Total
7825 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-2073 | 2025-04-17 | 9.1 Critical | ||
| Out-of-Bounds Read in ip_set_bitmap_ip.c in Google ChromeOS Kernel Versions 6.1, 5.15, 5.10, 5.4, 4.19. on All devices where Termina is used allows an attacker with CAP_NET_ADMIN privileges to cause memory corruption and potentially escalate privileges via crafted ipset commands. | ||||
| CVE-2025-3015 | 1 Assimp | 1 Assimp | 2025-04-17 | 6.3 Medium |
| A vulnerability classified as critical has been found in Open Asset Import Library Assimp 5.4.3. This affects the function Assimp::ASEImporter::BuildUniqueRepresentation of the file code/AssetLib/ASE/ASELoader.cpp of the component ASE File Handler. The manipulation of the argument mIndices leads to out-of-bounds read. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 6.0 is able to address this issue. The patch is named 7c705fde418d68cca4e8eff56be01b2617b0d6fe. It is recommended to apply a patch to fix this issue. | ||||
| CVE-2024-11614 | 1 Redhat | 6 Enterprise Linux, Openshift, Rhel Aus and 3 more | 2025-04-17 | N/A |
| An out-of-bounds read vulnerability was found in DPDK's Vhost library checksum offload feature. This issue enables an untrusted or compromised guest to crash the hypervisor's vSwitch by forging Virtio descriptors to cause out-of-bounds reads. This flaw allows an attacker with a malicious VM using a virtio driver to cause the vhost-user side to crash by sending a packet with a Tx checksum offload request and an invalid csum_start offset. | ||||
| CVE-2024-26982 | 2 Linux, Redhat | 6 Linux Kernel, Enterprise Linux, Rhel Aus and 3 more | 2025-04-16 | 7.1 High |
| In the Linux kernel, the following vulnerability has been resolved: Squashfs: check the inode number is not the invalid value of zero Syskiller has produced an out of bounds access in fill_meta_index(). That out of bounds access is ultimately caused because the inode has an inode number with the invalid value of zero, which was not checked. The reason this causes the out of bounds access is due to following sequence of events: 1. Fill_meta_index() is called to allocate (via empty_meta_index()) and fill a metadata index. It however suffers a data read error and aborts, invalidating the newly returned empty metadata index. It does this by setting the inode number of the index to zero, which means unused (zero is not a valid inode number). 2. When fill_meta_index() is subsequently called again on another read operation, locate_meta_index() returns the previous index because it matches the inode number of 0. Because this index has been returned it is expected to have been filled, and because it hasn't been, an out of bounds access is performed. This patch adds a sanity check which checks that the inode number is not zero when the inode is created and returns -EINVAL if it is. [phillip@squashfs.org.uk: whitespace fix] | ||||
| CVE-2022-46320 | 1 Huawei | 2 Emui, Harmonyos | 2025-04-16 | 9.8 Critical |
| The kernel module has an out-of-bounds read vulnerability. Successful exploitation of this vulnerability may cause memory overwriting. | ||||
| CVE-2022-46317 | 1 Huawei | 2 Emui, Harmonyos | 2025-04-16 | 7.5 High |
| The power consumption module has an out-of-bounds read vulnerability. Successful exploitation of this vulnerability may affect system availability. | ||||
| CVE-2024-25392 | 1 Rt-thread | 1 Rt-thread | 2025-04-16 | 5.9 Medium |
| An out-of-bounds access occurs in utilities/var_export/var_export.c in RT-Thread through 5.0.2. | ||||
| CVE-2024-34246 | 1 Wasm3 Project | 1 Wasm3 | 2025-04-16 | 7.5 High |
| wasm3 v0.5.0 was discovered to contain an out-of-bound memory read which leads to segmentation fault via the function "main" in wasm3/platforms/app/main.c. | ||||
| CVE-2022-21209 | 1 Fatek | 1 Fvdesigner | 2025-04-16 | 7.8 High |
| The affected product is vulnerable to an out-of-bounds read while processing project files, which allows an attacker to craft a project file that would allow arbitrary code execution. | ||||
| CVE-2022-24383 | 1 Fujielectric | 2 Alpha5 Smart Loader, Alpha5 Smart Loader Firmware | 2025-04-16 | 7.8 High |
| The affected product is vulnerable to an out-of-bounds read, which may result in code execution | ||||
| CVE-2022-1402 | 1 Deltaww | 1 Asda Soft | 2025-04-16 | 7.8 High |
| ASDA-Soft: Version 5.4.1.0 and prior does not properly sanitize input while processing a specific project file, allowing a possible out-of-bounds read condition. | ||||
| CVE-2022-29488 | 1 Hornerautomation | 1 Cscape | 2025-04-16 | 7.8 High |
| The affected product is vulnerable to an out-of-bounds read via uninitialized pointer, which may allow an attacker to execute arbitrary code. | ||||
| CVE-2022-1738 | 1 Fujielectric | 1 D300win | 2025-04-16 | 8.7 High |
| Fuji Electric D300win prior to version 3.7.1.17 is vulnerable to an out-of-bounds read, which could allow an attacker to leak sensitive data from the process memory. | ||||
| CVE-2021-44768 | 1 Deltaww | 1 Cncsoft Screeneditor | 2025-04-16 | 6.1 Medium |
| Delta Electronics CNCSoft (Version 1.01.30) and prior) is vulnerable to an out-of-bounds read while processing a specific project file, which may allow an attacker to disclose information. | ||||
| CVE-2022-21202 | 1 Fujielectric | 2 Alpha5 Smart Loader, Alpha5 Smart Loader Firmware | 2025-04-16 | 3.3 Low |
| The affected product is vulnerable to an out-of-bounds read, which may result in disclosure of sensitive information. | ||||
| CVE-2021-27482 | 1 Opener Project | 1 Opener | 2025-04-16 | 7.5 High |
| A specifically crafted packet sent by an attacker to EIPStackGroup OpENer EtherNet/IP commits and versions prior to Feb 10, 2021 may allow the attacker to read arbitrary data. | ||||
| CVE-2021-42700 | 1 Inkscape | 1 Inkscape | 2025-04-16 | 3.3 Low |
| Inkscape 0.91 is vulnerable to an out-of-bounds read, which may allow an attacker to have access to unauthorized information. | ||||
| CVE-2022-22742 | 2 Mozilla, Redhat | 6 Firefox, Firefox Esr, Thunderbird and 3 more | 2025-04-16 | 6.5 Medium |
| When inserting text while in edit mode, some characters might have lead to out-of-bounds memory access causing a potentially exploitable crash. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5. | ||||
| CVE-2022-1069 | 1 Softing | 6 Edgeaggregator, Edgeconnector, Opc and 3 more | 2025-04-16 | 7.5 High |
| A crafted HTTP packet with a large content-length header can create a denial-of-service condition in Softing Secure Integration Server V1.22. | ||||
| CVE-2022-1404 | 1 Deltaww | 1 Cncsoft | 2025-04-16 | 3.3 Low |
| Delta Electronics CNCSoft (All versions prior to 1.01.32) does not properly sanitize input while processing a specific project file, allowing a possible out-of-bounds read condition. | ||||