Total
8553 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-5318 | 2 Libssh, Redhat | 11 Libssh, Ai Inference Server, Enterprise Linux and 8 more | 2025-12-10 | 5.4 Medium |
| A flaw was found in the libssh library in versions less than 0.11.2. An out-of-bounds read can be triggered in the sftp_handle function due to an incorrect comparison check that permits the function to access memory beyond the valid handle list and to return an invalid pointer, which is used in further processing. This vulnerability allows an authenticated remote attacker to potentially read unintended memory regions, exposing sensitive information or affect service behavior. | ||||
| CVE-2023-53333 | 1 Linux | 1 Linux Kernel | 2025-12-10 | 7.1 High |
| In the Linux kernel, the following vulnerability has been resolved: netfilter: conntrack: dccp: copy entire header to stack buffer, not just basic one Eric Dumazet says: nf_conntrack_dccp_packet() has an unique: dh = skb_header_pointer(skb, dataoff, sizeof(_dh), &_dh); And nothing more is 'pulled' from the packet, depending on the content. dh->dccph_doff, and/or dh->dccph_x ...) So dccp_ack_seq() is happily reading stuff past the _dh buffer. BUG: KASAN: stack-out-of-bounds in nf_conntrack_dccp_packet+0x1134/0x11c0 Read of size 4 at addr ffff000128f66e0c by task syz-executor.2/29371 [..] Fix this by increasing the stack buffer to also include room for the extra sequence numbers and all the known dccp packet type headers, then pull again after the initial validation of the basic header. While at it, mark packets invalid that lack 48bit sequence bit but where RFC says the type MUST use them. Compile tested only. v2: first skb_header_pointer() now needs to adjust the size to only pull the generic header. (Eric) Heads-up: I intend to remove dccp conntrack support later this year. | ||||
| CVE-2022-50366 | 1 Linux | 1 Linux Kernel | 2025-12-10 | 7.1 High |
| In the Linux kernel, the following vulnerability has been resolved: powercap: intel_rapl: fix UBSAN shift-out-of-bounds issue When value < time_unit, the parameter of ilog2() will be zero and the return value is -1. u64(-1) is too large for shift exponent and then will trigger shift-out-of-bounds: shift exponent 18446744073709551615 is too large for 32-bit type 'int' Call Trace: rapl_compute_time_window_core rapl_write_data_raw set_time_window store_constraint_time_window_us | ||||
| CVE-2025-64893 | 3 Adobe, Apple, Microsoft | 3 Dng Software Development Kit, Macos, Windows | 2025-12-10 | 7.1 High |
| DNG SDK versions 1.7.0 and earlier are affected by an Out-of-bounds Read vulnerability that could lead to memory exposure or application denial of service. An attacker could leverage this vulnerability to disclose sensitive information stored in memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2021-4460 | 1 Linux | 1 Linux Kernel | 2025-12-10 | 7.1 High |
| In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Fix UBSAN shift-out-of-bounds warning If get_num_sdma_queues or get_num_xgmi_sdma_queues is 0, we end up doing a shift operation where the number of bits shifted equals number of bits in the operand. This behaviour is undefined. Set num_sdma_queues or num_xgmi_sdma_queues to ULLONG_MAX, if the count is >= number of bits in the operand. Bug: https://gitlab.freedesktop.org/drm/amd/-/issues/1472 | ||||
| CVE-2024-32631 | 1 Asrmicro | 26 Asr1602, Asr1602 Firmware, Asr1603 and 23 more | 2025-12-10 | 7.2 High |
| Out-of-Bounds read in ciCCIOTOPT in ASR180X will cause incorrect computations. | ||||
| CVE-2024-38101 | 1 Microsoft | 20 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 17 more | 2025-12-09 | 6.5 Medium |
| Windows Layer-2 Bridge Network Driver Denial of Service Vulnerability | ||||
| CVE-2024-38073 | 1 Microsoft | 10 Windows Server 2008, Windows Server 2008 R2, Windows Server 2008 Sp2 and 7 more | 2025-12-09 | 7.5 High |
| Windows Remote Desktop Licensing Service Denial of Service Vulnerability | ||||
| CVE-2024-38057 | 1 Microsoft | 23 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 20 more | 2025-12-09 | 7.8 High |
| Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability | ||||
| CVE-2024-38048 | 1 Microsoft | 23 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 20 more | 2025-12-09 | 6.5 Medium |
| Windows Network Driver Interface Specification (NDIS) Denial of Service Vulnerability | ||||
| CVE-2024-38028 | 1 Microsoft | 23 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 20 more | 2025-12-09 | 7.2 High |
| Microsoft Windows Performance Data Helper Library Remote Code Execution Vulnerability | ||||
| CVE-2024-38102 | 1 Microsoft | 20 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 17 more | 2025-12-09 | 6.5 Medium |
| Windows Layer-2 Bridge Network Driver Denial of Service Vulnerability | ||||
| CVE-2024-38062 | 1 Microsoft | 17 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 14 more | 2025-12-09 | 7.8 High |
| Windows Kernel-Mode Driver Elevation of Privilege Vulnerability | ||||
| CVE-2024-38056 | 1 Microsoft | 20 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 17 more | 2025-12-09 | 5.5 Medium |
| Microsoft Windows Codecs Library Information Disclosure Vulnerability | ||||
| CVE-2025-62202 | 1 Microsoft | 13 365, 365 Apps, Excel and 10 more | 2025-12-09 | 7.1 High |
| Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally. | ||||
| CVE-2025-60728 | 1 Microsoft | 8 365, 365 Apps, Office and 5 more | 2025-12-09 | 4.3 Medium |
| Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to disclose information over a network. | ||||
| CVE-2025-60726 | 1 Microsoft | 13 365, 365 Apps, Excel and 10 more | 2025-12-09 | 7.1 High |
| Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally. | ||||
| CVE-2025-60706 | 1 Microsoft | 23 Hyper-v, Windows, Windows 10 and 20 more | 2025-12-09 | 5.5 Medium |
| Out-of-bounds read in Windows Hyper-V allows an authorized attacker to disclose information locally. | ||||
| CVE-2025-59513 | 1 Microsoft | 25 Windows, Windows 10, Windows 10 1607 and 22 more | 2025-12-09 | 5.5 Medium |
| Out-of-bounds read in Windows Bluetooth RFCOM Protocol Driver allows an authorized attacker to disclose information locally. | ||||
| CVE-2025-64656 | 1 Microsoft | 2 Azure App Gateway, Azure Application Gateway | 2025-12-09 | 9.4 Critical |
| Out-of-bounds read in Application Gateway allows an unauthorized attacker to elevate privileges over a network. | ||||