Total
13459 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-27070 | 1 Qualcomm | 350 Ar8035, Ar8035 Firmware, Fastconnect 6200 and 347 more | 2025-11-05 | N/A | 7.8 HIGH |
|
Memory corruption while performing encryption and decryption commands.
|
|||||
| CVE-2025-47367 | 1 Qualcomm | 62 Fastconnect 6700, Fastconnect 6700 Firmware, Fastconnect 6900 and 59 more | 2025-11-05 | N/A | 7.8 HIGH |
|
Memory corruption while accessing a buffer during IOCTL processing.
|
|||||
| CVE-2025-20725 | 1 Mediatek | 72 Lr12a, Mt2735, Mt2737 and 69 more | 2025-11-05 | N/A | 7.5 HIGH |
|
In ims service, there is a possible out of bounds write due to a missing bounds check. This could lead to remote escalation of privilege, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01671924; Issue ID: MSV-4620.
|
|||||
| CVE-2025-20726 | 1 Mediatek | 89 Lr12a, Mt2735, Mt2737 and 86 more | 2025-11-05 | N/A | 7.5 HIGH |
|
In Modem, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote escalation of privilege, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01672598; Issue ID: MSV-4622.
|
|||||
| CVE-2025-54574 | 1 Squid-cache | 1 Squid | 2025-11-05 | N/A | 9.3 CRITICAL |
|
Squid is a caching proxy for the Web. In versions 6.3 and below, Squid is vulnerable to a heap buffer overflow and possible remote code execution attack when processing URN due to incorrect buffer management. This has been fixed in version 6.4. To work around this issue, disable URN access permissions.
|
|||||
| CVE-2025-20728 | 1 Mediatek | 7 Mt7902, Mt7920, Mt7921 and 4 more | 2025-11-05 | N/A | 7.8 HIGH |
|
In wlan STA driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00447115; Issue ID: MSV-4276.
|
|||||
| CVE-2025-20729 | 2 Mediatek, Openwrt | 10 Mt6890, Mt7615, Mt7622 and 7 more | 2025-11-05 | N/A | 4.2 MEDIUM |
|
In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: WCNCR00441512; Issue ID: MSV-4153.
|
|||||
| CVE-2025-20733 | 2 Mediatek, Openwrt | 10 Mt6890, Mt7615, Mt7622 and 7 more | 2025-11-05 | N/A | 7.8 HIGH |
|
In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00441509; Issue ID: MSV-4138.
|
|||||
| CVE-2025-20735 | 2 Mediatek, Openwrt | 10 Mt6890, Mt7615, Mt7622 and 7 more | 2025-11-05 | N/A | 7.8 HIGH |
|
In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00435349; Issue ID: MSV-4051.
|
|||||
| CVE-2025-20736 | 2 Mediatek, Openwrt | 10 Mt6890, Mt7615, Mt7622 and 7 more | 2025-11-05 | N/A | 6.7 MEDIUM |
|
In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: WCNCR00435347; Issue ID: MSV-4049.
|
|||||
| CVE-2025-20737 | 2 Mediatek, Openwrt | 10 Mt6890, Mt7615, Mt7622 and 7 more | 2025-11-05 | N/A | 7.8 HIGH |
|
In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00435343; Issue ID: MSV-4040.
|
|||||
| CVE-2025-20738 | 2 Mediatek, Openwrt | 10 Mt6890, Mt7615, Mt7622 and 7 more | 2025-11-05 | N/A | 6.7 MEDIUM |
|
In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: WCNCR00435342; Issue ID: MSV-4039.
|
|||||
| CVE-2025-20739 | 2 Mediatek, Openwrt | 10 Mt6890, Mt7615, Mt7622 and 7 more | 2025-11-05 | N/A | 6.7 MEDIUM |
|
In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: WCNCR00435340; Issue ID: MSV-4038.
|
|||||
| CVE-2025-20741 | 2 Mediatek, Openwrt | 10 Mt6890, Mt7615, Mt7622 and 7 more | 2025-11-05 | N/A | 6.7 MEDIUM |
|
In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: WCNCR00434422; Issue ID: MSV-3958.
|
|||||
| CVE-2025-20742 | 2 Mediatek, Openwrt | 10 Mt6890, Mt7603, Mt7615 and 7 more | 2025-11-05 | N/A | 8.0 HIGH |
|
In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote (proximal/adjacent) escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00432680; Issue ID: MSV-3949.
