Total
7156 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-44081 | 1 Lodev | 1 Lodepng | 2025-05-06 | N/A | 5.5 MEDIUM |
| Lodepng v20220717 was discovered to contain a segmentation fault via the function pngdetail. | |||||
| CVE-2022-32936 | 1 Apple | 1 Macos | 2025-05-06 | N/A | 5.5 MEDIUM |
| An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Ventura 13. An app may be able to disclose kernel memory. | |||||
| CVE-2018-6340 | 1 Facebook | 1 Hhvm | 2025-05-06 | 6.8 MEDIUM | 8.1 HIGH |
| The Memcache::getextendedstats function can be used to trigger an out-of-bounds read. Exploiting this issue requires control over memcached server hostnames and/or ports. This affects all supported versions of HHVM (3.30 and 3.27.4 and below). | |||||
| CVE-2024-23530 | 1 Ivanti | 1 Avalanche | 2025-05-06 | N/A | 7.5 HIGH |
| An out-of-bounds read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3, in certain conditions can allow an unauthenticated remote attacker to read sensitive information in memory. | |||||
| CVE-2024-23529 | 1 Ivanti | 1 Avalanche | 2025-05-06 | N/A | 7.5 HIGH |
| An out-of-bounds read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3, in certain conditions can allow an unauthenticated remote attacker to read sensitive information in memory. | |||||
| CVE-2024-23528 | 1 Ivanti | 1 Avalanche | 2025-05-06 | N/A | 7.5 HIGH |
| An out-of-bounds read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3, in certain conditions can allow an unauthenticated remote attacker to read sensitive information in memory. | |||||
| CVE-2024-23526 | 1 Ivanti | 1 Avalanche | 2025-05-06 | N/A | 7.5 HIGH |
| An out-of-bounds read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3, in certain conditions can allow an unauthenticated remote attacker to read sensitive information in memory. | |||||
| CVE-2018-20618 | 1 Ok-file-formats Project | 1 Ok-file-formats | 2025-05-06 | 6.8 MEDIUM | 8.8 HIGH |
| ok-file-formats through 2018-10-16 has a heap-based buffer over-read in the ok_mo_decode2 function in ok_mo.c. | |||||
| CVE-2024-23527 | 1 Ivanti | 1 Avalanche | 2025-05-06 | N/A | 7.5 HIGH |
| An out-of-bounds read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3, in certain conditions can allow an unauthenticated remote attacker to read sensitive information in memory. | |||||
| CVE-2025-2073 | 2025-05-06 | N/A | 8.8 HIGH | ||
| Out-of-Bounds Read in netfilter/ipset in Linux Kernel ChromeOS [6.1, 5.15, 5.10, 5.4, 4.19] allows a local attacker with low privileges to trigger an out-of-bounds read, potentially leading to information disclosure | |||||
| CVE-2022-43359 | 1 Gifdec Project | 1 Gifdec | 2025-05-05 | N/A | 7.8 HIGH |
| Gifdec commit 1dcbae19363597314f6623010cc80abad4e47f7c was discovered to contain an out-of-bounds read in the function read_image_data. This vulnerability is triggered when parsing a crafted Gif file. | |||||
| CVE-2024-35385 | 1 Cesanta | 1 Mjs | 2025-05-05 | N/A | 4.3 MEDIUM |
| An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjs_mk_ffi_sig function in the mjs.c file. | |||||
| CVE-2022-21730 | 1 Google | 1 Tensorflow | 2025-05-05 | 5.5 MEDIUM | 8.1 HIGH |
| Tensorflow is an Open Source Machine Learning Framework. The implementation of `FractionalAvgPoolGrad` does not consider cases where the input tensors are invalid allowing an attacker to read from outside of bounds of heap. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. | |||||
| CVE-2022-21728 | 1 Google | 1 Tensorflow | 2025-05-05 | 5.5 MEDIUM | 8.1 HIGH |
| Tensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for `ReverseSequence` does not fully validate the value of `batch_dim` and can result in a heap OOB read. There is a check to make sure the value of `batch_dim` does not go over the rank of the input, but there is no check for negative values. Negative dimensions are allowed in some cases to mimic Python's negative indexing (i.e., indexing from the end of the array), however if the value is too negative then the implementation of `Dim` would access elements before the start of an array. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. | |||||
| CVE-2022-21726 | 1 Google | 1 Tensorflow | 2025-05-05 | 6.5 MEDIUM | 8.1 HIGH |
| Tensorflow is an Open Source Machine Learning Framework. The implementation of `Dequantize` does not fully validate the value of `axis` and can result in heap OOB accesses. The `axis` argument can be `-1` (the default value for the optional argument) or any other positive value at most the number of dimensions of the input. Unfortunately, the upper bound is not checked and this results in reading past the end of the array containing the dimensions of the input tensor. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. | |||||
| CVE-2022-21240 | 1 Intel | 6 Proset Wi-fi 6e Ax210, Proset Wi-fi 6e Ax210 Firmware, Wi-fi 6e Ax211 and 3 more | 2025-05-05 | N/A | 4.4 MEDIUM |
| Out of bounds read for some Intel(R) PROSet/Wireless WiFi products may allow a privileged user to potentially enable information disclosure via local access. | |||||
| CVE-2022-21226 | 1 Intel | 1 Trace Analyzer And Collector | 2025-05-05 | 2.1 LOW | 5.5 MEDIUM |
| Out-of-bounds read in the Intel(R) Trace Analyzer and Collector before version 2021.5 may allow an authenticated user to potentially enable information disclosure via local access. | |||||
| CVE-2022-21133 | 1 Intel | 1 Trace Analyzer And Collector | 2025-05-05 | 2.1 LOW | 5.5 MEDIUM |
| Out-of-bounds read in the Intel(R) Trace Analyzer and Collector before version 2021.5 may allow an authenticated user to potentially enable denial of service via local access. | |||||
| CVE-2021-42374 | 3 Busybox, Fedoraproject, Netapp | 19 Busybox, Fedora, Cloud Backup and 16 more | 2025-05-05 | 3.3 LOW | 5.3 MEDIUM |
| An out-of-bounds heap read in Busybox's unlzma applet leads to information leak and denial of service when crafted LZMA-compressed input is decompressed. This can be triggered by any applet/format that | |||||
| CVE-2021-33120 | 1 Intel | 50 Atom P5921b, Atom P5921b Firmware, Atom P5931b and 47 more | 2025-05-05 | 5.5 MEDIUM | 5.4 MEDIUM |
| Out of bounds read under complex microarchitectural condition in memory subsystem for some Intel Atom(R) Processors may allow authenticated user to potentially enable information disclosure or cause denial of service via network access. | |||||