Total
415 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-33147 | 1 Intel | 1 Integrated Performance Primitives Cryptography | 2025-05-05 | 2.1 LOW | 5.5 MEDIUM |
| Improper conditions check in the Intel(R) IPP Crypto library before version 2021.2 may allow an authenticated user to potentially enable information disclosure via local access. | |||||
| CVE-2021-33139 | 1 Intel | 32 Ac3168, Ac3168 Firmware, Ac 1550 and 29 more | 2025-05-05 | 2.7 LOW | 5.7 MEDIUM |
| Improper conditions check in firmware for some Intel(R) Wireless Bluetooth(R) and Killer(TM) Bluetooth(R) products before version 22.100 may allow an authenticated user to potentially enable denial of service via adjacent access. | |||||
| CVE-2023-32871 | 5 Google, Linuxfoundation, Mediatek and 2 more | 63 Android, Yocto, Mt2737 and 60 more | 2025-05-05 | N/A | 5.3 MEDIUM |
| In DA, there is a possible permission bypass due to an incorrect status check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08355514; Issue ID: ALPS08355514. | |||||
| CVE-2024-42160 | 1 Linux | 1 Linux Kernel | 2025-05-02 | N/A | 7.8 HIGH |
| In the Linux kernel, the following vulnerability has been resolved: f2fs: check validation of fault attrs in f2fs_build_fault_attr() - It missed to check validation of fault attrs in parse_options(), let's fix to add check condition in f2fs_build_fault_attr(). - Use f2fs_build_fault_attr() in __sbi_store() to clean up code. | |||||
| CVE-2022-20426 | 1 Google | 1 Android | 2025-05-01 | N/A | 5.5 MEDIUM |
| In multiple functions of many files, there is a possible obstruction of the user's ability to select a phone account due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-236263294 | |||||
| CVE-2024-43435 | 1 Moodle | 1 Moodle | 2025-05-01 | N/A | 5.3 MEDIUM |
| A flaw was found in moodle. Insufficient capability checks make it possible for users with access to restore glossaries in courses to restore them into the global site glossary. | |||||
| CVE-2024-50602 | 2025-04-30 | N/A | 5.9 MEDIUM | ||
| An issue was discovered in libexpat before 2.6.4. There is a crash within the XML_ResumeParser function because XML_StopParser can stop/suspend an unstarted parser. | |||||
| CVE-2022-29278 | 1 Insyde | 1 Kernel | 2025-04-30 | N/A | 8.2 HIGH |
| Incorrect pointer checks within the NvmExpressDxe driver can allow tampering with SMRAM and OS memory Incorrect pointer checks within the NvmExpressDxe driver can allow tampering with SMRAM and OS memory. This issue was discovered by Insyde during security review. Fixed in: Kernel 5.1: Version 05.17.23 Kernel 5.2: Version 05.27.23 Kernel 5.3: Version 05.36.23 Kernel 5.4: Version 05.44.23 Kernel 5.5: Version 05.52.23 https://www.insyde.com/security-pledge/SA-2022061 | |||||
| CVE-2021-47227 | 1 Linux | 1 Linux Kernel | 2025-04-29 | N/A | 5.5 MEDIUM |
| In the Linux kernel, the following vulnerability has been resolved: x86/fpu: Prevent state corruption in __fpu__restore_sig() The non-compacted slowpath uses __copy_from_user() and copies the entire user buffer into the kernel buffer, verbatim. This means that the kernel buffer may now contain entirely invalid state on which XRSTOR will #GP. validate_user_xstate_header() can detect some of that corruption, but that leaves the onus on callers to clear the buffer. Prior to XSAVES support, it was possible just to reinitialize the buffer, completely, but with supervisor states that is not longer possible as the buffer clearing code split got it backwards. Fixing that is possible but not corrupting the state in the first place is more robust. Avoid corruption of the kernel XSAVE buffer by using copy_user_to_xstate() which validates the XSAVE header contents before copying the actual states to the kernel. copy_user_to_xstate() was previously only called for compacted-format kernel buffers, but it works for both compacted and non-compacted forms. Using it for the non-compacted form is slower because of multiple __copy_from_user() operations, but that cost is less important than robust code in an already slow path. [ Changelog polished by Dave Hansen ] | |||||
| CVE-2024-4367 | 3 Debian, Mozilla, Open-xchange | 4 Debian Linux, Firefox, Thunderbird and 1 more | 2025-04-24 | N/A | 8.8 HIGH |
| A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js context. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11. | |||||
| CVE-2024-20037 | 2 Google, Mediatek | 31 Android, Mt6739, Mt6761 and 28 more | 2025-04-22 | N/A | 6.7 MEDIUM |
| In pq, there is a possible write-what-where condition due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08495937; Issue ID: ALPS08495937. | |||||
| CVE-2022-47111 | 2025-04-21 | N/A | 2.5 LOW | ||
| 7-Zip 22.01 does not report an error for certain invalid xz files, involving block flags and reserved bits. Some later versions are unaffected. | |||||
| CVE-2022-47112 | 2025-04-21 | N/A | 2.5 LOW | ||
| 7-Zip 22.01 does not report an error for certain invalid xz files, involving stream flags and reserved bits. Some later versions are unaffected. | |||||
| CVE-2017-17085 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| In Wireshark 2.4.0 to 2.4.2 and 2.2.0 to 2.2.10, the CIP Safety dissector could crash. This was addressed in epan/dissectors/packet-cipsafety.c by validating the packet length. | |||||
| CVE-2017-17044 | 1 Xen | 1 Xen | 2025-04-20 | 4.9 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in Xen through 4.9.x allowing HVM guest OS users to cause a denial of service (infinite loop and host OS hang) by leveraging the mishandling of Populate on Demand (PoD) errors. | |||||
| CVE-2017-0610 | 1 Linux | 1 Linux Kernel | 2025-04-20 | 7.6 HIGH | 7.0 HIGH |
| An elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-35399404. References: QC-CR#1094852. | |||||
| CVE-2017-17815 | 2 Canonical, Nasm | 2 Ubuntu Linux, Netwide Assembler | 2025-04-20 | 4.3 MEDIUM | 5.5 MEDIUM |
| In Netwide Assembler (NASM) 2.14rc0, there is an illegal address access in is_mmacro() in asm/preproc.c that will cause a remote denial of service attack, because of a missing check for the relationship between minimum and maximum parameter counts. | |||||
| CVE-2017-13142 | 1 Imagemagick | 1 Imagemagick | 2025-04-20 | 4.3 MEDIUM | 6.5 MEDIUM |
| In ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1, a crafted PNG file could trigger a crash because there was an insufficient check for short files. | |||||
| CVE-2017-10894 | 1 Streamrelay | 1 Streamrelay | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| StreamRelay.NET.exe ver2.14.0.7 and earlier allows remote attackers to cause a denial of service via unspecified vectors. | |||||
| CVE-2017-10895 | 1 Sdnsproxy Project | 1 Sdnsproxy | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| sDNSProxy.exe ver1.1.0.0 and earlier allows remote attackers to cause a denial of service via unspecified vectors. | |||||