Search Results (46415 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-51094 1 Snipeitapp 1 Snipe-it 2025-05-22 8 High
An issue in Snipe-IT v.7.0.13 build 15514 allows a low-privileged attacker to modify their profile name and inject a malicious payload into the "Name" field. When an administrator later accesses the People Management page, exports the data as a CSV file, and opens it, the injected payload will be executed, allowing the attacker to exfiltrate internal system data from the CSV file to a remote server.
CVE-2020-36521 1 Apple 7 Icloud, Ipados, Iphone Os and 4 more 2025-05-22 7.1 High
An out-of-bounds read was addressed with improved input validation. This issue is fixed in iCloud for Windows 11.4, iOS 14.0 and iPadOS 14.0, watchOS 7.0, tvOS 14.0, iCloud for Windows 7.21, iTunes for Windows 12.10.9. Processing a maliciously crafted tiff file may lead to a denial-of-service or potentially disclose memory contents.
CVE-2022-32853 1 Apple 2 Mac Os X, Macos 2025-05-22 7.1 High
An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in Security Update 2022-005 Catalina, macOS Big Sur 11.6.8, macOS Monterey 12.5. Processing a maliciously crafted AppleScript binary may result in unexpected termination or disclosure of process memory.
CVE-2022-32851 1 Apple 2 Mac Os X, Macos 2025-05-22 7.1 High
An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in Security Update 2022-005 Catalina, macOS Big Sur 11.6.8, macOS Monterey 12.5. Processing a maliciously crafted AppleScript binary may result in unexpected termination or disclosure of process memory.
CVE-2022-32847 1 Apple 6 Ipados, Iphone Os, Mac Os X and 3 more 2025-05-22 9.1 Critical
This issue was addressed with improved checks. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, watchOS 8.7, tvOS 15.6, macOS Monterey 12.5, Security Update 2022-005 Catalina. A remote user may be able to cause unexpected system termination or corrupt kernel memory.
CVE-2022-32842 1 Apple 2 Mac Os X, Macos 2025-05-22 7.8 High
An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in Security Update 2022-005 Catalina, macOS Monterey 12.5. An app may be able to gain elevated privileges.
CVE-2022-32841 1 Apple 5 Ipados, Iphone Os, Macos and 2 more 2025-05-22 5.5 Medium
The issue was addressed with improved memory handling. This issue is fixed in watchOS 8.7, tvOS 15.6, iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5. Processing a maliciously crafted image may result in disclosure of process memory.
CVE-2022-32831 1 Apple 2 Mac Os X, Macos 2025-05-22 7.1 High
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Security Update 2022-005 Catalina, macOS Big Sur 11.6.8, macOS Monterey 12.5. Processing a maliciously crafted AppleScript binary may result in unexpected termination or disclosure of process memory.
CVE-2022-32799 1 Apple 2 Mac Os X, Macos 2025-05-22 5.9 Medium
An out-of-bounds read issue was addressed with improved bounds checking. This issue is fixed in Security Update 2022-005 Catalina, macOS Monterey 12.5. A user in a privileged network position may be able to leak sensitive information.
CVE-2022-22629 2 Apple, Redhat 9 Ipados, Iphone Os, Itunes and 6 more 2025-05-22 8.8 High
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.3, Safari 15.4, watchOS 8.5, iTunes 12.12.3 for Windows, iOS 15.4 and iPadOS 15.4, tvOS 15.4. Processing maliciously crafted web content may lead to arbitrary code execution.
CVE-2022-0080 1 Mruby 1 Mruby 2025-05-22 8.2 High
mruby is vulnerable to Heap-based Buffer Overflow
CVE-2022-3296 2 Fedoraproject, Vim 2 Fedora, Vim 2025-05-22 7.8 High
Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0577.
CVE-2022-21169 1 Express Xss Sanitizer Project 1 Express Xss Sanitizer 2025-05-21 7.3 High
The package express-xss-sanitizer before 1.1.3 are vulnerable to Prototype Pollution via the allowedTags attribute, allowing the attacker to bypass xss sanitization.
CVE-2025-1178 2 Gnu, Netapp 3 Binutils, Active Iq Unified Manager, Ontap Select Deploy Administration Utility 2025-05-21 5.6 Medium
A vulnerability was found in GNU Binutils 2.43. It has been declared as problematic. Affected by this vulnerability is the function bfd_putl64 of the file libbfd.c of the component ld. The manipulation leads to memory corruption. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The identifier of the patch is 75086e9de1707281172cc77f178e7949a4414ed0. It is recommended to apply a patch to fix this issue.
CVE-2025-1180 1 Gnu 1 Binutils 2025-05-21 3.1 Low
A vulnerability classified as problematic has been found in GNU Binutils 2.43. This affects the function _bfd_elf_write_section_eh_frame of the file bfd/elf-eh-frame.c of the component ld. The manipulation leads to memory corruption. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue.
CVE-2025-1181 2 Gnu, Netapp 3 Binutils, Active Iq Unified Manager, Ontap Select Deploy Administration Utility 2025-05-21 5 Medium
A vulnerability classified as critical was found in GNU Binutils 2.43. This vulnerability affects the function _bfd_elf_gc_mark_rsec of the file bfd/elflink.c of the component ld. The manipulation leads to memory corruption. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The name of the patch is 931494c9a89558acb36a03a340c01726545eef24. It is recommended to apply a patch to fix this issue.
CVE-2025-1182 1 Gnu 1 Binutils 2025-05-21 5 Medium
A vulnerability, which was classified as critical, was found in GNU Binutils 2.43. Affected is the function bfd_elf_reloc_symbol_deleted_p of the file bfd/elflink.c of the component ld. The manipulation leads to memory corruption. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The patch is identified as b425859021d17adf62f06fb904797cf8642986ad. It is recommended to apply a patch to fix this issue.
CVE-2024-48710 1 Tp-link 2 Tl-wdr7660, Tl-wdr7660 Firmware 2025-05-21 6.5 Medium
In TP-Link TL-WDR7660 1.0, the wlanTimerRuleJsonToBin function handles the parameter string name without checking it, which can lead to stack overflow vulnerabilities.
CVE-2024-48712 1 Tp-link 2 Tl-wdr7660, Tl-wdr7660 Firmware 2025-05-21 6.5 Medium
In TP-Link TL-WDR7660 1.0, the rtRuleJsonToBin function handles the parameter string name without checking it, which can lead to stack overflow vulnerabilities.
CVE-2024-48713 1 Tp-link 2 Tl-wdr7660, Tl-wdr7660 Firmware 2025-05-21 6.5 Medium
In TP-Link TL-WDR7660 1.0, the wacWhitelistJsonToBin function handles the parameter string name without checking it, which can lead to stack overflow vulnerabilities.