Total
11674 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-9175 | 1 Neurobin | 1 Shc | 2025-09-11 | 4.3 MEDIUM | 5.3 MEDIUM |
| A vulnerability was identified in neurobin shc up to 4.0.3. This issue affects the function make of the file src/shc.c. The manipulation leads to stack-based buffer overflow. The attack can only be performed from a local environment. The exploit is publicly available and might be used. | |||||
| CVE-2025-9001 | 1 Lemonos | 1 Lemonos | 2025-09-11 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability was determined in LemonOS up to nightly-2024-07-12 on LemonOS. Affected by this issue is the function HTTPGet of the file /Applications/Steal/main.cpp of the component HTTP Client. The manipulation of the argument chunkSize leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-9019 | 1 Broadcom | 1 Tcpreplay | 2025-09-11 | 2.6 LOW | 3.1 LOW |
| A vulnerability has been found in tcpreplay 4.5.1. This vulnerability affects the function mask_cidr6 of the file cidr.c of the component tcpprep. The manipulation leads to heap-based buffer overflow. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The researcher is able to reproduce this with the latest official release 4.5.1 and the current master branch. The code maintainer cannot reproduce this for 4.5.2-beta1. In his reply the maintainer explains that "[i]n that case, this is a duplicate that was fixed in 4.5.2." | |||||
| CVE-2025-57807 | 1 Imagemagick | 1 Imagemagick | 2025-09-10 | N/A | 3.8 LOW |
| ImageMagick is free and open-source software used for editing and manipulating digital images. ImageMagick versions lower than 14.8.2 include insecure functions: SeekBlob(), which permits advancing the stream offset beyond the current end without increasing capacity, and WriteBlob(), which then expands by quantum + length (amortized) instead of offset + length, and copies to data + offset. When offset ≫ extent, the copy targets memory beyond the allocation, producing a deterministic heap write on 64-bit builds. No 2⁶⁴ arithmetic wrap, external delegates, or policy settings are required. This is fixed in version 14.8.2. | |||||
| CVE-2025-58050 | 1 Pcre | 1 Pcre2 | 2025-09-09 | N/A | 9.1 CRITICAL |
| The PCRE2 library is a set of C functions that implement regular expression pattern matching. In version 10.45, a heap-buffer-overflow read vulnerability exists in the PCRE2 regular expression matching engine, specifically within the handling of the (*scs:...) (Scan SubString) verb when combined with (*ACCEPT) in src/pcre2_match.c. This vulnerability may potentially lead to information disclosure if the out-of-bounds data read during the memcmp affects the final match result in a way observable by the attacker. This issue has been resolved in version 10.46. | |||||
| CVE-2025-32316 | 1 Google | 1 Android | 2025-09-08 | N/A | 5.5 MEDIUM |
| In gralloc4, there is a possible out of bounds write due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2025-0010 | 2025-09-08 | N/A | 6.1 MEDIUM | ||
| An out of bounds write in the Linux graphics driver could allow an attacker to overflow the buffer potentially resulting in loss of confidentiality, integrity, or availability. | |||||
| CVE-2025-0034 | 2025-09-08 | N/A | 4.7 MEDIUM | ||
| Insufficient parameter sanitization in TEE SOC Driver could allow an attacker to issue a malformed DRV_SOC_CMD_ID_SRIOV_SPATIAL_PART and cause read or write past the end of allocated arrays, potentially resulting in a loss of platform integrity or denial of service. | |||||
| CVE-2021-26383 | 2025-09-08 | N/A | 7.9 HIGH | ||
| Insufficient bounds checking in AMD TEE (Trusted Execution Environment) could allow an attacker with a compromised userspace to invoke a command with malformed arguments leading to out of bounds memory access, potentially resulting in loss of integrity or availability. | |||||
| CVE-2024-7254 | 2 Google, Netapp | 8 Protobuf, Protobuf-java, Protobuf-javalite and 5 more | 2025-09-08 | N/A | 7.5 HIGH |
| Any project that parses untrusted Protocol Buffers data containing an arbitrary number of nested groups / series of SGROUP tags can corrupted by exceeding the stack limit i.e. StackOverflow. Parsing nested groups as unknown fields with DiscardUnknownFieldsParser or Java Protobuf Lite parser, or against Protobuf map fields, creates unbounded recursions that can be abused by an attacker. | |||||
| CVE-2023-50572 | 1 Jline | 1 Jline | 2025-09-05 | N/A | 5.5 MEDIUM |
| An issue in the component GroovyEngine.execute of jline-groovy v3.24.1 allows attackers to cause an OOM (OutofMemory) error. | |||||
| CVE-2025-9732 | 1 Offis | 1 Dcmtk | 2025-09-05 | 4.3 MEDIUM | 5.3 MEDIUM |
| A vulnerability was identified in DCMTK up to 3.6.9. This affects an unknown function in the library dcmimage/include/dcmtk/dcmimage/diybrpxt.h of the component dcm2img. Such manipulation leads to memory corruption. Local access is required to approach this attack. The name of the patch is 7ad81d69b. It is best practice to apply a patch to resolve this issue. | |||||
| CVE-2025-48540 | 1 Google | 1 Android | 2025-09-05 | N/A | 7.8 HIGH |
| In processTransactInternal of RpcState.cpp, there is a possible local out of memory write due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2024-49739 | 1 Google | 1 Android | 2025-09-05 | N/A | 4.0 MEDIUM |
| In MMapVAccess of pmr_os.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-21475 | 1 Samsung | 1 Android | 2025-09-05 | N/A | 8.0 HIGH |
| Out-of-bounds Write vulnerability in libaudiosaplus_sec.so library prior to SMR Apr-2023 Release 1 allows local attacker to execute arbitrary code. | |||||
| CVE-2023-21476 | 1 Samsung | 1 Android | 2025-09-05 | N/A | 8.0 HIGH |
| Out-of-bounds Write vulnerability in libaudiosaplus_sec.so library prior to SMR Apr-2023 Release 1 allows local attacker to execute arbitrary code. | |||||
| CVE-2024-56190 | 1 Google | 1 Android | 2025-09-05 | N/A | 7.8 HIGH |
| In wl_update_hidden_ap_ie() of wl_cfgscan.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2025-36887 | 1 Google | 1 Android | 2025-09-05 | N/A | 7.8 HIGH |
| In wl_cfgscan_update_v3_schedscan_results() of wl_cfgscan.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2025-36897 | 1 Google | 1 Android | 2025-09-05 | N/A | 9.8 CRITICAL |
| In unknown of cd_CnMsgCodecUserApi.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2025-36903 | 1 Google | 1 Android | 2025-09-05 | N/A | 7.8 HIGH |
| In lwis_io_buffer_write, there is a possible OOB read/write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||