Total
7103 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-25008 | 1 Autodesk | 1 3ds Max Usd | 2025-01-24 | N/A | 7.8 HIGH |
| A malicious actor may convince a user to open a malicious USD file that may trigger an out-of-bounds read vulnerability which could result in code execution. | |||||
| CVE-2023-20706 | 2 Google, Mediatek | 14 Android, Mt6853, Mt6853t and 11 more | 2025-01-24 | N/A | 5.5 MEDIUM |
| In apu, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07767860; Issue ID: ALPS07767860. | |||||
| CVE-2023-20711 | 2 Google, Mediatek | 55 Android, Mt6580, Mt6731 and 52 more | 2025-01-24 | N/A | 4.4 MEDIUM |
| In keyinstall, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07581668; Issue ID: ALPS07581668. | |||||
| CVE-2023-21112 | 1 Google | 1 Android | 2025-01-24 | N/A | 5.5 MEDIUM |
| In AnalyzeMfcResp of NxpMfcReader.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-252763983 | |||||
| CVE-2023-20703 | 2 Google, Mediatek | 14 Android, Mt6853, Mt6853t and 11 more | 2025-01-24 | N/A | 5.5 MEDIUM |
| In apu, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07767853; Issue ID: ALPS07767853. | |||||
| CVE-2023-20719 | 2 Google, Mediatek | 27 Android, Mt6580, Mt6739 and 24 more | 2025-01-24 | N/A | 4.4 MEDIUM |
| In pqframework, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07629583; Issue ID: ALPS07629583. | |||||
| CVE-2024-26000 | 1 Phoenixcontact | 8 Charx Sec-3000, Charx Sec-3000 Firmware, Charx Sec-3050 and 5 more | 2025-01-24 | N/A | 5.9 MEDIUM |
| An unauthenticated remote attacker can read memory out of bounds due to improper input validation in the MQTT stack. The brute force attack is not always successful because of memory randomization. | |||||
| CVE-2023-20698 | 2 Google, Mediatek | 54 Android, Mt6580, Mt6731 and 51 more | 2025-01-23 | N/A | 4.4 MEDIUM |
| In keyinstall, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07589144; Issue ID: ALPS07589144. | |||||
| CVE-2023-20697 | 2 Google, Mediatek | 54 Android, Mt6580, Mt6731 and 51 more | 2025-01-23 | N/A | 4.4 MEDIUM |
| In keyinstall, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07589148; Issue ID: ALPS07589148. | |||||
| CVE-2024-26003 | 1 Phoenixcontact | 8 Charx Sec-3000, Charx Sec-3000 Firmware, Charx Sec-3050 and 5 more | 2025-01-23 | N/A | 7.5 HIGH |
| An unauthenticated remote attacker can DoS the control agent due to a out-of-bounds read which may prevent or disrupt the charging functionality. | |||||
| CVE-2024-7347 | 1 F5 | 2 Nginx Open Source, Nginx Plus | 2025-01-22 | N/A | 4.7 MEDIUM |
| NGINX Open Source and NGINX Plus have a vulnerability in the ngx_http_mp4_module, which might allow an attacker to over-read NGINX worker memory resulting in its termination, using a specially crafted mp4 file. The issue only affects NGINX if it is built with the ngx_http_mp4_module and the mp4 directive is used in the configuration file. Additionally, the attack is possible only if an attacker can trigger the processing of a specially crafted mp4 file with the ngx_http_mp4_module. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | |||||
| CVE-2025-21327 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-01-22 | N/A | 6.6 MEDIUM |
| Windows Digital Media Elevation of Privilege Vulnerability | |||||
| CVE-2025-21324 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-01-22 | N/A | 6.6 MEDIUM |
| Windows Digital Media Elevation of Privilege Vulnerability | |||||
| CVE-2025-21341 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-01-21 | N/A | 6.6 MEDIUM |
| Windows Digital Media Elevation of Privilege Vulnerability | |||||
| CVE-2024-48855 | 1 Blackberry | 1 Qnx Software Development Platform | 2025-01-21 | N/A | 5.3 MEDIUM |
| Out-of-bounds read in the TIFF image codec in QNX SDP versions 8.0, 7.1 and 7.0 could allow an unauthenticated attacker to cause an information disclosure in the context of the process using the image codec. | |||||
| CVE-2023-0621 | 1 Hornerautomation | 1 Cscape Envision Rv | 2025-01-17 | N/A | 7.8 HIGH |
| Cscape Envision RV version 4.60 is vulnerable to an out-of-bounds read vulnerability when parsing project (i.e. HMI) files. The product lacks proper validation of user-supplied data, which could result in reads past the end of allocated data structures. An attacker could leverage these vulnerabilities to execute arbitrary code in the context of the current process. | |||||
| CVE-2023-0049 | 2 Fedoraproject, Vim | 2 Fedora, Vim | 2025-01-17 | N/A | 7.8 HIGH |
| Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.1143. | |||||
| CVE-2024-9843 | 2 Apple, Ivanti | 2 Macos, Secure Access Client | 2025-01-17 | N/A | 5.0 MEDIUM |
| A buffer over-read in Ivanti Secure Access Client before 22.7R4 allows a local unauthenticated attacker to cause a denial of service. | |||||
| CVE-2025-21374 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2025-01-17 | N/A | 5.5 MEDIUM |
| Windows CSC Service Information Disclosure Vulnerability | |||||
| CVE-2024-29996 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2025-01-16 | N/A | 7.8 HIGH |
| Windows Common Log File System Driver Elevation of Privilege Vulnerability | |||||