Total
8618 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-37380 | 2 Foxit, Microsoft | 3 Pdf Editor, Pdf Reader, Windows | 2025-02-14 | 5.5 Medium |
| This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader 11.2.1.53537. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of ADBC objects. By performing actions in JavaScript, an attacker can trigger a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-17169. | ||||
| CVE-2022-37376 | 2 Foxit, Microsoft | 3 Pdf Editor, Pdf Reader, Windows | 2025-02-14 | 3.3 Low |
| This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Editor 11.1.1.53537. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of arrays. By performing actions in JavaScript, an attacker can trigger a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-16599. | ||||
| CVE-2022-43610 | 1 Corel | 1 Coreldraw | 2025-02-14 | 5.5 Medium |
| This vulnerability allows remote attackers to disclose sensitive information on affected installations of Corel CorelDRAW Graphics Suite 23.5.0.506. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of GIF images. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-16350. | ||||
| CVE-2022-43612 | 1 Corel | 1 Coreldraw | 2025-02-14 | 5.5 Medium |
| This vulnerability allows remote attackers to disclose sensitive information on affected installations of Corel CorelDRAW Graphics Suite 23.5.0.506. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JP2 images. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-16355. | ||||
| CVE-2022-43611 | 1 Corel | 1 Coreldraw | 2025-02-14 | 5.5 Medium |
| This vulnerability allows remote attackers to disclose sensitive information on affected installations of Corel CorelDRAW Graphics Suite 23.5.0.506. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of BMP images. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-16351. | ||||
| CVE-2022-43615 | 1 Corel | 1 Coreldraw | 2025-02-14 | 5.5 Medium |
| This vulnerability allows remote attackers to disclose sensitive information on affected installations of Corel CorelDRAW Graphics Suite 23.5.0.506. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-16370. | ||||
| CVE-2022-43616 | 1 Corel | 1 Coreldraw | 2025-02-14 | 7.8 High |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Corel CorelDRAW Graphics Suite 23.5.0.506. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of EMF images. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-16371. | ||||
| CVE-2025-23406 | 2025-02-14 | N/A | ||
| Out-of-bounds read vulnerability caused by improper checking of TCP MSS option values exists in Cente middleware TCP/IP Network Series, which may lead to processing a specially crafted packet to cause the affected product crashed. | ||||
| CVE-2023-20675 | 4 Google, Linux, Mediatek and 1 more | 38 Android, Linux Kernel, Mt5221 and 35 more | 2025-02-13 | 4.4 Medium |
| In wlan, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07588569; Issue ID: ALPS07588569. | ||||
| CVE-2024-27319 | 2 Fedoraproject, Linuxfoundation | 2 Fedora, Onnx | 2025-02-13 | 4.4 Medium |
| Versions of the package onnx before and including 1.15.0 are vulnerable to Out-of-bounds Read as the ONNX_ASSERT and ONNX_ASSERTM functions have an off by one string copy. | ||||
| CVE-2023-6879 | 2 Aomedia, Fedoraproject | 2 Aomedia, Fedora | 2025-02-13 | 9 Critical |
| Increasing the resolution of video frames, while performing a multi-threaded encode, can result in a heap overflow in av1_loop_restoration_dealloc(). | ||||
| CVE-2023-46724 | 2 Redhat, Squid-cache | 6 Enterprise Linux, Rhel Aus, Rhel E4s and 3 more | 2025-02-13 | 8.6 High |
| Squid is a caching proxy for the Web. Due to an Improper Validation of Specified Index bug, Squid versions 3.3.0.1 through 5.9 and 6.0 prior to 6.4 compiled using `--with-openssl` are vulnerable to a Denial of Service attack against SSL Certificate validation. This problem allows a remote server to perform Denial of Service against Squid Proxy by initiating a TLS Handshake with a specially crafted SSL Certificate in a server certificate chain. This attack is limited to HTTPS and SSL-Bump. This bug is fixed in Squid version 6.4. In addition, patches addressing this problem for the stable releases can be found in Squid's patch archives. Those who you use a prepackaged version of Squid should refer to the package vendor for availability information on updated packages. | ||||
| CVE-2024-6874 | 2 Curl, Haxx | 2 Libcurl, Libcurl | 2025-02-13 | 3.1 Low |
| libcurl's URL API function [curl_url_get()](https://curl.se/libcurl/c/curl_url_get.html) offers punycode conversions, to and from IDN. Asking to convert a name that is exactly 256 bytes, libcurl ends up reading outside of a stack based buffer when built to use the *macidn* IDN backend. The conversion function then fills up the provided buffer exactly - but does not null terminate the string. This flaw can lead to stack contents accidently getting returned as part of the converted string. | ||||
| CVE-2024-6102 | 1 Google | 1 Chrome | 2025-02-13 | 8.8 High |
| Out of bounds memory access in Dawn in Google Chrome prior to 126.0.6478.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2024-5629 | 3 Debian, Mongodb, Redhat | 4 Debian Linux, Pymongo, Python Driver and 1 more | 2025-02-13 | 4.7 Medium |
| An out-of-bounds read in the 'bson' module of PyMongo 4.6.2 or earlier allows deserialization of malformed BSON provided by a Server to raise an exception which may contain arbitrary application memory. | ||||
| CVE-2024-5497 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2025-02-13 | 8.8 High |
| Out of bounds memory access in Browser UI in Google Chrome prior to 125.0.6422.141 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2024-5159 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2025-02-13 | 8.8 High |
| Heap buffer overflow in ANGLE in Google Chrome prior to 125.0.6422.76 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2024-3839 | 1 Google | 1 Chrome | 2025-02-13 | 6.5 Medium |
| Out of bounds read in Fonts in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2024-32662 | 3 Fedoraproject, Freerdp, Redhat | 3 Fedora, Freerdp, Enterprise Linux | 2025-02-13 | 7.5 High |
| FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients prior to version 3.5.1 are vulnerable to out-of-bounds read. This occurs when `WCHAR` string is read with twice the size it has and converted to `UTF-8`, `base64` decoded. The string is only used to compare against the redirection server certificate. Version 3.5.1 contains a patch for the issue. No known workarounds are available. | ||||
| CVE-2024-32041 | 3 Fedoraproject, Freerdp, Redhat | 3 Fedora, Freerdp, Enterprise Linux | 2025-02-13 | 9.8 Critical |
| FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients that use a version of FreeRDP prior to 3.5.0 or 2.11.6 are vulnerable to out-of-bounds read. Versions 3.5.0 and 2.11.6 patch the issue. As a workaround, deactivate `/gfx` (on by default, set `/bpp` or `/rfx` options instead. | ||||