|
|||||
| CVE-2025-20746 | 6 Google, Linuxfoundation, Mediatek and 3 more | 23 Android, Yocto, Mt2718 and 20 more | 2025-11-05 | N/A | 6.7 MEDIUM |
|
In gnss service, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10010441; Issue ID: MSV-3967.
|
|||||
| CVE-2025-20747 | 6 Google, Linuxfoundation, Mediatek and 3 more | 23 Android, Yocto, Mt2718 and 20 more | 2025-11-05 | N/A | 6.7 MEDIUM |
|
In gnss service, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10010443; Issue ID: MSV-3966.
|
|||||
| CVE-2025-20749 | 2 Google, Mediatek | 19 Android, Mt6789, Mt6835 and 16 more | 2025-11-05 | N/A | 6.7 MEDIUM |
|
In charger, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS09915493; Issue ID: MSV-3800.
|
|||||
| CVE-2025-9230 | 2025-11-04 | N/A | 7.5 HIGH | ||
|
Issue summary: An application trying to decrypt CMS messages encrypted using
password based encryption can trigger an out-of-bounds read and write.
Impact summary: This out-of-bounds read may trigger a crash which leads to
Denial of Service for an application. The out-of-bounds write can cause
a memory corruption which can have various consequences including
a Denial of Service or Execution of attacker-supplied code.
Although the consequences of a successful exploit of this vulnerability
could ...
Show More |
|||||
| CVE-2025-53367 | 2025-11-04 | N/A | N/A | ||
|
DjVuLibre is a GPL implementation of DjVu, a web-centric format for distributing documents and images. Prior to version 3.5.29, the MMRDecoder::scanruns method is affected by an OOB-write vulnerability, because it does not check that the xr pointer stays within the bounds of the allocated buffer. This can lead to writes beyond the allocated memory, resulting in a heap corruption condition. An out-of-bounds read with pr is also possible for the same reason. This issue has been patched in version ...
Show More |
|||||
| CVE-2025-43400 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2025-11-04 | N/A | 6.3 MEDIUM |
|
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in watchOS 26.1, tvOS 26.1. Processing a maliciously crafted font may lead to unexpected app termination or corrupt process memory.
|
|||||
| CVE-2025-12204 | 1 Kamailio | 1 Kamailio | 2025-11-04 | 4.3 MEDIUM | 5.3 MEDIUM |
|
A security vulnerability has been detected in Kamailio 5.5. Impacted is the function rve_destroy of the file src/core/rvalue.c of the component Configuration File Handler. The manipulation leads to heap-based buffer overflow. The attack must be carried out locally. The exploit has been disclosed publicly and may be used. There is ongoing doubt regarding the real existence of this vulnerability. This attack requires manipulating config files which might not be a realistic scenario in many cases. ...
Show More |
|||||
| CVE-2024-26811 | 1 Linux | 1 Linux Kernel | 2025-11-04 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
ksmbd: validate payload size in ipc response
If installing malicious ksmbd-tools, ksmbd.mountd can return invalid ipc
response to ksmbd kernel server. ksmbd should validate payload size of
ipc response from ksmbd.mountd to avoid memory overrun or
slab-out-of-bounds. This patch validate 3 ipc response that has payload.
|
|||||
| CVE-2024-24246 | 2 Fedoraproject, Qpdf Project | 2 Fedora, Qpdf | 2025-11-04 | N/A | 5.5 MEDIUM |
|
Heap Buffer Overflow vulnerability in qpdf 11.9.0 allows attackers to crash the application via the std::__shared_count() function at /bits/shared_ptr_base.h.
|
|||||
| CVE-2024-22667 | 2 Fedoraproject, Vim | 2 Fedora, Vim | 2025-11-04 | N/A | 7.8 HIGH |
|
Vim before 9.0.2142 has a stack-based buffer overflow because did_set_langmap in map.c calls sprintf to write to the error buffer that is passed down to the option callback functions.
|
|||||
| CVE-2024-0911 | 1 Gnu | 1 Indent | 2025-11-04 | N/A | 5.5 MEDIUM |
|
A flaw was found in indent, a program for formatting C code. This issue may allow an attacker to trick a user into processing a specially crafted file to trigger a heap-based buffer overflow, causing the application to crash.
