Search Results (45925 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-27008 4 Debian, Fedoraproject, Linux and 1 more 4 Debian Linux, Fedora, Linux Kernel and 1 more 2025-12-01 7.8 High
In the Linux kernel, the following vulnerability has been resolved: drm: nv04: Fix out of bounds access When Output Resource (dcb->or) value is assigned in fabricate_dcb_output(), there may be out of bounds access to dac_users array in case dcb->or is zero because ffs(dcb->or) is used as index there. The 'or' argument of fabricate_dcb_output() must be interpreted as a number of bit to set, not value. Utilize macros from 'enum nouveau_or' in calls instead of hardcoding. Found by Linux Verification Center (linuxtesting.org) with SVACE.
CVE-2018-1109 2 Braces Project, Redhat 2 Braces, Quay 2025-12-01 5.3 Medium
A vulnerability was found in Braces versions 2.2.0 and above, prior to 2.3.1. Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) attacks.
CVE-2025-36134 1 Ibm 2 Sterling B2b Integrator, Sterling File Gateway 2025-12-01 3.7 Low
IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.7 and 6.2.0.0 through 6.2.0.5 and 6.2.1.1 could disclose sensitive information due to a missing or insecure SameSite attribute for a sensitive cookie.
CVE-2024-22051 2 Github, Gjtorikian 2 Cmark-gfm, Commonmarker 2025-11-29 9.8 Critical
CommonMarker versions prior to 0.23.4 are at risk of an integer overflow vulnerability. This vulnerability can result in possibly unauthenticated remote attackers to cause heap memory corruption, potentially leading to an information leak or remote code execution, via parsing tables with marker rows that contain more than UINT16_MAX columns.
CVE-2024-53020 1 Qualcomm 468 205 Mobile Platform, 205 Mobile Platform Firmware, 215 Mobile Platform and 465 more 2025-11-28 8.2 High
Information disclosure may occur while decoding the RTP packet with invalid header extension from network.
CVE-2025-52584 1 Ashlar 5 Argon, Cobalt, Cobalt Share and 2 more 2025-11-28 7.8 High
In Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, and Cobalt Share versions prior to 12.6.1204.204, the affected applications lack proper validation of user-supplied data when parsing XE files. This could lead to a heap-based buffer overflow. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process.
CVE-2025-46269 1 Ashlar 5 Argon, Cobalt, Cobalt Share and 2 more 2025-11-28 7.8 High
In Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, and Cobalt Share versions prior to 12.6.1204.204, the affected applications lack proper validation of user-supplied data when parsing VC6 files. This could lead to a heap-based buffer overflow. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process.
CVE-2025-41392 1 Ashlar 5 Argon, Cobalt, Cobalt Share and 2 more 2025-11-28 7.8 High
In Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, and Cobalt Share versions prior to 12.6.1204.204, the affected applications lack proper validation of user-supplied data when parsing AR files. This could lead to an out-of-bounds read. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process.
CVE-2025-21465 1 Qualcomm 699 315 5g Iot Modem, 315 5g Iot Modem Firmware, 9205 Lte Modem and 696 more 2025-11-28 6.5 Medium
Information disclosure while processing the hash segment in an MBN file.
CVE-2025-21464 1 Qualcomm 685 315 5g Iot Modem, 315 5g Iot Modem Firmware, 9205 Lte Modem and 682 more 2025-11-28 6.5 Medium
Information disclosure while reading data from an image using specified offset and size parameters.
CVE-2025-21463 1 Qualcomm 422 Ar8035, Ar8035 Firmware, Csr8811 and 419 more 2025-11-28 7.5 High
Transient DOS while processing the EHT operation IE in the received beacon frame.
CVE-2024-53026 1 Qualcomm 468 205 Mobile Platform, 205 Mobile Platform Firmware, 215 Mobile Platform and 465 more 2025-11-28 8.2 High
Information disclosure when an invalid RTCP packet is received during a VoLTE/VoWiFi IMS call.
CVE-2024-53021 1 Qualcomm 450 205 Mobile Platform, 205 Mobile Platform Firmware, 215 Mobile Platform and 447 more 2025-11-28 8.2 High
Information disclosure may occur while processing goodbye RTCP packet from network.
CVE-2025-21487 1 Qualcomm 455 205 Mobile Platform, 205 Mobile Platform Firmware, 215 Mobile Platform and 452 more 2025-11-28 8.2 High
Information disclosure while decoding RTP packet received by UE from the network, when payload length mentioned is greater than the available buffer length.
CVE-2025-47318 1 Qualcomm 407 Apq8017, Apq8017 Firmware, Apq8064au and 404 more 2025-11-28 7.5 High
Transient DOS while parsing the EPTM test control message to get the test pattern.
CVE-2025-21488 1 Qualcomm 217 Fastconnect 6200, Fastconnect 6200 Firmware, Fastconnect 6700 and 214 more 2025-11-28 8.2 High
Information disclosure while decoding this RTP packet headers received by UE from the network when the padding bit is set.
CVE-2024-36340 1 Amd 1 Uprof 2025-11-26 6.6 Medium
A junction point vulnerability within AMD uProf can allow a local low-privileged attacker to create junction points, potentially resulting in arbitrary file deletion or disclosure.
CVE-2025-48502 1 Amd 1 Uprof 2025-11-26 5.5 Medium
Improper input validation within AMD uprof can allow a local attacker to overwrite MSR registers, potentially resulting in crash or denial of service.
CVE-2025-48511 1 Amd 1 Uprof 2025-11-26 5.5 Medium
Improper input validation within AMD uprof can allow a local attacker to write to an arbitrary physical address, potentially resulting in crash or denial of service.
CVE-2025-64720 1 Libpng 1 Libpng 2025-11-26 7.1 High
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, an out-of-bounds read vulnerability exists in png_image_read_composite when processing palette images with PNG_FLAG_OPTIMIZE_ALPHA enabled. The palette compositing code in png_init_read_transformations incorrectly applies background compositing during premultiplication, violating the invariant component ≤ alpha × 257 required by the simplified PNG API. This issue has been patched in version 1.6.51.