Total
13459 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-47366 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-03-26 | N/A | 5.5 MEDIUM |
|
In wlan driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in wlan services.
|
|||||
| CVE-2022-47365 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-03-26 | N/A | 5.5 MEDIUM |
|
In wlan driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in wlan services.
|
|||||
| CVE-2022-47364 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-03-26 | N/A | 5.5 MEDIUM |
|
In wlan driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in wlan services.
|
|||||
| CVE-2022-44448 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-03-26 | N/A | 5.5 MEDIUM |
|
In wlan driver, there is a possible missing params check. This could lead to local denial of service in wlan services.
|
|||||
| CVE-2022-42783 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-03-26 | N/A | 5.5 MEDIUM |
|
In wlan driver, there is a possible missing params check. This could lead to local denial of service in wlan services.
|
|||||
| CVE-2023-20614 | 2 Google, Mediatek | 38 Android, Mt6739, Mt6761 and 35 more | 2025-03-26 | N/A | 6.7 MEDIUM |
|
In ril, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628615; Issue ID: ALPS07628615.
|
|||||
| CVE-2022-47452 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-03-26 | N/A | 5.5 MEDIUM |
|
In gnss driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in wlan services.
|
|||||
| CVE-2022-38675 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-03-26 | N/A | 5.5 MEDIUM |
|
In gpu driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel.
|
|||||
| CVE-2023-52369 | 1 Huawei | 2 Emui, Harmonyos | 2025-03-25 | N/A | 9.1 CRITICAL |
|
Stack overflow vulnerability in the NFC module.Successful exploitation of this vulnerability may affect service availability and integrity.
|
|||||
| CVE-2024-27373 | 1 Samsung | 10 Exynos 1280, Exynos 1280 Firmware, Exynos 1330 and 7 more | 2025-03-25 | N/A | 6.7 MEDIUM |
|
An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos 850, Exynos 1280, Exynos 1380, and Exynos 1330. In the function slsi_nan_config_get_nl_params(), there is no input validation check on disc_attr->mesh_id_len coming from userspace, which can lead to a heap overwrite.
|
|||||
| CVE-2022-25480 | 1 Realtek | 2 Rtsper, Rtsuer | 2025-03-25 | N/A | 7.8 HIGH |
|
Vulnerability in Realtek RtsPer driver for PCIe Card Reader (RtsPer.sys) before 10.0.22000.21355 and Realtek RtsUer driver for USB Card Reader (RtsUer.sys) before 10.0.22000.31274 allows writing to kernel memory beyond the SystemBuffer of the IRP.
|
|||||
| CVE-2024-41445 | 1 Ihedvall | 1 Mdf Library | 2025-03-25 | N/A | 6.5 MEDIUM |
|
Library MDF (mdflib) v2.1 is vulnerable to a heap-based buffer overread via a crafted mdf4 file is parsed using the ReadData function
|
|||||
| CVE-2024-32608 | 1 Hdfgroup | 1 Hdf5 | 2025-03-25 | N/A | 9.8 CRITICAL |
|
HDF5 library through 1.14.3 has memory corruption in H5A__close resulting in the corruption of the instruction pointer and causing denial of service or potential code execution.
|
|||||
| CVE-2024-29013 | 1 Sonicwall | 22 Nsa 2700, Nsa 3700, Nsa 4700 and 19 more | 2025-03-25 | N/A | 6.5 MEDIUM |
|
Heap-based buffer overflow vulnerability in the SonicOS SSL-VPN allows an authenticated remote attacker to cause Denial of Service (DoS) via memcpy function.
|
|||||
| CVE-2024-29012 | 1 Sonicwall | 22 Nsa 2700, Nsa 3700, Nsa 4700 and 19 more | 2025-03-25 | N/A | 7.5 HIGH |
|
Stack-based buffer overflow vulnerability in the SonicOS HTTP server allows an authenticated remote attacker to cause Denial of Service (DoS) via sscanf function.
