Total
13459 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-13167 | 1 Ivanti | 1 Endpoint Manager | 2025-07-11 | N/A | 7.5 HIGH |
|
An out-of-bounds write in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to cause a denial of service.
|
|||||
| CVE-2018-9405 | 1 Google | 1 Android | 2025-07-10 | N/A | 6.7 MEDIUM |
|
In BnDmAgent::onTransact of dm_agent.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
|
|||||
| CVE-2018-9373 | 1 Google | 1 Android | 2025-07-10 | N/A | 8.8 HIGH |
|
In TdlsexRxFrameHandle of the MTK WLAN driver, there is a possible out of bounds write due to a missing bounds check. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
|
|||||
| CVE-2025-47124 | 2 Adobe, Microsoft | 2 Framemaker, Windows | 2025-07-10 | N/A | 7.8 HIGH |
|
Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2025-47126 | 2 Adobe, Microsoft | 2 Framemaker, Windows | 2025-07-10 | N/A | 7.8 HIGH |
|
Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2025-47127 | 2 Adobe, Microsoft | 2 Framemaker, Windows | 2025-07-10 | N/A | 7.8 HIGH |
|
Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2025-47129 | 2 Adobe, Microsoft | 2 Framemaker, Windows | 2025-07-10 | N/A | 7.8 HIGH |
|
Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2025-47132 | 2 Adobe, Microsoft | 2 Framemaker, Windows | 2025-07-10 | N/A | 7.8 HIGH |
|
Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2025-47133 | 2 Adobe, Microsoft | 2 Framemaker, Windows | 2025-07-10 | N/A | 7.8 HIGH |
|
Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2025-43594 | 3 Adobe, Apple, Microsoft | 3 Indesign, Macos, Windows | 2025-07-10 | N/A | 7.8 HIGH |
|
InDesign Desktop versions 19.5.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2025-49526 | 3 Adobe, Apple, Microsoft | 3 Illustrator, Macos, Windows | 2025-07-10 | N/A | 7.8 HIGH |
|
Illustrator versions 28.7.6, 29.5.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2025-49530 | 3 Adobe, Apple, Microsoft | 3 Illustrator, Macos, Windows | 2025-07-10 | N/A | 7.8 HIGH |
|
Illustrator versions 28.7.6, 29.5.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2017-5975 | 2 Debian, Gdraheim | 2 Debian Linux, Zziplib | 2025-07-10 | 4.3 MEDIUM | 5.5 MEDIUM |
|
Heap-based buffer overflow in the __zzip_get64 function in fetch.c in zziplib 0.13.62, 0.13.61, 0.13.60, 0.13.59, 0.13.58, 0.13.57, 0.13.56 allows remote attackers to cause a denial of service (crash) via a crafted ZIP file.
|
|||||
| CVE-2017-5976 | 2 Debian, Gdraheim | 2 Debian Linux, Zziplib | 2025-07-10 | 4.3 MEDIUM | 5.5 MEDIUM |
|
Heap-based buffer overflow in the zzip_mem_entry_extra_block function in memdisk.c in zziplib 0.13.62, 0.13.61, 0.13.60, 0.13.59, 0.13.58, 0.13.57, 0.13.56 allows remote attackers to cause a denial of service (crash) via a crafted ZIP file.
|
|||||
| CVE-2024-45993 | 1 Giflib Project | 1 Giflib | 2025-07-10 | N/A | 6.5 MEDIUM |
|
Giflib Project v5.2.2 is vulnerable to a heap buffer overflow via gif2rgb.
|
|||||
| CVE-2025-20681 | 2 Mediatek, Openwrt | 7 Mt6890, Mt7615, Mt7622 and 4 more | 2025-07-09 | N/A | 9.8 CRITICAL |
|
In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00416936; Issue ID: MSV-3446.
|
|||||
| CVE-2025-20682 | 2 Mediatek, Openwrt | 10 Mt6890, Mt7615, Mt7622 and 7 more | 2025-07-09 | N/A | 9.8 CRITICAL |
|
In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00416937; Issue ID: MSV-3445.
