Export limit exceeded: 19963 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (19963 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-26328 | 1 Qemu | 1 Qemu | 2025-05-07 | 6 Medium |
| An issue was discovered in QEMU 7.1.0 through 8.2.1. register_vfs in hw/pci/pcie_sriov.c does not set NumVFs to PCI_SRIOV_TOTAL_VF, and thus interaction with hw/nvme/ctrl.c is mishandled. | ||||
| CVE-2024-26327 | 2 Qemu, Redhat | 2 Qemu, Enterprise Linux | 2025-05-07 | 5.3 Medium |
| An issue was discovered in QEMU 7.1.0 through 8.2.1. register_vfs in hw/pci/pcie_sriov.c mishandles the situation where a guest writes NumVFs greater than TotalVFs, leading to a buffer overflow in VF implementations. | ||||
| CVE-2024-31002 | 2 Axiosys, Bento4 | 2 Bento4, Bento4 | 2025-05-07 | 9.8 Critical |
| Buffer Overflow vulnerability in Bento4 Bento v.1.6.0-641 allows a remote attacker to execute arbitrary code via the AP4 BitReader::ReadCache() at Ap4Utils.cpp component. | ||||
| CVE-2024-0166 | 1 Dell | 1 Unity Operating Environment | 2025-05-06 | 7.8 High |
| Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_tcpdump utility. An authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands with elevated privileges. | ||||
| CVE-2024-0170 | 1 Dell | 1 Unity Operating Environment | 2025-05-06 | 7.8 High |
| Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_cava utility. An authenticated attacker could potentially exploit this vulnerability, escaping the restricted shell and execute arbitrary operating system commands with root privileges. | ||||
| CVE-2024-0167 | 1 Dell | 1 Unity Operating Environment | 2025-05-06 | 7.8 High |
| Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in the svc_topstats utility. An authenticated attacker could potentially exploit this vulnerability, leading to the ability to overwrite arbitrary files on the file system with root privileges. | ||||
| CVE-2024-0165 | 1 Dell | 1 Unity Operating Environment | 2025-05-06 | 7.8 High |
| Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_acldb_dump utility. An authenticated attacker could potentially exploit this vulnerability, leading to execution of arbitrary operating system commands with root privileges. | ||||
| CVE-2022-32925 | 1 Apple | 3 Iphone Os, Tvos, Watchos | 2025-05-06 | 7.1 High |
| An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 16, iOS 16, watchOS 9. An app may be able to cause unexpected system termination or write kernel memory. | ||||
| CVE-2022-32866 | 1 Apple | 3 Macos, Tvos, Watchos | 2025-05-06 | 7.8 High |
| The issue was addressed with improved memory handling. This issue is fixed in macOS Big Sur 11.7, macOS Ventura 13, watchOS 9, macOS Monterey 12.6, tvOS 16. An app may be able to execute arbitrary code with kernel privileges. | ||||
| CVE-2022-32865 | 1 Apple | 2 Iphone Os, Macos | 2025-05-06 | 7.8 High |
| The issue was addressed with improved memory handling. This issue is fixed in iOS 16, macOS Ventura 13. An app may be able to execute arbitrary code with kernel privileges. | ||||
| CVE-2022-32827 | 1 Apple | 2 Iphone Os, Macos | 2025-05-06 | 5.5 Medium |
| A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 16, macOS Ventura 13. An app may be able to cause a denial-of-service. | ||||
| CVE-2025-30216 | 1 Nasa | 1 Cryptolib | 2025-05-06 | 9.4 Critical |
| CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. In versions 1.3.3 and prior, a Heap Overflow vulnerability occurs in the `Crypto_TM_ProcessSecurity` function (`crypto_tm.c:1735:8`). When processing the Secondary Header Length of a TM protocol packet, if the Secondary Header Length exceeds the packet's total length, a heap overflow is triggered during the memcpy operation that copies packet data into the dynamically allocated buffer `p_new_dec_frame`. This allows an attacker to overwrite adjacent heap memory, potentially leading to arbitrary code execution or system instability. A patch is available at commit 810fd66d592c883125272fef123c3240db2f170f. | ||||
| CVE-2022-40741 | 1 Softnext | 1 Mail Sqr Expert | 2025-05-06 | 9.8 Critical |
| Mail SQR Expert’s specific function has insufficient filtering for special characters. An unauthenticated remote attacker can exploit this vulnerability to perform arbitrary system command and disrupt service. | ||||
| CVE-2023-46257 | 2 Ivanti, Microsoft | 2 Avalanche, Windows | 2025-05-06 | 9.8 Critical |
| An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution. | ||||
| CVE-2023-41727 | 2 Ivanti, Microsoft | 2 Avalanche, Windows | 2025-05-06 | 9.8 Critical |
| An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution. | ||||
| CVE-2022-44079 | 1 Pycdc Project | 1 Pycdc | 2025-05-06 | 5.5 Medium |
| pycdc commit 44a730f3a889503014fec94ae6e62d8401cb75e5 was discovered to contain a stack overflow via the component __sanitizer::StackDepotBase<__sanitizer::StackDepotNode. | ||||
| CVE-2022-43152 | 1 Tsmuxer Project | 1 Tsmuxer | 2025-05-06 | 5.5 Medium |
| tsMuxer v2.6.16 was discovered to contain a heap overflow via the function BitStreamWriter::flushBits() at /tsMuxer/bitStream.h. | ||||
| CVE-2022-43148 | 1 Rtf2html Project | 1 Rtf2html | 2025-05-06 | 5.5 Medium |
| rtf2html v0.2.0 was discovered to contain a heap overflow in the component /rtf2html/./rtf_tools.h. | ||||
| CVE-2022-32932 | 1 Apple | 3 Ipados, Iphone Os, Watchos | 2025-05-06 | 7.8 High |
| The issue was addressed with improved memory handling. This issue is fixed in iOS 15.7.1 and iPadOS 15.7.1, iOS 16.1 and iPadOS 16, watchOS 9.1. An app may be able to execute arbitrary code with kernel privileges. | ||||
| CVE-2018-18600 | 1 Guardzilla | 4 180 Indoor, 180 Indoor Firmware, 180 Outdoor and 1 more | 2025-05-06 | 8.1 High |
| The remote upgrade feature in Guardzilla GZ180 devices allow command injection via a crafted new firmware version parameter. | ||||