Search Results (21063 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-46449 1 Musicpd 1 Music Player Daemon 2025-04-09 7.5 High
An issue in MPD (Music Player Daemon) v0.23.10 allows attackers to cause a Denial of Service (DoS) via a crafted input.
CVE-2023-51699 1 Linuxfoundation 1 Fluid 2025-04-09 4 Medium
Fluid is an open source Kubernetes-native Distributed Dataset Orchestrator and Accelerator for data-intensive applications. An OS command injection vulnerability within the Fluid project's JuicefsRuntime can potentially allow an authenticated user, who has the authority to create or update the K8s CRD Dataset/JuicefsRuntime, to execute arbitrary OS commands within the juicefs related containers. This could lead to unauthorized access, modification or deletion of data. Users who're using versions < 0.9.3 with JuicefsRuntime should upgrade to v0.9.3.
CVE-2025-20656 5 Google, Linuxfoundation, Mediatek and 2 more 20 Android, Yocto, Mt6781 and 17 more 2025-04-09 6.8 Medium
In DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09625423; Issue ID: MSV-3033.
CVE-2025-20658 2 Google, Mediatek 19 Android, Mt2718, Mt6781 and 16 more 2025-04-09 6 Medium
In DA, there is a possible permission bypass due to a logic error. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09474894; Issue ID: MSV-2597.
CVE-2022-40517 1 Qualcomm 362 Aqt1000, Aqt1000 Firmware, Ar8031 and 359 more 2025-04-09 8.4 High
Memory corruption in core due to stack-based buffer overflow
CVE-2022-40516 1 Qualcomm 368 Aqt1000, Aqt1000 Firmware, Ar8031 and 365 more 2025-04-09 8.4 High
Memory corruption in Core due to stack-based buffer overflow.
CVE-2022-33300 1 Qualcomm 102 Qam8295p, Qam8295p Firmware, Qca6174a and 99 more 2025-04-09 8.4 High
Memory corruption in Automotive Android OS due to improper input validation.
CVE-2022-33286 1 Qualcomm 562 Apq8009, Apq8009 Firmware, Apq8017 and 559 more 2025-04-09 7.5 High
Transient DOS due to buffer over-read in WLAN while processing 802.11 management frames.
CVE-2022-33285 1 Qualcomm 556 Apq8009, Apq8009 Firmware, Apq8017 and 553 more 2025-04-09 7.5 High
Transient DOS due to buffer over-read in WLAN while parsing WLAN CSA action frames.
CVE-2022-33284 1 Qualcomm 352 Aqt1000, Aqt1000 Firmware, Ar8035 and 349 more 2025-04-09 8.2 High
Information disclosure due to buffer over-read in WLAN while parsing BTM action frame.
CVE-2022-33283 1 Qualcomm 268 Ar8035, Ar8035 Firmware, Ar9380 and 265 more 2025-04-09 8.2 High
Information disclosure due to buffer over-read in WLAN while WLAN frame parsing due to missing frame length check.
CVE-2022-33265 1 Qualcomm 6 Qca7500, Qca7500 Firmware, Qca7520 and 3 more 2025-04-09 7.3 High
Memory corruption due to information exposure in Powerline Communication Firmware while sending different MMEs from a single, unassociated device.
CVE-2022-33255 1 Qualcomm 184 Apq8009, Apq8009 Firmware, Ar8031 and 181 more 2025-04-09 8.2 High
Information disclosure due to buffer over-read in Bluetooth HOST while processing GetFolderItems and GetItemAttribute Cmds from peer device.
CVE-2021-46791 1 Amd 2 Milanpi, Milanpi Firmware 2025-04-09 5.5 Medium
Insufficient input validation during parsing of the System Management Mode (SMM) binary may allow a maliciously crafted SMM executable binary to corrupt Dynamic Root of Trust for Measurement (DRTM) user application memory that may result in a potential denial of service.
CVE-2021-46779 1 Amd 6 Milanpi, Milanpi Firmware, Naplespi and 3 more 2025-04-09 7.1 High
Insufficient input validation in SVC_ECC_PRIMITIVE system call in a compromised user application or ABL may allow an attacker to corrupt ASP (AMD Secure Processor) OS memory which may lead to potential loss of integrity and availability.
CVE-2021-26398 1 Amd 128 Epyc 7001, Epyc 7001 Firmware, Epyc 7002 and 125 more 2025-04-09 7.8 High
Insufficient input validation in SYS_KEY_DERIVE system call in a compromised user application or ABL may allow an attacker to corrupt ASP (AMD Secure Processor) OS memory which may lead to potential arbitrary code execution.
CVE-2022-36926 1 Zoom 1 Rooms 2025-04-09 8.8 High
Zoom Rooms for macOS clients before version 5.11.3 contain a local privilege escalation vulnerability. A local low-privileged user could exploit this vulnerability to escalate their privileges to root.
CVE-2022-43970 1 Linksys 2 Wrt54gl, Wrt54gl Firmware 2025-04-09 7.2 High
A buffer overflow vulnerability exists in Linksys WRT54GL Wireless-G Broadband Router with firmware <= 4.30.18.006. A stack-based buffer overflow in the Start_EPI function within the httpd binary allows an authenticated attacker with administrator privileges to execute arbitrary commands on the underlying Linux operating system as root. This vulnerablity can be triggered over the network via a malicious POST request to /apply.cgi.
CVE-2022-43971 1 Linksys 2 Wumc710, Wumc710 Firmware 2025-04-09 7.2 High
An arbitrary code exection vulnerability exists in Linksys WUMC710 Wireless-AC Universal Media Connector with firmware <= 1.0.02 (build3). The do_setNTP function within the httpd binary uses unvalidated user input in the construction of a system command. An authenticated attacker with administrator privileges can leverage this vulnerability over the network via a malicious GET or POST request to /setNTP.cgi to execute arbitrary commands on the underlying Linux operating system as root.
CVE-2024-32302 1 Tenda 2 Fh1202, Fh1202 Firmware 2025-04-09 6.3 Medium
Tenda FH1202 v1.2.0.14(408) firmware has a stack overflow vulnerability via the PPW parameter in the fromWizardHandle function.