Total
7198 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-21341 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-01-21 | N/A | 6.6 MEDIUM |
| Windows Digital Media Elevation of Privilege Vulnerability | |||||
| CVE-2024-48855 | 1 Blackberry | 1 Qnx Software Development Platform | 2025-01-21 | N/A | 5.3 MEDIUM |
| Out-of-bounds read in the TIFF image codec in QNX SDP versions 8.0, 7.1 and 7.0 could allow an unauthenticated attacker to cause an information disclosure in the context of the process using the image codec. | |||||
| CVE-2023-0621 | 1 Hornerautomation | 1 Cscape Envision Rv | 2025-01-17 | N/A | 7.8 HIGH |
| Cscape Envision RV version 4.60 is vulnerable to an out-of-bounds read vulnerability when parsing project (i.e. HMI) files. The product lacks proper validation of user-supplied data, which could result in reads past the end of allocated data structures. An attacker could leverage these vulnerabilities to execute arbitrary code in the context of the current process. | |||||
| CVE-2023-0049 | 2 Fedoraproject, Vim | 2 Fedora, Vim | 2025-01-17 | N/A | 7.8 HIGH |
| Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.1143. | |||||
| CVE-2024-9843 | 2 Apple, Ivanti | 2 Macos, Secure Access Client | 2025-01-17 | N/A | 5.0 MEDIUM |
| A buffer over-read in Ivanti Secure Access Client before 22.7R4 allows a local unauthenticated attacker to cause a denial of service. | |||||
| CVE-2025-21374 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2025-01-17 | N/A | 5.5 MEDIUM |
| Windows CSC Service Information Disclosure Vulnerability | |||||
| CVE-2024-24564 | 1 Vyperlang | 1 Vyper | 2025-01-16 | N/A | 3.7 LOW |
| Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. When using the built-in `extract32(b, start)`, if the `start` index provided has for side effect to update `b`, the byte array to extract `32` bytes from, it could be that some dirty memory is read and returned by `extract32`. This vulnerability is fixed in 0.4.0. | |||||
| CVE-2024-29996 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2025-01-16 | N/A | 7.8 HIGH |
| Windows Common Log File System Driver Elevation of Privilege Vulnerability | |||||
| CVE-2024-29994 | 1 Microsoft | 9 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 6 more | 2025-01-16 | N/A | 7.8 HIGH |
| Microsoft Windows SCSI Class System File Elevation of Privilege Vulnerability | |||||
| CVE-2021-47083 | 1 Linux | 1 Linux Kernel | 2025-01-16 | N/A | 7.1 HIGH |
| In the Linux kernel, the following vulnerability has been resolved: pinctrl: mediatek: fix global-out-of-bounds issue When eint virtual eint number is greater than gpio number, it maybe produce 'desc[eint_n]' size globle-out-of-bounds issue. | |||||
| CVE-2025-0518 | 2025-01-16 | N/A | N/A | ||
| Unchecked Return Value, Out-of-bounds Read vulnerability in FFmpeg allows Read Sensitive Constants Within an Executable. This vulnerability is associated with program files https://github.Com/FFmpeg/FFmpeg/blob/master/libavfilter/af_pan.C . This issue affects FFmpeg: 7.1. Issue was fixed: https://github.com/FFmpeg/FFmpeg/commit/b5b6391d64807578ab872dc58fb8aa621dcfc38a https://github.com/FFmpeg/FFmpeg/commit/b5b6391d64807578ab872dc58fb8aa621dcfc38a This issue was discovered by: Simcha Kosman | |||||
| CVE-2024-56627 | 1 Linux | 1 Linux Kernel | 2025-01-16 | N/A | 7.1 HIGH |
| In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix Out-of-Bounds Read in ksmbd_vfs_stream_read An offset from client could be a negative value, It could lead to an out-of-bounds read from the stream_buf. Note that this issue is coming when setting 'vfs objects = streams_xattr parameter' in ksmbd.conf. | |||||
| CVE-2024-1453 | 1 Santesoft | 1 Dicom Viewer Pro | 2025-01-16 | N/A | 7.8 HIGH |
| In Sante DICOM Viewer Pro versions 14.0.3 and prior, a user must open a malicious DICOM file, which could allow a local attacker to disclose information or execute arbitrary code. | |||||
| CVE-2024-37966 | 1 Microsoft | 3 Sql Server 2017, Sql Server 2019, Sql Server 2022 | 2025-01-15 | N/A | 7.1 HIGH |
| Microsoft SQL Server Native Scoring Information Disclosure Vulnerability | |||||
| CVE-2024-36931 | 1 Linux | 1 Linux Kernel | 2025-01-15 | N/A | 7.1 HIGH |
| In the Linux kernel, the following vulnerability has been resolved: s390/cio: Ensure the copied buf is NUL terminated Currently, we allocate a lbuf-sized kernel buffer and copy lbuf from userspace to that buffer. Later, we use scanf on this buffer but we don't ensure that the string is terminated inside the buffer, this can lead to OOB read when using scanf. Fix this issue by using memdup_user_nul instead. | |||||
| CVE-2024-36935 | 1 Linux | 1 Linux Kernel | 2025-01-15 | N/A | 7.1 HIGH |
| In the Linux kernel, the following vulnerability has been resolved: ice: ensure the copied buf is NUL terminated Currently, we allocate a count-sized kernel buffer and copy count bytes from userspace to that buffer. Later, we use sscanf on this buffer but we don't ensure that the string is terminated inside the buffer, this can lead to OOB read when using sscanf. Fix this issue by using memdup_user_nul instead of memdup_user. | |||||
| CVE-2022-48479 | 1 Huawei | 1 Harmonyos | 2025-01-15 | N/A | 9.8 CRITICAL |
| The facial recognition TA of some products has the out-of-bounds memory read vulnerability. Successful exploitation of this vulnerability may cause exceptions of the facial recognition service. | |||||
| CVE-2024-21477 | 1 Qualcomm | 368 Aqt1000, Aqt1000 Firmware, Ar8035 and 365 more | 2025-01-15 | N/A | 7.5 HIGH |
| Transient DOS while parsing a protected 802.11az Fine Time Measurement (FTM) frame. | |||||
| CVE-2023-43528 | 1 Qualcomm | 182 Ar8035, Ar8035 Firmware, C-v2x 9150 and 179 more | 2025-01-15 | N/A | 6.1 MEDIUM |
| Information disclosure when the ADSP payload size received in HLOS in response to Audio Stream Manager matrix session is less than this expected size. | |||||
| CVE-2023-43527 | 1 Qualcomm | 108 Fastconnect 6800, Fastconnect 6800 Firmware, Fastconnect 6900 and 105 more | 2025-01-15 | N/A | 6.8 MEDIUM |
| Information disclosure while parsing dts header atom in Video. | |||||