CVE-2026-22214

Summary: RIOT OS

CVE-2026-22214 RIOT OS <= 2026.01-devel-317 Stack-Based Buffer Overflow in ethos Serial Frame Parser

RIOT OS versions up to and including 2026.01-devel-317 contain a stack-based buffer overflow vulnerability in the ethos utility due to missing bounds checking when processing incoming serial frame data. The vulnerability occurs in the handlechar function, where incoming frame bytes are appended t...

PT-2026-2128

Name of the Vulnerable Software and Affected Versions CryptoLib versions prior to 1.4.3 Description CryptoLib is a software solution that uses the CCSDS Space Data Link Security Protocol - Extended Procedures SDLS-EP to secure communications between a spacecraft and a ground station. Prior to...

CVE-2018-4365

An out-of-bounds read was addressed with improved bounds checking. This issue affected versions prior to iOS 12.1...

CVE-2018-4308

An out-of-bounds read was addressed with improved bounds checking. This issue affected versions prior to macOS Mojave 10.14...

CVE-2018-4203

An out-of-bounds read was addressed with improved bounds checking. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5...

CVE-2010-0056

Buffer overflow in Cocoa spell checking in AppKit in Apple Mac OS X 10.5.8 allows user-assisted remote attackers to execute arbitrary code or cause a denial of service application crash via a crafted document...

CVE-2022-42827

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.7.1 and iPadOS 15.7.1, iOS 16.1 and iPadOS 16. An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively...

CVE-2022-26698

An out-of-bounds read issue was addressed with improved bounds checking. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of proce...

CVE-2022-26739

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.5, macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. An application may be able to execute arbitrary code with kernel privileges...

CVE-2022-26763

An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, Security Update 2022-004 Catalina, watchOS 8.6, macOS Big Sur 11.6.6, macOS Monterey 12.4. A malicious application may be able to execute arbitrary code with syst...

CVE-2019-11120

Insufficient path checking in the installer for IntelR Active System Console before version 8.0 Build 24 may allow an authenticated user to potentially enable escalation of privilege via local access...

CVE-2020-10539

An issue was discovered in Epikur before 20.1.1. The Epikur server contains the checkPasswort function that, upon user login, checks the submitted password against the user password's MD5 hash stored in the database. It is also compared to a second MD5 hash, which is the same for every user aka a...

CVE-2024-41588

The CGI endpoints v2x00.cgi and cgiwcg.cgi of DrayTek Vigor3910 devices through 4.3.2.6 are vulnerable to buffer overflows, by authenticated users, because of missing bounds checking on parameters passed through POST requests to the strncpy function...

CVE-2023-43530

Memory corruption in HLOS while checking for the storage type...

CVE-2023-49927

An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, Exynos 990, Exynos 850, Exynos 1080, Exynos 2100, Exynos 2200, Exynos 1280, Exynos 1380, Exynos 1330, Exynos 9110, Exynos W920, Exynos Modem 5123, Exynos Modem 5300. The baseband software does not...

CVE-2022-33226

Memory corruption due to buffer copy without checking the size of input in Core while processing ioctl commands from diag client applications...

CVE-2023-45842

Multiple data integrity vulnerabilities exist in the package hash checking functionality of Buildroot 2023.08.1 and Buildroot dev commit 622698d7847. A specially crafted man-in-the-middle attack can lead to arbitrary command execution in the builder.This vulnerability is related to the mxsldr...

Supporting Secured Integration of Microarchitectural Defenses

There has been a plethora of microarchitectural-level attacks leading to many proposed countermeasures. This has created an unexpected and unaddressed security issue where naive integration of those defenses can potentially lead to security vulnerabilities. This occurs when one defense changes an...

CVE-2019-12804

In Hunesion i-oneNet version 3.0.7 3.0.53 and 4.0.4 4.0.16, due to the lack of update file integrity checking in the upgrade process, an attacker can craft malicious file and use it as an update...