22103 matches found
Chromium: CVE-2025-5283 Use after free in libvpx
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...
Chromium: CVE-2025-5281 Inappropriate implementation in BFCache
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...
Chromium: CVE-2025-5065 Inappropriate implementation in FileSystemAccess API
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...
Chromium: CVE-2025-5064 Inappropriate implementation in Background Fetch API
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...
Chromium: CVE-2025-5280 Out of bounds write in V8
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...
Chromium: CVE-2025-5063 Use after free in Compositing
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...
In libxml2 before 2.13.8 and 2.14.x before 2.14.2, xmlSchemaIDCFillNodeTables in xmlschemas.c has a heap-based buffer under-read. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML schema must be used.
...
In libxml2 before 2.13.8 and 2.14.x before 2.14.2, out-of-bounds memory access can occur in the Python API (Python bindings) because of an incorrect return value. This occurs in xmlPythonFileRead and xmlPythonFileReadRaw because of a difference between bytes and characters.
...
Rpm-ostree: world-readable /etc/shadow file
...
Libsoup: heap buffer overflows in sniff_feed_or_html() and skip_insignificant_space()
...
Helm Allows A Specially Crafted JSON Schema To Cause A Stack Overflow
...
Helm Allows A Specially Crafted Chart Archive To Cause Out Of Memory Termination
...
PyTorch torch.mkldnn_max_pool2d denial of service
...
An issue was discovered in QEMU 7.1.0 through 8.2.1. register_vfs in hw/pci/pcie_sriov.c does not set NumVFs to PCI_SRIOV_TOTAL_VF, and thus interaction with hw/nvme/ctrl.c is mishandled.
...
Integer overflow in PeCoffLoaderRelocateImage
...
Secrets leakage to telemetry endpoint via cache backend configuration via buildx
...
A memory leak issue discovered in YASM v.1.3.0 allows a local attacker to cause a denial of service via the new_Token function in the modules/preprocs/nasm/nasm-pp:1512.
...
Yasm v1.3.0.78 was found prone to NULL Pointer Dereference in /libyasm/intnum.c and /elf/elf.c, which allows the attacker to cause a denial of service via a crafted file.
...
An issue was discovered in QEMU 7.1.0 through 8.2.1. register_vfs in hw/pci/pcie_sriov.c mishandles the situation where a guest writes NumVFs greater than TotalVFs, leading to a buffer overflow in VF implementations.
...
iniparser v4.1 is vulnerable to NULL Pointer Dereference in function iniparser_getlongint which misses check NULL for function iniparser_getstring's return.
...
Microsoft Edge (Chromium-based) Update Elevation of Privilege Vulnerability
Improper link resolution before file access 'link following' in Microsoft Edge Chromium-based allows an authorized attacker to elevate privileges locally...
Chromium: CVE-2025-4609 Incorrect handle provided in unspecified circumstances in Mojo
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...
Chromium: CVE-2025-4664 Insufficient policy enforcement in Loader
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. Google is aware of reports that an exploit for CVE-2025-4664 exists in the wild...
Microsoft Defender for Endpoint Elevation of Privilege Vulnerability
Improper access control in Microsoft Defender for Endpoint allows an authorized attacker to elevate privileges locally...
A Stack Buffer Overflow vulnerability in zziplibv 0.13.77 allows attackers to cause a denial of service via the __zzip_fetch_disk_trailer() function at /zzip/zip.c.
...
Heap Buffer Overflow vulnerability in zziplib v0.13.77 allows attackers to cause a denial of service via the __zzip_parse_root_directory() function at /zzip/zip.c.
...
An issue was discovered in function zzip_disk_entry_to_file_header in mmapped.c in zziplib 0.13.69, which will lead to a denial-of-service.
...
A buffer overflow can occur when calculating the quantile value using the Statistics Library of GSL (GNU Scientific Library), versions 2.5 and 2.6. Processing a maliciously crafted input data for gsl_stats_quantile_from_sorted_data of the library may lead to unexpected application termination or arbitrary code execution.
...
Pcp: pmpost symlink attack allows escalating pcp to root user
...
Opencryptoki: timing side-channel in handling of rsa pkcs#1 v1.5 padded ciphertexts (marvin)
...
Regular Expression Denial of Service (ReDoS)
...
OptiPNG v0.7.7 was discovered to contain a global buffer overflow via the 'buffer' variable at gifread.c.
...
NULL pointer dereference on specially crafted HTTP/2 request
...
Pcp: pmcd heap corruption through metric pmstore operations
...
CVE-2017-5974
...
CVE-2019-13045
...
tranport: TLS host name wildcard matching too lax
...
Kernel Streaming Service Driver Elevation of Privilege Vulnerability
Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally...
NTFS Elevation of Privilege Vulnerability
Out-of-bounds read in Windows NTFS allows an unauthorized attacker to elevate privileges locally...
Microsoft Outlook Remote Code Execution Vulnerability
Out-of-bounds read in Microsoft Office Outlook allows an unauthorized attacker to execute code locally...
Scripting Engine Memory Corruption Vulnerability
Access of resource using incompatible type 'type confusion' in Microsoft Scripting Engine allows an unauthorized attacker to execute code over a network...
Windows Media Remote Code Execution Vulnerability
Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code over a network...
Windows Kernel Information Disclosure Vulnerability
Integer underflow wrap or wraparound in Windows Kernel allows an unauthorized attacker to disclose information over an adjacent network...
Windows Deployment Services Denial of Service Vulnerability
Uncontrolled resource consumption in Windows Deployment Services allows an unauthorized attacker to deny service locally...
Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability
Uncontrolled resource consumption in Windows LDAP - Lightweight Directory Access Protocol allows an unauthorized attacker to deny service over a network...
UrlMon Security Feature Bypass Vulnerability
Acceptance of extraneous untrusted data with trusted data in UrlMon allows an unauthorized attacker to bypass a security feature over a network...
Universal Print Management Service Elevation of Privilege Vulnerability
Concurrent execution using shared resource with improper synchronization 'race condition' in Universal Print Management Service allows an authorized attacker to elevate privileges locally...
Windows Multiple UNC Provider Driver Information Disclosure Vulnerability
Out-of-bounds read in Windows File Server allows an unauthorized attacker to disclose information locally...
Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability
Out-of-bounds read in Windows Routing and Remote Access Service RRAS allows an unauthorized attacker to disclose information over a network...
Windows Installer Information Disclosure Vulnerability
Improper link resolution before file access 'link following' in Windows Installer allows an authorized attacker to disclose information locally...