|
|||||
| CVE-2023-48107 | 1 Zlib-ng | 1 Minizip-ng | 2025-11-04 | N/A | 8.8 HIGH |
|
Buffer Overflow vulnerability in zlib-ng minizip-ng v.4.0.2 allows an attacker to execute arbitrary code via a crafted file to the mz_path_has_slash function in the mz_os.c file.
|
|||||
| CVE-2023-43361 | 1 Xiph | 1 Vorbis-tools | 2025-11-04 | N/A | 7.8 HIGH |
|
Buffer Overflow vulnerability in Vorbis-tools v.1.4.2 allows a local attacker to execute arbitrary code and cause a denial of service during the conversion of wav files to ogg files.
|
|||||
| CVE-2023-38852 | 1 Libxls Project | 1 Libxls | 2025-11-04 | N/A | 6.5 MEDIUM |
|
Buffer Overflow vulnerability in libxlsv.1.6.2 allows a remote attacker to execute arbitrary code and cause a denial of service via a crafted XLS file to the unicode_decode_wcstombs function in xlstool.c:266.
|
|||||
| CVE-2023-21282 | 1 Google | 1 Android | 2025-11-04 | N/A | 8.8 HIGH |
|
In TRANSPOSER_SETTINGS of lpp_tran.h, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.
|
|||||
| CVE-2023-5367 | 4 Debian, Fedoraproject, Redhat and 1 more | 12 Debian Linux, Fedora, Enterprise Linux and 9 more | 2025-11-04 | N/A | 7.8 HIGH |
|
A out-of-bounds write flaw was found in the xorg-x11-server. This issue occurs due to an incorrect calculation of a buffer offset when copying data stored in the heap in the XIChangeDeviceProperty function in Xi/xiproperty.c and in RRChangeOutputProperty function in randr/rrproperty.c, allowing for possible escalation of privileges or denial of service.
|
|||||
| CVE-2023-4692 | 2 Gnu, Redhat | 2 Grub2, Enterprise Linux | 2025-11-04 | N/A | 7.5 HIGH |
|
An out-of-bounds write flaw was found in grub2's NTFS filesystem driver. This issue may allow an attacker to present a specially crafted NTFS filesystem image, leading to grub's heap metadata corruption. In some circumstances, the attack may also corrupt the UEFI firmware heap metadata. As a result, arbitrary code execution and secure boot protection bypass may be achieved.
|
|||||
| CVE-2023-46835 | 1 Xen | 1 Xen | 2025-11-04 | N/A | 5.5 MEDIUM |
|
The current setup of the quarantine page tables assumes that the
quarantine domain (dom_io) has been initialized with an address width
of DEFAULT_DOMAIN_ADDRESS_WIDTH (48) and hence 4 page table levels.
However dom_io being a PV domain gets the AMD-Vi IOMMU page tables
levels based on the maximum (hot pluggable) RAM address, and hence on
systems with no RAM above the 512GB mark only 3 page-table levels are
configured in the IOMMU.
On systems without RAM above the 512GB boundary
amd_iommu_quara ...
Show More |
|||||
| CVE-2023-43785 | 3 Fedoraproject, Redhat, X.org | 3 Fedora, Enterprise Linux, Libx11 | 2025-11-04 | N/A | 6.5 MEDIUM |
|
A vulnerability was found in libX11 due to a boundary condition within the _XkbReadKeySyms() function. This flaw allows a local user to trigger an out-of-bounds read error and read the contents of memory on the system.
|
|||||
| CVE-2023-42926 | 1 Apple | 1 Macos | 2025-11-04 | N/A | 7.8 HIGH |
|
Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Sonoma 14.2. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution.
|
|||||
| CVE-2023-42912 | 1 Apple | 1 Macos | 2025-11-04 | N/A | 7.8 HIGH |
|
Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Sonoma 14.2. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution.
|
|||||
| CVE-2023-42911 | 1 Apple | 1 Macos | 2025-11-04 | N/A | 7.8 HIGH |
|
Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Sonoma 14.2. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution.
|
|||||
| CVE-2023-42910 | 1 Apple | 1 Macos | 2025-11-04 | N/A | 8.8 HIGH |
|
Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Sonoma 14.2. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution.
|
|||||
| CVE-2023-42909 | 1 Apple | 1 Macos | 2025-11-04 | N/A | 7.8 HIGH |
|
Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Sonoma 14.2. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution.
|
|||||
| CVE-2023-42908 | 1 Apple | 1 Macos | 2025-11-04 | N/A | 7.8 HIGH |
|
Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Sonoma 14.2. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution.
|
|||||