Due to URL previews in the network panel of developer tools improperly storing URLs, query parameters could potentially be used to overwrite global objects in privileged code. This vulnerability affects Firefox < 110.
|
|||||
| CVE-2024-52901 | 1 Ibm | 1 Infosphere Information Server | 2025-01-07 | N/A | 6.5 MEDIUM |
|
IBM InfoSphere Information Server 11.7 could allow an authenticated user to GUI to not load or stop working due to improper input validation.
|
|||||
| CVE-2024-55407 | 2025-01-07 | N/A | 7.8 HIGH | ||
|
An issue in the DeviceloControl function of ITE Tech. Inc ITE IO Access v1.0.0.0 allows attackers to perform arbitrary port read and write actions via supplying crafted IOCTL requests.
|
|||||
| CVE-2023-30082 | 1 Enhancesoft | 1 Osticket | 2025-01-06 | N/A | 7.5 HIGH |
|
A denial of service attack might be launched against the server if an unusually lengthy password (more than 10000000 characters) is supplied using the osTicket application. This can cause the website to go down or stop responding. When a long password is entered, this procedure will consume all available CPU and memory.
|
|||||
| CVE-2024-1610 | 2024-12-18 | N/A | 9.8 CRITICAL | ||
|
In OPPO Store APP, there's a possible escalation of privilege due to improper input validation.
|
|||||