Total
143 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-5700 | 2 Mozilla, Redhat | 7 Firefox, Thunderbird, Enterprise Linux and 4 more | 2025-04-04 | 7.0 High |
| Memory safety bugs present in Firefox 126, Firefox ESR 115.11, and Thunderbird 115.11. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thunderbird < 115.12. | ||||
| CVE-2024-27829 | 1 Apple | 1 Macos | 2025-02-13 | 7.5 High |
| The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.5. Processing a file may lead to unexpected app termination or arbitrary code execution. | ||||
| CVE-2024-27828 | 1 Apple | 6 Ipad Os, Ipados, Iphone Os and 3 more | 2025-02-13 | 7 High |
| The issue was addressed with improved memory handling. This issue is fixed in visionOS 1.2, watchOS 10.5, tvOS 17.5, iOS 17.5 and iPadOS 17.5. An app may be able to execute arbitrary code with kernel privileges. | ||||
| CVE-2024-21618 | 1 Juniper | 2 Junos, Junos Os Evolved | 2025-02-06 | 6.5 Medium |
| An Access of Memory Location After End of Buffer vulnerability in the Layer-2 Control Protocols Daemon (l2cpd) of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent, unauthenticated attacker to cause Denial of Service (DoS). On all Junos OS and Junos OS Evolved platforms, when LLDP is enabled on a specific interface, and a malformed LLDP packet is received, l2cpd crashes and restarts. The impact of the l2cpd crash is reinitialization of STP protocols (RSTP, MSTP or VSTP), and MVRP and ERP. Also, if any services depend on LLDP state (like PoE or VoIP device recognition), then these will also be affected. This issue affects: Junos OS: * from 21.4 before 21.4R3-S4, * from 22.1 before 22.1R3-S4, * from 22.2 before 22.2R3-S2, * from 22.3 before 22.3R2-S2, 22.3R3-S1, * from 22.4 before 22.4R3, * from 23.2 before 23.2R2. Junos OS Evolved: * from 21.4-EVO before 21.4R3-S5-EVO, * from 22.1-EVO before 22.1R3-S4-EVO, * from 22.2-EVO before 22.2R3-S2-EVO, * from 22.3-EVO before 22.3R2-S2-EVO, 22.3R3-S1-EVO, * from 22.4-EVO before 22.4R3-EVO, * from 23.2-EVO before 23.2R2-EVO. This issue does not affect: * Junos OS versions prior to 21.4R1; * Junos OS Evolved versions prior to 21.4R1-EVO. | ||||
| CVE-2023-0200 | 1 Nvidia | 2 Bmc, Dgx-2 | 2025-02-04 | 7.5 High |
| NVIDIA DGX-2 contains a vulnerability in OFBD where a user with high privileges and a pre-conditioned heap can cause an access beyond a buffers end, which may lead to code execution, escalation of privileges, denial of service, and information disclosure. | ||||
| CVE-2023-25506 | 1 Nvidia | 2 Dgx-1, Sbios | 2025-02-04 | 7.5 High |
| NVIDIA DGX-1 contains a vulnerability in Ofbd in AMI SBIOS, where a preconditioned heap can allow a user with elevated privileges to cause an access beyond the end of a buffer, which may lead to code execution, escalation of privileges, denial of service and information disclosure. The scope of the impact of this vulnerability can extend to other components. | ||||
| CVE-2024-0154 | 1 Dell | 248 Dss 8440, Dss 8440 Firmware, Emc Xc Core 6420 System and 245 more | 2025-01-31 | 3.8 Low |
| Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain an improper parameter initialization vulnerability. A local low privileged attacker could potentially exploit this vulnerability to read the contents of non-SMM stack memory. | ||||
| CVE-2024-0173 | 1 Dell | 248 Dss 8440, Dss 8440 Firmware, Emc Xc Core 6420 System and 245 more | 2025-01-31 | 3.8 Low |
| Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain an improper parameter initialization vulnerability. A local low privileged attacker could potentially exploit this vulnerability to read the contents of non-SMM stack memory. | ||||
| CVE-2023-22297 | 1 Intel | 20 Server System D50tnp1mhcpac, Server System D50tnp1mhcpac Firmware, Server System D50tnp1mhcrac and 17 more | 2025-01-27 | 8.2 High |
| Access of memory location after end of buffer in some Intel(R) Server Board BMC firmware before version 2.90 may allow a privileged user to enable escalation of privilege via local access. | ||||
| CVE-2023-0103 | 1 Ls-electric | 2 Xbc-dn32u, Xbc-dn32u Firmware | 2025-01-16 | 7.5 High |
| If an attacker were to access memory locations of LS ELECTRIC XBC-DN32U with operating system version 01.80 that are outside of the communication buffer, the device stops operating. This could allow an attacker to cause a denial-of-service condition. | ||||
