Total
7955 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2023-42067 | 1 Pdf-xchange | 2 Pdf-tools, Pdf-xchange Editor | 2025-05-16 | 5.5 Medium |
PDF-XChange Editor JB2 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JB2 files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-20984. | ||||
CVE-2023-42068 | 1 Pdf-xchange | 2 Pdf-tools, Pdf-xchange Editor | 2025-05-16 | 5.5 Medium |
PDF-XChange Editor JB2 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JB2 files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. . Was ZDI-CAN-20985. | ||||
CVE-2023-42070 | 1 Pdf-xchange | 2 Pdf-tools, Pdf-xchange Editor | 2025-05-16 | 5.5 Medium |
PDF-XChange Editor Doc Object Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Doc objects. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-21179. | ||||
CVE-2023-42072 | 1 Pdf-xchange | 2 Pdf-tools, Pdf-xchange Editor | 2025-05-16 | 5.5 Medium |
PDF-XChange Editor JPC File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JPC files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-21311. | ||||
CVE-2023-42073 | 1 Pdf-xchange | 2 Pdf-tools, Pdf-xchange Editor | 2025-05-16 | 5.5 Medium |
PDF-XChange Editor Doc Object Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Doc objects. By performing actions in JavaScript, an attacker can trigger a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-21323. | ||||
CVE-2025-20026 | 2025-05-16 | 6.1 Medium | ||
Out-of-bounds read for some Intel(R) PROSet/Wireless WiFi Software for Windows before version 23.100 may allow an unauthenticated user to potentially enable denial of service via adjacent access. | ||||
CVE-2024-31150 | 2025-05-16 | 3.8 Low | ||
Out-of-bounds read for some Intel(R) Graphics Driver software may allow an authenticated user to potentially enable information disclosure via local access. | ||||
CVE-2025-20101 | 2025-05-16 | 8.4 High | ||
Out-of-bounds read for some Intel(R) Graphics Drivers may allow an authenticated user to potentially enable information disclosure or denial of service via local access. | ||||
CVE-2025-4638 | 1 Redhat | 1 Rhel Els | 2025-05-16 | 8.1 High |
A vulnerability exists in the inftrees.c component of the zlib library, which is bundled within the PointCloudLibrary (PCL). This issue may allow context-dependent attackers to cause undefined behavior by exploiting improper pointer arithmetic. Since version 1.14.0, PCL by default uses a zlib installation from the system, unless the user sets WITH_SYSTEM_ZLIB=FALSE. So this potential vulnerability is only relevant if the PCL version is older than 1.14.0 or the user specifically requests to not use the system zlib. | ||||
CVE-2023-46045 | 1 Graphviz | 1 Graphviz | 2025-05-15 | 7.8 High |
Graphviz 2.36.0 through 9.x before 10.0.1 has an out-of-bounds read via a crafted config6a file. NOTE: exploitability may be uncommon because this file is typically owned by root. | ||||
CVE-2023-6387 | 1 Silabs | 1 Gecko Software Development Kit | 2025-05-15 | 7.5 High |
A potential buffer overflow exists in the Bluetooth LE HCI CPC sample application in the Gecko SDK which may result in a denial of service or remote code execution | ||||
CVE-2023-43533 | 1 Qualcomm | 476 315 5g Iot Modem, 315 5g Iot Modem Firmware, Aqt1000 and 473 more | 2025-05-15 | 7.5 High |
Transient DOS in WLAN Firmware when the length of received beacon is less than length of ieee802.11 beacon frame. | ||||
CVE-2022-25665 | 1 Qualcomm | 168 Aqt1000, Aqt1000 Firmware, Ar8035 and 165 more | 2025-05-15 | 6.8 Medium |
Information disclosure due to buffer over read in kernel in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Mobile | ||||
CVE-2022-25663 | 1 Qualcomm | 62 Aqt1000, Aqt1000 Firmware, Qca1062 and 59 more | 2025-05-15 | 5.5 Medium |
Possible buffer overflow due to lack of buffer length check during management frame Rx handling lead to denial of service in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity | ||||
CVE-2022-42901 | 1 Bentley | 2 Microstation, View | 2025-05-15 | 7.8 High |
Bentley MicroStation and MicroStation-based applications may be affected by out-of-bounds and stack overflow issues when opening crafted XMT files. Exploiting these issues could lead to information disclosure and code execution. The fixed versions are 10.17.01.58* for MicroStation and 10.17.01.19* for Bentley View. | ||||
CVE-2022-42900 | 1 Bentley | 2 Microstation, View | 2025-05-15 | 7.8 High |
Bentley MicroStation and MicroStation-based applications may be affected by out-of-bounds read issues when opening crafted FBX files. Exploiting these issues could lead to information disclosure and code execution. The fixed versions are 10.17.01.58* for MicroStation and 10.17.01.19* for Bentley View. | ||||
CVE-2022-42899 | 1 Bentley | 2 Microstation, View | 2025-05-15 | 7.8 High |
Bentley MicroStation and MicroStation-based applications may be affected by out-of-bounds read and stack overflow issues when opening crafted SKP files. Exploiting these issues could lead to information disclosure and code execution. The fixed versions are 10.17.01.58* for MicroStation and 10.17.01.19* for Bentley View. | ||||
CVE-2021-46840 | 1 Huawei | 2 Emui, Harmonyos | 2025-05-15 | 9.1 Critical |
The HW_KEYMASTER module has an out-of-bounds access vulnerability in parameter set verification.Successful exploitation of this vulnerability may cause malicious construction of data, which results in out-of-bounds access. | ||||
CVE-2021-46839 | 1 Huawei | 2 Emui, Harmonyos | 2025-05-15 | 9.1 Critical |
The HW_KEYMASTER module has a vulnerability of missing bounds check on length.Successful exploitation of this vulnerability may cause malicious construction of data, which results in out-of-bounds access. | ||||
CVE-2022-38998 | 1 Huawei | 2 Emui, Harmonyos | 2025-05-15 | 7.5 High |
The HISP module has a vulnerability of not verifying the data transferred in the kernel space.Successful exploitation of this vulnerability will cause out-of-bounds read, which affects data confidentiality. |