Total
7195 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-21374 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2025-01-17 | N/A | 5.5 MEDIUM |
| Windows CSC Service Information Disclosure Vulnerability | |||||
| CVE-2024-29996 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2025-01-16 | N/A | 7.8 HIGH |
| Windows Common Log File System Driver Elevation of Privilege Vulnerability | |||||
| CVE-2024-29994 | 1 Microsoft | 9 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 6 more | 2025-01-16 | N/A | 7.8 HIGH |
| Microsoft Windows SCSI Class System File Elevation of Privilege Vulnerability | |||||
| CVE-2021-47083 | 1 Linux | 1 Linux Kernel | 2025-01-16 | N/A | 7.1 HIGH |
| In the Linux kernel, the following vulnerability has been resolved: pinctrl: mediatek: fix global-out-of-bounds issue When eint virtual eint number is greater than gpio number, it maybe produce 'desc[eint_n]' size globle-out-of-bounds issue. | |||||
| CVE-2025-0518 | 2025-01-16 | N/A | N/A | ||
| Unchecked Return Value, Out-of-bounds Read vulnerability in FFmpeg allows Read Sensitive Constants Within an Executable. This vulnerability is associated with program files https://github.Com/FFmpeg/FFmpeg/blob/master/libavfilter/af_pan.C . This issue affects FFmpeg: 7.1. Issue was fixed: https://github.com/FFmpeg/FFmpeg/commit/b5b6391d64807578ab872dc58fb8aa621dcfc38a https://github.com/FFmpeg/FFmpeg/commit/b5b6391d64807578ab872dc58fb8aa621dcfc38a This issue was discovered by: Simcha Kosman | |||||
| CVE-2024-56627 | 1 Linux | 1 Linux Kernel | 2025-01-16 | N/A | 7.1 HIGH |
| In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix Out-of-Bounds Read in ksmbd_vfs_stream_read An offset from client could be a negative value, It could lead to an out-of-bounds read from the stream_buf. Note that this issue is coming when setting 'vfs objects = streams_xattr parameter' in ksmbd.conf. | |||||
| CVE-2024-1453 | 1 Santesoft | 1 Dicom Viewer Pro | 2025-01-16 | N/A | 7.8 HIGH |
| In Sante DICOM Viewer Pro versions 14.0.3 and prior, a user must open a malicious DICOM file, which could allow a local attacker to disclose information or execute arbitrary code. | |||||
| CVE-2024-37966 | 1 Microsoft | 3 Sql Server 2017, Sql Server 2019, Sql Server 2022 | 2025-01-15 | N/A | 7.1 HIGH |
| Microsoft SQL Server Native Scoring Information Disclosure Vulnerability | |||||
| CVE-2024-36931 | 1 Linux | 1 Linux Kernel | 2025-01-15 | N/A | 7.1 HIGH |
| In the Linux kernel, the following vulnerability has been resolved: s390/cio: Ensure the copied buf is NUL terminated Currently, we allocate a lbuf-sized kernel buffer and copy lbuf from userspace to that buffer. Later, we use scanf on this buffer but we don't ensure that the string is terminated inside the buffer, this can lead to OOB read when using scanf. Fix this issue by using memdup_user_nul instead. | |||||
| CVE-2024-36935 | 1 Linux | 1 Linux Kernel | 2025-01-15 | N/A | 7.1 HIGH |
| In the Linux kernel, the following vulnerability has been resolved: ice: ensure the copied buf is NUL terminated Currently, we allocate a count-sized kernel buffer and copy count bytes from userspace to that buffer. Later, we use sscanf on this buffer but we don't ensure that the string is terminated inside the buffer, this can lead to OOB read when using sscanf. Fix this issue by using memdup_user_nul instead of memdup_user. | |||||
| CVE-2022-48479 | 1 Huawei | 1 Harmonyos | 2025-01-15 | N/A | 9.8 CRITICAL |
| The facial recognition TA of some products has the out-of-bounds memory read vulnerability. Successful exploitation of this vulnerability may cause exceptions of the facial recognition service. | |||||
| CVE-2024-21477 | 1 Qualcomm | 368 Aqt1000, Aqt1000 Firmware, Ar8035 and 365 more | 2025-01-15 | N/A | 7.5 HIGH |
| Transient DOS while parsing a protected 802.11az Fine Time Measurement (FTM) frame. | |||||
| CVE-2023-43528 | 1 Qualcomm | 182 Ar8035, Ar8035 Firmware, C-v2x 9150 and 179 more | 2025-01-15 | N/A | 6.1 MEDIUM |
| Information disclosure when the ADSP payload size received in HLOS in response to Audio Stream Manager matrix session is less than this expected size. | |||||
| CVE-2023-43527 | 1 Qualcomm | 108 Fastconnect 6800, Fastconnect 6800 Firmware, Fastconnect 6900 and 105 more | 2025-01-15 | N/A | 6.8 MEDIUM |
| Information disclosure while parsing dts header atom in Video. | |||||
| CVE-2024-28938 | 1 Microsoft | 5 Odbc Driver For Sql Server, Sql Server 2019, Sql Server 2022 and 2 more | 2025-01-14 | N/A | 8.8 HIGH |
| Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability | |||||
| CVE-2019-14907 | 6 Canonical, Debian, Fedoraproject and 3 more | 10 Ubuntu Linux, Debian Linux, Fedora and 7 more | 2025-01-14 | 2.6 LOW | 6.5 MEDIUM |
| All samba versions 4.9.x before 4.9.18, 4.10.x before 4.10.12 and 4.11.x before 4.11.5 have an issue where if it is set with "log level = 3" (or above) then the string obtained from the client, after a failed character conversion, is printed. Such strings can be provided during the NTLMSSP authentication exchange. In the Samba AD DC in particular, this may cause a long-lived process(such as the RPC server) to terminate. (In the file server case, the most likely target, smbd, operates as process-per-client and so a crash there is harmless). | |||||
| CVE-2022-3576 | 1 Synology | 4 Diskstation Manager, Ds3622xs\+, Fs3410 and 1 more | 2025-01-14 | N/A | 5.3 MEDIUM |
| A vulnerability regarding out-of-bounds read is found in the session processing functionality of Out-of-Band (OOB) Management. This allows remote attackers to obtain sensitive information via unspecified vectors. The following models with Synology DiskStation Manager (DSM) versions before 7.1.1-42962-2 may be affected: DS3622xs+, FS3410, and HD6500. | |||||
| CVE-2021-27647 | 1 Synology | 1 Diskstation Manager | 2025-01-14 | 7.5 HIGH | 9.8 CRITICAL |
| Out-of-bounds Read vulnerability in iscsi_snapshot_comm_core in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via crafted web requests. | |||||
| CVE-2024-13169 | 2025-01-14 | N/A | 7.8 HIGH | ||
| An out-of-bounds read in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a local authenticated attacker to escalate their privileges. | |||||
| CVE-2024-49111 | 1 Microsoft | 9 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 6 more | 2025-01-14 | N/A | 6.6 MEDIUM |
| Wireless Wide Area Network Service (WwanSvc) Elevation of Privilege Vulnerability | |||||