Total
13026 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-16928 | 4 Canonical, Debian, Exim and 1 more | 4 Ubuntu Linux, Debian Linux, Exim and 1 more | 2025-11-07 | 7.5 HIGH | 9.8 CRITICAL |
| Exim 4.92 through 4.92.2 allows remote code execution, a different vulnerability than CVE-2019-15846. There is a heap-based buffer overflow in string_vformat in string.c involving a long EHLO command. | |||||
| CVE-2022-49804 | 1 Linux | 1 Linux Kernel | 2025-11-07 | N/A | 7.8 HIGH |
| In the Linux kernel, the following vulnerability has been resolved: s390: avoid using global register for current_stack_pointer Commit 30de14b1884b ("s390: current_stack_pointer shouldn't be a function") made current_stack_pointer a global register variable like on many other architectures. Unfortunately on s390 it uncovers old gcc bug which is fixed only since gcc-9.1 [gcc commit 3ad7fed1cc87 ("S/390: Fix PR89775. Stackpointer save/restore instructions removed")] and backported to gcc-8.4 and later. Due to this bug gcc versions prior to 8.4 generate broken code which leads to stack corruptions. Current minimal gcc version required to build the kernel is declared as 5.1. It is not possible to fix all old gcc versions, so work around this problem by avoiding using global register variable for current_stack_pointer. | |||||
| CVE-2025-12602 | 1 Azure-access | 4 Blu-ic2, Blu-ic2 Firmware, Blu-ic4 and 1 more | 2025-11-07 | N/A | 9.8 CRITICAL |
| /etc/avahi/services/z9.service can be Arbitrarily Written.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5. | |||||
| CVE-2025-12603 | 1 Azure-access | 4 Blu-ic2, Blu-ic2 Firmware, Blu-ic4 and 1 more | 2025-11-07 | N/A | 9.8 CRITICAL |
| /etc/timezone can be Arbitrarily Written.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5. | |||||
| CVE-2025-2915 | 1 Hdfgroup | 1 Hdf5 | 2025-11-07 | 1.7 LOW | 3.3 LOW |
| A vulnerability classified as problematic was found in HDF5 up to 1.14.6. This vulnerability affects the function H5F__accum_free of the file src/H5Faccum.c. The manipulation of the argument overlap_size leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-21071 | 1 Samsung | 1 Android | 2025-11-07 | N/A | 5.7 MEDIUM |
| Out-of-bounds write in handling opcode in fingerprint trustlet prior to SMR Nov-2025 Release 1 allows local privileged attackers to write out-of-bounds memory. | |||||
| CVE-2025-21075 | 1 Samsung | 1 Android | 2025-11-07 | N/A | 4.3 MEDIUM |
| Out-of-bounds write in libimagecodec.quram.so prior to SMR Nov-2025 Release 1 allows remote attackers to access out-of-bounds memory. | |||||
| CVE-2025-27374 | 1 Samsung | 22 Exynos 1080, Exynos 1080 Firmware, Exynos 1280 and 19 more | 2025-11-07 | N/A | 5.3 MEDIUM |
| An issue was discovered in the Secure Boot component in Samsung Mobile Processor and Wearable Processor Exynos 9820, 9825, 980, 990, 850, 1080, 1280, 2200, 1330, 1380, 1480, 2400. The lack of a length check leads to out-of-bounds writes. | |||||
| CVE-2024-56426 | 1 Samsung | 28 Exynos 1080, Exynos 1080 Firmware, Exynos 1280 and 25 more | 2025-11-07 | N/A | 7.5 HIGH |
| An issue was discovered in Samsung Mobile Processor and Wearable Processor Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, W920, W930, W1000. The lack of a length check leads to out-of-bounds writes via malformed USB packets to the target. | |||||
| CVE-2025-52513 | 1 Samsung | 6 Exynos 1580, Exynos 1580 Firmware, Exynos 2400 and 3 more | 2025-11-07 | N/A | 7.5 HIGH |
| An issue was discovered in Samsung Mobile Processor Exynos 2400, 1580, 2500. A race condition in the HTS driver results in an out-of-bounds write, leading to a denial of service. | |||||
