Total
13459 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-3068 | 6 Adobe, Apple, Google and 3 more | 11 Flash Player, Flash Player Desktop Runtime, Mac Os X and 8 more | 2025-04-20 | 9.3 HIGH | 8.8 HIGH |
|
Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable memory corruption vulnerability in the Advanced Video Coding engine. Successful exploitation could lead to arbitrary code execution.
|
|||||
| CVE-2017-5949 | 1 Apple | 1 Safari | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
JavaScriptCore in WebKit, as distributed in Safari Technology Preview Release 22, allows remote attackers to cause a denial of service (heap-based out-of-bounds write and application crash) or possibly have unspecified other impact via crafted JavaScript code that triggers access to red-zone memory locations, related to jit/ThunkGenerators.cpp, llint/LowLevelInterpreter32_64.asm, and llint/LowLevelInterpreter64.asm.
|
|||||
| CVE-2017-5957 | 2 Qemu, Virglrenderer Project | 2 Qemu, Virglrenderer | 2025-04-20 | 2.1 LOW | 5.5 MEDIUM |
|
Stack-based buffer overflow in the vrend_decode_set_framebuffer_state function in vrend_decode.c in virglrenderer before 926b9b3460a48f6454d8bbe9e44313d86a65447f, as used in Quick Emulator (QEMU), allows a local guest users to cause a denial of service (application crash) via the "nr_cbufs" argument.
|
|||||
| CVE-2017-6891 | 3 Apache, Debian, Gnu | 3 Bookkeeper, Debian Linux, Libtasn1 | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
|
Two errors in the "asn1_find_node()" function (lib/parser_aux.c) within GnuTLS libtasn1 version 4.10 can be exploited to cause a stacked-based buffer overflow by tricking a user into processing a specially crafted assignments file via the e.g. asn1Coding utility.
|
|||||
| CVE-2017-0325 | 1 Linux | 1 Linux Kernel | 2025-04-20 | 7.6 HIGH | 7.0 HIGH |
|
An elevation of privilege vulnerability in the NVIDIA I2C HID driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel 3.10 and Kernel 3.18. Android ID: A-33040280. References: N-CVE-2017-0325.
|
|||||
| CVE-2017-8233 | 1 Google | 1 Android | 2025-04-20 | 9.3 HIGH | 7.8 HIGH |
|
In a camera driver function in all Android releases from CAF using the Linux kernel, a bounds check is missing when writing into an array potentially leading to an out-of-bounds heap write.
|
|||||
| CVE-2017-16879 | 1 Gnu | 1 Ncurses | 2025-04-20 | 6.8 MEDIUM | 7.8 HIGH |
|
Stack-based buffer overflow in the _nc_write_entry function in tinfo/write_entry.c in ncurses 6.0 allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted terminfo file, as demonstrated by tic.
|
|||||
| CVE-2017-6440 | 1 Libplist Project | 1 Libplist | 2025-04-20 | 1.9 LOW | 5.0 MEDIUM |
|
The parse_data_node function in bplist.c in libimobiledevice libplist 1.12 allows local users to cause a denial of service (memory allocation error) via a crafted plist file.
|
|||||
| CVE-2017-2988 | 5 Adobe, Apple, Google and 2 more | 8 Flash Player, Flash Player Desktop Runtime, Mac Os X and 5 more | 2025-04-20 | 9.3 HIGH | 8.8 HIGH |
|
Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable memory corruption vulnerability when performing garbage collection. Successful exploitation could lead to arbitrary code execution.
|
|||||
| CVE-2016-2371 | 3 Canonical, Debian, Pidgin | 3 Ubuntu Linux, Debian Linux, Pidgin | 2025-04-20 | 6.8 MEDIUM | 8.1 HIGH |
|
An out-of-bounds write vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could cause memory corruption resulting in code execution.
|
|||||
| CVE-2017-7308 | 1 Linux | 1 Linux Kernel | 2025-04-20 | 7.2 HIGH | 7.8 HIGH |
|
The packet_set_ring function in net/packet/af_packet.c in the Linux kernel through 4.10.6 does not properly validate certain block-size data, which allows local users to cause a denial of service (integer signedness error and out-of-bounds write), or gain privileges (if the CAP_NET_RAW capability is held), via crafted system calls.
|
|||||
| CVE-2015-5237 | 1 Google | 1 Protobuf | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
|
protobuf allows remote authenticated attackers to cause a heap-based buffer overflow.
|
|||||
| CVE-2017-14040 | 2 Debian, Uclouvain | 2 Debian Linux, Openjpeg | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
|
An invalid write access was discovered in bin/jp2/convert.c in OpenJPEG 2.2.0, triggering a crash in the tgatoimage function. The vulnerability may lead to remote denial of service or possibly unspecified other impact.
|
|||||
| CVE-2016-7538 | 1 Imagemagick | 1 Imagemagick | 2025-04-20 | 4.3 MEDIUM | 6.5 MEDIUM |
|
coders/psd.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted file.
|
|||||
| CVE-2017-3630 | 1 Oracle | 1 Solaris | 2025-04-20 | 4.6 MEDIUM | 5.3 MEDIUM |
|
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Solaris executes to compromise Solaris. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Solaris accessible data as well as unauthorized read access to a subset of Solaris accessible ...
