| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| An exploitable signed comparison vulnerability exists in the ARMv7 memcpy() implementation of GNU glibc 2.30.9000. Calling memcpy() (on ARMv7 targets that utilize the GNU glibc implementation) with a negative value for the 'num' parameter results in a signed comparison vulnerability. If an attacker underflows the 'num' parameter to memcpy(), this vulnerability could lead to undefined behavior such as writing to out-of-bounds memory and potentially remote code execution. Furthermore, this memcpy() implementation allows for program execution to continue in scenarios where a segmentation fault or crash should have occurred. The dangers occur in that subsequent execution and iterations of this code will be executed with this corrupted data. |
| A race condition was addressed with improved state handling. This issue is fixed in watchOS 26.3, tvOS 26.3, macOS Tahoe 26.3, macOS Sonoma 14.8.4, visionOS 26.3, iOS 26.3 and iPadOS 26.3. An app may be able to gain root privileges. |
| Windows Telephony Service Remote Code Execution Vulnerability |
| Windows Telephony Service Remote Code Execution Vulnerability |
| Windows Telephony Service Remote Code Execution Vulnerability |
| Windows Telephony Service Remote Code Execution Vulnerability |
| Windows Telephony Service Remote Code Execution Vulnerability |
| Windows Telephony Service Remote Code Execution Vulnerability |
| Windows Telephony Service Remote Code Execution Vulnerability |
| Windows Telephony Service Remote Code Execution Vulnerability |
| Microsoft Edge (Chromium-based) Update Elevation of Privilege Vulnerability |
| Windows Secure Kernel Mode Elevation of Privilege Vulnerability |
| Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability |
| Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability |
| Internet Explorer Remote Code Execution Vulnerability |
| A Server-Side Request Forgery (SSRF) vulnerability in Microsoft Purview allows an authorized attacker to disclose information over a network. |
| Improper access control in Azure SaaS Resources allows an authorized attacker to disclose information over a network. |
| Windows Kerberos Denial of Service Vulnerability |
| Microsoft Office OneNote Remote Code Execution Vulnerability |
| Windows CSC Service Elevation of Privilege Vulnerability |
