Total
8050 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-20648 | 2 Google, Mediatek | 10 Android, Mt2718, Mt6879 and 7 more | 2025-04-22 | 5.5 Medium |
| In apu, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09456673; Issue ID: MSV-2584. | ||||
| CVE-2025-20651 | 5 Google, Linuxfoundation, Mediatek and 2 more | 25 Android, Yocto, Mt2737 and 22 more | 2025-04-22 | 4.1 Medium |
| In da, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09291294; Issue ID: MSV-2062. | ||||
| CVE-2025-20652 | 2 Google, Mediatek | 45 Android, Mt6580, Mt6739 and 42 more | 2025-04-22 | 4.6 Medium |
| In V5 DA, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09291215; Issue ID: MSV-2052. | ||||
| CVE-2025-2724 | 2025-04-22 | 3.3 Low | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: The code maintainer explains that "the only way to get an object of type GsfMSOleSortingKey is via gsf_msole_sorting_key_new which adds that extra zero element". | ||||
| CVE-2023-42982 | 1 Apple | 1 Macos | 2025-04-21 | 6.4 Medium |
| Processing a file may lead to a denial-of-service or potentially disclose memory contents. This issue is fixed in macOS 14. The issue was addressed with improved checks. | ||||
| CVE-2022-32916 | 1 Apple | 1 Iphone Os | 2025-04-21 | 5.5 Medium |
| An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. This issue is fixed in iOS 16. An app may be able to disclose kernel memory. | ||||
| CVE-2022-32943 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2025-04-21 | 5.3 Medium |
| The issue was addressed with improved bounds checks. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1. Shake-to-undo may allow a deleted photo to be re-surfaced without authentication. | ||||
| CVE-2022-32942 | 1 Apple | 1 Macos | 2025-04-21 | 7.8 High |
| The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.6.2, macOS Ventura 13.1, macOS Big Sur 11.7.2. An app may be able to execute arbitrary code with kernel privileges. | ||||
| CVE-2022-46393 | 2 Arm, Fedoraproject | 2 Mbed Tls, Fedora | 2025-04-21 | 9.8 Critical |
| An issue was discovered in Mbed TLS before 2.28.2 and 3.x before 3.3.0. There is a potential heap-based buffer overflow and heap-based buffer over-read in DTLS if MBEDTLS_SSL_DTLS_CONNECTION_ID is enabled and MBEDTLS_SSL_CID_IN_LEN_MAX > 2 * MBEDTLS_SSL_CID_OUT_LEN_MAX. | ||||
| CVE-2022-42851 | 1 Apple | 3 Ipados, Iphone Os, Tvos | 2025-04-21 | 5.5 Medium |
| The issue was addressed with improved memory handling. This issue is fixed in iOS 16.2 and iPadOS 16.2, tvOS 16.2. Parsing a maliciously crafted TIFF file may lead to disclosure of user information. | ||||
| CVE-2022-20513 | 1 Google | 1 Android | 2025-04-21 | 5.5 Medium |
| In decrypt_1_2 of CryptoPlugin.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-244569759 | ||||
| CVE-2022-20563 | 1 Google | 1 Android | 2025-04-21 | 6.7 Medium |
| In TBD of ufdt_convert, there is a possible out of bounds read due to memory corruption. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-242067561References: N/A | ||||
| CVE-2022-20541 | 1 Google | 1 Android | 2025-04-21 | 4.2 Medium |
| In phNxpNciHal_ioctl of phNxpNciHal.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-238083126 | ||||
| CVE-2022-20527 | 1 Google | 1 Android | 2025-04-21 | 5.5 Medium |
| In HalCoreCallback of halcore.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure from the NFC firmware with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-229994861 | ||||
| CVE-2022-20523 | 1 Google | 1 Android | 2025-04-21 | 6.1 Medium |
| In IncFs_GetFilledRangesStartingFrom of incfs.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-228222508 | ||||
| CVE-2022-2785 | 1 Linux | 1 Linux Kernel | 2025-04-21 | 6.7 Medium |
| There exists an arbitrary memory read within the Linux Kernel BPF - Constants provided to fill pointers in structs passed in to bpf_sys_bpf are not verified and can point anywhere, including memory not owned by BPF. An attacker with CAP_BPF can arbitrarily read memory from anywhere on the system. We recommend upgrading past commit 86f44fcec22c | ||||
| CVE-2022-39157 | 1 Siemens | 1 Parasolid | 2025-04-21 | 7.8 High |
| A vulnerability has been identified in Parasolid V34.0 (All versions < V34.0.252), Parasolid V34.0 (All versions >= V34.0.252 < V34.0.254), Parasolid V34.1 (All versions < V34.1.242), Parasolid V34.1 (All versions >= V34.1.242 < V34.1.244), Parasolid V35.0 (All versions < V35.0.170), Parasolid V35.0 (All versions >= V35.0.170 < V35.0.184), Simcenter Femap (All versions < V2023.1). The affected application contains an out of bounds read past the end of an allocated structure while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-17745) | ||||
| CVE-2022-41661 | 1 Siemens | 2 Jt2go, Teamcenter Visualization | 2025-04-21 | 7.8 High |
| A vulnerability has been identified in JT2Go (All versions < V14.1.0.4), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.7), Teamcenter Visualization V14.0 (All versions < V14.0.0.3), Teamcenter Visualization V14.1 (All versions < V14.1.0.4). The affected products contain an out of bounds read vulnerability when parsing a CGM file. An attacker can leverage this vulnerability to execute code in the context of the current process. | ||||
| CVE-2022-41662 | 1 Siemens | 2 Jt2go, Teamcenter Visualization | 2025-04-21 | 7.8 High |
| A vulnerability has been identified in JT2Go (All versions < V14.1.0.4), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.7), Teamcenter Visualization V14.0 (All versions < V14.0.0.3), Teamcenter Visualization V14.1 (All versions < V14.1.0.4). The affected products contain an out of bounds read vulnerability when parsing a CGM file. An attacker can leverage this vulnerability to execute code in the context of the current process. | ||||
| CVE-2022-41281 | 1 Siemens | 2 Jt2go, Teamcenter Visualization | 2025-04-21 | 7.8 High |
| A vulnerability has been identified in JT2Go (All versions < V14.1.0.6), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.8), Teamcenter Visualization V14.0 (All versions < V14.0.0.4), Teamcenter Visualization V14.1 (All versions < V14.1.0.6). The CGM_NIST_Loader.dll contains an out of bounds read vulnerability when parsing a CGM file. An attacker can leverage this vulnerability to execute code in the context of the current process. | ||||