Total
7759 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-5166 | 1 Assimp | 1 Assimp | 2025-06-03 | 1.7 LOW | 3.3 LOW |
| A vulnerability was found in Open Asset Import Library Assimp 5.4.3. It has been classified as problematic. Affected is the function MDCImporter::InternReadFile of the file assimp/code/AssetLib/MDC/MDCLoader.cpp of the component MDC File Parser. The manipulation of the argument pcVerts leads to out-of-bounds read. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The project decided to collect all Fuzzer bugs in a main-issue to address them in the future. | |||||
| CVE-2025-5165 | 1 Assimp | 1 Assimp | 2025-06-03 | 1.7 LOW | 3.3 LOW |
| A vulnerability was found in Open Asset Import Library Assimp 5.4.3 and classified as problematic. This issue affects the function MDCImporter::ValidateSurfaceHeader of the file assimp/code/AssetLib/MDC/MDCLoader.cpp. The manipulation of the argument pcSurface2 leads to out-of-bounds read. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The project decided to collect all Fuzzer bugs in a main-issue to address them in the future. | |||||
| CVE-2023-43843 | 1 Aten | 2 Pe6208, Pe6208 Firmware | 2025-06-03 | N/A | 7.3 HIGH |
| Incorrect access control in the account management function of web interface in Aten PE6208 2.3.228 and 2.4.232 allows remote authenticated users to read user and administrator accounts passwords via HTTP GET request. | |||||
| CVE-2023-32876 | 2 Google, Mediatek | 58 Android, Mt6580, Mt6731 and 55 more | 2025-06-03 | N/A | 4.4 MEDIUM |
| In keyInstall, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08308612; Issue ID: ALPS08308612. | |||||
| CVE-2024-27343 | 1 Tungstenautomation | 1 Power Pdf | 2025-06-03 | N/A | 5.5 MEDIUM |
| Kofax Power PDF PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-22929. | |||||
| CVE-2024-27345 | 1 Tungstenautomation | 1 Power Pdf | 2025-06-03 | N/A | 3.3 LOW |
| Kofax Power PDF PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-22932. | |||||
| CVE-2024-27346 | 1 Tungstenautomation | 1 Power Pdf | 2025-06-03 | N/A | 5.5 MEDIUM |
| Kofax Power PDF PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-22934. | |||||
| CVE-2024-31584 | 1 Linuxfoundation | 1 Pytorch | 2025-06-03 | N/A | 5.5 MEDIUM |
| Pytorch before v2.2.0 has an Out-of-bounds Read vulnerability via the component torch/csrc/jit/mobile/flatbuffer_loader.cpp. | |||||
| CVE-2024-27335 | 1 Tungstenautomation | 1 Power Pdf | 2025-06-03 | N/A | 7.8 HIGH |
| Kofax Power PDF PNG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of PNG files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22018. | |||||
| CVE-2024-27336 | 1 Tungstenautomation | 1 Power Pdf | 2025-06-03 | N/A | 5.5 MEDIUM |
| Kofax Power PDF PNG File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PNG files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-22022. | |||||
| CVE-2024-27338 | 1 Tungstenautomation | 1 Power Pdf | 2025-06-03 | N/A | 7.8 HIGH |
| Kofax Power PDF app response Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the implementation of the app.response method. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22588. | |||||
| CVE-2023-48345 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-06-02 | N/A | 5.5 MEDIUM |
| In video decoder, there is a possible out of bounds read due to improper input validation. This could lead to local denial of service with no additional execution privileges needed | |||||
| CVE-2019-15903 | 2 Libexpat Project, Python | 2 Libexpat, Python | 2025-05-30 | 5.0 MEDIUM | 7.5 HIGH |
| In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber) then resulted in a heap-based buffer over-read. | |||||
| CVE-2024-39277 | 1 Linux | 1 Linux Kernel | 2025-05-30 | N/A | 7.8 HIGH |
| In the Linux kernel, the following vulnerability has been resolved: dma-mapping: benchmark: handle NUMA_NO_NODE correctly cpumask_of_node() can be called for NUMA_NO_NODE inside do_map_benchmark() resulting in the following sanitizer report: UBSAN: array-index-out-of-bounds in ./arch/x86/include/asm/topology.h:72:28 index -1 is out of range for type 'cpumask [64][1]' CPU: 1 PID: 990 Comm: dma_map_benchma Not tainted 6.9.0-rc6 #29 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996) Call Trace: <TASK> dump_stack_lvl (lib/dump_stack.c:117) ubsan_epilogue (lib/ubsan.c:232) __ubsan_handle_out_of_bounds (lib/ubsan.c:429) cpumask_of_node (arch/x86/include/asm/topology.h:72) [inline] do_map_benchmark (kernel/dma/map_benchmark.c:104) map_benchmark_ioctl (kernel/dma/map_benchmark.c:246) full_proxy_unlocked_ioctl (fs/debugfs/file.c:333) __x64_sys_ioctl (fs/ioctl.c:890) do_syscall_64 (arch/x86/entry/common.c:83) entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130) Use cpumask_of_node() in place when binding a kernel thread to a cpuset of a particular node. Note that the provided node id is checked inside map_benchmark_ioctl(). It's just a NUMA_NO_NODE case which is not handled properly later. Found by Linux Verification Center (linuxtesting.org). | |||||
| CVE-2022-26770 | 1 Apple | 2 Mac Os X, Macos | 2025-05-30 | 9.3 HIGH | 7.8 HIGH |
| An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to execute arbitrary code with kernel privileges. | |||||
| CVE-2021-42147 | 1 Contiki-ng | 1 Tinydtls | 2025-05-30 | N/A | 9.1 CRITICAL |
| Buffer over-read vulnerability in the dtls_sha256_update function in Contiki-NG tinyDTLS through master branch 53a0d97 allows remote attackers to cause a denial of service via crafted data packet. | |||||
| CVE-2022-37347 | 2 Microsoft, Trendmicro | 2 Windows, Security | 2025-05-29 | N/A | 5.5 MEDIUM |
| Trend Micro Security 2021 and 2022 (Consumer) is vulnerable to an Out-Of-Bounds Read Information Disclosure Vulnerability that could allow an attacker to read sensitive information from other memory locations and cause a crash on an affected machine. This vulnerability is similar to, but not the same as CVE-2022-35234. | |||||
| CVE-2023-42726 | 2 Google, Unisoc | 12 Android, S8000, Sc9863a and 9 more | 2025-05-29 | N/A | 4.4 MEDIUM |
| In TeleService, there is a possible out of bounds read due to a missing bounds check. This could lead to local denial of service with System execution privileges needed | |||||
| CVE-2023-32863 | 2 Google, Mediatek | 24 Android, Mt6761, Mt6765 and 21 more | 2025-05-29 | N/A | 6.7 MEDIUM |
| In display drm, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07326314; Issue ID: ALPS07326314. | |||||
| CVE-2022-35087 | 1 Swftools | 1 Swftools | 2025-05-28 | N/A | 5.5 MEDIUM |
| SWFTools commit 772e55a2 was discovered to contain a segmentation violation via MovieAddFrame at /src/gif2swf.c. | |||||