Total
8546 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2012-1571 | 3 Christos Zoulas, Redhat, Tim Robbins | 3 File, Enterprise Linux, Libmagic | 2025-12-04 | 6.5 Medium |
| file before 5.11 and libmagic allow remote attackers to cause a denial of service (crash) via a crafted Composite Document File (CDF) file that triggers (1) an out-of-bounds read or (2) an invalid pointer dereference. | ||||
| CVE-2024-27094 | 1 Openzeppelin | 3 Contracts, Contracts Upgradeable, Openzeppelin Contracts | 2025-12-04 | 6.5 Medium |
| OpenZeppelin Contracts is a library for secure smart contract development. The `Base64.encode` function encodes a `bytes` input by iterating over it in chunks of 3 bytes. When this input is not a multiple of 3, the last iteration may read parts of the memory that are beyond the input buffer. The vulnerability is fixed in 5.0.2 and 4.9.6. | ||||
| CVE-2023-53238 | 1 Linux | 1 Linux Kernel | 2025-12-04 | 7.1 High |
| In the Linux kernel, the following vulnerability has been resolved: phy: hisilicon: Fix an out of bounds check in hisi_inno_phy_probe() The size of array 'priv->ports[]' is INNO_PHY_PORT_NUM. In the for loop, 'i' is used as the index for array 'priv->ports[]' with a check (i > INNO_PHY_PORT_NUM) which indicates that INNO_PHY_PORT_NUM is allowed value for 'i' in the same loop. This > comparison needs to be changed to >=, otherwise it potentially leads to an out of bounds write on the next iteration through the loop | ||||
| CVE-2025-66409 | 1 Espressif | 1 Esp-idf | 2025-12-04 | N/A |
| ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In 5.5.1, 5.4.3, 5.3.4, 5.2.6, 5.1.6, and earlier, when AVRCP is enabled on ESP32, receiving a malformed VENDOR DEPENDENT command from a peer device can cause the Bluetooth stack to access memory before validating the command buffer length. This may lead to an out-of-bounds read, potentially exposing unintended memory content or causing unexpected behavior. | ||||
| CVE-2025-40246 | 1 Linux | 1 Linux Kernel | 2025-12-04 | 7.1 High |
| In the Linux kernel, the following vulnerability has been resolved: xfs: fix out of bounds memory read error in symlink repair xfs/286 produced this report on my test fleet: ================================================================== BUG: KFENCE: out-of-bounds read in memcpy_orig+0x54/0x110 Out-of-bounds read at 0xffff88843fe9e038 (184B right of kfence-#184): memcpy_orig+0x54/0x110 xrep_symlink_salvage_inline+0xb3/0xf0 [xfs] xrep_symlink_salvage+0x100/0x110 [xfs] xrep_symlink+0x2e/0x80 [xfs] xrep_attempt+0x61/0x1f0 [xfs] xfs_scrub_metadata+0x34f/0x5c0 [xfs] xfs_ioc_scrubv_metadata+0x387/0x560 [xfs] xfs_file_ioctl+0xe23/0x10e0 [xfs] __x64_sys_ioctl+0x76/0xc0 do_syscall_64+0x4e/0x1e0 entry_SYSCALL_64_after_hwframe+0x4b/0x53 kfence-#184: 0xffff88843fe9df80-0xffff88843fe9dfea, size=107, cache=kmalloc-128 allocated by task 3470 on cpu 1 at 263329.131592s (192823.508886s ago): xfs_init_local_fork+0x79/0xe0 [xfs] xfs_iformat_local+0xa4/0x170 [xfs] xfs_iformat_data_fork+0x148/0x180 [xfs] xfs_inode_from_disk+0x2cd/0x480 [xfs] xfs_iget+0x450/0xd60 [xfs] xfs_bulkstat_one_int+0x6b/0x510 [xfs] xfs_bulkstat_iwalk+0x1e/0x30 [xfs] xfs_iwalk_ag_recs+0xdf/0x150 [xfs] xfs_iwalk_run_callbacks+0xb9/0x190 [xfs] xfs_iwalk_ag+0x1dc/0x2f0 [xfs] xfs_iwalk_args.constprop.0+0x6a/0x120 [xfs] xfs_iwalk+0xa4/0xd0 [xfs] xfs_bulkstat+0xfa/0x170 [xfs] xfs_ioc_fsbulkstat.isra.0+0x13a/0x230 [xfs] xfs_file_ioctl+0xbf2/0x10e0 [xfs] __x64_sys_ioctl+0x76/0xc0 do_syscall_64+0x4e/0x1e0 entry_SYSCALL_64_after_hwframe+0x4b/0x53 CPU: 1 UID: 0 PID: 1300113 Comm: xfs_scrub Not tainted 6.18.0-rc4-djwx #rc4 PREEMPT(lazy) 3d744dd94e92690f00a04398d2bd8631dcef1954 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.0-4.module+el8.8.0+21164+ed375313 04/01/2014 ================================================================== On further analysis, I realized that the second parameter to min() is not correct. xfs_ifork::if_bytes is the size of the xfs_ifork::if_data buffer. if_bytes can be smaller than the data fork size because: (a) the forkoff code tries to keep the data area as large as possible (b) for symbolic links, if_bytes is the ondisk file size + 1 (c) forkoff is always a multiple of 8. Case in point: for a single-byte symlink target, forkoff will be 8 but the buffer will only be 2 bytes long. In other words, the logic here is wrong and we walk off the end of the incore buffer. Fix that. | ||||
| CVE-2025-20768 | 2 Google, Mediatek | 26 Android, Mt6739, Mt6761 and 23 more | 2025-12-04 | 7.8 High |
| In display, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10196993; Issue ID: MSV-4805. | ||||
| CVE-2017-13035 | 2 Redhat, Tcpdump | 2 Enterprise Linux, Tcpdump | 2025-12-04 | 9.8 Critical |
| The ISO IS-IS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c:isis_print_id(). | ||||
| CVE-2017-13034 | 2 Redhat, Tcpdump | 2 Enterprise Linux, Tcpdump | 2025-12-04 | 9.8 Critical |
| The PGM parser in tcpdump before 4.9.2 has a buffer over-read in print-pgm.c:pgm_print(). | ||||
| CVE-2017-13031 | 2 Redhat, Tcpdump | 2 Enterprise Linux, Tcpdump | 2025-12-04 | 9.8 Critical |
| The IPv6 fragmentation header parser in tcpdump before 4.9.2 has a buffer over-read in print-frag6.c:frag6_print(). | ||||
| CVE-2017-13028 | 3 Debian, Redhat, Tcpdump | 3 Debian Linux, Enterprise Linux, Tcpdump | 2025-12-04 | 9.8 Critical |
| The BOOTP parser in tcpdump before 4.9.2 has a buffer over-read in print-bootp.c:bootp_print(). | ||||
| CVE-2017-13025 | 2 Redhat, Tcpdump | 2 Enterprise Linux, Tcpdump | 2025-12-04 | 9.8 Critical |
| The IPv6 mobility parser in tcpdump before 4.9.2 has a buffer over-read in print-mobility.c:mobility_opt_print(). | ||||
| CVE-2017-13024 | 3 Debian, Redhat, Tcpdump | 3 Debian Linux, Enterprise Linux, Tcpdump | 2025-12-04 | 9.8 Critical |
| The IPv6 mobility parser in tcpdump before 4.9.2 has a buffer over-read in print-mobility.c:mobility_opt_print(). | ||||
| CVE-2017-13022 | 2 Redhat, Tcpdump | 2 Enterprise Linux, Tcpdump | 2025-12-04 | 9.8 Critical |
| The IP parser in tcpdump before 4.9.2 has a buffer over-read in print-ip.c:ip_printroute(). | ||||
| CVE-2017-13021 | 2 Redhat, Tcpdump | 2 Enterprise Linux, Tcpdump | 2025-12-04 | 9.8 Critical |
| The ICMPv6 parser in tcpdump before 4.9.2 has a buffer over-read in print-icmp6.c:icmp6_print(). | ||||
| CVE-2017-13020 | 3 Debian, Redhat, Tcpdump | 3 Debian Linux, Enterprise Linux, Tcpdump | 2025-12-04 | 9.8 Critical |
| The VTP parser in tcpdump before 4.9.2 has a buffer over-read in print-vtp.c:vtp_print(). | ||||
| CVE-2017-13019 | 2 Redhat, Tcpdump | 2 Enterprise Linux, Tcpdump | 2025-12-04 | 9.8 Critical |
| The PGM parser in tcpdump before 4.9.2 has a buffer over-read in print-pgm.c:pgm_print(). | ||||
| CVE-2017-13017 | 2 Redhat, Tcpdump | 2 Enterprise Linux, Tcpdump | 2025-12-04 | 9.8 Critical |
| The DHCPv6 parser in tcpdump before 4.9.2 has a buffer over-read in print-dhcp6.c:dhcp6opt_print(). | ||||
| CVE-2017-13016 | 2 Redhat, Tcpdump | 2 Enterprise Linux, Tcpdump | 2025-12-04 | 9.8 Critical |
| The ISO ES-IS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c:esis_print(). | ||||
| CVE-2017-13015 | 2 Redhat, Tcpdump | 2 Enterprise Linux, Tcpdump | 2025-12-04 | 9.8 Critical |
| The EAP parser in tcpdump before 4.9.2 has a buffer over-read in print-eap.c:eap_print(). | ||||
| CVE-2017-13014 | 2 Redhat, Tcpdump | 2 Enterprise Linux, Tcpdump | 2025-12-04 | 9.8 Critical |
| The White Board protocol parser in tcpdump before 4.9.2 has a buffer over-read in print-wb.c:wb_prep(), several functions. | ||||