Total
12653 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-0034 | 2025-09-06 | N/A | 4.7 MEDIUM | ||
| Insufficient parameter sanitization in TEE SOC Driver could allow an attacker to issue a malformed DRV_SOC_CMD_ID_SRIOV_SPATIAL_PART and cause read or write past the end of allocated arrays, potentially resulting in a loss of platform integrity or denial of service. | |||||
| CVE-2025-0010 | 2025-09-06 | N/A | 6.1 MEDIUM | ||
| An out of bounds write in the Linux graphics driver could allow an attacker to overflow the buffer potentially resulting in loss of confidentiality, integrity, or availability. | |||||
| CVE-2021-26383 | 2025-09-06 | N/A | 7.9 HIGH | ||
| Insufficient bounds checking in AMD TEE (Trusted Execution Environment) could allow an attacker with a compromised userspace to invoke a command with malformed arguments leading to out of bounds memory access, potentially resulting in loss of integrity or availability. | |||||
| CVE-2025-57807 | 2025-09-05 | N/A | 3.8 LOW | ||
| ImageMagick is free and open-source software used for editing and manipulating digital images. ImageMagick versions lower than 14.8.2 include insecure functions: SeekBlob(), which permits advancing the stream offset beyond the current end without increasing capacity, and WriteBlob(), which then expands by quantum + length (amortized) instead of offset + length, and copies to data + offset. When offset ≫ extent, the copy targets memory beyond the allocation, producing a deterministic heap write on 64-bit builds. No 2⁶⁴ arithmetic wrap, external delegates, or policy settings are required. This is fixed in version 14.8.2. | |||||
| CVE-2023-50572 | 1 Jline | 1 Jline | 2025-09-05 | N/A | 5.5 MEDIUM |
| An issue in the component GroovyEngine.execute of jline-groovy v3.24.1 allows attackers to cause an OOM (OutofMemory) error. | |||||
| CVE-2025-9732 | 1 Offis | 1 Dcmtk | 2025-09-05 | 4.3 MEDIUM | 5.3 MEDIUM |
| A vulnerability was identified in DCMTK up to 3.6.9. This affects an unknown function in the library dcmimage/include/dcmtk/dcmimage/diybrpxt.h of the component dcm2img. Such manipulation leads to memory corruption. Local access is required to approach this attack. The name of the patch is 7ad81d69b. It is best practice to apply a patch to resolve this issue. | |||||
| CVE-2025-48540 | 1 Google | 1 Android | 2025-09-05 | N/A | 7.8 HIGH |
| In processTransactInternal of RpcState.cpp, there is a possible local out of memory write due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2024-49739 | 1 Google | 1 Android | 2025-09-05 | N/A | 4.0 MEDIUM |
| In MMapVAccess of pmr_os.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2025-32316 | 2025-09-05 | N/A | 5.5 MEDIUM | ||
| In gralloc4, there is a possible out of bounds write due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-21475 | 1 Samsung | 1 Android | 2025-09-05 | N/A | 8.0 HIGH |
| Out-of-bounds Write vulnerability in libaudiosaplus_sec.so library prior to SMR Apr-2023 Release 1 allows local attacker to execute arbitrary code. | |||||
| CVE-2023-21476 | 1 Samsung | 1 Android | 2025-09-05 | N/A | 8.0 HIGH |
| Out-of-bounds Write vulnerability in libaudiosaplus_sec.so library prior to SMR Apr-2023 Release 1 allows local attacker to execute arbitrary code. | |||||
| CVE-2024-56189 | 1 Google | 1 Android | 2025-09-05 | N/A | 7.5 HIGH |
| In SAEMM_DiscloseMsId of SAEMM_RadioMessageCodec.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure post authentication with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2024-56190 | 1 Google | 1 Android | 2025-09-05 | N/A | 7.8 HIGH |
| In wl_update_hidden_ap_ie() of wl_cfgscan.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2025-36887 | 1 Google | 1 Android | 2025-09-05 | N/A | 7.8 HIGH |
| In wl_cfgscan_update_v3_schedscan_results() of wl_cfgscan.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2025-36897 | 1 Google | 1 Android | 2025-09-05 | N/A | 9.8 CRITICAL |
| In unknown of cd_CnMsgCodecUserApi.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2025-36903 | 1 Google | 1 Android | 2025-09-05 | N/A | 7.8 HIGH |
| In lwis_io_buffer_write, there is a possible OOB read/write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2025-36907 | 1 Google | 1 Android | 2025-09-05 | N/A | 7.3 HIGH |
| In draw_surface_image() of abl/android/lib/draw/draw.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege via USB fastboot, after a bootloader unlock, with no additional execution privileges needed. User interaction is needed for exploitation. | |||||
| CVE-2025-36908 | 1 Google | 1 Android | 2025-09-05 | N/A | 6.7 MEDIUM |
| In lwis_top_register_io of lwis_device_top.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2024-52531 | 1 Gnome | 1 Libsoup | 2025-09-04 | N/A | 6.5 MEDIUM |
| GNOME libsoup before 3.6.1 allows a buffer overflow in applications that perform conversion to UTF-8 in soup_header_parse_param_list_strict. There is a plausible way to reach this remotely via soup_message_headers_get_content_type (e.g., an application may want to retrieve the content type of a request or response). | |||||
| CVE-2025-9748 | 1 Tenda | 2 Ch22, Ch22 Firmware | 2025-09-04 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was determined in Tenda CH22 1.0.0.1. Affected by this issue is the function fromIpsecitem of the file /goform/IPSECsave of the component httpd. Executing manipulation of the argument ipsecno can lead to stack-based buffer overflow. The attack may be performed from remote. | |||||