Total
525 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-53359 | 2025-07-03 | N/A | N/A | ||
| ethereum is a common ethereum structs for Rust. Prior to ethereum crate v0.18.0, signature malleability (according to EIP-2) was only checked for "legacy" transactions, but not for EIP-2930, EIP-1559 and EIP-7702 transactions. This is a specification deviation. The signature malleability itself is not a security issue and not as high of a risk if the ethereum crate is used on a single-implementation blockchain. This issue has been patched in version v0.18.0. A workaround for this issue involves manually checking transaction malleability outside of the crate, however upgrading is recommended. | |||||
| CVE-2023-28910 | 2025-06-30 | N/A | 8.0 HIGH | ||
| A specific flaw exists within the Bluetooth stack of the MIB3 infotainment system. The issue results from the disabled abortion flag eventually leading to bypassing assertion functions. The vulnerability was originally discovered in Skoda Superb III car with MIB3 infotainment unit OEM part number 3V0035820. The list of affected MIB3 OEM part numbers is provided in the referenced resources. | |||||
| CVE-2025-1718 | 2025-06-26 | N/A | 6.5 MEDIUM | ||
| An authenticated user with file access privilege via FTP access can cause the Relion 670/650 and SAM600-IO series device to reboot due to improper disk space management. | |||||
| CVE-2025-0129 | 2025-06-13 | N/A | N/A | ||
| An improper exception check in Palo Alto Networks Prisma Access Browser allows a low privileged user to prevent Prisma Access Browser from applying it's Policy Rules. This enables the user to use Prisma Access Browser without any restrictions. | |||||
| CVE-2024-35421 | 1 Lonelycoder | 1 Vmir | 2025-06-05 | N/A | 5.5 MEDIUM |
| vmir e8117 was discovered to contain a segmentation violation via the wasm_parse_block function at /src/vmir_wasm_parser.c. | |||||
| CVE-2024-35424 | 1 Lonelycoder | 1 Vmir | 2025-06-05 | N/A | 5.5 MEDIUM |
| vmir e8117 was discovered to contain a segmentation violation via the import_function function at /src/vmir_wasm_parser.c. | |||||
| CVE-2024-35427 | 1 Lonelycoder | 1 Vmir | 2025-06-05 | N/A | 5.5 MEDIUM |
| vmir e8117 was discovered to contain a segmentation violation via the export_function function at /src/vmir_wasm_parser.c. | |||||
| CVE-2024-28036 | 2025-05-16 | N/A | 5.6 MEDIUM | ||
| Improper conditions check for some Intel(R) Arcâ„¢ GPU may allow an authenticated user to potentially enable denial of service via local access. | |||||
| CVE-2025-22848 | 2025-05-16 | N/A | 3.5 LOW | ||
| Improper conditions check for some Edge Orchestrator software for Intel(R) Tiberâ„¢ Edge Platform may allow an authenticated user to potentially enable denial of service via adjacent access. | |||||
| CVE-2022-41587 | 1 Huawei | 1 Emui | 2025-05-14 | N/A | 5.3 MEDIUM |
| Uncaptured exceptions in the home screen module. Successful exploitation of this vulnerability may affect stability. | |||||
| CVE-2024-4182 | 1 Mattermost | 1 Mattermost Server | 2025-05-12 | N/A | 4.3 MEDIUM |
| Mattermost versions 9.6.0, 9.5.x before 9.5.3, 9.4.x before 9.4.5, and 8.1.x before 8.1.12 fail to handle JSON parsing errors in custom status values, which allows an authenticated attacker to crash other users' web clients via a malformed custom status. | |||||
| CVE-2023-52534 | 2 Google, Unisoc | 5 Android, S8000, T760 and 2 more | 2025-05-06 | N/A | 5.9 MEDIUM |
| In ngmm, there is a possible undefined behavior due to incorrect error handling. This could lead to remote denial of service with no additional execution privileges needed | |||||
| CVE-2022-21737 | 1 Google | 1 Tensorflow | 2025-05-05 | 4.0 MEDIUM | 6.5 MEDIUM |
