Total
12401 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-45183 | 2025-08-05 | N/A | 6.5 MEDIUM | ||
| An issue was discovered in Samsung Mobile Processor Exynos 2100, 1280, 2200, 1330, 1380, 1480, and 2400. A lack of a JPEG length check leads to an out-of-bound write. | |||||
| CVE-2024-0229 | 3 Fedoraproject, Redhat, X.org | 8 Fedora, Enterprise Linux, Enterprise Linux Aus and 5 more | 2025-08-04 | N/A | 7.8 HIGH |
| An out-of-bounds memory access flaw was found in the X.Org server. This issue can be triggered when a device frozen by a sync grab is reattached to a different master device. This issue may lead to an application crash, local privilege escalation (if the server runs with extended privileges), or remote code execution in SSH X11 forwarding environments. | |||||
| CVE-2023-6816 | 4 Debian, Fedoraproject, Redhat and 1 more | 7 Debian Linux, Fedora, Enterprise Linux Desktop and 4 more | 2025-08-04 | N/A | 9.8 CRITICAL |
| A flaw was found in X.Org server. Both DeviceFocusEvent and the XIQueryPointer reply contain a bit for each logical button currently down. Buttons can be arbitrarily mapped to any value up to 255, but the X.Org Server was only allocating space for the device's particular number of buttons, leading to a heap overflow if a bigger value was used. | |||||
| CVE-2023-5367 | 4 Debian, Fedoraproject, Redhat and 1 more | 12 Debian Linux, Fedora, Enterprise Linux and 9 more | 2025-08-04 | N/A | 7.8 HIGH |
| A out-of-bounds write flaw was found in the xorg-x11-server. This issue occurs due to an incorrect calculation of a buffer offset when copying data stored in the heap in the XIChangeDeviceProperty function in Xi/xiproperty.c and in RRChangeOutputProperty function in randr/rrproperty.c, allowing for possible escalation of privileges or denial of service. | |||||
| CVE-2025-46715 | 1 Sandboxie-plus | 1 Sandboxie | 2025-08-04 | N/A | 7.8 HIGH |
| Sandboxie is a sandbox-based isolation software for 32-bit and 64-bit Windows NT-based operating systems. Starting in version 1.3.0 and prior to version 1.15.12, Api_GetSecureParam fails to sanitize incoming pointers, and implicitly trusts that the pointer the user has passed in is safe to write to. GetRegValue then writes the contents of the SBIE registry entry selected to this address. An attacker can pass in a kernel pointer and the driver dumps the registry key contents we requested to it. This can be triggered by anyone on the system, including low integrity windows processes. Version 1.15.12 fixes the issue. | |||||
| CVE-2020-25412 | 1 Gnuplot | 1 Gnuplot | 2025-08-04 | 7.5 HIGH | 9.8 CRITICAL |
| com_line() in command.c in gnuplot 5.4 leads to an out-of-bounds-write from strncpy() that may lead to arbitrary code execution. | |||||
| CVE-2025-48499 | 2025-08-04 | N/A | 5.3 MEDIUM | ||
| Out-of-bounds write vulnerability exists in FUJIFILM Business Innovation MFPs. A specially crafted IPP (Internet Printing Protocol) or LPD (Line Printer Daemon) packet may cause a denial-of-service (DoS) condition on an affected MFP. Resetting the MFP is required to recover from the denial-of-service (DoS) condition. | |||||
| CVE-2024-20375 | 1 Cisco | 1 Unified Communications Manager | 2025-08-01 | N/A | 8.6 HIGH |
| A vulnerability in the SIP call processing function of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper parsing of SIP messages. An attacker could exploit this vulnerability by sending a crafted SIP message to an affected Cisco Unified CM or Cisco Unified CM SME device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition that interrupts the communications of reliant voice and video devices. | |||||
| CVE-2025-20182 | 1 Cisco | 2 Adaptive Security Appliance Software, Firepower Threat Defense | 2025-08-01 | N/A | 8.6 HIGH |