| CVE-2024-38304 | 1 Dell | 62 Dss 8440, Dss 8440 Firmware, Emc Storage Nx3240 and 59 more | 2024-12-20 | 3.8 Low |
| Dell PowerEdge Platform, 14G Intel BIOS version(s) prior to 2.22.x, contains an Access of Memory Location After End of Buffer vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information disclosure. | ||||
| CVE-2024-44244 | 2 Apple, Redhat | 12 Ipados, Iphone Os, Macos and 9 more | 2024-12-06 | 4.3 Medium |
| A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 18.1 and iPadOS 18.1, watchOS 11.1, visionOS 2.1, tvOS 18.1, macOS Sequoia 15.1, Safari 18.1. Processing maliciously crafted web content may lead to an unexpected process crash. | ||||
| CVE-2024-0074 | 2024-11-21 | 7.1 High | ||
| NVIDIA GPU Display Driver for Linux contains a vulnerability where an attacker may access a memory location after the end of the buffer. A successful exploit of this vulnerability may lead to denial of service and data tampering. | ||||
| CVE-2023-38570 | 4 Apple, Google, Intel and 1 more | 4 Iphone Os, Android, Unison Software and 1 more | 2024-11-21 | 5.3 Medium |
| Access of memory location after end of buffer for some Intel Unison software may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2023-20169 | 1 Cisco | 35 Nexus 3048, Nexus 31108pc-v, Nexus 31108tc-v and 32 more | 2024-11-21 | 7.4 High |
| A vulnerability in the Intermediate System-to-Intermediate System (IS-IS) protocol of Cisco NX-OS Software for the Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode could allow an unauthenticated, adjacent attacker to cause the IS-IS process to unexpectedly restart, which could cause an affected device to reload. This vulnerability is due to insufficient input validation when parsing an ingress IS-IS packet. An attacker could exploit this vulnerability by sending a crafted IS-IS packet to an affected device. A successful exploit could allow the attacker to cause a denial of service (DoS) condition due to the unexpected restart of the IS-IS process, which could cause the affected device to reload. Note: The IS-IS protocol is a routing protocol. To exploit this vulnerability, an attacker must be Layer 2 adjacent to the affected device. | ||||
| CVE-2022-24893 | 1 Espressif | 1 Esp-idf | 2024-11-21 | 7.5 High |
| ESP-IDF is the official development framework for Espressif SoCs. In Espressif’s Bluetooth Mesh SDK (`ESP-BLE-MESH`), a memory corruption vulnerability can be triggered during provisioning, because there is no check for the `SegN` field of the Transaction Start PDU. This can result in memory corruption related attacks and potentially attacker gaining control of the entire system. Patch commits are available on the 4.1, 4.2, 4.3 and 4.4 branches and users are recommended to upgrade. The upgrade is applicable for all applications and users of `ESP-BLE-MESH` component from `ESP-IDF`. As it is implemented in the Bluetooth Mesh stack, there is no workaround for the user to fix the application layer without upgrading the underlying firmware. | ||||
| CVE-2022-1451 | 1 Radare | 1 Radare2 | 2024-11-21 | 7.1 High |
| Out-of-bounds Read in r_bin_java_constant_value_attr_new function in GitHub repository radareorg/radare2 prior to 5.7.0. The bug causes the program reads data past the end 2f the intented buffer. Typically, this can allow attackers to read sensitive information from other memory locations or cause a crash. More details see [CWE-125: Out-of-bounds read](https://cwe.mitre.org/data/definitions/125.html). | ||||
| CVE-2022-0521 | 2 Fedoraproject, Radare | 2 Fedora, Radare2 | 2024-11-21 | 7.1 High |
| Access of Memory Location After End of Buffer in GitHub repository radareorg/radare2 prior to 5.6.2. | ||||
| CVE-2021-45067 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2024-11-21 | 5.5 Medium |
| Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by an Access of Memory Location After End of Buffer vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2021-44712 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2024-11-21 | 5.5 Medium |
| Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by an Access of Memory Location After End of Buffer vulnerability that could lead to application denial-of-service. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||