Total
9206 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-29913 | 1 Nasa | 1 Cryptolib | 2025-05-07 | 9.8 Critical |
| CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. A critical heap buffer overflow vulnerability was identified in the `Crypto_TC_Prep_AAD` function of CryptoLib versions 1.3.3 and prior. This vulnerability allows an attacker to trigger a Denial of Service (DoS) or potentially execute arbitrary code (RCE) by providing a maliciously crafted telecommand (TC) frame that causes an unsigned integer underflow. The vulnerability lies in the function `Crypto_TC_Prep_AAD`, specifically during the computation of `tc_mac_start_index`. The affected code incorrectly calculates the MAC start index without ensuring it remains within the bounds of the `ingest` buffer. When `tc_mac_start_index` underflows due to an incorrect length calculation, the function attempts to access an out-of-bounds memory location, leading to a segmentation fault. The vulnerability is still present in the repository as of commit `d3cc420ace96d02a5b7e83d88cbd2e48010d5723`. | ||||
| CVE-2025-21530 | 1 Oracle | 1 Peoplesoft Enterprise Peopletools | 2025-05-07 | 4.3 Medium |
| Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Panel Processor). Supported versions that are affected are 8.60 and 8.61. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N). | ||||
| CVE-2022-39836 | 1 Genivi | 1 Diagnostic Log And Trace | 2025-05-07 | 5.5 Medium |
| An issue was discovered in Connected Vehicle Systems Alliance (COVESA) dlt-daemon through 2.18.8. Due to a faulty DLT file parser, a crafted DLT file that crashes the process can be created. This is due to missing validation checks. There is a heap-based buffer over-read of one byte. | ||||
| CVE-2021-46848 | 4 Debian, Fedoraproject, Gnu and 1 more | 5 Debian Linux, Fedora, Libtasn1 and 2 more | 2025-05-07 | 9.1 Critical |
| GNU Libtasn1 before 4.19.0 has an ETYPE_OK off-by-one array size check that affects asn1_encode_simple_der. | ||||
| CVE-2022-43280 | 1 Webassembly | 1 Wabt | 2025-05-07 | 7.1 High |
| wasm-interp v1.0.29 was discovered to contain an out-of-bounds read via the component OnReturnCallExpr->GetReturnCallDropKeepCount. | ||||
| CVE-2024-23533 | 1 Ivanti | 1 Avalanche | 2025-05-06 | 6.5 Medium |
| An out-of-bounds read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3, in certain conditions can allow an authenticated remote attacker to read sensitive information in memory. | ||||
| CVE-2024-23532 | 1 Ivanti | 1 Avalanche | 2025-05-06 | 7.5 High |
| An out-of-bounds Read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3 allows an authenticated remote attacker to perform denial of service attacks. In certain conditions this could also lead to remote code execution. | ||||
| CVE-2022-44081 | 1 Lodev | 1 Lodepng | 2025-05-06 | 5.5 Medium |
| Lodepng v20220717 was discovered to contain a segmentation fault via the function pngdetail. | ||||
| CVE-2022-32936 | 1 Apple | 1 Macos | 2025-05-06 | 5.5 Medium |
| An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Ventura 13. An app may be able to disclose kernel memory. | ||||
| CVE-2018-6340 | 1 Facebook | 1 Hhvm | 2025-05-06 | 8.1 High |
| The Memcache::getextendedstats function can be used to trigger an out-of-bounds read. Exploiting this issue requires control over memcached server hostnames and/or ports. This affects all supported versions of HHVM (3.30 and 3.27.4 and below). | ||||
| CVE-2024-23530 | 1 Ivanti | 1 Avalanche | 2025-05-06 | 7.5 High |
| An out-of-bounds read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3, in certain conditions can allow an unauthenticated remote attacker to read sensitive information in memory. | ||||
| CVE-2024-23529 | 1 Ivanti | 1 Avalanche | 2025-05-06 | 7.5 High |
| An out-of-bounds read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3, in certain conditions can allow an unauthenticated remote attacker to read sensitive information in memory. | ||||
| CVE-2024-23528 | 1 Ivanti | 1 Avalanche | 2025-05-06 | 7.5 High |
| An out-of-bounds read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3, in certain conditions can allow an unauthenticated remote attacker to read sensitive information in memory. | ||||
| CVE-2024-23526 | 1 Ivanti | 1 Avalanche | 2025-05-06 | 7.5 High |
| An out-of-bounds read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3, in certain conditions can allow an unauthenticated remote attacker to read sensitive information in memory. | ||||
| CVE-2018-20618 | 1 Ok-file-formats Project | 1 Ok-file-formats | 2025-05-06 | 8.8 High |
| ok-file-formats through 2018-10-16 has a heap-based buffer over-read in the ok_mo_decode2 function in ok_mo.c. | ||||
| CVE-2024-23527 | 1 Ivanti | 1 Avalanche | 2025-05-06 | 7.5 High |
| An out-of-bounds read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3, in certain conditions can allow an unauthenticated remote attacker to read sensitive information in memory. | ||||
| CVE-2022-3576 | 1 Synology | 4 Diskstation Manager, Ds3622xs\+, Fs3410 and 1 more | 2025-05-05 | 5.3 Medium |
| A vulnerability regarding out-of-bounds read is found in the session processing functionality of Out-of-Band (OOB) Management. This allows remote attackers to obtain sensitive information via unspecified vectors. The following models with Synology DiskStation Manager (DSM) versions before 7.1.1-42962-2 may be affected: DS3622xs+, FS3410, and HD6500. | ||||
| CVE-2022-43359 | 1 Gifdec Project | 1 Gifdec | 2025-05-05 | 7.8 High |
| Gifdec commit 1dcbae19363597314f6623010cc80abad4e47f7c was discovered to contain an out-of-bounds read in the function read_image_data. This vulnerability is triggered when parsing a crafted Gif file. | ||||
| CVE-2024-35385 | 1 Cesanta | 1 Mjs | 2025-05-05 | 4.3 Medium |
| An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjs_mk_ffi_sig function in the mjs.c file. | ||||
| CVE-2022-21730 | 1 Google | 1 Tensorflow | 2025-05-05 | 8.1 High |
| Tensorflow is an Open Source Machine Learning Framework. The implementation of `FractionalAvgPoolGrad` does not consider cases where the input tensors are invalid allowing an attacker to read from outside of bounds of heap. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. | ||||