Total
219 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-9448 | 2025-05-12 | N/A | 7.5 HIGH | ||
| On affected platforms running Arista EOS with Traffic Policies configured the vulnerability will cause received untagged packets not to hit Traffic Policy rules that they are expected to hit. If the rule was to drop the packet, the packet will not be dropped and instead will be forwarded as if the rule was not in place. This could lead to packets being delivered to unexpected destinations. | |||||
| CVE-2025-43972 | 1 Osrg | 1 Gobgp | 2025-05-08 | N/A | 6.8 MEDIUM |
| An issue was discovered in GoBGP before 3.35.0. An attacker can cause a crash in the pkg/packet/bgp/bgp.go flowspec parser by sending fewer than 20 bytes in a certain context. | |||||
| CVE-2025-43970 | 1 Osrg | 1 Gobgp | 2025-05-08 | N/A | 4.3 MEDIUM |
| An issue was discovered in GoBGP before 3.35.0. pkg/packet/mrt/mrt.go does not properly check the input length, e.g., by ensuring that there are 12 bytes or 36 bytes (depending on the address family). | |||||
| CVE-2023-52343 | 2 Google, Unisoc | 5 Android, S8000, T760 and 2 more | 2025-05-06 | N/A | 5.5 MEDIUM |
| In SecurityCommand message after as security has been actived., there is a possible improper input validation. This could lead to remote information disclosure no additional execution privileges needed | |||||
| CVE-2022-20445 | 1 Google | 1 Android | 2025-05-01 | N/A | 7.5 HIGH |
| In process_service_search_rsp of sdp_discovery.cc, there is a possible out of bounds read due to improper input validation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-225876506 | |||||
| CVE-2022-36938 | 1 Facebook | 1 Redex | 2025-05-01 | N/A | 9.8 CRITICAL |
| DexLoader function get_stringidx_fromdex() in Redex prior to commit 3b44c64 can load an out of bound address when loading the string index table, potentially allowing remote code execution during processing of a 3rd party Android APK file. | |||||
| CVE-2021-47251 | 1 Linux | 1 Linux Kernel | 2025-04-30 | N/A | 7.8 HIGH |
| In the Linux kernel, the following vulnerability has been resolved: mac80211: fix skb length check in ieee80211_scan_rx() Replace hard-coded compile-time constants for header length check with dynamic determination based on the frame type. Otherwise, we hit a validation WARN_ON in cfg80211 later. [style fixes, reword commit message] | |||||
| CVE-2022-25727 | 1 Qualcomm | 42 Ar8031, Ar8031 Firmware, Csra6620 and 39 more | 2025-04-22 | N/A | 9.8 CRITICAL |
| Memory Corruption in modem due to improper length check while copying into memory in Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music | |||||
| CVE-2021-0934 | 1 Google | 1 Android | 2025-04-22 | N/A | 5.5 MEDIUM |
| In findAllDeAccounts of AccountsDb.java, there is a possible denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-169762606 | |||||
| CVE-2022-20491 | 1 Google | 1 Android | 2025-04-22 | N/A | 7.8 HIGH |
| In NotificationChannel of NotificationChannel.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-242703556 | |||||
| CVE-2022-20488 | 1 Google | 1 Android | 2025-04-22 | N/A | 7.8 HIGH |
| In NotificationChannel of NotificationChannel.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-242703217 | |||||
| CVE-2022-20543 | 1 Google | 1 Android | 2025-04-21 | N/A | 2.3 LOW |
| In multiple locations, there is a possible display crash loop due to improper input validation. This could lead to local denial of service with system execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-238178261 | |||||
| CVE-2025-25178 | 2025-04-15 | N/A | 7.8 HIGH | ||
| Software installed and run as a non-privileged user may conduct improper GPU system calls to cause kernel system memory corruption. | |||||
| CVE-2022-37312 | 1 Open-xchange | 1 Open-xchange Appsuite | 2025-04-14 | N/A | 5.3 MEDIUM |
| OX App Suite through 7.10.6 has Uncontrolled Resource Consumption via a large request body containing a redirect URL to the deferrer servlet. | |||||
| CVE-2022-37311 | 1 Open-xchange | 1 Open-xchange Appsuite | 2025-04-14 | N/A | 5.3 MEDIUM |
| OX App Suite through 7.10.6 has Uncontrolled Resource Consumption via a large location request parameter to the redirect servlet. | |||||
| CVE-2009-4488 | 1 Varnish.projects.linpro | 1 Varnish | 2025-04-09 | 5.0 MEDIUM | 9.8 CRITICAL |
| Varnish 2.0.6 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator. NOTE: the vendor disputes the significance of this report, stating that "This is not a security problem in Varnish or any other piece of software which writes a logfile. The real problem is the mistaken belief that you can cat(1) a random logfile to your terminal safely. | |||||
| CVE-2008-2374 | 2 Bluez, Fedoraproject | 3 Bluez-libs, Bluez-utils, Fedora | 2025-04-09 | 7.5 HIGH | 9.8 CRITICAL |
| src/sdp.c in bluez-libs 3.30 in BlueZ, and other bluez-libs before 3.34 and bluez-utils before 3.34 versions, does not validate string length fields in SDP packets, which allows remote SDP servers to cause a denial of service or possibly have unspecified other impact via a crafted length field that triggers excessive memory allocation or a buffer over-read. | |||||
| CVE-2008-1440 | 1 Microsoft | 2 Windows Server 2003, Windows Xp | 2025-04-09 | 7.1 HIGH | N/A |
| Microsoft Windows XP SP2 and SP3, and Server 2003 SP1 and SP2, does not properly validate the option length field in Pragmatic General Multicast (PGM) packets, which allows remote attackers to cause a denial of service (infinite loop and system hang) via a crafted PGM packet, aka the "PGM Invalid Length Vulnerability." | |||||
| CVE-2022-20493 | 1 Google | 1 Android | 2025-04-03 | N/A | 7.8 HIGH |
| In Condition of Condition.java, there is a possible way to grant notification access due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-242846316 | |||||
| CVE-2024-45351 | 2025-03-27 | N/A | 7.8 HIGH | ||
| A code execution vulnerability exists in the Xiaomi Game center application product. The vulnerability is caused by improper input validation and can be exploited by attackers to execute malicious code. | |||||