ReportizFlow
Filtered by vendor
Subscriptions
Total
7807 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-53150 | 1 Linux | 1 Linux Kernel | 2025-04-09 | 7.8 High |
| In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix out of bounds reads when finding clock sources The current USB-audio driver code doesn't check bLength of each descriptor at traversing for clock descriptors. That is, when a device provides a bogus descriptor with a shorter bLength, the driver might hit out-of-bounds reads. For addressing it, this patch adds sanity checks to the validator functions for the clock descriptor traversal. When the descriptor length is shorter than expected, it's skipped in the loop. For the clock source and clock multiplier descriptors, we can just check bLength against the sizeof() of each descriptor type. OTOH, the clock selector descriptor of UAC2 and UAC3 has an array of bNrInPins elements and two more fields at its tail, hence those have to be checked in addition to the sizeof() check. | ||||
| CVE-2025-32460 | 2025-04-09 | 4 Medium | ||
| GraphicsMagick before 8e56520 has a heap-based buffer over-read in ReadJXLImage in coders/jxl.c, related to an ImportViewPixelArea call. | ||||
| CVE-2007-3847 | 4 Apache, Canonical, Fedoraproject and 1 more | 7 Http Server, Ubuntu Linux, Fedora and 4 more | 2025-04-09 | N/A |
| The date handling code in modules/proxy/proxy_util.c (mod_proxy) in Apache 2.3.0, when using a threaded MPM, allows remote origin servers to cause a denial of service (caching forward proxy process crash) via crafted date headers that trigger a buffer over-read. | ||||
| CVE-2006-5393 | 1 Cisco | 1 Secure Desktop | 2025-04-09 | 5.5 Medium |
| Cisco Secure Desktop (CSD) does not require that the ClearPageFileAtShutdown (aka CCE-Winv2.0-407) registry value equals 1, which might allow local users to read certain memory pages that were written during another user's SSL VPN session. | ||||
| CVE-2009-2523 | 1 Microsoft | 1 Windows 2000 | 2025-04-09 | N/A |
| The License Logging Server (llssrv.exe) in Microsoft Windows 2000 SP4 allows remote attackers to execute arbitrary code via an RPC message containing a string without a null terminator, which triggers a heap-based buffer overflow in the LlsrLicenseRequestW method, aka "License Logging Server Heap Overflow Vulnerability." | ||||
| CVE-2006-6016 | 1 Wordpress | 1 Wordpress | 2025-04-09 | 6.5 Medium |
| wp-admin/user-edit.php in WordPress before 2.0.5 allows remote authenticated users to read the metadata of an arbitrary user via a modified user_id parameter. | ||||
| CVE-2007-5269 | 2 Libpng, Redhat | 2 Libpng, Enterprise Linux | 2025-04-09 | N/A |
| Certain chunk handlers in libpng before 1.0.29 and 1.2.x before 1.2.21 allow remote attackers to cause a denial of service (crash) via crafted (1) pCAL (png_handle_pCAL), (2) sCAL (png_handle_sCAL), (3) tEXt (png_push_read_tEXt), (4) iTXt (png_handle_iTXt), and (5) ztXT (png_handle_ztXt) chunking in PNG images, which trigger out-of-bounds read operations. | ||||
| CVE-2022-47630 | 1 Arm | 1 Trusted Firmware-a | 2025-04-09 | 7.4 High |
| Trusted Firmware-A through 2.8 has an out-of-bounds read in the X.509 parser for parsing boot certificates. This affects downstream use of get_ext and auth_nvctr. Attackers might be able to trigger dangerous read side effects or obtain sensitive information about microarchitectural state. | ||||
| CVE-2025-26669 | 2025-04-08 | 8.8 High | ||
| Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. | ||||
| CVE-2025-27742 | 2025-04-08 | 5.5 Medium | ||
| Out-of-bounds read in Windows NTFS allows an unauthorized attacker to disclose information locally. | ||||
| CVE-2025-26642 | 2025-04-08 | 7.8 High | ||
| Out-of-bounds read in Microsoft Office allows an unauthorized attacker to execute code locally. | ||||
| CVE-2025-27741 | 2025-04-08 | 7.8 High | ||
| Out-of-bounds read in Windows NTFS allows an unauthorized attacker to elevate privileges locally. | ||||
| CVE-2025-27184 | 2025-04-08 | 5.5 Medium | ||
| After Effects versions 25.1, 24.6.4 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2025-26675 | 2025-04-08 | 7.8 High | ||
| Out-of-bounds read in Windows Subsystem for Linux allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-27483 | 2025-04-08 | 7.8 High | ||
| Out-of-bounds read in Windows NTFS allows an unauthorized attacker to elevate privileges locally. | ||||
| CVE-2025-27733 | 2025-04-08 | 7.8 High | ||
| Out-of-bounds read in Windows NTFS allows an unauthorized attacker to elevate privileges locally. | ||||
| CVE-2025-27204 | 2025-04-08 | 5.5 Medium | ||
| After Effects versions 25.1, 24.6.4 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2025-27187 | 2025-04-08 | 5.5 Medium | ||
| After Effects versions 25.1, 24.6.4 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2025-30309 | 2025-04-08 | 5.5 Medium | ||
| XMP Toolkit versions 2023.12 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2025-30308 | 2025-04-08 | 5.5 Medium | ||
| XMP Toolkit versions 2023.12 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||