Total
7692 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-20651 | 2025-03-03 | 4.1 Medium | ||
| In da, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09291294; Issue ID: MSV-2062. | ||||
| CVE-2024-26660 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2025-03-03 | 5.5 Medium |
| In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Implement bounds check for stream encoder creation in DCN301 'stream_enc_regs' array is an array of dcn10_stream_enc_registers structures. The array is initialized with four elements, corresponding to the four calls to stream_enc_regs() in the array initializer. This means that valid indices for this array are 0, 1, 2, and 3. The error message 'stream_enc_regs' 4 <= 5 below, is indicating that there is an attempt to access this array with an index of 5, which is out of bounds. This could lead to undefined behavior Here, eng_id is used as an index to access the stream_enc_regs array. If eng_id is 5, this would result in an out-of-bounds access on the stream_enc_regs array. Thus fixing Buffer overflow error in dcn301_stream_encoder_create reported by Smatch: drivers/gpu/drm/amd/amdgpu/../display/dc/resource/dcn301/dcn301_resource.c:1011 dcn301_stream_encoder_create() error: buffer overflow 'stream_enc_regs' 4 <= 5 | ||||
| CVE-2024-26665 | 3 Debian, Linux, Redhat | 4 Debian Linux, Linux Kernel, Enterprise Linux and 1 more | 2025-03-03 | 7.1 High |
| In the Linux kernel, the following vulnerability has been resolved: tunnels: fix out of bounds access when building IPv6 PMTU error If the ICMPv6 error is built from a non-linear skb we get the following splat, BUG: KASAN: slab-out-of-bounds in do_csum+0x220/0x240 Read of size 4 at addr ffff88811d402c80 by task netperf/820 CPU: 0 PID: 820 Comm: netperf Not tainted 6.8.0-rc1+ #543 ... kasan_report+0xd8/0x110 do_csum+0x220/0x240 csum_partial+0xc/0x20 skb_tunnel_check_pmtu+0xeb9/0x3280 vxlan_xmit_one+0x14c2/0x4080 vxlan_xmit+0xf61/0x5c00 dev_hard_start_xmit+0xfb/0x510 __dev_queue_xmit+0x7cd/0x32a0 br_dev_queue_push_xmit+0x39d/0x6a0 Use skb_checksum instead of csum_partial who cannot deal with non-linear SKBs. | ||||
| CVE-2025-21124 | 3 Adobe, Apple, Microsoft | 3 Indesign, Macos, Windows | 2025-03-03 | 5.5 Medium |
| InDesign Desktop versions ID20.0, ID19.5.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2024-36921 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2025-03-01 | 7.8 High |
| In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: guard against invalid STA ID on removal Guard against invalid station IDs in iwl_mvm_mld_rm_sta_id as that would result in out-of-bounds array accesses. This prevents issues should the driver get into a bad state during error handling. | ||||
| CVE-2024-22273 | 2 Apple, Vmware | 5 Macos, Cloud Foundation, Esxi and 2 more | 2025-03-01 | 8.1 High |
| The storage controllers on VMware ESXi, Workstation, and Fusion have out-of-bounds read/write vulnerability. A malicious actor with access to a virtual machine with storage controllers enabled may exploit this issue to create a denial of service condition or execute code on the hypervisor from a virtual machine in conjunction with other issues. | ||||
| CVE-2023-24872 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2025-02-28 | 8.8 High |
| Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | ||||
| CVE-2023-21769 | 1 Microsoft | 12 Windows 10 1607, Windows 10 1809, Windows 10 20h2 and 9 more | 2025-02-28 | 7.5 High |
| Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability | ||||
| CVE-2023-24924 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2025-02-28 | 8.8 High |
| Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | ||||
| CVE-2023-32029 | 1 Microsoft | 5 365 Apps, Excel, Office and 2 more | 2025-02-28 | 7.8 High |
| Microsoft Excel Remote Code Execution Vulnerability | ||||
| CVE-2023-29373 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2025-02-28 | 8.8 High |
| Microsoft ODBC Driver Remote Code Execution Vulnerability | ||||
| CVE-2023-32017 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2025-02-28 | 7.8 High |
| Microsoft PostScript Printer Driver Remote Code Execution Vulnerability | ||||
| CVE-2023-32044 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2025-02-28 | 7.5 High |
| Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability | ||||
| CVE-2023-32045 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2025-02-28 | 7.5 High |
| Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability | ||||
| CVE-2023-32039 | 1 Microsoft | 11 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 8 more | 2025-02-28 | 5.5 Medium |
| Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability | ||||
| CVE-2023-33162 | 1 Microsoft | 3 365 Apps, Office, Office Online Server | 2025-02-28 | 5.5 Medium |
| Microsoft Excel Information Disclosure Vulnerability | ||||
| CVE-2023-35296 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2025-02-28 | 6.5 Medium |
| Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability | ||||
| CVE-2025-1673 | 1 Zephyrproject | 1 Zephyr | 2025-02-28 | 8.2 High |
| A malicious or malformed DNS packet without a payload can cause an out-of-bounds read, resulting in a crash (denial of service) or an incorrect computation. | ||||
| CVE-2025-1674 | 1 Zephyrproject | 1 Zephyr | 2025-02-28 | 8.2 High |
| A lack of input validation allows for out of bounds reads caused by malicious or malformed packets. | ||||
| CVE-2025-1675 | 2025-02-28 | 8.2 High | ||
| The function dns_copy_qname in dns_pack.c performs performs a memcpy operation with an untrusted field and does not check if the source buffer is large enough to contain the copied data. | ||||