Total
8576 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-2838 | 1 Gpac | 1 Gpac | 2025-01-21 | 9.1 Critical |
| Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.2.2. | ||||
| CVE-2023-33285 | 2 Qt, Redhat | 2 Qt, Enterprise Linux | 2025-01-21 | 5.3 Medium |
| An issue was discovered in Qt 5.x before 5.15.14, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. QDnsLookup has a buffer over-read via a crafted reply from a DNS server. | ||||
| CVE-2023-23301 | 1 Garmin | 1 Connect-iq | 2025-01-21 | 9.8 Critical |
| The `news` MonkeyC operation code in CIQ API version 1.0.0 through 4.1.7 fails to check that string resources are not extending past the end of the expected sections. A malicious CIQ application could craft a string that starts near the end of a section, and whose length extends past its end. Upon loading the string, the GarminOS TVM component may read out-of-bounds memory. | ||||
| CVE-2023-0621 | 1 Hornerautomation | 1 Cscape Envision Rv | 2025-01-17 | 7.8 High |
| Cscape Envision RV version 4.60 is vulnerable to an out-of-bounds read vulnerability when parsing project (i.e. HMI) files. The product lacks proper validation of user-supplied data, which could result in reads past the end of allocated data structures. An attacker could leverage these vulnerabilities to execute arbitrary code in the context of the current process. | ||||
| CVE-2024-9843 | 2 Apple, Ivanti | 2 Macos, Secure Access Client | 2025-01-17 | 5 Medium |
| A buffer over-read in Ivanti Secure Access Client before 22.7R4 allows a local unauthenticated attacker to cause a denial of service. | ||||
| CVE-2022-24805 | 4 Debian, Fedoraproject, Net-snmp and 1 more | 16 Debian Linux, Fedora, Net-snmp and 13 more | 2025-01-17 | 6.5 Medium |
| net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a buffer overflow in the handling of the `INDEX` of `NET-SNMP-VACM-MIB` can cause an out-of-bounds memory access. A user with read-only credentials can exploit the issue. Version 5.9.2 contains a patch. Users should use strong SNMPv3 credentials and avoid sharing the credentials. Those who must use SNMPv1 or SNMPv2c should use a complex community string and enhance the protection by restricting access to a given IP address range. | ||||
| CVE-2023-22295 | 1 Datakit | 1 Crosscadware | 2025-01-16 | 3.3 Low |
| Datakit CrossCadWare_x64.dll contains an out of bounds read past the end of an allocated buffer while parsing a specially crafted SLDPRT file. This vulnerability could allow an attacker to disclose sensitive information. | ||||
| CVE-2023-22321 | 1 Datakit | 1 Crosscadware | 2025-01-16 | 3.3 Low |
| Datakit CrossCadWare_x64.dll contains an out-of-bounds read past the end of an allocated buffer while parsing a specially crafted SLDPRT file. This vulnerability could allow an attacker to disclose sensitive information. | ||||
| CVE-2023-22354 | 1 Datakit | 1 Crosscadware | 2025-01-16 | 3.3 Low |
| Datakit CrossCadWare_x64.dll contains an out-of-bounds read past the end of an allocated buffer while parsing a specially crafted SLDPRT file. This vulnerability could allow an attacker to disclose sensitive information. | ||||
| CVE-2023-22846 | 1 Datakit | 1 Crosscadware | 2025-01-16 | 3.3 Low |
| Datakit CrossCadWare_x64.dll contains an out-of-bounds read past the end of an allocated buffer while parsing a specially crafted SLDPRT file. This vulnerability could allow an attacker to disclose sensitive information. | ||||
| CVE-2023-5059 | 1 Santesoft | 1 Fft Imaging | 2025-01-16 | 7.8 High |
| Santesoft Sante FFT Imaging lacks proper validation of user-supplied data when parsing DICOM files. This could lead to an out-of-bounds read. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process. | ||||
| CVE-2024-24564 | 1 Vyperlang | 1 Vyper | 2025-01-16 | 3.7 Low |
| Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. When using the built-in `extract32(b, start)`, if the `start` index provided has for side effect to update `b`, the byte array to extract `32` bytes from, it could be that some dirty memory is read and returned by `extract32`. This vulnerability is fixed in 0.4.0. | ||||
| CVE-2024-1453 | 1 Santesoft | 1 Dicom Viewer Pro | 2025-01-16 | 7.8 High |
| In Sante DICOM Viewer Pro versions 14.0.3 and prior, a user must open a malicious DICOM file, which could allow a local attacker to disclose information or execute arbitrary code. | ||||
| CVE-2024-37966 | 1 Microsoft | 3 Sql Server 2017, Sql Server 2019, Sql Server 2022 | 2025-01-15 | 7.1 High |
| Microsoft SQL Server Native Scoring Information Disclosure Vulnerability | ||||
| CVE-2022-48479 | 1 Huawei | 1 Harmonyos | 2025-01-15 | 9.8 Critical |
| The facial recognition TA of some products has the out-of-bounds memory read vulnerability. Successful exploitation of this vulnerability may cause exceptions of the facial recognition service. | ||||
| CVE-2024-21477 | 1 Qualcomm | 368 Aqt1000, Aqt1000 Firmware, Ar8035 and 365 more | 2025-01-15 | 7.5 High |
| Transient DOS while parsing a protected 802.11az Fine Time Measurement (FTM) frame. | ||||
| CVE-2019-14907 | 6 Canonical, Debian, Fedoraproject and 3 more | 10 Ubuntu Linux, Debian Linux, Fedora and 7 more | 2025-01-14 | 6.5 Medium |
| All samba versions 4.9.x before 4.9.18, 4.10.x before 4.10.12 and 4.11.x before 4.11.5 have an issue where if it is set with "log level = 3" (or above) then the string obtained from the client, after a failed character conversion, is printed. Such strings can be provided during the NTLMSSP authentication exchange. In the Samba AD DC in particular, this may cause a long-lived process(such as the RPC server) to terminate. (In the file server case, the most likely target, smbd, operates as process-per-client and so a crash there is harmless). | ||||
| CVE-2021-27647 | 1 Synology | 1 Diskstation Manager | 2025-01-14 | 9.8 Critical |
| Out-of-bounds Read vulnerability in iscsi_snapshot_comm_core in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via crafted web requests. | ||||
| CVE-2024-45548 | 1 Qualcomm | 20 Fastconnect 6900, Fastconnect 6900 Firmware, Fastconnect 7800 and 17 more | 2025-01-13 | 7.8 High |
| Memory corruption while processing FIPS encryption or decryption validation functionality IOCTL call. | ||||
| CVE-2024-45546 | 1 Qualcomm | 20 Fastconnect 6900, Fastconnect 6900 Firmware, Fastconnect 7800 and 17 more | 2025-01-13 | 7.8 High |
| Memory corruption while processing FIPS encryption or decryption IOCTL call invoked from user-space. | ||||