|
|||||
| CVE-2025-20683 | 2 Mediatek, Openwrt | 10 Mt6890, Mt7615, Mt7622 and 7 more | 2025-07-09 | N/A | 9.8 CRITICAL |
|
In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00416938; Issue ID: MSV-3444.
|
|||||
| CVE-2025-20684 | 1 Mediatek | 4 Mt7615, Mt7622, Mt7663 and 1 more | 2025-07-09 | N/A | 9.8 CRITICAL |
|
In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00416939; Issue ID: MSV-3422.
|
|||||
| CVE-2024-42815 | 1 Tp-link | 2 Re365, Re365 Firmware | 2025-07-09 | N/A | 9.8 CRITICAL |
|
In the TP-Link RE365 V1_180213, there is a buffer overflow vulnerability due to the lack of length verification for the USER_AGENT field in /usr/bin/httpd. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or execute arbitrary commands.
|
|||||
| CVE-2025-27477 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-07-08 | N/A | 8.8 HIGH |
|
Heap-based buffer overflow in Windows Telephony Service allows an unauthorized attacker to execute code over a network.
|
|||||
| CVE-2025-42971 | 2025-07-08 | N/A | 4.0 MEDIUM | ||
|
A memory corruption vulnerability exists in SAPCAR allowing an attacker to craft malicious SAPCAR archives. When a high privileged victim extracts this malicious archive, it gets processed by SAPCAR on their system, resulting in out-of-bounds memory read and write. This could lead to file extraction and file overwrite outside the intended directories. This vulnerability has low impact on the confidentiality, integrity and availability of the application.
|
|||||
| CVE-2023-50190 | 1 Trimble | 1 Sketchup Viewer | 2025-07-08 | N/A | 7.8 HIGH |
|
Trimble SketchUp Viewer SKP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of SKP files. The issue results from the lack of proper validation of user-supplied data, which can re ...
Show More |
|||||
| CVE-2025-40580 | 1 Siemens | 2 Scalance Lpe9403, Scalance Lpe9403 Firmware | 2025-07-08 | N/A | 6.7 MEDIUM |
|
A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0 HF0). Affected devices are vulnerable to a stack-based buffer overflow.
This could allow a non-privileged local attacker to execute arbitrary code on the device or to cause a denial of service condition.
|
|||||
| CVE-2025-40579 | 1 Siemens | 2 Scalance Lpe9403, Scalance Lpe9403 Firmware | 2025-07-08 | N/A | 6.7 MEDIUM |
|
A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0 HF0). Affected devices are vulnerable to a stack-based buffer overflow.
This could allow a non-privileged local attacker to execute arbitrary code on the device or to cause a denial of service condition.
|
|||||
| CVE-2025-27487 | 1 Microsoft | 17 Remote Desktop Client, Windows 10 1507, Windows 10 1607 and 14 more | 2025-07-07 | N/A | 8.0 HIGH |
|
Heap-based buffer overflow in Remote Desktop Client allows an authorized attacker to execute code over a network.
|
|||||
| CVE-2025-6659 | 1 Pdf-xchange | 3 Pdf-tools, Pdf-xchange Editor, Pdf-xchange Pro | 2025-07-07 | N/A | 7.8 HIGH |
|
PDF-XChange Editor PRC File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of PRC files. The issue results from the lack of proper validation of user-supplied data, which can result in a ...