|
|||||
| CVE-2024-27227 | 1 Google | 1 Android | 2025-03-25 | N/A | 9.8 CRITICAL |
|
A malicious DNS response can trigger a number of OOB reads, writes, and other memory issues
|
|||||
| CVE-2024-30620 | 1 Tenda | 2 Ax1803, Ax1803 Firmware | 2025-03-25 | N/A | 9.8 CRITICAL |
|
Tenda AX1803 v1.0.0.1 contains a stack overflow via the serviceName parameter in the function fromAdvSetMacMtuWan.
|
|||||
| CVE-2024-40724 | 1 Assimp | 1 Assimp | 2025-03-25 | N/A | 7.8 HIGH |
|
Heap-based buffer overflow vulnerability in Assimp versions prior to 5.4.2 allows a local attacker to execute arbitrary code by inputting a specially crafted file into the product.
|
|||||
| CVE-2024-27376 | 1 Samsung | 10 Exynos 1280, Exynos 1280 Firmware, Exynos 1330 and 7 more | 2025-03-25 | N/A | 6.7 MEDIUM |
|
An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos 850, Exynos 1280, Exynos 1380, and Exynos 1330. In the function slsi_nan_subscribe_get_nl_params(), there is no input validation check on hal_req->rx_match_filter_len coming from userspace, which can lead to a heap overwrite.
|
|||||
| CVE-2025-20885 | 1 Samsung | 1 Android | 2025-03-25 | N/A | 6.4 MEDIUM |
|
Out-of-bounds write in softsim trustlet prior to SMR Jan-2025 Release 1 allows local privileged attackers to cause memory corruption.
|
|||||
| CVE-2024-45782 | 2 Gnu, Redhat | 3 Grub2, Enterprise Linux, Openshift Container Platform | 2025-03-25 | N/A | 7.8 HIGH |
|
A flaw was found in the HFS filesystem. When reading an HFS volume's name at grub_fs_mount(), the HFS filesystem driver performs a strcpy() using the user-provided volume name as input without properly validating the volume name's length. This issue may read to a heap-based out-of-bounds writer, impacting grub's sensitive data integrity and eventually leading to a secure boot protection bypass.
|
|||||
| CVE-2020-17538 | 3 Artifex, Canonical, Debian | 3 Ghostscript, Ubuntu Linux, Debian Linux | 2025-03-24 | 4.3 MEDIUM | 5.5 MEDIUM |
|
A buffer overflow vulnerability in GetNumSameData() in contrib/lips4/gdevlips.c of Artifex Software GhostScript from v9.18 to v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.
|
|||||
| CVE-2020-16296 | 3 Artifex, Canonical, Debian | 3 Ghostscript, Ubuntu Linux, Debian Linux | 2025-03-24 | 4.3 MEDIUM | 5.5 MEDIUM |
|
A buffer overflow vulnerability in GetNumWrongData() in contrib/lips4/gdevlips.c of Artifex Software GhostScript from v9.18 to v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.
|
|||||
| CVE-2023-24348 | 1 Dlink | 2 Dir-605l, Dir-605l Firmware | 2025-03-24 | N/A | 9.8 CRITICAL |
|
D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a stack overflow via the curTime parameter at /goform/formSetACLFilter.
|
|||||
| CVE-2023-24347 | 1 Dlink | 2 Dir-605l, Dir-605l Firmware | 2025-03-24 | N/A | 8.8 HIGH |
|
D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a stack overflow via the webpage parameter at /goform/formSetWanDhcpplus.
|
|||||
| CVE-2023-24346 | 1 Dlink | 2 Dir-605l, Dir-605l Firmware | 2025-03-24 | N/A | 8.8 HIGH |
|
D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a stack overflow via the wan_connected parameter at /goform/formEasySetupWizard3.
|
|||||
| CVE-2023-24345 | 1 Dlink | 2 Dir-605l, Dir-605l Firmware | 2025-03-24 | N/A | 8.8 HIGH |
|
D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a stack overflow via the curTime parameter at /goform/formSetWanDhcpplus.
|
|||||
| CVE-2023-24344 | 1 Dlink | 2 Dir-605l, Dir-605l Firmware | 2025-03-24 | N/A | 8.8 HIGH |
|
D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a stack overflow via the webpage parameter at /goform/formWlanGuestSetup.