| A vulnerability in the Internet Key Exchange version 2 (IKEv2) protocol processing of Cisco Adaptive Security Appliance (ASA) Software, Cisco Firepower Threat Defense (FTD) Software, Cisco IOS Software, and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient input validation when processing IKEv2 messages. An attacker could exploit this vulnerability by sending crafted IKEv2 traffic to an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition on the affected device. | |||||
| CVE-2025-43237 | 1 Apple | 1 Macos | 2025-08-01 | N/A | 9.8 CRITICAL |
| An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Sequoia 15.6. An app may be able to cause unexpected system termination. | |||||
| CVE-2025-43209 | 1 Apple | 6 Ipados, Iphone Os, Macos and 3 more | 2025-07-31 | N/A | 9.8 CRITICAL |
| An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in macOS Sequoia 15.6, iPadOS 17.7.9, iOS 18.6 and iPadOS 18.6, tvOS 18.6, macOS Sonoma 14.7.7, watchOS 11.6, visionOS 2.6, macOS Ventura 13.7.7. Processing maliciously crafted web content may lead to an unexpected Safari crash. | |||||
| CVE-2025-43224 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2025-07-31 | N/A | 7.1 HIGH |
| An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in visionOS 2.6, tvOS 18.6, macOS Sequoia 15.6, iOS 18.6 and iPadOS 18.6. Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory. | |||||
| CVE-2025-0143 | 1 Zoom | 3 Meeting Software Development Kit, Video Software Development Kit, Workplace Desktop | 2025-07-31 | N/A | 4.3 MEDIUM |
| Out-of-bounds write in the Zoom Workplace App for Linux before version 6.2.5 may allow an unauthorized user to conduct a denial of service via network access. | |||||
| CVE-2025-4422 | 2025-07-31 | N/A | 8.2 HIGH | ||
| The vulnerability was identified in the code developed specifically for Lenovo. Please visit "Lenovo Product Security Advisories and Announcements" webpage for more information about the vulnerability. https://support.lenovo.com/us/en/product_security/home | |||||
| CVE-2025-4421 | 2025-07-31 | N/A | 8.2 HIGH | ||
| The vulnerability was identified in the code developed specifically for Lenovo. Please visit "Lenovo Product Security Advisories and Announcements" webpage for more information about the vulnerability. https://support.lenovo.com/us/en/product_security/home | |||||
| CVE-2025-0649 | 1 Google | 1 Tensorflow Serving | 2025-07-31 | N/A | 7.5 HIGH |
| Incorrect JSON input stringification in Google's Tensorflow serving versions up to 2.18.0 allows for potentially unbounded recursion leading to server crash. | |||||
| CVE-2025-8168 | 1 Dlink | 2 Dir-513, Dir-513 Firmware | 2025-07-31 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was found in D-Link DIR-513 1.10. It has been rated as critical. Affected by this issue is the function websAspInit of the file /goform/formSetWanPPPoE. The manipulation of the argument curTime leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2025-8169 | 1 Dlink | 2 Dir-513, Dir-513 Firmware | 2025-07-31 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability classified as critical has been found in D-Link DIR-513 1.10. This affects the function formSetWanPPTPcallback of the file /goform/formSetWanPPTPpath of the component HTTP POST Request Handler. The manipulation of the argument curTime leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2025-8184 | 1 Dlink | 2 Dir-513, Dir-513 Firmware | 2025-07-31 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was found in D-Link DIR-513 up to 1.10 and classified as critical. This issue affects the function formSetWanL2TPcallback of the file /goform/formSetWanL2TPtriggers of the component HTTP POST Request Handler. The manipulation leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2025-1252 | 1 Rti | 1 Connext Professional | 2025-07-31 | N/A | 7.1 HIGH |
| Heap-based Buffer Overflow vulnerability in RTI Connext Professional (Core Libraries) allows Overflow Variables and Tags.This issue affects Connext Professional: from 7.4.0 before 7.5.0, from 7.0.0 before 7.3.0.7, from 6.1.0 before 6.1.2.23, from 6.0.0 before 6.0.1.42, from 5.3.0 before 5.3.*, from 4.4d before 5.2.*. | |||||