Total
379 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-55092 | 2025-10-21 | N/A | N/A | ||
| In Eclipse Foundation NetX Duo before 6.4.4, the networking support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in _nx_ipv4_option_process() when processing an IPv4 packet with the timestamp option. | |||||
| CVE-2025-55093 | 2025-10-21 | N/A | N/A | ||
| In NetX Duo before 6.4.4, the networking support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in _nx_ipv4_packet_receive() when handling unicast DHCP messages that could cause corruption of 4 bytes of memory. | |||||
| CVE-2025-55091 | 1 Eclipse | 1 Threadx Netx Duo | 2025-10-21 | N/A | 6.5 MEDIUM |
| In NetX Duo before 6.4.4, the networking support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in _nx_ip_packet_receive() function when received an Ethernet with type set as IP but no IP data. | |||||
| CVE-2025-55090 | 1 Eclipse | 1 Threadx Netx Duo | 2025-10-21 | N/A | 6.5 MEDIUM |
| In NetX Duo before 6.4.4, the networking support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in _nx_ipv4_packet_receive() function when received an Ethernet frame with less than 4 bytes of IP packet. | |||||
| CVE-2025-55084 | 1 Eclipse | 1 Threadx Netx Duo | 2025-10-21 | N/A | 5.3 MEDIUM |
| In NetX Duo version before 6.4.4, the component of Eclipse Foundation ThreadX, there was an incorrect bound check in_nx_secure_tls_proc_clienthello_supported_versions_extension() in the extension version field. | |||||
| CVE-2025-55083 | 1 Eclipse | 1 Threadx Netx Duo | 2025-10-21 | N/A | 5.3 MEDIUM |
| In NetX Duo version before 6.4.4, the component of Eclipse Foundation ThreadX, there was an incorrect bound check resulting it out by two out of bound read. | |||||
| CVE-2025-59933 | 1 Libvips | 1 Libvips | 2025-10-18 | N/A | 7.8 HIGH |
| libvips is a demand-driven, horizontally threaded image processing library. For versions 8.17.1 and below, when libvips is compiled with support for PDF input via poppler, the pdfload operation is affected by a buffer read overflow when parsing the header of a crafted PDF with a page that defines a width but not a height. Those using libvips compiled without support for PDF input are unaffected as well as thosewith support for PDF input via PDFium. This issue is fixed in version 8.17.2. A workaround for those affected is to block the VipsForeignLoadPdf operation via vips_operation_block_set, which is available in most language bindings, or to set VIPS_BLOCK_UNTRUSTED environment variable at runtime, which will block all untrusted loaders including PDF input via poppler. | |||||
| CVE-2025-59192 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2025-10-17 | N/A | 7.8 HIGH |
| Buffer over-read in Storport.sys Driver allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-55081 | 2025-10-16 | N/A | N/A | ||
| In Eclipse Foundation NextX Duo before 6.4.4, a module of ThreadX, the _nx_secure_tls_process_clienthello() function was missing length verification of certain SSL/TLS client hello message: the ciphersuite length and compression method length. In case of an attacker-crafted message with values outside of the expected range, it could cause an out-of-bound read. | |||||
| CVE-2025-11616 | 2025-10-14 | N/A | 5.4 MEDIUM | ||
| A missing validation check in FreeRTOS-Plus-TCP's ICMPv6 packet processing code can lead to an out-of-bounds read when receiving ICMPv6 packets of certain message types which are smaller than the expected size. These issues only affect applications using IPv6. Users should upgrade to the latest version and ensure any forked or derivative code is patched to incorporate the new fixes. | |||||
| CVE-2025-11617 | 2025-10-14 | N/A | 5.4 MEDIUM | ||
| A missing validation check in FreeRTOS-Plus-TCP's IPv6 packet processing code can lead to an out-of-bounds read when receiving a IPv6 packet with incorrect payload lengths in the packet header. This issue only affects applications using IPv6. We recommend users upgrade to the latest version and ensure any forked or derivative code is patched to incorporate the new fixes. | |||||
| CVE-2025-55325 | 2025-10-14 | N/A | 5.5 MEDIUM | ||
| Buffer over-read in Windows Storage Management Provider allows an authorized attacker to disclose information locally. | |||||
| CVE-2025-27041 | 2025-10-09 | N/A | 5.5 MEDIUM | ||
| Transient DOS while processing video packets received from video firmware. | |||||
| CVE-2025-27049 | 2025-10-09 | N/A | 5.5 MEDIUM | ||
| Transient DOS while processing IOCTL call for image encoding. | |||||
| CVE-2025-27045 | 2025-10-09 | N/A | 6.1 MEDIUM | ||
| Information disclosure while processing batch command execution in Video driver. | |||||
| CVE-2024-42333 | 1 Zabbix | 1 Zabbix | 2025-10-08 | N/A | 2.7 LOW |
| The researcher is showing that it is possible to leak a small amount of Zabbix Server memory using an out of bounds read in src/libs/zbxmedia/email.c | |||||
| CVE-2024-45552 | 1 Qualcomm | 292 Apq8064au, Apq8064au Firmware, Fastconnect 6200 and 289 more | 2025-10-06 | N/A | 8.2 HIGH |
| Information disclosure may occur during a video call if a device resets due to a non-conforming RTCP packet that doesn`t adhere to RFC standards. | |||||
| CVE-2025-21448 | 1 Qualcomm | 538 315 5g Iot Modem, 315 5g Iot Modem Firmware, Aqt1000 and 535 more | 2025-10-06 | N/A | 7.5 HIGH |
| Transient DOS may occur while parsing SSID in action frames. | |||||
| CVE-2025-21435 | 1 Qualcomm | 298 Ar8035, Ar8035 Firmware, Csr8811 and 295 more | 2025-10-06 | N/A | 7.5 HIGH |
| Transient DOS may occur while parsing extended IE in beacon. | |||||
| CVE-2025-21434 | 1 Qualcomm | 244 Ar8035, Ar8035 Firmware, Fastconnect 6700 and 241 more | 2025-10-06 | N/A | 7.5 HIGH |
| Transient DOS may occur while parsing EHT operation IE or EHT capability IE. | |||||