ReportizFlow
Filtered by vendor
Subscriptions
Total
9151 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-44338 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2025-12-16 | 7.8 High |
| Adobe Acrobat Reader versions 23.006.20360 (and earlier) and 20.005.30524 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2023-44337 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2025-12-16 | 7.8 High |
| Adobe Acrobat Reader versions 23.006.20360 (and earlier) and 20.005.30524 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2025-38342 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2025-12-16 | 7.1 High |
| In the Linux kernel, the following vulnerability has been resolved: software node: Correct a OOB check in software_node_get_reference_args() software_node_get_reference_args() wants to get @index-th element, so the property value requires at least '(index + 1) * sizeof(*ref)' bytes but that can not be guaranteed by current OOB check, and may cause OOB for malformed property. Fix by using as OOB check '((index + 1) * sizeof(*ref) > prop->length)'. | ||||
| CVE-2023-47043 | 3 Adobe, Apple, Microsoft | 3 Media Encoder, Macos, Windows | 2025-12-16 | 7.8 High |
| Adobe Media Encoder version 24.0.2 (and earlier) and 23.6 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2025-38375 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2025-12-16 | 7.8 High |
| In the Linux kernel, the following vulnerability has been resolved: virtio-net: ensure the received length does not exceed allocated size In xdp_linearize_page, when reading the following buffers from the ring, we forget to check the received length with the true allocate size. This can lead to an out-of-bound read. This commit adds that missing check. | ||||
| CVE-2025-38103 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2025-12-16 | 7.1 High |
| In the Linux kernel, the following vulnerability has been resolved: HID: usbhid: Eliminate recurrent out-of-bounds bug in usbhid_parse() Update struct hid_descriptor to better reflect the mandatory and optional parts of the HID Descriptor as per USB HID 1.11 specification. Note: the kernel currently does not parse any optional HID class descriptors, only the mandatory report descriptor. Update all references to member element desc[0] to rpt_desc. Add test to verify bLength and bNumDescriptors values are valid. Replace the for loop with direct access to the mandatory HID class descriptor member for the report descriptor. This eliminates the possibility of getting an out-of-bounds fault. Add a warning message if the HID descriptor contains any unsupported optional HID class descriptors. | ||||
| CVE-2025-38111 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2025-12-16 | 7.1 High |
| In the Linux kernel, the following vulnerability has been resolved: net/mdiobus: Fix potential out-of-bounds read/write access When using publicly available tools like 'mdio-tools' to read/write data from/to network interface and its PHY via mdiobus, there is no verification of parameters passed to the ioctl and it accepts any mdio address. Currently there is support for 32 addresses in kernel via PHY_MAX_ADDR define, but it is possible to pass higher value than that via ioctl. While read/write operation should generally fail in this case, mdiobus provides stats array, where wrong address may allow out-of-bounds read/write. Fix that by adding address verification before read/write operation. While this excludes this access from any statistics, it improves security of read/write operation. | ||||
| CVE-2025-8410 | 1 Rti | 1 Connext Professional | 2025-12-16 | 7.4 High |
| Use After Free vulnerability in RTI Connext Professional (Security Plugins) allows File Manipulation.This issue affects Connext Professional: from 7.5.0 before 7.6.0. | ||||
| CVE-2025-1254 | 1 Rti | 1 Connext Professional | 2025-12-16 | 7.4 High |
| Out-of-bounds Read, Out-of-bounds Write vulnerability in RTI Connext Professional (Recording Service) allows Overflow Buffers, Overread Buffers.This issue affects Connext Professional: from 7.4.0 before 7.5.0, from 7.0.0 before 7.3.0.7, from 6.1.0 before 6.1.2.23, from 6.0.0 before 6.0.1.42. | ||||
| CVE-2025-36921 | 1 Google | 1 Android | 2025-12-12 | 5.5 Medium |
| In ProtocolPsUnthrottleApn() of protocolpsadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with baseband firmware compromise required. User interaction is not needed for exploitation. | ||||
| CVE-2025-59391 | 1 Libcoap | 1 Libcoap | 2025-12-12 | 6.5 Medium |
| A memory disclosure vulnerability exists in libcoap's OSCORE configuration parser in libcoap before release-4.3.5-patches. An out-of-bounds read may occur when parsing certain configuration values, allowing an attacker to infer or read memory beyond string boundaries in the .rodata section. This could potentially lead to information disclosure or denial of service. | ||||
| CVE-2025-47914 | 1 Golang | 2 Crypto, Ssh | 2025-12-11 | 5.3 Medium |
| SSH Agent servers do not validate the size of messages when processing new identity requests, which may cause the program to panic if the message is malformed due to an out of bounds read. | ||||
| CVE-2025-21074 | 1 Samsung | 2 Android, Mobile Devices | 2025-12-11 | 4.3 Medium |
| Out-of-bounds read in libimagecodec.quram.so prior to SMR Nov-2025 Release 1 allows remote attackers to access out-of-bounds memory. | ||||
| CVE-2021-4156 | 3 Debian, Libsndfile Project, Redhat | 3 Debian Linux, Libsndfile, Enterprise Linux | 2025-12-11 | 7.1 High |
| An out-of-bounds read flaw was found in libsndfile's FLAC codec functionality. An attacker who is able to submit a specially crafted file (via tricking a user to open or otherwise) to an application linked with libsndfile and using the FLAC codec, could trigger an out-of-bounds read that would most likely cause a crash but could potentially leak memory information that could be used in further exploitation of other flaws. | ||||
| CVE-2025-58113 | 1 Pdf-xchange | 1 Pdf-xchange Editor | 2025-12-11 | 6.5 Medium |
| An out-of-bounds read vulnerability exists in the EMF functionality of PDF-XChange Co. Ltd PDF-XChange Editor 10.7.3.401. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information. | ||||
| CVE-2025-64893 | 3 Adobe, Apple, Microsoft | 3 Dng Software Development Kit, Macos, Windows | 2025-12-10 | 7.1 High |
| DNG SDK versions 1.7.0 and earlier are affected by an Out-of-bounds Read vulnerability that could lead to memory exposure or application denial of service. An attacker could leverage this vulnerability to disclose sensitive information stored in memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2024-32631 | 1 Asrmicro | 26 Asr1602, Asr1602 Firmware, Asr1603 and 23 more | 2025-12-10 | 7.2 High |
| Out-of-Bounds read in ciCCIOTOPT in ASR180X will cause incorrect computations. | ||||
| CVE-2025-57697 | 1 Astrbot | 1 Astrbot | 2025-12-05 | 6.5 Medium |
| AstrBot Project v3.5.22 has an arbitrary file read vulnerability in function _encode_image_bs64. Since the _encode_image_bs64 function defined in entities.py opens the image specified by the user in the request body and returns the image content as a base64-encoded string without checking the legitimacy of the image path, attackers can construct a series of malicious URLs to read any specified file, resulting in sensitive data leakage. | ||||
| CVE-2025-58476 | 1 Samsung | 2 Android, Mobile Devices | 2025-12-05 | 4.2 Medium |
| Out-of-bounds read vulnerability in bootloader prior to SMR Dec-2025 Release 1 allows physical attackers to access out-of-bounds memory. | ||||
| CVE-2025-58479 | 1 Samsung | 2 Android, Mobile Devices | 2025-12-05 | 4.3 Medium |
| Out-of-bounds read in libimagecodec.quram.so prior to SMR Dec-2025 Release 1 allows remote attackers to access out-of-bounds memory. | ||||