Total
11880 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-20632 | 1 Mediatek | 8 Mt7615, Mt7622, Mt7663 and 5 more | 2025-04-22 | N/A | 7.8 HIGH |
| In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00397139; Issue ID: MSV-2188. | |||||
| CVE-2025-20631 | 1 Mediatek | 8 Mt7615, Mt7622, Mt7663 and 5 more | 2025-04-22 | N/A | 7.8 HIGH |
| In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00397141; Issue ID: MSV-2187. | |||||
| CVE-2024-20148 | 3 Google, Linuxfoundation, Mediatek | 18 Android, Yocto, Mt3603 and 15 more | 2025-04-22 | N/A | 9.8 CRITICAL |
| In wlan STA FW, there is a possible out of bounds write due to improper input validation. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00389045 / ALPS09136494; Issue ID: MSV-1796. | |||||
| CVE-2024-20146 | 4 Google, Linuxfoundation, Mediatek and 1 more | 30 Android, Yocto, Mt2737 and 27 more | 2025-04-22 | N/A | 8.1 HIGH |
| In wlan STA driver, there is a possible out of bounds write due to improper input validation. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00389496 / ALPS09137491; Issue ID: MSV-1835. | |||||
| CVE-2024-20145 | 5 Google, Linuxfoundation, Mediatek and 2 more | 22 Android, Yocto, Mt2737 and 19 more | 2025-04-22 | N/A | 6.6 MEDIUM |
| In V6 DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09290940; Issue ID: MSV-2040. | |||||
| CVE-2024-20144 | 5 Google, Linuxfoundation, Mediatek and 2 more | 36 Android, Yocto, Mt2737 and 33 more | 2025-04-22 | N/A | 6.6 MEDIUM |
| In V6 DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09167056; Issue ID: MSV-2041. | |||||
| CVE-2024-20143 | 5 Google, Linuxfoundation, Mediatek and 2 more | 24 Android, Yocto, Mt2737 and 21 more | 2025-04-22 | N/A | 6.6 MEDIUM |
| In V6 DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09167056; Issue ID: MSV-2069. | |||||
| CVE-2024-20140 | 3 Google, Linuxfoundation, Mediatek | 13 Android, Yocto, Mt6739 and 10 more | 2025-04-22 | N/A | 6.7 MEDIUM |
| In power, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS09270402; Issue ID: MSV-2020. | |||||
| CVE-2024-20105 | 2 Google, Mediatek | 26 Android, Mt6580, Mt6739 and 23 more | 2025-04-22 | N/A | 6.7 MEDIUM |
| In m4u, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS09062027; Issue ID: MSV-1743. | |||||
| CVE-2025-20645 | 2 Google, Mediatek | 15 Android, Mt6765, Mt6768 and 12 more | 2025-04-22 | N/A | 7.8 HIGH |
| In KeyInstall, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS09475476; Issue ID: MSV-2599. | |||||
| CVE-2025-20646 | 1 Mediatek | 6 Mt6890, Mt7915, Mt7916 and 3 more | 2025-04-22 | N/A | 9.8 CRITICAL |
| In wlan AP FW, there is a possible out of bounds write due to improper input validation. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00389074; Issue ID: MSV-1803. | |||||
| CVE-2025-20650 | 5 Google, Linuxfoundation, Mediatek and 2 more | 25 Android, Yocto, Mt2737 and 22 more | 2025-04-22 | N/A | 6.8 MEDIUM |
| In da, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09291294; Issue ID: MSV-2061. | |||||
| CVE-2022-45685 | 2 Debian, Jettison Project | 2 Debian Linux, Jettison | 2025-04-22 | N/A | 7.5 HIGH |
| A stack overflow in Jettison before v1.5.2 allows attackers to cause a Denial of Service (DoS) via crafted JSON data. | |||||
| CVE-2022-44874 | 1 Wasm3 Project | 1 Wasm3 | 2025-04-22 | N/A | 5.5 MEDIUM |
| wasm3 commit 7890a2097569fde845881e0b352d813573e371f9 was discovered to contain a segmentation fault via the component op_CallIndirect at /m3_exec.h. | |||||
| CVE-2022-45688 | 2 Hutool, Json-java Project | 2 Hutool, Json-java | 2025-04-22 | N/A | 7.5 HIGH |
| A stack overflow in the XML.toJSONObject component of hutool-json v5.8.10 allows attackers to cause a Denial of Service (DoS) via crafted JSON or XML data. | |||||
| CVE-2022-44910 | 1 Quarkslab | 1 Binbloom | 2025-04-22 | N/A | 7.8 HIGH |
| Binbloom 2.0 was discovered to contain a heap buffer overflow via the read_pointer function at /binbloom-master/src/helpers.c. | |||||
| CVE-2022-42820 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2025-04-21 | N/A | 7.8 HIGH |
| A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 16.1 and iPadOS 16, macOS Ventura 13. An app may cause unexpected app termination or arbitrary code execution. | |||||
| CVE-2022-32860 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2025-04-21 | N/A | 7.8 HIGH |
| An out-of-bounds write was addressed with improved input validation. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5, macOS Big Sur 11.6.8. An app may be able to execute arbitrary code with kernel privileges. | |||||
| CVE-2022-42830 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2025-04-21 | N/A | 6.7 MEDIUM |
| The issue was addressed with improved memory handling. This issue is fixed in iOS 16.1 and iPadOS 16, macOS Ventura 13. An app with root privileges may be able to execute arbitrary code with kernel privileges. | |||||
| CVE-2022-42842 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2025-04-21 | N/A | 9.8 CRITICAL |
| The issue was addressed with improved memory handling. This issue is fixed in tvOS 16.2, macOS Monterey 12.6.2, macOS Ventura 13.1, macOS Big Sur 11.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2. A remote user may be able to cause kernel code execution. | |||||