ReportizFlow
Filtered by vendor
Subscriptions
Total
14188 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-21972 | 2026-04-15 | 5.3 Medium | ||
| An out of bounds write vulnerability in the AMD Radeon™ user mode driver for DirectX® 11 could allow an attacker with access to a malformed shader to potentially achieve arbitrary code execution. | ||||
| CVE-2023-22351 | 1 Ieisystem | 1 Uefi Firmware | 2026-04-15 | 6.1 Medium |
| Out-of-bounds write in UEFI firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. | ||||
| CVE-2023-51454 | 2026-04-15 | 6.8 Medium | ||
| A Out-of-bounds Write issue affecting the v2_sdk_service running on a set of DJI drone devices on the port 10000 could allow an attacker to overwrite a pointer in the process memory through a crafted payload triggering an unsafe memory write operation in the my_tcp_receive function implemented in the libv2_sdk.so library used by the dji_vtwo_sdk binary implementing the service, potentially leading to a memory information leak or to an arbitrary code execution. Affected models are Mavic 3 Pro until v01.01.0300, Mavic 3 until v01.00.1200, Mavic 3 Classic until v01.00.0500, Mavic 3 Enterprise until v07.01.10.03, Matrice 300 until v57.00.01.00, Matrice M30 until v07.01.0022 and Mini 3 Pro until v01.00.0620. | ||||
| CVE-2025-59729 | 1 Ffmpeg | 1 Ffmpeg | 2026-04-15 | 6.8 Medium |
| When parsing the header for a DHAV file, there's an integer underflow in offset calculation that leads to reading the duration from before the start of the allocated buffer. If we load a DHAV file that is larger than MAX_DURATION_BUFFER_SIZE bytes (0x100000) for example 0x101000 bytes, then at [0] we have size = 0x101000. At [1] we have end_buffer_size = 0x100000, and at [2] we have end_buffer_pos = 0x1000. The loop then scans backwards through the buffer looking for the dhav tag; when it is found, we'll calculate end_pos based on a 32-bit offset read from the buffer. There is subsequently a check [3] that end_pos is within the section of the file that has been copied into end_buffer, but it only correctly handles the cases where end_pos is before the start of the file or after the section copied into end_buffer, and not the case where end_pos is within the the file, but before the section copied into end_buffer. If we provide such an offset, (end_pos - end_buffer_pos) can underflow, resulting in the subsequent access at [4] occurring before the beginning of the allocation. We recommend upgrading to version 8.0 or beyond. | ||||
| CVE-2025-59732 | 1 Ffmpeg | 1 Ffmpeg | 2026-04-15 | 6.5 Medium |
| When decoding an OpenEXR file that uses DWAA or DWAB compression, there's an implicit assumption that the height and width are divisible by 8. If the height or width of the image is not divisible by 8, the copy loops at [0] and [1] will continue to write until the next multiple of 8. The buffer td->uncompressed_data is allocated in decode_block based on the precise height and width of the image, so the "rounded-up" multiple of 8 in the copy loop can exceed the buffer bounds, and the write block starting at [2] can corrupt following heap memory. We recommend upgrading to version 8.0 or beyond. | ||||
| CVE-2025-59733 | 1 Ffmpeg | 1 Ffmpeg | 2026-04-15 | 6.5 Medium |
| When decoding an OpenEXR file that uses DWAA or DWAB compression, there's an implicit assumption that all image channels have the same pixel type (and size), and that if there are four channels, the first four are "B", "G", "R" and "A". The channel parsing code can be found in decode_header. The buffer td->uncompressed_data is allocated in decode_block based on the xsize, ysize and computed current_channel_offset. The function dwa_uncompress then assumes at [5] that if there are 4 channels, these are "B", "G", "R" and "A", and in the calculations at [6] and [7] that all channels are of the same type, which matches the type of the main color channels. If we set the main color channels to a 4-byte type and add duplicate or unknown channels of the 2-byte EXR_HALF type, then the addition at [7] will increment the pointer by 4-bytes * xsize * nb_channels, which will exceed the allocated buffer. We recommend upgrading to version 8.0 or beyond. | ||||
| CVE-2024-7137 | 2026-04-15 | 6.5 Medium | ||
| The L2CAP receive data buffer for L2CAP packets is restricted to packet sizes smaller than the maximum supported packet size. Receiving a packet that exceeds the restricted buffer length may cause a crash. A hard reset is required to recover the crashed device. | ||||
| CVE-2024-11345 | 2026-04-15 | 7.3 High | ||
