Filtered by vendor
Subscriptions
Total
196 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2025-46393 | 1 Imagemagick | 1 Imagemagick | 2025-04-29 | 2.9 Low |
In multispectral MIFF image processing in ImageMagick before 7.1.1-44, packet_size is mishandled (related to the rendering of all channels in an arbitrary order). | ||||
CVE-2022-32630 | 2 Google, Mediatek | 6 Android, Mt6789, Mt6855 and 3 more | 2025-04-24 | 6.7 Medium |
In throttling, there is a possible out of bounds write due to an incorrect calculation of buffer size. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07405966; Issue ID: ALPS07405966. | ||||
CVE-2022-32624 | 2 Google, Mediatek | 8 Android, Mt6789, Mt6855 and 5 more | 2025-04-24 | 6.7 Medium |
In throttling, there is a possible out of bounds write due to an incorrect calculation of buffer size. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07405923; Issue ID: ALPS07405923. | ||||
CVE-2022-39377 | 4 Debian, Fedoraproject, Redhat and 1 more | 4 Debian Linux, Fedora, Enterprise Linux and 1 more | 2025-04-22 | 7 High |
sysstat is a set of system performance tools for the Linux operating system. On 32 bit systems, in versions 9.1.16 and newer but prior to 12.7.1, allocate_structures contains a size_t overflow in sa_common.c. The allocate_structures function insufficiently checks bounds before arithmetic multiplication, allowing for an overflow in the size allocated for the buffer representing system activities. This issue may lead to Remote Code Execution (RCE). This issue has been patched in version 12.7.1. | ||||
CVE-2022-41885 | 1 Google | 1 Tensorflow | 2025-04-22 | 4.8 Medium |
TensorFlow is an open source platform for machine learning. When `tf.raw_ops.FusedResizeAndPadConv2D` is given a large tensor shape, it overflows. We have patched the issue in GitHub commit d66e1d568275e6a2947de97dca7a102a211e01ce. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range. | ||||
CVE-2022-41886 | 1 Google | 1 Tensorflow | 2025-04-22 | 4.8 Medium |
TensorFlow is an open source platform for machine learning. When `tf.raw_ops.ImageProjectiveTransformV2` is given a large output shape, it overflows. We have patched the issue in GitHub commit 8faa6ea692985dbe6ce10e1a3168e0bd60a723ba. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range. | ||||
CVE-2022-41887 | 1 Google | 1 Tensorflow | 2025-04-22 | 4.8 Medium |
TensorFlow is an open source platform for machine learning. `tf.keras.losses.poisson` receives a `y_pred` and `y_true` that are passed through `functor::mul` in `BinaryOp`. If the resulting dimensions overflow an `int32`, TensorFlow will crash due to a size mismatch during broadcast assignment. We have patched the issue in GitHub commit c5b30379ba87cbe774b08ac50c1f6d36df4ebb7c. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1 and 2.9.3, as these are also affected and still in supported range. However, we will not cherrypick this commit into TensorFlow 2.8.x, as it depends on Eigen behavior that changed between 2.8 and 2.9. | ||||
CVE-2022-41907 | 1 Google | 1 Tensorflow | 2025-04-22 | 4.8 Medium |
TensorFlow is an open source platform for machine learning. When `tf.raw_ops.ResizeNearestNeighborGrad` is given a large `size` input, it overflows. We have patched the issue in GitHub commit 00c821af032ba9e5f5fa3fe14690c8d28a657624. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range. | ||||
CVE-2017-0569 | 1 Linux | 1 Linux Kernel | 2025-04-20 | N/A |
An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34198729. References: B-RB#110666. | ||||
CVE-2017-0166 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2025-04-20 | N/A |
An elevation of privilege vulnerability exists in Windows when LDAP request buffer lengths are improperly calculated. In a remote attack scenario, an attacker could exploit this vulnerability by running a specially crafted application to send malicious traffic to a Domain Controller, aka "LDAP Elevation of Privilege Vulnerability." | ||||
CVE-2016-9011 | 1 Wvware | 1 Libwmf | 2025-04-20 | N/A |
The wmf_malloc function in api.c in libwmf 0.2.8.4 allows remote attackers to cause a denial of service (application crash) via a crafted wmf file, which triggers a memory allocation failure. | ||||
CVE-2016-8687 | 2 Libarchive, Opensuse | 2 Libarchive, Leap | 2025-04-20 | N/A |
Stack-based buffer overflow in the safe_fprintf function in tar/util.c in libarchive 3.2.1 allows remote attackers to cause a denial of service via a crafted non-printable multibyte character in a filename. | ||||
CVE-2017-14934 | 1 Gnu | 1 Binutils | 2025-04-20 | N/A |
process_debug_info in dwarf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (infinite loop) via a crafted ELF file that contains a negative size value in a CU structure. | ||||
CVE-2017-17760 | 2 Debian, Opencv | 2 Debian Linux, Opencv | 2025-04-20 | 6.5 Medium |
OpenCV 3.3.1 has a Buffer Overflow in the cv::PxMDecoder::readData function in grfmt_pxm.cpp, because an incorrect size value is used. | ||||
CVE-2014-9984 | 1 Gnu | 1 Glibc | 2025-04-20 | N/A |
nscd in the GNU C Library (aka glibc or libc6) before version 2.20 does not correctly compute the size of an internal buffer when processing netgroup requests, possibly leading to an nscd daemon crash or code execution as the user running nscd. | ||||
CVE-2017-0715 | 1 Google | 1 Android | 2025-04-20 | N/A |
A remote code execution vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36998372. | ||||
CVE-2016-8688 | 2 Libarchive, Opensuse | 2 Libarchive, Leap | 2025-04-20 | N/A |
The mtree bidder in libarchive 3.2.1 does not keep track of line sizes when extending the read-ahead, which allows remote attackers to cause a denial of service (crash) via a crafted file, which triggers an invalid read in the (1) detect_form or (2) bid_entry function in libarchive/archive_read_support_format_mtree.c. | ||||
CVE-2015-5237 | 1 Google | 1 Protobuf | 2025-04-20 | 8.8 High |
protobuf allows remote authenticated attackers to cause a heap-based buffer overflow. | ||||
CVE-2017-0620 | 2 Google, Linux | 2 Android, Linux Kernel | 2025-04-20 | N/A |
An elevation of privilege vulnerability in the Qualcomm Secure Channel Manager driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-35401052. References: QC-CR#1081711. | ||||
CVE-2015-7975 | 1 Ntp | 1 Ntp | 2025-04-20 | N/A |
The nextvar function in NTP before 4.2.8p6 and 4.3.x before 4.3.90 does not properly validate the length of its input, which allows an attacker to cause a denial of service (application crash). |