Security Vulnerabilities - CVEs Published In May 2025
in OpenHarmony v5.0.3 and prior versions allow a local attacker case DOS through NULL pointer dereference.
CVSS Score
3.3
EPSS Score
0.001
Published
2025-05-06
A vulnerability classified as critical was found in D-Link DIR-880L up to 104WWb01. Affected by this vulnerability is the function sub_16570 of the file /htdocs/ssdpcgi of the component Request Header Handler. The manipulation of the argument HTTP_ST/REMOTE_ADDR/REMOTE_PORT/SERVER_ID leads to command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
CVSS Score
5.3
EPSS Score
0.013
Published
2025-05-06
Memory corruption while reading response from FW, when buffer size is changed by FW while driver is using this size to write null character at the end of buffer.
CVSS Score
7.8
EPSS Score
0.001
Published
2025-05-06
Memory corruption while processing image encoding, when input buffer length is 0 in IOCTL call.
CVSS Score
7.8
EPSS Score
0.001
Published
2025-05-06
Memory corruption while processing image encoding, when configuration is NULL in IOCTL parameter.
CVSS Score
7.8
EPSS Score
0.001
Published
2025-05-06
Memory corruption while processing escape code, when DisplayId is passed with large unsigned value.
CVSS Score
7.8
EPSS Score
0.001
Published
2025-05-06
in OpenHarmony v5.0.3 and prior versions allow a local attacker case DOS through missing release of memory.
CVSS Score
3.3
EPSS Score
0.001
Published
2025-05-06
in OpenHarmony v5.0.3 and prior versions allow a local attacker cause DOS through buffer overflow.
CVSS Score
3.3
EPSS Score
0.001
Published
2025-05-06
Transient DOS while parsing per STA profile in ML IE.
CVSS Score
7.5
EPSS Score
0.005
Published
2025-05-06
Memory corruption while processing a message, when the buffer is controlled by a Guest VM, the value can be changed continuously.
CVSS Score
7.8
EPSS Score
0.001
Published
2025-05-06