Total
7160 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-41600 | 1 Huawei | 2 Emui, Harmonyos | 2025-05-14 | N/A | 3.4 LOW |
| The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the fingerprint trusted application (TA).Successful exploitation of this vulnerability may affect the fingerprint service. | |||||
| CVE-2022-41585 | 1 Huawei | 2 Emui, Harmonyos | 2025-05-14 | N/A | 7.8 HIGH |
| The kernel module has an out-of-bounds read vulnerability.Successful exploitation of this vulnerability may cause memory overwriting. | |||||
| CVE-2022-41584 | 1 Huawei | 2 Emui, Harmonyos | 2025-05-14 | N/A | 7.8 HIGH |
| The kernel module has an out-of-bounds read vulnerability.Successful exploitation of this vulnerability may cause memory overwriting. | |||||
| CVE-2022-41583 | 1 Huawei | 2 Emui, Harmonyos | 2025-05-14 | N/A | 7.5 HIGH |
| The storage maintenance and debugging module has an array out-of-bounds read vulnerability.Successful exploitation of this vulnerability will cause incorrect statistics of this module. | |||||
| CVE-2022-41581 | 1 Huawei | 2 Emui, Harmonyos | 2025-05-14 | N/A | 9.1 CRITICAL |
| The HW_KEYMASTER module has a vulnerability of not verifying the data read.Successful exploitation of this vulnerability may cause malicious construction of data, which results in out-of-bounds access. | |||||
| CVE-2022-41577 | 1 Huawei | 2 Emui, Harmonyos | 2025-05-14 | N/A | 7.1 HIGH |
| The kernel server has a vulnerability of not verifying the length of the data transferred in the user space.Successful exploitation of this vulnerability may cause out-of-bounds read in the kernel, which affects the device confidentiality and availability. | |||||
| CVE-2022-41603 | 1 Huawei | 2 Emui, Harmonyos | 2025-05-14 | N/A | 3.4 LOW |
| The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the fingerprint trusted application (TA).Successful exploitation of this vulnerability may affect the fingerprint service. | |||||
| CVE-2025-30176 | 2025-05-13 | N/A | 7.5 HIGH | ||
| A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions), SIMATIC PCS neo V5.0 (All versions), SINEC NMS (All versions), SINEMA Remote Connect (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), Totally Integrated Automation Portal (TIA Portal) V18 (All versions), Totally Integrated Automation Portal (TIA Portal) V19 (All versions), Totally Integrated Automation Portal (TIA Portal) V20 (All versions), User Management Component (UMC) (All versions < V2.15.1.1). Affected products contain a out of bound read buffer overflow vulnerability in the integrated UMC component. This could allow an unauthenticated remote attacker to cause a denial of service condition. | |||||
| CVE-2025-30174 | 2025-05-13 | N/A | 7.5 HIGH | ||
| A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions), SIMATIC PCS neo V5.0 (All versions), SINEC NMS (All versions), SINEMA Remote Connect (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), Totally Integrated Automation Portal (TIA Portal) V18 (All versions), Totally Integrated Automation Portal (TIA Portal) V19 (All versions), Totally Integrated Automation Portal (TIA Portal) V20 (All versions), User Management Component (UMC) (All versions < V2.15.1.1). Affected products contain a out of bound read buffer overflow vulnerability in the integrated UMC component. This could allow an unauthenticated remote attacker to cause a denial of service condition. | |||||
| CVE-2024-39720 | 1 Ollama | 1 Ollama | 2025-05-13 | N/A | 8.2 HIGH |
| An issue was discovered in Ollama before 0.1.46. An attacker can use two HTTP requests to upload a malformed GGUF file containing just 4 bytes starting with the GGUF custom magic header. By leveraging a custom Modelfile that includes a FROM statement pointing to the attacker-controlled blob file, the attacker can crash the application through the CreateModel route, leading to a segmentation fault (signal SIGSEGV: segmentation violation). | |||||
| CVE-2024-12055 | 1 Ollama | 1 Ollama | 2025-05-13 | N/A | 7.5 HIGH |
| A vulnerability in Ollama versions <=0.3.14 allows a malicious user to create a customized gguf model file that can be uploaded to the public Ollama server. When the server processes this malicious model, it crashes, leading to a Denial of Service (DoS) attack. The root cause of the issue is an out-of-bounds read in the gguf.go file. | |||||
| CVE-2025-4098 | 2025-05-12 | N/A | N/A | ||
| Horner Automation Cscape version 10.0 (10.0.415.2) SP1 is vulnerable to an out-of-bounds read vulnerability that could allow an attacker to disclose information and execute arbitrary code on affected installations of Cscape. | |||||
| CVE-2025-4082 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-05-09 | N/A | 5.9 MEDIUM |
| Modification of specific WebGL shader attributes could trigger an out-of-bounds read, which, when chained with other vulnerabilities, could be used to escalate privileges. *This bug only affects Thunderbird for macOS. Other versions of Thunderbird are unaffected.* This vulnerability affects Firefox < 138, Firefox ESR < 128.10, Firefox ESR < 115.23, Thunderbird < 138, and Thunderbird < 128.10. | |||||
| CVE-2025-4087 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-05-09 | N/A | 6.5 MEDIUM |
| A vulnerability was identified in Thunderbird where XPath parsing could trigger undefined behavior due to missing null checks during attribute access. This could lead to out-of-bounds read access and potentially, memory corruption. This vulnerability affects Firefox < 138, Firefox ESR < 128.10, Thunderbird < 138, and Thunderbird < 128.10. | |||||
| CVE-2025-46591 | 1 Huawei | 1 Harmonyos | 2025-05-09 | N/A | 6.2 MEDIUM |
| Out-of-bounds data read vulnerability in the authorization module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | |||||
| CVE-2024-45568 | 1 Qualcomm | 26 Fastconnect 6900, Fastconnect 6900 Firmware, Fastconnect 7800 and 23 more | 2025-05-09 | N/A | 6.7 MEDIUM |
| Memory corruption due to improper bounds check while command handling in camera-kernel driver. | |||||
| CVE-2024-49846 | 1 Qualcomm | 62 Ar8035, Ar8035 Firmware, Fastconnect 7800 and 59 more | 2025-05-09 | N/A | 8.2 HIGH |
| Memory corruption while decoding of OTA messages from T3448 IE. | |||||
| CVE-2024-49847 | 1 Qualcomm | 94 Ar8035, Ar8035 Firmware, Fastconnect 7800 and 91 more | 2025-05-09 | N/A | 7.5 HIGH |
| Transient DOS while processing of a registration acceptance OTA due to incorrect ciphering key data IE. | |||||
| CVE-2025-21459 | 1 Qualcomm | 248 Ar8035, Ar8035 Firmware, Fastconnect 6700 and 245 more | 2025-05-09 | N/A | 7.5 HIGH |
| Transient DOS while parsing per STA profile in ML IE. | |||||
| CVE-2025-21475 | 1 Qualcomm | 80 Aqt1000, Aqt1000 Firmware, Fastconnect 6200 and 77 more | 2025-05-09 | N/A | 7.8 HIGH |
| Memory corruption while processing escape code, when DisplayId is passed with large unsigned value. | |||||