Total
8112 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-62525 | 1 Openwrt | 1 Openwrt | 2025-10-30 | N/A | 7.9 HIGH |
| OpenWrt Project is a Linux operating system targeting embedded devices. Prior to version 24.10.4, local users could read and write arbitrary kernel memory using the ioctls of the ltq-ptm driver which is used to drive the datapath of the DSL line. This only effects the lantiq target supporting xrx200, danube and amazon SoCs from Lantiq/Intel/MaxLinear with the DSL in PTM mode. The DSL driver for the VRX518 is not affected. ATM mode is also not affected. Most VDSL lines use PTM mode and most ADSL lines use ATM mode. OpenWrt is normally running as a single user system, but some services are sandboxed. This vulnerability could allow attackers to escape a ujail sandbox or other contains. This is fixed in OpenWrt 24.10.4. There are no workarounds. | |||||
| CVE-2025-62492 | 1 Quickjs Project | 1 Quickjs | 2025-10-30 | N/A | 6.5 MEDIUM |
| A vulnerability stemming from floating-point arithmetic precision errors exists in the QuickJS engine's implementation of TypedArray.prototype.indexOf() when a negative fromIndex argument is supplied. * The fromIndex argument (read as a double variable, $d$) is used to calculate the starting position for the search. * If d is negative, the index is calculated relative to the end of the array by adding the array's length (len) to d: $$d_{new} = d + \text{len}$$ * Due to the inherent limitations of floating-point arithmetic, if the negative value $d$ is extremely small (e.g., $-1 \times 10^{-20}$), the addition $d + \text{len}$ can result in a loss of precision, yielding an outcome that is exactly equal to $\text{len}$. * The result is then converted to an integer index $k$: $k = \text{len}$. * The search function proceeds to read array elements starting from index $k$. Since valid indices are $0$ to $\text{len}-1$, starting the read at index $\text{len}$ is one element past the end of the array. This allows an attacker to cause an Out-of-Bounds Read of one element immediately following the buffer. While the scope of this read is small (one element), it can potentially lead to Information Disclosure of adjacent memory contents, depending on the execution environment. | |||||
| CVE-2021-25487 | 1 Samsung | 1 Android | 2025-10-30 | 4.6 MEDIUM | 7.3 HIGH |
| Lack of boundary checking of a buffer in set_skb_priv() of modem interface driver prior to SMR Oct-2021 Release 1 allows OOB read and it results in arbitrary code execution by dereference of invalid function pointer. | |||||
| CVE-2025-61043 | 2025-10-30 | N/A | 9.1 CRITICAL | ||
| An out-of-bounds read vulnerability has been discovered in Monkey's Audio 11.31, specifically in the CAPECharacterHelper::GetUTF16FromUTF8 function. The issue arises from improper handling of the length of the input UTF-8 string, causing the function to read past the memory boundary. This vulnerability may result in a crash or expose sensitive data. | |||||
| CVE-2025-62493 | 1 Quickjs Project | 1 Quickjs | 2025-10-29 | N/A | 6.5 MEDIUM |
| A vulnerability exists in the QuickJS engine's BigInt string conversion logic (js_bigint_to_string1) due to an incorrect calculation of the required number of digits, which in turn leads to reading memory past the allocated BigInt structure. * The function determines the number of characters (n_digits) needed for the string representation by calculating: $$ \\ \text{n\_digits} = (\text{n\_bits} + \text{log2\_radix} - 1) / \text{log2\_radix}$$ $$$$This formula is off-by-one in certain edge cases when calculating the necessary memory limbs. For instance, a 127-bit BigInt using radix 32 (where $\text{log2\_radix}=5$) is calculated to need $\text{n\_digits}=26$. * The maximum number of bits actually stored is $\text{n\_bits}=127$, which requires only two 64-bit limbs ($\text{JS\_LIMB\_BITS}=64$). * The conversion loop iterates $\text{n\_digits}=26$ times, attempting to read 5 bits in each iteration, totaling $26 \times 5 = 130$ bits. * In the final iterations of the loop, the code attempts to read data that spans two limbs: C c = (r->tab[pos] >> shift) | (r->tab[pos + 1] << (JS_LIMB_BITS - shift)); * Since the BigInt was only allocated two limbs, the read operation for r->tab[pos + 1] becomes an Out-of-Bounds Read when pos points to the last valid limb (e.g., $pos=1$). This vulnerability allows an attacker to cause the engine to read and process data from the memory immediately following the BigInt buffer. This can lead to Information Disclosure of sensitive data stored on the heap adjacent to the BigInt object. | |||||