| CVE-2024-5696 | 2 Debian, Mozilla | 3 Debian Linux, Firefox, Thunderbird | 2025-11-06 | N/A | 8.6 HIGH |
| By manipulating the text in an `<input>` tag, an attacker could have caused corrupt memory leading to a potentially exploitable crash. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thunderbird < 115.12. | |||||
| CVE-2024-37006 | 1 Autodesk | 9 Advance Steel, Autocad, Autocad Architecture and 6 more | 2025-11-06 | N/A | 7.8 HIGH |
| A maliciously crafted CATPRODUCT file, when parsed in CC5Dll.dll through Autodesk applications, can lead to a memory corruption vulnerability by write access violation. This vulnerability, in conjunction with other vulnerabilities, can lead to code execution in the context of the current process. | |||||
| CVE-2025-33133 | 3 Ibm, Linux, Microsoft | 5 Aix, Db2 High Performance Unload Load, Linux On Ibm Z and 2 more | 2025-11-06 | N/A | 6.5 MEDIUM |
| IBM DB2 High Performance Unload 6.1.0.3, 5.1.0.1, 6.1.0.2, 6.5, 6.5.0.0 IF1, 6.1.0.1, 6.1, and 5.1 could allow an authenticated user to cause the program to crash due an out of bounds write. | |||||
| CVE-2025-41679 | 1 Mbconnectline | 2 Mbnet.mini, Mbnet.mini Firmware | 2025-11-06 | N/A | 5.3 MEDIUM |
| An unauthenticated remote attacker could exploit a buffer overflow vulnerability in the device causing a denial of service that affects only the network initializing wizard (Conftool) service. | |||||
| CVE-2023-4911 | 6 Canonical, Debian, Fedoraproject and 3 more | 38 Ubuntu Linux, Debian Linux, Fedora and 35 more | 2025-11-06 | N/A | 7.8 HIGH |
| A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges. | |||||
| CVE-2021-4034 | 7 Canonical, Oracle, Polkit Project and 4 more | 31 Ubuntu Linux, Http Server, Zfs Storage Appliance Kit and 28 more | 2025-11-06 | 7.2 HIGH | 7.8 HIGH |
| A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn't handle the calling parameters count correctly and ends trying to execute environment variables as commands. An attacker can leverage this by crafting environment variables in such a way it'll induce pkexec to execute arbitrary code. When successfully executed the attack can cause a local privilege escalation given unprivileged users administrative rights on the target machine. | |||||
| CVE-2024-23225 | 1 Apple | 6 Ipados, Iphone Os, Macos and 3 more | 2025-11-05 | N/A | 7.8 HIGH |
| A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 16.7.6 and iPadOS 16.7.6, iOS 17.4 and iPadOS 17.4. An attacker with arbitrary kernel read and write capability may be able to bypass kernel memory protections. Apple is aware of a report that this issue may have been exploited. | |||||
| CVE-2024-23296 | 1 Apple | 6 Ipados, Iphone Os, Macos and 3 more | 2025-11-05 | N/A | 7.8 HIGH |
| A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 17.4 and iPadOS 17.4. An attacker with arbitrary kernel read and write capability may be able to bypass kernel memory protections. Apple is aware of a report that this issue may have been exploited. | |||||
| CVE-2025-20727 | 1 Mediatek | 89 Lr12a, Mt2735, Mt2737 and 86 more | 2025-11-05 | N/A | 7.5 HIGH |
| In Modem, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote escalation of privilege, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01672601; Issue ID: MSV-4623. | |||||
| CVE-2025-27054 | 1 Qualcomm | 598 315 5g Iot Modem, 315 5g Iot Modem Firmware, 9205 Lte Modem and 595 more | 2025-11-05 | N/A | 7.8 HIGH |
| Memory corruption while processing a malformed license file during reboot. | |||||