Total
12282 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-30369 | 1 Tenda | 2 Ac15, Ac15 Firmware | 2025-02-04 | N/A | 9.8 CRITICAL |
Tenda AC15 V15.03.05.19 is vulnerable to Buffer Overflow. | |||||
CVE-2023-30368 | 1 Tenda | 2 Ac5, Ac5 Firmware | 2025-02-04 | N/A | 9.8 CRITICAL |
Tenda AC5 V15.03.06.28 is vulnerable to Buffer Overflow via the initWebs function. | |||||
CVE-2023-30414 | 1 Jerryscript | 1 Jerryscript | 2025-02-04 | N/A | 5.5 MEDIUM |
Jerryscript commit 1a2c047 was discovered to contain a stack overflow via the component vm_loop at /jerry-core/vm/vm.c. | |||||
CVE-2023-30373 | 1 Tenda | 2 Ac15, Ac15 Firmware | 2025-02-04 | N/A | 9.8 CRITICAL |
In Tenda AC15 V15.03.05.19, the function "xian_pppoe_user" contains a stack-based buffer overflow vulnerability. | |||||
CVE-2023-30372 | 1 Tenda | 2 Ac15, Ac15 Firmware | 2025-02-04 | N/A | 9.8 CRITICAL |
In Tenda AC15 V15.03.05.19, The function "xkjs_ver32" contains a stack-based buffer overflow vulnerability. | |||||
CVE-2023-24819 | 1 Riot-os | 1 Riot | 2025-02-04 | N/A | 9.8 CRITICAL |
RIOT-OS, an operating system that supports Internet of Things devices, contains a network stack with the ability to process 6LoWPAN frames. Prior to version 2022.10, an attacker can send a crafted frame to the device resulting in an out of bounds write in the packet buffer. The overflow can be used to corrupt other packets and the allocator metadata. Corrupting a pointer will easily lead to denial of service. While carefully manipulating the allocator metadata gives an attacker the possibility to write data to arbitrary locations and thus execute arbitrary code. Version 2022.10 fixes this issue. As a workaround, disable support for fragmented IP datagrams or apply the patches manually. | |||||
CVE-2020-16010 | 1 Google | 2 Android, Chrome | 2025-02-04 | 6.8 MEDIUM | 8.8 HIGH |
Heap buffer overflow in UI in Google Chrome on Android prior to 86.0.4240.185 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. | |||||
CVE-2019-5825 | 1 Google | 1 Chrome | 2025-02-04 | 4.3 MEDIUM | 6.5 MEDIUM |
Out of bounds write in JavaScript in Google Chrome prior to 73.0.3683.86 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
CVE-2023-20869 | 1 Vmware | 2 Fusion, Workstation | 2025-02-04 | N/A | 8.2 HIGH |
VMware Workstation (17.x) and VMware Fusion (13.x) contain a stack-based buffer-overflow vulnerability that exists in the functionality for sharing host Bluetooth devices with the virtual machine. | |||||
CVE-2024-32039 | 2 Fedoraproject, Freerdp | 2 Fedora, Freerdp | 2025-02-04 | N/A | 9.8 CRITICAL |
FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients using a version of FreeRDP prior to 3.5.0 or 2.11.6 are vulnerable to integer overflow and out-of-bounds write. Versions 3.5.0 and 2.11.6 patch the issue. As a workaround, do not use `/gfx` options (e.g. deactivate with `/bpp:32` or `/rfx` as it is on by default). | |||||
CVE-2024-22448 | 1 Dell | 536 Alienware M15 R6, Alienware M15 R6 Firmware, Alienware M15 R7 and 533 more | 2025-02-04 | N/A | 4.7 MEDIUM |
Dell BIOS contains an Out-of-Bounds Write vulnerability. A local authenticated malicious user with admin privileges could potentially exploit this vulnerability, leading to denial of service. | |||||
CVE-2024-25942 | 1 Dell | 50 Nx3230, Nx3230 Firmware, Nx3330 and 47 more | 2025-02-04 | N/A | 4.4 MEDIUM |
Dell PowerEdge Server BIOS contains an Improper SMM communication buffer verification vulnerability. A physical high privileged attacker could potentially exploit this vulnerability leading to arbitrary writes to SMRAM. | |||||
CVE-2024-22453 | 1 Dell | 50 Nx3230, Nx3230 Firmware, Nx3330 and 47 more | 2025-02-04 | N/A | 7.2 HIGH |
Dell PowerEdge Server BIOS contains a heap-based buffer overflow vulnerability. A local high privileged attacker could potentially exploit this vulnerability to write to otherwise unauthorized memory. | |||||
CVE-2024-0162 | 1 Dell | 116 Emc Xc Core Xc450, Emc Xc Core Xc450 Firmware, Emc Xc Core Xc650 and 113 more | 2025-02-04 | N/A | 5.3 MEDIUM |
Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain an Improper SMM communication buffer verification vulnerability. A local low privileged attacker could potentially exploit this vulnerability leading to out-of-bound read/writes to SMRAM. | |||||
CVE-2024-32855 | 1 Dell | 148 Inspiron 3480, Inspiron 3480 Firmware, Inspiron 3580 and 145 more | 2025-02-04 | N/A | 3.8 LOW |
Dell Client Platform BIOS contains an Out-of-bounds Write vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Information tampering. | |||||
CVE-2023-2241 | 1 Podofo Project | 1 Podofo | 2025-02-04 | 4.3 MEDIUM | 5.3 MEDIUM |
A vulnerability, which was classified as critical, was found in PoDoFo 0.10.0. Affected is the function readXRefStreamEntry of the file PdfXRefStreamParserObject.cpp. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The patch is identified as 535a786f124b739e3c857529cecc29e4eeb79778. It is recommended to apply a patch to fix this issue. VDB-227226 is the identifier assigned to this vulnerability. | |||||
CVE-2023-29578 | 1 Mp4v2 Project | 1 Mp4v2 | 2025-02-04 | N/A | 8.8 HIGH |
mp4v2 v2.0.0 was discovered to contain a heap buffer overflow via the mp4v2::impl::MP4StringProperty::~MP4StringProperty() function at src/mp4property.cpp. | |||||
CVE-2023-20872 | 2 Apple, Vmware | 3 Mac Os X, Fusion, Workstation | 2025-02-04 | N/A | 8.8 HIGH |
VMware Workstation and Fusion contain an out-of-bounds read/write vulnerability in SCSI CD/DVD device emulation. | |||||
CVE-2025-20639 | 2 Google, Mediatek | 44 Android, Mt6739, Mt6761 and 41 more | 2025-02-04 | N/A | 6.6 MEDIUM |
In DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09291146; Issue ID: MSV-2060. | |||||
CVE-2025-20641 | 2 Google, Mediatek | 44 Android, Mt6739, Mt6761 and 41 more | 2025-02-04 | N/A | 6.6 MEDIUM |
In DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09291146; Issue ID: MSV-2058. |