Show More |
|||||
| CVE-2024-49538 | 3 Adobe, Apple, Microsoft | 3 Illustrator, Macos, Windows | 2025-07-07 | N/A | 7.8 HIGH |
|
Illustrator versions 29.0.0, 28.7.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2018-9372 | 1 Google | 1 Android | 2025-07-03 | N/A | 7.8 HIGH |
|
In cmd_flash_mmc_sparse_img of dl_commands.c, there is a possible out of bounds write due to a missing bounds check. This could lead to a local escalation of privilege in the bootloader with no additional execution privileges needed. User interaction is not needed for exploitation.
|
|||||
| CVE-2018-9409 | 1 Google | 1 Android | 2025-07-03 | N/A | 7.8 HIGH |
|
In HWCSession::SetColorModeById of hwc_session.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
|
|||||
| CVE-2024-43077 | 1 Google | 1 Android | 2025-07-03 | N/A | 7.8 HIGH |
|
In DevmemValidateFlags of devicemem_server.c , there is a possible out of bounds write due to memory corruption. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
|
|||||
| CVE-2024-37377 | 1 Ivanti | 2 Connect Secure, Policy Secure | 2025-07-02 | N/A | 7.5 HIGH |
|
A heap-based buffer overflow in IPsec of Ivanti Connect Secure before version 22.7R2.3 allows a remote unauthenticated attacker to cause a denial of service.
|
|||||
| CVE-2025-6272 | 1 Wasm3 Project | 1 Wasm3 | 2025-07-02 | 1.7 LOW | 3.3 LOW |
|
A vulnerability has been found in wasm3 0.5.0 and classified as problematic. This vulnerability affects the function MarkSlotAllocated of the file source/m3_compile.c. The manipulation leads to out-of-bounds write. An attack has to be approached locally. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2025-6654 | 1 Pdf-xchange | 2 Pdf-tools, Pdf-xchange Editor | 2025-07-01 | N/A | 7.8 HIGH |
|
PDF-XChange Editor PRC File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of PRC files. The issue results from the lack of proper validation of user-supplied data, which can result in a ...
Show More |
|||||
| CVE-2025-6651 | 1 Pdf-xchange | 2 Pdf-tools, Pdf-xchange Editor | 2025-07-01 | N/A | 7.8 HIGH |
|
PDF-XChange Editor JP2 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of JP2 files. The issue results from the lack of proper validation of user-supplied data, which can result in a ...
Show More |
|||||
| CVE-2025-6647 | 1 Pdf-xchange | 2 Pdf-tools, Pdf-xchange Editor | 2025-07-01 | N/A | 7.8 HIGH |
|
PDF-XChange Editor U3D File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of U3D files. The issue results from the lack of proper validation of user-supplied data, which can result in a ...
Show More |
|||||
| CVE-2025-0566 | 1 Tenda | 2 Ac15, Ac15 Firmware | 2025-07-01 | 9.0 HIGH | 8.8 HIGH |
|
A vulnerability classified as critical has been found in Tenda AC15 15.13.07.13. This affects the function formSetDevNetName of the file /goform/SetDevNetName. The manipulation of the argument mac leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2024-39890 | 1 Samsung | 38 Exynos 1080, Exynos 1080 Firmware, Exynos 1280 and 35 more | 2025-07-01 | N/A | 8.1 HIGH |
|
An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 9820, 9825, 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 9110, W920, W930, W1000, Modem 5123, Modem 5300. The baseband software does not properly check the length specified by the CC (Call Control). This can lead to an Out-of-Bounds write.
|
|||||
| CVE-2024-45185 | 1 Samsung | 18 Exynos 1080 Firmware, Exynos 1280 Firmware, Exynos 1330 Firmware and 15 more | 2025-07-01 | N/A | 5.1 MEDIUM |
|
An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 9820, 9825, 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 9110, W920, W930, Modem 5123, Modem 5300. There is an out-of-bounds write due to a heap overflow in the GPRS protocol.
|
|||||
| CVE-2024-55569 | 1 Samsung | 34 Exynos 1080, Exynos 1080 Firmware, Exynos 1280 and 31 more | 2025-07-01 | N/A | 7.5 HIGH |
|
An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 9110, W920, W930, W1000, Modem 5123, Modem 5300, Modem 5400. The lack of a length check leads to out-of-bounds writes.
|
|||||