Total
7417 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-47308 | 1 Linux | 1 Linux Kernel | 2025-04-02 | N/A | 6.5 MEDIUM |
| In the Linux kernel, the following vulnerability has been resolved: scsi: libfc: Fix array index out of bound exception Fix array index out of bound exception in fc_rport_prli_resp(). | |||||
| CVE-2025-27788 | 1 Ruby-lang | 1 Javascript Object Notation | 2025-04-02 | N/A | 7.5 HIGH |
| JSON is a JSON implementation for Ruby. Starting in version 2.10.0 and prior to version 2.10.2, a specially crafted document could cause an out of bound read, most likely resulting in a crash. Versions prior to 2.10.0 are not vulnerable. Version 2.10.2 fixes the problem. No known workarounds are available. | |||||
| CVE-2025-1914 | 1 Google | 1 Chrome | 2025-04-01 | N/A | 8.8 HIGH |
| Out of bounds read in V8 in Google Chrome prior to 134.0.6998.35 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2025-1918 | 1 Google | 1 Chrome | 2025-04-01 | N/A | 8.8 HIGH |
| Out of bounds read in PDFium in Google Chrome prior to 134.0.6998.35 allowed a remote attacker to potentially perform out of bounds memory access via a crafted PDF file. (Chromium security severity: Medium) | |||||
| CVE-2025-1919 | 1 Google | 1 Chrome | 2025-04-01 | N/A | 8.8 HIGH |
| Out of bounds read in Media in Google Chrome prior to 134.0.6998.35 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Medium) | |||||
| CVE-2024-36960 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2025-04-01 | N/A | 7.1 HIGH |
| In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Fix invalid reads in fence signaled events Correctly set the length of the drm_event to the size of the structure that's actually used. The length of the drm_event was set to the parent structure instead of to the drm_vmw_event_fence which is supposed to be read. drm_read uses the length parameter to copy the event to the user space thus resuling in oob reads. | |||||
| CVE-2024-36016 | 1 Linux | 1 Linux Kernel | 2025-04-01 | N/A | 7.7 HIGH |
| In the Linux kernel, the following vulnerability has been resolved: tty: n_gsm: fix possible out-of-bounds in gsm0_receive() Assuming the following: - side A configures the n_gsm in basic option mode - side B sends the header of a basic option mode frame with data length 1 - side A switches to advanced option mode - side B sends 2 data bytes which exceeds gsm->len Reason: gsm->len is not used in advanced option mode. - side A switches to basic option mode - side B keeps sending until gsm0_receive() writes past gsm->buf Reason: Neither gsm->state nor gsm->len have been reset after reconfiguration. Fix this by changing gsm->count to gsm->len comparison from equal to less than. Also add upper limit checks against the constant MAX_MRU in gsm0_receive() and gsm1_receive() to harden against memory corruption of gsm->len and gsm->mru. All other checks remain as we still need to limit the data according to the user configuration and actual payload size. | |||||
| CVE-2021-47586 | 1 Linux | 1 Linux Kernel | 2025-04-01 | N/A | 5.5 MEDIUM |
| In the Linux kernel, the following vulnerability has been resolved: net: stmmac: dwmac-rk: fix oob read in rk_gmac_setup KASAN reports an out-of-bounds read in rk_gmac_setup on the line: while (ops->regs[i]) { This happens for most platforms since the regs flexible array member is empty, so the memory after the ops structure is being read here. It seems that mostly this happens to contain zero anyway, so we get lucky and everything still works. To avoid adding redundant data to nearly all the ops structures, add a new flag to indicate whether the regs field is valid and avoid this loop when it is not. | |||||
| CVE-2024-29943 | 1 Mozilla | 1 Firefox | 2025-04-01 | N/A | 9.8 CRITICAL |
| An attacker was able to perform an out-of-bounds read or write on a JavaScript object by fooling range-based bounds check elimination. This vulnerability affects Firefox < 124.0.1. | |||||
| CVE-2024-3859 | 2 Debian, Mozilla | 3 Debian Linux, Firefox, Thunderbird | 2025-04-01 | N/A | 5.9 MEDIUM |
| On 32-bit versions there were integer-overflows that led to an out-of-bounds-read that potentially could be triggered by a malformed OpenType font. This vulnerability affects Firefox < 125, Firefox ESR < 115.10, and Thunderbird < 115.10. | |||||
| CVE-2024-3854 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-04-01 | N/A | 8.8 HIGH |
| In some code patterns the JIT incorrectly optimized switch statements and generated code with out-of-bounds-reads. This vulnerability affects Firefox < 125, Firefox ESR < 115.10, and Thunderbird < 115.10. | |||||
| CVE-2024-26334 | 1 Swftools | 1 Swftools | 2025-04-01 | N/A | 6.2 MEDIUM |
| swftools v0.9.2 was discovered to contain a segmentation violation via the function compileSWFActionCode at swftools/lib/action/actioncompiler.c. | |||||
| CVE-2024-24452 | 2025-03-31 | N/A | 5.9 MEDIUM | ||
| An invalid memory access when handling the ProtocolIE_ID field of E-RAB Release Indication messages in Athonet vEPC MME v11.4.0 allows attackers to cause a Denial of Service (DoS) to the cellular network by repeatedly initiating connections and sending a crafted payload. | |||||
| CVE-2024-3855 | 1 Mozilla | 1 Firefox | 2025-03-31 | N/A | 6.5 MEDIUM |
| In certain cases the JIT incorrectly optimized MSubstr operations, which led to out-of-bounds reads. This vulnerability affects Firefox < 125. | |||||
| CVE-2024-28319 | 2025-03-29 | N/A | 6.2 MEDIUM | ||
| gpac 2.3-DEV-rev921-g422b78ecf-master was discovered to contain an out of boundary read vulnerability via gf_dash_setup_period media_tools/dash_client.c:6374 | |||||
| CVE-2024-43565 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2025-03-28 | N/A | 7.5 HIGH |
| Windows Network Address Translation (NAT) Denial of Service Vulnerability | |||||
| CVE-2025-1932 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-03-28 | N/A | 8.1 HIGH |
| An inconsistent comparator in xslt/txNodeSorter could have resulted in potentially exploitable out-of-bounds access. Only affected version 122 and later. This vulnerability affects Firefox < 136, Firefox ESR < 128.8, Thunderbird < 136, and Thunderbird < 128.8. | |||||
| CVE-2024-28571 | 1 Freeimage Project | 1 Freeimage | 2025-03-28 | N/A | 5.5 MEDIUM |
| Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the fill_input_buffer() function when reading images in JPEG format. | |||||
| CVE-2024-28578 | 1 Freeimage Project | 1 Freeimage | 2025-03-28 | N/A | 8.4 HIGH |
| Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to execute arbitrary code via the Load() function when reading images in RAS format. | |||||
| CVE-2024-28579 | 1 Freeimage Project | 1 Freeimage | 2025-03-28 | N/A | 6.2 MEDIUM |
| Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the FreeImage_Unload() function when reading images in HDR format. | |||||