|
|||||
| CVE-2023-24343 | 1 Dlink | 2 Dir-605l, Dir-605l Firmware | 2025-03-24 | N/A | 8.8 HIGH |
|
D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a stack overflow via the curTime parameter at /goform/formSchedule.
|
|||||
| CVE-2025-27598 | 1 Sixlabors | 1 Imagesharp | 2025-03-24 | N/A | 7.5 HIGH |
|
ImageSharp is a 2D graphics API. An Out-of-bounds Write vulnerability has been found in the ImageSharp gif decoder, allowing attackers to cause a crash using a specially crafted gif. This can potentially lead to denial of service. The problem has been patched. All users are advised to upgrade to v3.1.7 or v2.1.10.
|
|||||
| CVE-2024-54520 | 1 Apple | 1 Macos | 2025-03-24 | N/A | 5.5 MEDIUM |
|
A path handling issue was addressed with improved validation. This issue is fixed in macOS Sonoma 14.7.2, macOS Sequoia 15.2, macOS Ventura 13.7.2. An app may be able to overwrite arbitrary files.
|
|||||
| CVE-2022-45766 | 1 Keystorage | 1 Global Facilities Management Software | 2025-03-24 | N/A | 9.1 CRITICAL |
|
Hardcoded credentials in Global Facilities Management Software (GFMS) Version 3 software distributed by Key Systems Management permits remote attackers to impact availability, confidentiality, accessibility and dependability of electronic key boxes.
|
|||||
| CVE-2024-32901 | 1 Google | 1 Android | 2025-03-24 | N/A | 7.8 HIGH |
|
In v4l2_smfc_qbuf of smfc-v4l2-ioctls.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
|
|||||
| CVE-2023-24351 | 1 Dlink | 2 Dir-605l, Dir-605l Firmware | 2025-03-24 | N/A | 9.8 CRITICAL |
|
D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a stack overflow via the FILECODE parameter at /goform/formLogin.
|
|||||
| CVE-2023-24350 | 1 Dlink | 2 Dir-605l, Dir-605l Firmware | 2025-03-24 | N/A | 9.8 CRITICAL |
|
D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a stack overflow via the config.smtp_email_subject parameter at /goform/formSetEmail.
|
|||||
| CVE-2023-24349 | 1 Dlink | 2 Dir-605l, Dir-605l Firmware | 2025-03-24 | N/A | 9.8 CRITICAL |
|
D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a stack overflow via the curTime parameter at /goform/formSetRoute.
|
|||||
| CVE-2023-24352 | 1 Dlink | 2 Dir-605l, Dir-605l Firmware | 2025-03-24 | N/A | 9.8 CRITICAL |
|
D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a stack overflow via the webpage parameter at /goform/formWPS.
|
|||||
| CVE-2025-24185 | 1 Apple | 1 Macos | 2025-03-24 | N/A | 5.5 MEDIUM |
|
An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in macOS Sequoia 15.3, macOS Ventura 13.7.3, macOS Sonoma 14.7.3. Parsing a maliciously crafted file may lead to an unexpected app termination.
|
|||||
| CVE-2024-41311 | 2 Debian, Struktur | 2 Debian Linux, Libheif | 2025-03-24 | N/A | 8.1 HIGH |
|
In Libheif 1.17.6, insufficient checks in ImageOverlay::parse() decoding a heif file containing an overlay image with forged offsets can lead to an out-of-bounds read and write.
|
|||||
| CVE-2024-13903 | 1 Quickjs-ng | 1 Quickjs | 2025-03-24 | 5.0 MEDIUM | 4.3 MEDIUM |
|
A vulnerability was found in quickjs-ng QuickJS up to 0.8.0. It has been declared as problematic. Affected by this vulnerability is the function JS_GetRuntime of the file quickjs.c of the component qjs. The manipulation leads to stack-based buffer overflow. The attack can be launched remotely. Upgrading to version 0.9.0 is able to address this issue. The patch is named 99c02eb45170775a9a679c32b45dd4000ea67aff. It is recommended to upgrade the affected component.
|
|||||