Export limit exceeded: 352825 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (4675 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-43556 | 3 Adobe, Apple, Microsoft | 3 Animate, Macos, Windows | 2025-05-15 | 7.8 High |
| Animate versions 24.0.8, 23.0.11 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2022-22078 | 1 Qualcomm | 134 Aqt1000, Aqt1000 Firmware, Ar8035 and 131 more | 2025-05-15 | 4.6 Medium |
| Denial of service in BOOT when partition size for a particular partition is requested due to integer overflow when blocks are calculated in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables | ||||
| CVE-2022-39105 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-05-15 | 5.5 Medium |
| In sensor driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel. | ||||
| CVE-2022-3165 | 3 Fedoraproject, Qemu, Redhat | 3 Fedora, Qemu, Enterprise Linux | 2025-05-14 | 6.5 Medium |
| An integer underflow issue was found in the QEMU VNC server while processing ClientCutText messages in the extended format. A malicious client could use this flaw to make QEMU unresponsive by sending a specially crafted payload message, resulting in a denial of service. | ||||
| CVE-2023-47996 | 1 Freeimage Project | 1 Freeimage | 2025-05-14 | 6.5 Medium |
| An integer overflow vulnerability in Exif.cpp::jpeg_read_exif_dir in FreeImage 3.18.0 allows attackers to obtain information and cause a denial of service. | ||||
| CVE-2024-49112 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2025-05-13 | 9.8 Critical |
| Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability | ||||
| CVE-2024-49078 | 1 Microsoft | 9 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 6 more | 2025-05-13 | 6.8 Medium |
| Windows Mobile Broadband Driver Elevation of Privilege Vulnerability | ||||
| CVE-2024-49077 | 1 Microsoft | 8 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 5 more | 2025-05-13 | 6.8 Medium |
| Windows Mobile Broadband Driver Elevation of Privilege Vulnerability | ||||
| CVE-2024-49103 | 1 Microsoft | 9 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 6 more | 2025-05-13 | 4.3 Medium |
| Windows Wireless Wide Area Network Service (WwanSvc) Information Disclosure Vulnerability | ||||
| CVE-2024-49089 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-05-13 | 7.2 High |
| Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | ||||
| CVE-2024-49085 | 1 Microsoft | 7 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 4 more | 2025-05-13 | 8.8 High |
| Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | ||||
| CVE-2016-1000340 | 2 Bouncycastle, Redhat | 4 Bc-java, Jboss Fuse, Satellite and 1 more | 2025-05-12 | N/A |
| In the Bouncy Castle JCE Provider versions 1.51 to 1.55, a carry propagation bug was introduced in the implementation of squaring for several raw math classes have been fixed (org.bouncycastle.math.raw.Nat???). These classes are used by our custom elliptic curve implementations (org.bouncycastle.math.ec.custom.**), so there was the possibility of rare (in general usage) spurious calculations for elliptic curve scalar multiplications. Such errors would have been detected with high probability by the output validation for our scalar multipliers. | ||||
| CVE-2024-50016 | 2025-05-10 | 5.5 Medium | ||
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | ||||
| CVE-2024-21379 | 1 Microsoft | 4 365 Apps, Office, Office Long Term Servicing Channel and 1 more | 2025-05-09 | 7.8 High |
| Microsoft Word Remote Code Execution Vulnerability | ||||
| CVE-2024-21350 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2025-05-09 | 8.8 High |
| Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | ||||
| CVE-2025-43971 | 1 Osrg | 1 Gobgp | 2025-05-08 | 8.6 High |
| An issue was discovered in GoBGP before 3.35.0. pkg/packet/bgp/bgp.go allows attackers to cause a panic via a zero value for softwareVersionLen. | ||||
| CVE-2025-43973 | 1 Osrg | 1 Gobgp | 2025-05-08 | 6.8 Medium |
| An issue was discovered in GoBGP before 3.35.0. pkg/packet/rtr/rtr.go does not verify that the input length corresponds to a situation in which all bytes are available for an RTR message. | ||||
| CVE-2022-37454 | 9 Debian, Extended Keccak Code Package Project, Fedoraproject and 6 more | 9 Debian Linux, Extended Keccak Code Package, Fedora and 6 more | 2025-05-08 | 9.8 Critical |
| The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows attackers to execute arbitrary code or eliminate expected cryptographic properties. This occurs in the sponge function interface. | ||||
| CVE-2024-21105 | 1 Oracle | 2 Solaris, Solaris Operating System | 2025-05-08 | 2 Low |
| Vulnerability in the Oracle Solaris product of Oracle Systems (component: Utility). The supported version that is affected is 11. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Solaris accessible data. CVSS 3.1 Base Score 2.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N). | ||||
| CVE-2025-29912 | 1 Nasa | 1 Cryptolib | 2025-05-07 | 9.8 Critical |
| CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. In versions 1.3.3 and prior, an unsigned integer underflow in the `Crypto_TC_ProcessSecurity` function of CryptoLib leads to a heap buffer overflow. The vulnerability is triggered when the `fl` (frame length) field in a Telecommand (TC) packet is set to 0. This underflow causes the frame length to be interpreted as 65535, resulting in out-of-bounds memory access. This critical vulnerability can be exploited to cause a denial of service (DoS) or potentially achieve remote code execution. Users of CryptoLib are advised to apply the recommended patch or avoid processing untrusted TC packets until a fix is available. | ||||