| CVE-2025-37149 | 2025-10-28 | N/A | 6.0 MEDIUM | ||
| A potential out-of-bound reads vulnerability in HPE ProLiant RL300 Gen11 Server's UEFI firmware. | |||||
| CVE-2025-21815 | 1 Linux | 1 Linux Kernel | 2025-10-28 | N/A | 7.1 HIGH |
| In the Linux kernel, the following vulnerability has been resolved: mm/compaction: fix UBSAN shift-out-of-bounds warning syzkaller reported a UBSAN shift-out-of-bounds warning of (1UL << order) in isolate_freepages_block(). The bogus compound_order can be any value because it is union with flags. Add back the MAX_PAGE_ORDER check to fix the warning. | |||||
| CVE-2025-59275 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-10-27 | N/A | 7.8 HIGH |
| Improper validation of specified type of input in Windows Authentication Methods allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-55081 | 1 Eclipse | 1 Threadx Netx Duo | 2025-10-27 | N/A | 9.1 CRITICAL |
| In Eclipse Foundation NextX Duo before 6.4.4, a module of ThreadX, the _nx_secure_tls_process_clienthello() function was missing length verification of certain SSL/TLS client hello message: the ciphersuite length and compression method length. In case of an attacker-crafted message with values outside of the expected range, it could cause an out-of-bound read. | |||||
| CVE-2025-61863 | 1 Fujielectric | 1 Monitouch V-sft | 2025-10-27 | N/A | 7.8 HIGH |
| An out-of-bounds read vulnerability exists in VS6ComFile!CSaveData::delete_mem of V-SFT v6.2.7.0 and earlier. Opening specially crafted V-SFT files may lead to information disclosure, affected system's abnormal end (ABEND), and arbitrary code execution. | |||||
| CVE-2025-61862 | 1 Fujielectric | 1 Monitouch V-sft | 2025-10-27 | N/A | 7.8 HIGH |
| An out-of-bounds read vulnerability exists in VS6ComFile!get_ovlp_element_size of V-SFT v6.2.7.0 and earlier. Opening specially crafted V-SFT files may lead to information disclosure, affected system's abnormal end (ABEND), and arbitrary code execution. | |||||
| CVE-2025-61861 | 1 Fujielectric | 1 Monitouch V-sft | 2025-10-27 | N/A | 7.8 HIGH |
| An out-of-bounds read vulnerability exists in VS6ComFile!load_link_inf of V-SFT v6.2.7.0 and earlier. Opening specially crafted V-SFT files may lead to information disclosure, affected system's abnormal end (ABEND), and arbitrary code execution. | |||||
| CVE-2025-61860 | 1 Fujielectric | 1 Monitouch V-sft | 2025-10-27 | N/A | 7.8 HIGH |
| An out-of-bounds read vulnerability exists in VS6MemInIF!set_temp_type_default of V-SFT v6.2.7.0 and earlier. Opening specially crafted V-SFT files may lead to information disclosure, affected system's abnormal end (ABEND), and arbitrary code execution. | |||||
| CVE-2025-24991 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-10-27 | N/A | 5.5 MEDIUM |
| Out-of-bounds read in Windows NTFS allows an authorized attacker to disclose information locally. | |||||
| CVE-2025-55339 | 1 Microsoft | 7 Windows 11 22h2, Windows 11 23h2, Windows 11 24h2 and 4 more | 2025-10-27 | N/A | 7.8 HIGH |
| Out-of-bounds read in Windows NDIS allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-55085 | 1 Eclipse | 1 Threadx Netx Duo | 2025-10-27 | N/A | 7.5 HIGH |
| In NextX Duo before 6.4.4, in the HTTP client module, the network support code for Eclipse Foundation ThreadX, the parsing of HTTP header fields was missing bounds verification. A crafted server response could cause undefined behavior. | |||||
| CVE-2025-23345 | 2025-10-27 | N/A | 4.4 MEDIUM | ||
| NVIDIA Display Driver for Windows and Linux contains a vulnerability in a video decoder, where an attacker might cause an out-of-bounds read. A successful exploit of this vulnerability might lead to information disclosure or denial of service. | |||||
| CVE-2025-55094 | 1 Eclipse | 1 Threadx Netx Duo | 2025-10-24 | N/A | 7.5 HIGH |
| In NetX Duo before 6.4.4, the networking support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in _nx_icmpv6_validate_options() when handling a packet with ICMP6 options. | |||||
| CVE-2025-55087 | 1 Eclipse | 1 Threadx Netx Duo | 2025-10-24 | N/A | 7.5 HIGH |
| In NextX Duo's snmp addon versions before 6.4.4, a part of the Eclipse Foundation ThreadX, an attacker could cause an out-of-bound read by a crafted SNMPv3 security parameters. | |||||
| CVE-2025-55093 | 1 Eclipse | 1 Threadx Netx Duo | 2025-10-24 | N/A | 5.3 MEDIUM |
| In NetX Duo before 6.4.4, the networking support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in _nx_ipv4_packet_receive() when handling unicast DHCP messages that could cause corruption of 4 bytes of memory. | |||||