Total
7221 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2025-49175 | 2025-06-23 | N/A | 5.5 MEDIUM | ||
A flaw was found in the X Rendering extension's handling of animated cursors. If a client provides no cursors, the server assumes at least one is present, leading to an out-of-bounds read and potential crash. | |||||
CVE-2025-5419 | 2 Google, Microsoft | 2 Chrome, Edge Chromium | 2025-06-23 | N/A | 8.8 HIGH |
Out of bounds read and write in V8 in Google Chrome prior to 137.0.7151.68 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||||
CVE-2021-42144 | 1 Contiki-ng | 1 Contiki-ng Tinydtls | 2025-06-20 | N/A | 9.8 CRITICAL |
Buffer over-read vulnerability in Contiki-NG tinyDTLS through master branch 53a0d97 allows attackers obtain sensitive information via crafted input to dtls_ccm_decrypt_message(). | |||||
CVE-2024-22957 | 1 Swftools | 1 Swftools | 2025-06-20 | N/A | 5.5 MEDIUM |
swftools 0.9.2 was discovered to contain an Out-of-bounds Read vulnerability via the function dict_do_lookup in swftools/lib/q.c:1190. | |||||
CVE-2023-48347 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-06-20 | N/A | 5.5 MEDIUM |
In video decoder, there is a possible out of bounds read due to improper input validation. This could lead to local denial of service with no additional execution privileges needed | |||||
CVE-2023-48344 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-06-20 | N/A | 5.5 MEDIUM |
In video decoder, there is a possible out of bounds read due to improper input validation. This could lead to local denial of service with no additional execution privileges needed | |||||
CVE-2023-48341 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-06-20 | N/A | 5.5 MEDIUM |
In video decoder, there is a possible out of bounds read due to improper input validation. This could lead to local denial of service with no additional execution privileges needed | |||||
CVE-2023-47993 | 1 Freeimage Project | 1 Freeimage | 2025-06-20 | N/A | 6.5 MEDIUM |
A Buffer out-of-bound read vulnerability in Exif.cpp::ReadInt32 in FreeImage 3.18.0 allows attackers to cause a denial-of-service. | |||||
CVE-2023-42862 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2025-06-20 | N/A | 6.5 MEDIUM |
An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Ventura 13.3, tvOS 16.4, iOS 16.4 and iPadOS 16.4, watchOS 9.4. Processing an image may result in disclosure of process memory. | |||||
CVE-2023-36629 | 1 St | 1 St54-android-packages-apps-nfc | 2025-06-20 | N/A | 5.5 MEDIUM |
The ST ST54-android-packages-apps-Nfc package before 130-20230215-23W07p0 for Android has an out-of-bounds read. | |||||
CVE-2025-2784 | 2 Gnome, Redhat | 21 Libsoup, Codeready Linux Builder, Codeready Linux Builder For Arm64 and 18 more | 2025-06-20 | N/A | 7.0 HIGH |
A flaw was found in libsoup. The package is vulnerable to a heap buffer over-read when sniffing content via the skip_insight_whitespace() function. Libsoup clients may read one byte out-of-bounds in response to a crafted HTTP response by an HTTP server. | |||||
CVE-2024-23086 | 1 Mikkotommila | 1 Apfloat | 2025-06-18 | N/A | 9.8 CRITICAL |
Apfloat v1.10.1 was discovered to contain a stack overflow via the component org.apfloat.internal.DoubleModMath::modPow(double. NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability. The submission may have been based on a tool that is not sufficiently robust for vulnerability identification. | |||||
CVE-2025-29871 | 1 Qnap | 1 File Station | 2025-06-18 | N/A | 5.5 MEDIUM |
An out-of-bounds read vulnerability has been reported to affect File Station 5. If a local attacker gains an administrator account, they can then exploit the vulnerability to obtain secret data. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.4847 and later | |||||
CVE-2025-32412 | 2025-06-18 | N/A | 7.8 HIGH | ||
Fuji Electric Smart Editor is vulnerable to an out-of-bounds read, which may allow an attacker to execute arbitrary code. | |||||
CVE-2025-49796 | 2025-06-17 | N/A | 9.1 CRITICAL | ||
A vulnerability was found in libxml2. Processing certain sch:name elements from the input XML file can trigger a memory corruption issue. This flaw allows an attacker to craft a malicious XML input file that can lead libxml to crash, resulting in a denial of service or other possible undefined behavior due to sensitive data being corrupted in memory. | |||||
CVE-2025-49849 | 2025-06-17 | N/A | N/A | ||
An Out-of-bounds Read vulnerability exists within the parsing of PRJ files. The issues result from the lack of proper validation of user-supplied data, which can result in different memory corruption issues within the application, such as reading and writing past the end of allocated data structures. | |||||
CVE-2024-29783 | 1 Google | 1 Android | 2025-06-17 | N/A | 6.7 MEDIUM |
In tmu_get_tr_thresholds, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
CVE-2024-29782 | 1 Google | 1 Android | 2025-06-17 | N/A | 5.5 MEDIUM |
In tmu_get_tr_num_thresholds of tmu.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
CVE-2024-29755 | 1 Google | 1 Android | 2025-06-17 | N/A | 4.4 MEDIUM |
In tmu_get_pi of tmu.c, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
CVE-2024-29754 | 1 Google | 1 Android | 2025-06-17 | N/A | 6.2 MEDIUM |
In TMU_IPC_GET_TABLE, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. |