Total
7990 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-6652 | 1 Pdf-xchange | 2 Pdf-tools, Pdf-xchange Editor | 2025-07-01 | N/A |
| PDF-XChange Editor PRC File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PRC files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-26724. | ||||
| CVE-2025-6650 | 1 Pdf-xchange | 2 Pdf-tools, Pdf-xchange Editor | 2025-07-01 | N/A |
| PDF-XChange Editor U3D File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-26712. | ||||
| CVE-2025-6662 | 1 Pdf-xchange | 2 Pdf-tools, Pdf-xchange Editor | 2025-07-01 | N/A |
| PDF-XChange Editor PRC File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PRC files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-26985. | ||||
| CVE-2025-21383 | 1 Microsoft | 4 365 Apps, Excel, Office and 1 more | 2025-07-01 | 7.8 High |
| Microsoft Excel Information Disclosure Vulnerability | ||||
| CVE-2024-56427 | 1 Samsung | 36 Exynos 1080, Exynos 1080 Firmware, Exynos 1280 and 33 more | 2025-07-01 | 6.5 Medium |
| An issue was discovered in Samsung Mobile Processor and Wearable Processor Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 9110, W920, W930, W1000, Modem 5123, Modem 5300, Modem 5400. The lack of a length check leads to out-of-bounds access via malformed RRC packets to the target. | ||||
| CVE-2025-27891 | 1 Samsung | 34 Exynos 1080, Exynos 1080 Firmware, Exynos 1280 and 31 more | 2025-07-01 | 9.1 Critical |
| An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, W920, W930, W1000, Modem 5123, Modem 5300, Modem 5400. The lack of a length check leads to out-of-bounds reads via malformed NAS packets. | ||||
| CVE-2024-50600 | 1 Samsung | 20 Exynos 1080, Exynos 1080 Firmware, Exynos 1280 and 17 more | 2025-07-01 | 7.5 High |
| An issue was discovered in Samsung Mobile Processor and Wearable Processor Exynos 980, 850, 1080, 1280, 1330, 1380, 1480, W920, W930, and W1000. Lack of a boundary check in STOP_KEEP_ALIVE_OFFLOAD leads to out-of-bounds access. An attacker can send a malformed message to the target through the Wi-Fi driver. | ||||
| CVE-2023-4428 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2025-07-01 | 8.1 High |
| Out of bounds memory access in CSS in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2023-4042 | 2 Artifex, Redhat | 9 Ghostscript, Codeready Linux Builder, Codeready Linux Builder For Arm64 and 6 more | 2025-07-01 | 5.5 Medium |
| A flaw was found in ghostscript. The fix for CVE-2020-16305 in ghostscript was not included in RHSA-2021:1852-06 advisory as it was claimed to be. This issue only affects the ghostscript package as shipped with Red Hat Enterprise Linux 8. | ||||
| CVE-2025-6658 | 2025-06-30 | N/A | ||
| PDF-XChange Editor PRC File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PRC files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-26733. | ||||
| CVE-2024-29219 | 1 Keyence | 6 Kv Replay Viewer, Kv Studio, Vt5-wx12 and 3 more | 2025-06-30 | 7.8 High |
| Out-of-bounds read vulnerability exists in KV STUDIO Ver.11.64 and earlier and KV REPLAY VIEWER Ver.2.64 and earlier, and VT5-WX15/WX12 Ver.6.02 and earlier, which may lead to information disclosure or arbitrary code execution by having a user of the affected product open a specially crafted file. | ||||
| CVE-2024-28894 | 1 Nxtech | 3 Cente Ipv6, Cente Ipv6 Snmpv2, Cente Ipv6 Snmpv3 | 2025-06-30 | 5.3 Medium |
| Out-of-bounds read vulnerability caused by improper checking of the option length values in IPv6 headers exists in Cente middleware TCP/IP Network Series, which may allow an unauthenticated attacker to stop the device operations by sending a specially crafted packet. | ||||
| CVE-2024-23911 | 1 Nxtech | 3 Cente Ipv6, Cente Ipv6 Snmpv2, Cente Ipv6 Snmpv3 | 2025-06-30 | 7.5 High |
| Out-of-bounds read vulnerability caused by improper checking of the option length values in IPv6 NDP packets exists in Cente middleware TCP/IP Network Series, which may allow an unauthenticated attacker to stop the device operations by sending a specially crafted packet. | ||||
| CVE-2021-3643 | 1 Sound Exchange Project | 1 Sound Exchange | 2025-06-27 | 9.1 Critical |
| A flaw was found in sox 14.4.1. The lsx_adpcm_init function within libsox leads to a global-buffer-overflow. This flaw allows an attacker to input a malicious file, leading to the disclosure of sensitive information. | ||||
| CVE-2024-37400 | 1 Ivanti | 1 Connect Secure | 2025-06-27 | N/A |
| An out of bounds read in Ivanti Connect Secure before version 22.7R2.3 allows a remote unauthenticated attacker to trigger an infinite loop, causing a denial of service. | ||||
| CVE-2024-38654 | 1 Ivanti | 1 Secure Access Client | 2025-06-27 | N/A |
| Improper bounds checking in Ivanti Secure Access Client before version 22.7R3 allows a local authenticated attacker with admin privileges to cause a denial of service. | ||||
| CVE-2024-56184 | 1 Google | 1 Android | 2025-06-27 | 5.1 Medium |
| In static long dev_send of tipc_dev_ql, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2024-56185 | 1 Google | 1 Android | 2025-06-27 | 5.1 Medium |
| In ProtocolUnsolOnSSAdapter::GetServiceClass() of protocolcalladapter.cpp, there is a possible out-of-bounds read due to a missing bounds check. This could lead to local information disclosure with baseband firmware compromise required. User Interaction is not needed for exploitation. | ||||
| CVE-2024-56186 | 1 Google | 1 Android | 2025-06-27 | 5.1 Medium |
| In closeChannel of secureelementimpl.cpp, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2024-56187 | 1 Google | 1 Android | 2025-06-27 | 6.6 Medium |
| In ppcfw_deny_sec_dram_access of ppcfw.c, there is a possible arbitrary read from TEE memory due to a logic error in the code. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. | ||||