Export limit exceeded: 20268 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (20268 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-22613 | 1 Insyde | 1 Insydeh2o | 2025-02-11 | 8.8 High |
| An issue was discovered in IhisiSmm in Insyde InsydeH2O with kernel 5.0 through 5.5. It is possible to write to an attacker-controlled address. An attacker could invoke an SMI handler with a malformed pointer in RCX that overlaps SMRAM, resulting in SMM memory corruption. | ||||
| CVE-2021-46879 | 1 Treasuredata | 1 Fluent Bit | 2025-02-11 | 7.8 High |
| An issue was discovered in Treasure Data Fluent Bit 1.7.1, a wrong variable is used to get the msgpack data resulting in a heap overflow in flb_msgpack_gelf_value_ext. An attacker can craft a malicious file and tick the victim to open the file with the software, triggering a heap overflow and execute arbitrary code on the target system. | ||||
| CVE-2023-27718 | 1 Dlink | 2 Dir878, Dir878 Firmware | 2025-02-11 | 9.8 Critical |
| D-Link DIR878 1.30B08 was discovered to contain a stack overflow in the sub_498308 function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload. | ||||
| CVE-2025-21161 | 2025-02-11 | 7.8 High | ||
| Substance3D - Designer versions 14.0.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2023-26482 | 1 Nextcloud | 1 Nextcloud Server | 2025-02-11 | 9.1 Critical |
| Nextcloud server is an open source home cloud implementation. In affected versions a missing scope validation allowed users to create workflows which are designed to be only available for administrators. Some workflows are designed to be RCE by invoking defined scripts, in order to generate PDFs, invoking webhooks or running scripts on the server. Due to this combination depending on the available apps the issue can result in a RCE at the end. It is recommended that the Nextcloud Server is upgraded to 24.0.10 or 25.0.4. Users unable to upgrade should disable app `workflow_scripts` and `workflow_pdf_converter` as a mitigation. | ||||
| CVE-2023-22612 | 1 Insyde | 1 Insydeh2o | 2025-02-11 | 8.8 High |
| An issue was discovered in IhisiSmm in Insyde InsydeH2O with kernel 5.0 through 5.5. A malicious host OS can invoke an Insyde SMI handler with malformed arguments, resulting in memory corruption in SMM. | ||||
| CVE-2022-42858 | 1 Apple | 1 Macos | 2025-02-11 | 7.8 High |
| A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Ventura 13.1. An app may be able to execute arbitrary code with kernel privileges | ||||
| CVE-2024-2448 | 2 Kemptechnologies, Progress | 2 Loadmaster, Loadmaster | 2025-02-11 | 8.4 High |
| An OS command injection vulnerability has been identified in LoadMaster. An authenticated UI user with any permission settings may be able to inject commands into a UI component using a shell command resulting in OS command injection. | ||||
| CVE-2024-45720 | 2 Apache, Microsoft | 2 Subversion, Windows | 2025-02-11 | 8.2 High |
| On Windows platforms, a "best fit" character encoding conversion of command line arguments to Subversion's executables (e.g., svn.exe, etc.) may lead to unexpected command line argument interpretation, including argument injection and execution of other programs, if a specially crafted command line argument string is processed. All versions of Subversion up to and including Subversion 1.14.3 are affected on Windows platforms only. Users are recommended to upgrade to version Subversion 1.14.4, which fixes this issue. Subversion is not affected on UNIX-like platforms. | ||||
| CVE-2022-46709 | 1 Apple | 1 Iphone Os | 2025-02-11 | 9.8 Critical |
| A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Ventura 13, iOS 16. An app may be able to execute arbitrary code with kernel privileges | ||||
| CVE-2023-0186 | 2 Microsoft, Nvidia | 2 Windows, Virtual Gpu | 2025-02-11 | 6.1 Medium |
| NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer, where an out-of-bounds write can lead to denial of service and data tampering. | ||||
| CVE-2023-0208 | 2 Linux, Nvidia | 2 Linux Kernel, Data Center Gpu Manager | 2025-02-11 | 8.4 High |
| NVIDIA DCGM for Linux contains a vulnerability in HostEngine (server component) where a user may cause a heap-based buffer overflow through the bound socket. A successful exploit of this vulnerability may lead to denial of service and data tampering. | ||||
| CVE-2023-0182 | 2 Microsoft, Nvidia | 2 Windows, Virtual Gpu | 2025-02-11 | 7.8 High |
| NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer, where an out-of-bounds write can lead to denial of service, information disclosure, and data tampering. | ||||
| CVE-2023-26554 | 1 Ntp | 1 Ntp | 2025-02-11 | 5.6 Medium |
| mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write when adding a '\0' character. An adversary may be able to attack a client ntpq process, but cannot attack ntpd. | ||||
| CVE-2023-26553 | 1 Ntp | 1 Ntp | 2025-02-11 | 5.6 Medium |
| mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write when copying the trailing number. An adversary may be able to attack a client ntpq process, but cannot attack ntpd. | ||||
| CVE-2023-26552 | 1 Ntp | 1 Ntp | 2025-02-11 | 5.6 Medium |
| mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write when adding a decimal point. An adversary may be able to attack a client ntpq process, but cannot attack ntpd. | ||||
| CVE-2023-26551 | 1 Ntp | 1 Ntp | 2025-02-11 | 5.6 Medium |
| mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write in the cp<cpdec while loop. An adversary may be able to attack a client ntpq process, but cannot attack ntpd. | ||||
| CVE-2023-26064 | 1 Lexmark | 217 6500e, B2236, B2338 and 214 more | 2025-02-11 | 9.8 Critical |
| Certain Lexmark devices through 2023-02-19 have an Out-of-bounds Write. | ||||
| CVE-2024-12695 | 1 Google | 1 Chrome | 2025-02-11 | 8.8 High |
| Out of bounds write in V8 in Google Chrome prior to 131.0.6778.204 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2023-0977 | 3 Linux, Microsoft, Trellix | 3 Linux Kernel, Windows, Agent | 2025-02-11 | 6.7 Medium |
| A heap-based overflow vulnerability in Trellix Agent (Windows and Linux) version 5.7.8 and earlier, allows a remote user to alter the page heap in the macmnsvc process memory block resulting in the service becoming unavailable. | ||||