Total
7384 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-41577 | 1 Huawei | 2 Emui, Harmonyos | 2025-05-14 | N/A | 7.1 HIGH |
| The kernel server has a vulnerability of not verifying the length of the data transferred in the user space.Successful exploitation of this vulnerability may cause out-of-bounds read in the kernel, which affects the device confidentiality and availability. | |||||
| CVE-2022-41603 | 1 Huawei | 2 Emui, Harmonyos | 2025-05-14 | N/A | 3.4 LOW |
| The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the fingerprint trusted application (TA).Successful exploitation of this vulnerability may affect the fingerprint service. | |||||
| CVE-2024-39720 | 1 Ollama | 1 Ollama | 2025-05-13 | N/A | 8.2 HIGH |
| An issue was discovered in Ollama before 0.1.46. An attacker can use two HTTP requests to upload a malformed GGUF file containing just 4 bytes starting with the GGUF custom magic header. By leveraging a custom Modelfile that includes a FROM statement pointing to the attacker-controlled blob file, the attacker can crash the application through the CreateModel route, leading to a segmentation fault (signal SIGSEGV: segmentation violation). | |||||
| CVE-2024-12055 | 1 Ollama | 1 Ollama | 2025-05-13 | N/A | 7.5 HIGH |
| A vulnerability in Ollama versions <=0.3.14 allows a malicious user to create a customized gguf model file that can be uploaded to the public Ollama server. When the server processes this malicious model, it crashes, leading to a Denial of Service (DoS) attack. The root cause of the issue is an out-of-bounds read in the gguf.go file. | |||||
| CVE-2025-4098 | 2025-05-12 | N/A | N/A | ||
| Horner Automation Cscape version 10.0 (10.0.415.2) SP1 is vulnerable to an out-of-bounds read vulnerability that could allow an attacker to disclose information and execute arbitrary code on affected installations of Cscape. | |||||
| CVE-2025-4082 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-05-09 | N/A | 5.9 MEDIUM |
| Modification of specific WebGL shader attributes could trigger an out-of-bounds read, which, when chained with other vulnerabilities, could be used to escalate privileges. *This bug only affects Thunderbird for macOS. Other versions of Thunderbird are unaffected.* This vulnerability affects Firefox < 138, Firefox ESR < 128.10, Firefox ESR < 115.23, Thunderbird < 138, and Thunderbird < 128.10. | |||||
| CVE-2025-4087 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-05-09 | N/A | 6.5 MEDIUM |
| A vulnerability was identified in Thunderbird where XPath parsing could trigger undefined behavior due to missing null checks during attribute access. This could lead to out-of-bounds read access and potentially, memory corruption. This vulnerability affects Firefox < 138, Firefox ESR < 128.10, Thunderbird < 138, and Thunderbird < 128.10. | |||||
| CVE-2025-46591 | 1 Huawei | 1 Harmonyos | 2025-05-09 | N/A | 6.2 MEDIUM |
| Out-of-bounds data read vulnerability in the authorization module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | |||||
| CVE-2024-45568 | 1 Qualcomm | 26 Fastconnect 6900, Fastconnect 6900 Firmware, Fastconnect 7800 and 23 more | 2025-05-09 | N/A | 6.7 MEDIUM |
| Memory corruption due to improper bounds check while command handling in camera-kernel driver. | |||||
| CVE-2024-49846 | 1 Qualcomm | 62 Ar8035, Ar8035 Firmware, Fastconnect 7800 and 59 more | 2025-05-09 | N/A | 8.2 HIGH |
| Memory corruption while decoding of OTA messages from T3448 IE. | |||||
| CVE-2024-49847 | 1 Qualcomm | 94 Ar8035, Ar8035 Firmware, Fastconnect 7800 and 91 more | 2025-05-09 | N/A | 7.5 HIGH |
| Transient DOS while processing of a registration acceptance OTA due to incorrect ciphering key data IE. | |||||
| CVE-2022-25736 | 1 Qualcomm | 486 Aqt1000, Aqt1000 Firmware, Ar8031 and 483 more | 2025-05-09 | N/A | 7.5 HIGH |
| Denial of service in WLAN due to out-of-bound read happens while processing VHT action frame in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking | |||||
| CVE-2022-25719 | 1 Qualcomm | 236 Apq8009, Apq8009 Firmware, Apq8009w and 233 more | 2025-05-09 | N/A | 8.2 HIGH |
| Information disclosure in WLAN due to improper length check while processing authentication handshake in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking | |||||
| CVE-2022-43043 | 1 Gpac | 1 Gpac | 2025-05-09 | N/A | 5.5 MEDIUM |
| GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a segmentation violation via the function BD_CheckSFTimeOffset at /bifs/field_decode.c. | |||||
| CVE-2022-43282 | 1 Webassembly | 1 Wabt | 2025-05-08 | N/A | 7.1 HIGH |
| wasm-interp v1.0.29 was discovered to contain an out-of-bounds read via the component OnReturnCallIndirectExpr->GetReturnCallDropKeepCount. | |||||
| CVE-2025-43963 | 1 Libraw | 1 Libraw | 2025-05-08 | N/A | 2.9 LOW |
| In LibRaw before 0.21.4, phase_one_correct in decoders/load_mfbacks.cpp allows out-of-buffer access because split_col and split_row values are not checked in 0x041f tag processing. | |||||
| CVE-2025-43962 | 1 Libraw | 1 Libraw | 2025-05-08 | N/A | 2.9 LOW |
| In LibRaw before 0.21.4, phase_one_correct in decoders/load_mfbacks.cpp has out-of-bounds reads for tag 0x412 processing, related to large w0 or w1 values or the frac and mult calculations. | |||||
| CVE-2025-43961 | 1 Libraw | 1 Libraw | 2025-05-08 | N/A | 2.9 LOW |
| In LibRaw before 0.21.4, metadata/tiff.cpp has an out-of-bounds read in the Fujifilm 0xf00c tag parser. | |||||
| CVE-2024-21099 | 1 Oracle | 1 Business Intelligence | 2025-05-08 | N/A | 4.3 MEDIUM |
| Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Data Visualization). The supported version that is affected is 7.0.0.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N). | |||||
| CVE-2022-3599 | 3 Debian, Libtiff, Netapp | 3 Debian Linux, Libtiff, Active Iq Unified Manager | 2025-05-07 | N/A | 5.5 MEDIUM |
| LibTIFF 4.4.0 has an out-of-bounds read in writeSingleSection in tools/tiffcrop.c:7345, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit e8131125. | |||||