Total
13377 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-44321 | 1 Picoc Project | 1 Picoc | 2025-05-01 | N/A | 5.5 MEDIUM |
| PicoC Version 3.2.2 was discovered to contain a heap buffer overflow in the LexSkipComment function in lex.c when called from LexScanGetToken. | |||||
| CVE-2022-44320 | 1 Picoc Project | 1 Picoc | 2025-05-01 | N/A | 5.5 MEDIUM |
| PicoC Version 3.2.2 was discovered to contain a heap buffer overflow in the ExpressionCoerceFP function in expression.c when called from ExpressionParseFunctionCall. | |||||
| CVE-2022-44316 | 1 Picoc Project | 1 Picoc | 2025-05-01 | N/A | 5.5 MEDIUM |
| PicoC Version 3.2.2 was discovered to contain a heap buffer overflow in the LexGetStringConstant function in lex.c when called from LexScanGetToken. | |||||
| CVE-2022-44315 | 1 Picoc Project | 1 Picoc | 2025-05-01 | N/A | 5.5 MEDIUM |
| PicoC Version 3.2.2 was discovered to contain a heap buffer overflow in the ExpressionAssign function in expression.c when called from ExpressionParseFunctionCall. | |||||
| CVE-2022-44314 | 1 Picoc Project | 1 Picoc | 2025-05-01 | N/A | 5.5 MEDIUM |
| PicoC Version 3.2.2 was discovered to contain a heap buffer overflow in the StringStrncpy function in cstdlib/string.c when called from ExpressionParseFunctionCall. | |||||
| CVE-2022-44313 | 1 Picoc Project | 1 Picoc | 2025-05-01 | N/A | 5.5 MEDIUM |
| PicoC Version 3.2.2 was discovered to contain a heap buffer overflow in the ExpressionCoerceUnsignedInteger function in expression.c when called from ExpressionParseFunctionCall. | |||||
| CVE-2021-40226 | 1 Glyphandcog | 1 Xpdfreader | 2025-05-01 | N/A | 7.5 HIGH |
| xpdfreader 4.03 is vulnerable to Buffer Overflow. | |||||
| CVE-2022-20462 | 1 Google | 1 Android | 2025-05-01 | N/A | 7.8 HIGH |
| In phNxpNciHal_write_unlocked of phNxpNciHal.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-230356196 | |||||
| CVE-2021-39661 | 1 Google | 1 Android | 2025-05-01 | N/A | 7.8 HIGH |
| In _PMRLogicalOffsetToPhysicalOffset of the PowerVR kernel driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-246824784 | |||||
| CVE-2021-1050 | 1 Google | 1 Android | 2025-05-01 | N/A | 7.8 HIGH |
| In MMU_UnmapPages of the PowerVR kernel driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-243825200 | |||||
| CVE-2021-39275 | 6 Apache, Debian, Fedoraproject and 3 more | 11 Http Server, Debian Linux, Fedora and 8 more | 2025-05-01 | 7.5 HIGH | 9.8 CRITICAL |
| ap_escape_quotes() may write beyond the end of a buffer when given malicious input. No included modules pass untrusted data to these functions, but third-party / external modules may. This issue affects Apache HTTP Server 2.4.48 and earlier. | |||||
| CVE-2021-44790 | 7 Apache, Apple, Debian and 4 more | 14 Http Server, Mac Os X, Macos and 11 more | 2025-05-01 | 7.5 HIGH | 9.8 CRITICAL |
| A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the vulnerabilty though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier. | |||||
| CVE-2022-23943 | 4 Apache, Debian, Fedoraproject and 1 more | 5 Http Server, Debian Linux, Fedora and 2 more | 2025-05-01 | 7.5 HIGH | 9.8 CRITICAL |
| Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server allows an attacker to overwrite heap memory with possibly attacker provided data. This issue affects Apache HTTP Server 2.4 version 2.4.52 and prior versions. | |||||
| CVE-2022-44318 | 1 Picoc Project | 1 Picoc | 2025-05-01 | N/A | 5.5 MEDIUM |
| PicoC Version 3.2.2 was discovered to contain a heap buffer overflow in the StringStrcat function in cstdlib/string.c when called from ExpressionParseFunctionCall. | |||||
| CVE-2022-44317 | 1 Picoc Project | 1 Picoc | 2025-05-01 | N/A | 5.5 MEDIUM |
| PicoC Version 3.2.2 was discovered to contain a heap buffer overflow in the StdioOutPutc function in cstdlib/stdio.c when called from ExpressionParseFunctionCall. | |||||
| CVE-2022-43294 | 1 Tasmota Project | 1 Tasmota | 2025-04-30 | N/A | 9.8 CRITICAL |
| Tasmota before commit 066878da4d4762a9b6cb169fdf353e804d735cfd was discovered to contain a stack overflow via the ClientPortPtr parameter at lib/libesp32/rtsp/CRtspSession.cpp. | |||||
| CVE-2022-32266 | 1 Insyde | 1 Kernel | 2025-04-30 | N/A | 6.4 MEDIUM |
| DMA attacks on the parameter buffer used by a software SMI handler used by the driver PcdSmmDxe could lead to a TOCTOU attack on the SMI handler and lead to corruption of other ACPI fields and adjacent memory fields. DMA attacks on the parameter buffer used by a software SMI handler used by the driver PcdSmmDxe could lead to a TOCTOU attack on the SMI handler and lead to corruption of other ACPI fields and adjacent memory fields. The attack would require detailed knowledge of the PCD database contents on the current platform. This issue was discovered by Insyde engineering during a security review. This issue is fixed in Kernel 5.3: 05.36.23, Kernel 5.4: 05.44.23, Kernel 5.5: 05.52.23. Kernel 5.2 is unaffected. CWE-787 An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. DMA attacks on the parameter buffer that is used by a software SMI handler (used by the PcdSmmDxe driver) could lead to a TOCTOU race-condition attack on the SMI handler, and lead to corruption of other ACPI fields and adjacent memory fields. The attack would require detailed knowledge of the PCD database contents on the current platform. | |||||
| CVE-2022-43071 | 1 Xpdfreader | 1 Xpdf | 2025-04-30 | N/A | 5.5 MEDIUM |
| A stack overflow in the Catalog::readPageLabelTree2(Object*) function of XPDF v4.04 allows attackers to cause a Denial of Service (DoS) via a crafted PDF file. | |||||
| CVE-2024-49200 | 1 Insyde | 1 Kernel | 2025-04-30 | N/A | 6.4 MEDIUM |
| An issue was discovered in AcpiS3SaveDxe and ChipsetSvcDxe in Insyde InsydeH2O with kernel 5.2 though 5.7. A potential DXE memory corruption vulnerability has been identified. The root cause is use of a pointer originating from the value of an NVRAM variable as the target of a write operation. This can be leveraged by an attacker to perform arbitrary writes, potentially leading to arbitrary code execution. The issue has been fixed in kernel 5.2, Version 05.29.44; kernel 5.3, Version 05.38.44; kernel 5.4, Version 05.46.44; kernel 5.5, Version 05.54.44; kernel 5.6, Version 05.61.44; and kernel 5.7, Version 05.70.44. | |||||
| CVE-2024-20057 | 2 Google, Mediatek | 38 Android, Mt6761, Mt6765 and 35 more | 2025-04-30 | N/A | 7.2 HIGH |
| In keyInstall, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08587881; Issue ID: ALPS08587881. | |||||