Total
187 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-24068 | 2025-06-12 | N/A | 5.5 MEDIUM | ||
| Buffer over-read in Windows Storage Management Provider allows an authorized attacker to disclose information locally. | |||||
| CVE-2025-47295 | 1 Fortinet | 1 Fortios | 2025-06-04 | N/A | 3.7 LOW |
| A buffer over-read in Fortinet FortiOS versions 7.4.0 through 7.4.3, versions 7.2.0 through 7.2.7, and versions 7.0.0 through 7.0.14 may allow a remote unauthenticated attacker to crash the FGFM daemon via a specially crafted request, under rare conditions that are outside of the attacker's control. | |||||
| CVE-2025-27029 | 2025-06-04 | N/A | 7.5 HIGH | ||
| Transient DOS while processing the tone measurement response buffer when the response buffer is out of range. | |||||
| CVE-2024-53026 | 2025-06-04 | N/A | 8.2 HIGH | ||
| Information disclosure when an invalid RTCP packet is received during a VoLTE/VoWiFi IMS call. | |||||
| CVE-2024-53019 | 2025-06-04 | N/A | 8.2 HIGH | ||
| Information disclosure may occur while decoding the RTP packet with improper header length for number of contributing sources. | |||||
| CVE-2024-53020 | 2025-06-04 | N/A | 8.2 HIGH | ||
| Information disclosure may occur while decoding the RTP packet with invalid header extension from network. | |||||
| CVE-2025-21463 | 2025-06-04 | N/A | 7.5 HIGH | ||
| Transient DOS while processing the EHT operation IE in the received beacon frame. | |||||
| CVE-2024-53021 | 2025-06-04 | N/A | 8.2 HIGH | ||
| Information disclosure may occur while processing goodbye RTCP packet from network. | |||||
| CVE-2023-45919 | 1 Mesa3d | 1 Mesa | 2025-05-29 | N/A | 5.3 MEDIUM |
| Mesa 23.0.4 was discovered to contain a buffer over-read in glXQueryServerString(). NOTE: this is disputed because there are no common situations in which users require uninterrupted operation with an attacker-controller server. | |||||
| CVE-2025-32053 | 2025-05-29 | N/A | 6.5 MEDIUM | ||
| A flaw was found in libsoup. A vulnerability in sniff_feed_or_html() and skip_insignificant_space() functions may lead to a heap buffer over-read. | |||||
| CVE-2025-32052 | 2025-05-29 | N/A | 6.5 MEDIUM | ||
| A flaw was found in libsoup. A vulnerability in the sniff_unknown() function may lead to heap buffer over-read. | |||||
| CVE-2023-51773 | 1 Bacnetstack | 1 Bacnet Stack | 2025-05-23 | N/A | 9.1 CRITICAL |
| BACnet Stack before 1.3.2 has a decode function APDU buffer over-read in bacapp_decode_application_data in bacapp.c. | |||||
| CVE-2024-52879 | 2025-05-19 | N/A | 7.5 HIGH | ||
| An issue was discovered in Insyde InsydeH2O kernel 5.2 before version 05.29.50, kernel 5.3 before version 05.38.50, kernel 5.4 before version 05.46.50, kernel 5.5 before version 05.54.50, kernel 5.6 before version 05.61.50, and kernel 5.7 before version 05.70.50. In VariableRuntimeDxe driver, SmmUpdateVariablePropertySmi () is a SMM callback function and it uses StrCmp () to compare variable names. This action may cause a buffer over-read. | |||||
| CVE-2024-52878 | 2025-05-19 | N/A | 7.5 HIGH | ||
| An issue was discovered in Insyde InsydeH2O kernel 5.2 before version 05.29.50, kernel 5.3 before version 05.38.50, kernel 5.4 before version 05.46.50, kernel 5.5 before version 05.54.50, kernel 5.6 before version 05.61.50, and kernel 5.7 before version 05.70.50. In VariableRuntimeDxe driver, VariableServicesSetVariable () can be called by gRT_>SetVariable () or the SmmSetSensitiveVariable () or SmmInternalSetVariable () from SMM. In VariableServicesSetVariable (), it uses StrSize () to get variable name size, uses StrLen () to get variable name length and uses StrCmp () to compare strings. These actions may cause a buffer over-read. | |||||
| CVE-2024-52877 | 2025-05-19 | N/A | 7.5 HIGH | ||
| An issue was discovered in Insyde InsydeH2O kernel 5.2 before version 05.29.50, kernel 5.3 before version 05.38.50, kernel 5.4 before version 05.46.50, kernel 5.5 before version 05.54.50, kernel 5.6 before version 05.61.50, and kernel 5.7 before version 05.70.50. In VariableRuntimeDxe driver, callback function SmmCreateVariableLockList () calls CreateVariableLockListInSmm (). In CreateVariableLockListInSmm (), it uses StrSize () to get variable name size and it could lead to a buffer over-read. | |||||
| CVE-2025-32704 | 1 Microsoft | 4 365 Apps, Excel, Office and 1 more | 2025-05-19 | N/A | 8.4 HIGH |
| Buffer over-read in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | |||||
| CVE-2025-29956 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-05-19 | N/A | 5.4 MEDIUM |
| Buffer over-read in Windows SMB allows an authorized attacker to disclose information over a network. | |||||
| CVE-2025-4207 | 2025-05-12 | N/A | 5.9 MEDIUM | ||
| Buffer over-read in PostgreSQL GB18030 encoding validation allows a database input provider to achieve temporary denial of service on platforms where a 1-byte over-read can elicit process termination. This affects the database server and also libpq. Versions before PostgreSQL 17.5, 16.9, 15.13, 14.18, and 13.21 are affected. | |||||
| CVE-2024-45568 | 1 Qualcomm | 26 Fastconnect 6900, Fastconnect 6900 Firmware, Fastconnect 7800 and 23 more | 2025-05-09 | N/A | 6.7 MEDIUM |
| Memory corruption due to improper bounds check while command handling in camera-kernel driver. | |||||
| CVE-2024-49846 | 1 Qualcomm | 62 Ar8035, Ar8035 Firmware, Fastconnect 7800 and 59 more | 2025-05-09 | N/A | 8.2 HIGH |
| Memory corruption while decoding of OTA messages from T3448 IE. | |||||