| Tensorflow is an Open Source Machine Learning Framework. The implementation of `*Bincount` operations allows malicious users to cause denial of service by passing in arguments which would trigger a `CHECK`-fail. There are several conditions that the input arguments must satisfy. Some are not caught during shape inference and others are not caught during kernel implementation. This results in `CHECK` failures later when the output tensors get allocated. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. | |||||
| CVE-2021-33147 | 1 Intel | 1 Integrated Performance Primitives Cryptography | 2025-05-05 | 2.1 LOW | 5.5 MEDIUM |
| Improper conditions check in the Intel(R) IPP Crypto library before version 2021.2 may allow an authenticated user to potentially enable information disclosure via local access. | |||||
| CVE-2021-33139 | 1 Intel | 32 Ac3168, Ac3168 Firmware, Ac 1550 and 29 more | 2025-05-05 | 2.7 LOW | 5.7 MEDIUM |
| Improper conditions check in firmware for some Intel(R) Wireless Bluetooth(R) and Killer(TM) Bluetooth(R) products before version 22.100 may allow an authenticated user to potentially enable denial of service via adjacent access. | |||||
| CVE-2023-32871 | 5 Google, Linuxfoundation, Mediatek and 2 more | 63 Android, Yocto, Mt2737 and 60 more | 2025-05-05 | N/A | 5.3 MEDIUM |
| In DA, there is a possible permission bypass due to an incorrect status check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08355514; Issue ID: ALPS08355514. | |||||
| CVE-2022-20426 | 1 Google | 1 Android | 2025-05-01 | N/A | 5.5 MEDIUM |
| In multiple functions of many files, there is a possible obstruction of the user's ability to select a phone account due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-236263294 | |||||
| CVE-2024-43435 | 1 Moodle | 1 Moodle | 2025-05-01 | N/A | 5.3 MEDIUM |
| A flaw was found in moodle. Insufficient capability checks make it possible for users with access to restore glossaries in courses to restore them into the global site glossary. | |||||
| CVE-2022-29278 | 1 Insyde | 1 Kernel | 2025-04-30 | N/A | 8.2 HIGH |
| Incorrect pointer checks within the NvmExpressDxe driver can allow tampering with SMRAM and OS memory Incorrect pointer checks within the NvmExpressDxe driver can allow tampering with SMRAM and OS memory. This issue was discovered by Insyde during security review. Fixed in: Kernel 5.1: Version 05.17.23 Kernel 5.2: Version 05.27.23 Kernel 5.3: Version 05.36.23 Kernel 5.4: Version 05.44.23 Kernel 5.5: Version 05.52.23 https://www.insyde.com/security-pledge/SA-2022061 | |||||
| CVE-2021-47227 | 1 Linux | 1 Linux Kernel | 2025-04-29 | N/A | 5.5 MEDIUM |
| In the Linux kernel, the following vulnerability has been resolved: x86/fpu: Prevent state corruption in __fpu__restore_sig() The non-compacted slowpath uses __copy_from_user() and copies the entire user buffer into the kernel buffer, verbatim. This means that the kernel buffer may now contain entirely invalid state on which XRSTOR will #GP. validate_user_xstate_header() can detect some of that corruption, but that leaves the onus on callers to clear the buffer. Prior to XSAVES support, it was possible just to reinitialize the buffer, completely, but with supervisor states that is not longer possible as the buffer clearing code split got it backwards. Fixing that is possible but not corrupting the state in the first place is more robust. Avoid corruption of the kernel XSAVE buffer by using copy_user_to_xstate() which validates the XSAVE header contents before copying the actual states to the kernel. copy_user_to_xstate() was previously only called for compacted-format kernel buffers, but it works for both compacted and non-compacted forms. Using it for the non-compacted form is slower because of multiple __copy_from_user() operations, but that cost is less important than robust code in an already slow path. [ Changelog polished by Dave Hansen ] | |||||