| A heap-based memory vulnerability has been identified in the Postscript interpreter in various Lexmark devices. The vulnerability can be leveraged by an attacker to execute arbitrary code. | ||||
| CVE-2024-0150 | 2026-04-15 | 7.1 High | ||
| NVIDIA GPU display driver for Windows and Linux contains a vulnerability where data is written past the end or before the beginning of a buffer. A successful exploit of this vulnerability might lead to information disclosure, denial of service, or data tampering. | ||||
| CVE-2025-41649 | 2026-04-15 | 7.5 High | ||
| An unauthenticated remote attacker can exploit insufficient input validation to write data beyond the bounds of a buffer, potentially leading to a denial-of-service condition for the devices. | ||||
| CVE-2025-53524 | 1 Fujielectric | 1 Monitouch V-sft | 2026-04-15 | 7.8 High |
| Fuji Electric Monitouch V-SFT-6 is vulnerable to an out-of-bounds write while processing a specially crafted project file, which may allow an attacker to execute arbitrary code. | ||||
| CVE-2025-25050 | 2026-04-15 | 8.8 High | ||
| An out-of-bounds write vulnerability exists in the cv_upgrade_sensor_firmware functionality of Dell ControlVault3 prior to 5.15.10.14 and Dell ControlVault 3 Plus prior to 6.2.26.36. A specially crafted ControlVault API call can lead to an out-of-bounds write. An attacker can issue an API call to trigger this vulnerability. | ||||
| CVE-2025-65001 | 1 Fujitsu | 1 Fbiosdrv | 2026-04-15 | 8.2 High |
| Fujitsu fbiosdrv.sys before 2.5.0.0 allows an attacker to potentially affect system confidentiality, integrity, and availability. | ||||
| CVE-2025-59728 | 1 Ffmpeg | 1 Ffmpeg | 2026-04-15 | 6.5 Medium |
| When calculating the content path in handling of MPEG-DASH manifests, there's an out-of-bounds NUL-byte write one byte past the end of the buffer.When we call xmlNodeGetContent below [0], it returns a buffer precisely allocated to match the string length, using strdup internally. If this buffer is not an empty string, it is assigned to root_url at [1].If the last (non-NUL) byte in this buffer is not '/' then we append '/' in-place at [2]. This will write two bytes into the buffer, starting at the last valid byte in the buffer, writing the NUL byte beyond the end of the allocated buffer. We recommend upgrading to version 8.0 or beyond. | ||||
| CVE-2025-59730 | 1 Ffmpeg | 1 Ffmpeg | 2026-04-15 | 6.5 Medium |
| When decoding a frame for a SANM file (ANIM v0 variant), the decoded data can be larger than the buffer allocated for it. Frames encoded with codec 48 can specify their resolution (width x height). A buffer of appropriate size is allocated depending on the resolution. This codec can encode the frame contents using a run-length encoding algorithm. There are no checks that the decoded frame fits in the allocated buffer, leading to a heap-buffer-overflow. process_frame_obj initializes the buffers based on the frame resolution: We recommend upgrading to version 8.0 or beyond. | ||||
| CVE-2025-64129 | 1 Zenitel | 1 Tciv-3+ | 2026-04-15 | 7.6 High |
| Zenitel TCIV-3+ is vulnerable to an out-of-bounds write vulnerability, which could allow a remote attacker to crash the device. | ||||
| CVE-2024-33008 | 2026-04-15 | 4.9 Medium | ||
| SAP Replication Server allows an attacker to use gateway for executing some commands to RSSD. This could result in crashing the Replication Server due to memory corruption with high impact on Availability of the system. | ||||
| CVE-2025-4640 | 2026-04-15 | N/A | ||
| Out-of-bounds Write vulnerability in PointCloudLibrary pcl allows Overflow Buffers. Since version 1.14.0, PCL by default uses a zlib installation from the system, unless the user sets WITH_SYSTEM_ZLIB=FALSE. So this potential vulnerability is only relevant if the PCL version is older than 1.14.0 or the user specifically requests to not use the system zlib. | ||||
| CVE-2025-42971 | 2026-04-15 | 4 Medium | ||
| A memory corruption vulnerability exists in SAPCAR allowing an attacker to craft malicious SAPCAR archives. When a high privileged victim extracts this malicious archive, it gets processed by SAPCAR on their system, resulting in out-of-bounds memory read and write. This could lead to file extraction and file overwrite outside the intended directories. This vulnerability has low impact on the confidentiality, integrity and availability of the application. | ||||
| CVE-2025-4421 | 1 Insyde | 1 Insydeh2o | 2026-04-15 | 8.2 High |
| The vulnerability was identified in the code developed specifically for Lenovo. Please visit "Lenovo Product Security Advisories and Announcements" webpage for more information about the vulnerability. https://support.lenovo.com/us/en/product_security/home | ||||