Show More |
|||||
| CVE-2017-5029 | 7 Apple, Debian, Google and 4 more | 10 Macos, Debian Linux, Android and 7 more | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
|
The xsltAddTextString function in transform.c in libxslt 1.1.29, as used in Blink in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android, lacked a check for integer overflow during a size calculation, which allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.
|
|||||
| CVE-2022-20549 | 1 Google | 1 Android | 2025-04-18 | N/A | 6.7 MEDIUM |
|
In authToken2AidlVec of KeyMintUtils.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-242702451
|
|||||
| CVE-2022-20548 | 1 Google | 1 Android | 2025-04-18 | N/A | 7.8 HIGH |
|
In setParameter of EqualizerEffect.cpp, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-240919398
|
|||||
| CVE-2022-20539 | 1 Google | 1 Android | 2025-04-18 | N/A | 6.7 MEDIUM |
|
In parameterToHal of Effect.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege in the audio server with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-237291425
|
|||||
| CVE-2025-20657 | 2 Google, Mediatek | 14 Android, Mt6765, Mt6768 and 11 more | 2025-04-18 | N/A | 6.7 MEDIUM |
|
In vdec, there is a possible permission bypass due to improper input validation. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS09486425; Issue ID: MSV-2609.
|
|||||
| CVE-2025-24451 | 1 Adobe | 1 Substance 3d Painter | 2025-04-18 | N/A | 7.8 HIGH |
|
Substance3D - Painter versions 10.1.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2022-20583 | 1 Google | 1 Android | 2025-04-18 | N/A | 6.7 MEDIUM |
|
In ppmp_unprotect_mfcfw_buf of drm_fw.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege in S-EL1 with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-234859169References: N/A
|
|||||
| CVE-2022-20582 | 1 Google | 1 Android | 2025-04-18 | N/A | 7.8 HIGH |
|
In ppmp_unprotect_mfcfw_buf of drm_fw.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-233645166References: N/A
|
|||||
| CVE-2022-20580 | 1 Google | 1 Android | 2025-04-18 | N/A | 6.7 MEDIUM |
|
In ufdt_do_one_fixup of ufdt_overlay.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-243629453References: N/A
|
|||||
| CVE-2022-20579 | 1 Google | 1 Android | 2025-04-18 | N/A | 6.7 MEDIUM |
|
In RadioImpl::setCdmaBroadcastConfig of ril_service_legacy.cpp, there is a possible stack clash leading to memory corruption. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-243510139References: N/A
|
|||||
| CVE-2022-20578 | 1 Google | 1 Android | 2025-04-18 | N/A | 6.7 MEDIUM |
|
In RadioImpl::setGsmBroadcastConfig of ril_service_legacy.cpp, there is a possible stack clash leading to memory corruption. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-243509749References: N/A
|
|||||
| CVE-2022-20577 | 1 Google | 1 Android | 2025-04-18 | N/A | 6.7 MEDIUM |
|
In OemSimAuthRequest::encode of wlandata.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-241762281References: N/A
|
|||||
| CVE-2022-20576 | 1 Google | 1 Android | 2025-04-18 | N/A | 6.7 MEDIUM |
|
In externalOnRequest of rilapplication.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-239701761References: N/A
|
|||||
| CVE-2025-24450 | 1 Adobe | 1 Substance 3d Painter | 2025-04-18 | N/A | 7.8 HIGH |
|
Substance3D - Painter versions 10.1.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2025-27182 | 3 Adobe, Apple, Microsoft | 3 After Effects, Macos, Windows | 2025-04-18 | N/A | 7.8 HIGH |
|
After Effects versions 25.1, 24.6.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2025-27183 | 3 Adobe, Apple, Microsoft | 3 After Effects, Macos, Windows | 2025-04-18 | N/A | 7.8 HIGH |
|
After Effects versions 25.1, 24.6.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2024-32615 | 1 Hdfgroup | 1 Hdf5 | 2025-04-18 | N/A | 9.8 CRITICAL |
|
HDF5 Library through 1.14.3 contains a heap-based buffer overflow in H5Z__nbit_decompress_one_byte in H5Znbit.c, caused by the earlier use of an initialized pointer.
|
|||||
| CVE-2022-42511 | 1 Google | 1 Android | 2025-04-18 | N/A | 6.7 MEDIUM |
|
In EmbmsSessionData::encode of embmsdata.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-241762712References: N/A
|
|||||
| CVE-2022-42509 | 1 Google | 1 Android | 2025-04-18 | N/A | 6.7 MEDIUM |
|
In CallDialReqData::encode of callreqdata.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-241544307References: N/A
|
|||||
| CVE-2022-42504 | 1 Google | 1 Android | 2025-04-18 | N/A | 6.7 MEDIUM |
|
In CallDialReqData::encodeCallNumber of callreqdata.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-241232209References: N/A
|
|||||
| CVE-2022-42503 | 1 Google | 1 Android | 2025-04-18 | N/A | 6.7 MEDIUM |
|
In ProtocolMiscBuilder::BuildSetLinkCapaReportCriteria of protocolmiscbuilder.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-241231983References: N/A
|
|||||
| CVE-2022-42502 | 1 Google | 1 Android | 2025-04-18 | N/A | 6.7 MEDIUM |
|
In FacilityLock::Parse of simdata.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-241231970References: N/A
|
|||||
| CVE-2022-42501 | 1 Google | 1 Android | 2025-04-18 | N/A | 6.7 MEDIUM |
|
In HexString2Value of util.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-241231403References: N/A
|
|||||
| CVE-2022-20607 | 1 Google | 1 Android | 2025-04-18 | N/A | 8.8 HIGH |
|
In the Pixel cellular firmware, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with LTE authentication needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-238914868References: N/A
|
|||||
| CVE-2022-20603 | 1 Google | 1 Android | 2025-04-18 | N/A | 7.2 HIGH |
|
In SetDecompContextDb of RohcDeCompContextOfRbId.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-219265339References: N/A
|
|||||