Total
8529 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-53376 | 1 Linux | 1 Linux Kernel | 2025-12-12 | 7.1 High |
| In the Linux kernel, the following vulnerability has been resolved: scsi: mpi3mr: Use number of bits to manage bitmap sizes To allocate bitmaps, the mpi3mr driver calculates sizes of bitmaps using byte as unit. However, bitmap helper functions assume that bitmaps are allocated using unsigned long as unit. This gap causes memory access beyond the bitmap sizes and results in "BUG: KASAN: slab-out-of-bounds". The BUG was observed at firmware download to eHBA-9600. Call trace indicated that the out-of-bounds access happened in find_first_zero_bit() called from mpi3mr_send_event_ack() for miroc->evtack_cmds_bitmap. To fix the BUG, do not use bytes to manage bitmap sizes. Instead, use number of bits, and call bitmap helper functions which take number of bits as arguments. For memory allocation, call bitmap_zalloc() instead of kzalloc() and krealloc(). For memory free, call bitmap_free() instead of kfree(). For zero clear, call bitmap_clear() instead of memset(). Remove three fields for bitmap byte sizes in struct scmd_priv which are no longer required. Replace the field dev_handle_bitmap_sz with dev_handle_bitmap_bits to keep number of bits of removepend_bitmap across resize. | ||||
| CVE-2025-36918 | 1 Google | 1 Android | 2025-12-12 | 7.8 High |
| In aoc_service_read_message of aoc_ipc_core.c, there is a possible out of bounds read due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2025-36921 | 1 Google | 1 Android | 2025-12-12 | 5.5 Medium |
| In ProtocolPsUnthrottleApn() of protocolpsadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with baseband firmware compromise required. User interaction is not needed for exploitation. | ||||
| CVE-2025-59391 | 1 Libcoap | 1 Libcoap | 2025-12-12 | 6.5 Medium |
| A memory disclosure vulnerability exists in libcoap's OSCORE configuration parser in libcoap before release-4.3.5-patches. An out-of-bounds read may occur when parsing certain configuration values, allowing an attacker to infer or read memory beyond string boundaries in the .rodata section. This could potentially lead to information disclosure or denial of service. | ||||
| CVE-2025-66589 | 1 Azeotech | 1 Daqfactory | 2025-12-12 | N/A |
| In AzeoTech DAQFactory release 20.7 (Build 2555), an Out-of-bounds Read vulnerability can be exploited by an attacker to cause the program to read data past the end of an allocated buffer. This could allow an attacker to disclose information or cause a system crash. | ||||
| CVE-2025-55307 | 2 Foxit, Microsoft | 2 Pdf Editor, Windows | 2025-12-11 | 3.3 Low |
| An issue was discovered in Foxit PDF and Editor for Windows before 13.2 and 2025 before 2025.2. Opening a malicious PDF containing a crafted JavaScript call to search.query() with a crafted cDIPath parameter (e.g., "/") may cause an out-of-bounds read in internal path-parsing logic, potentially leading to information disclosure or memory corruption. | ||||
| CVE-2025-47914 | 1 Golang | 2 Crypto, Ssh | 2025-12-11 | 5.3 Medium |
| SSH Agent servers do not validate the size of messages when processing new identity requests, which may cause the program to panic if the message is malformed due to an out of bounds read. | ||||
| CVE-2025-59275 | 1 Microsoft | 28 Windows, Windows 10, Windows 10 1507 and 25 more | 2025-12-11 | 7.8 High |
| Improper validation of specified type of input in Windows Authentication Methods allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-59232 | 1 Microsoft | 19 365, 365 Apps, Access and 16 more | 2025-12-11 | 7.1 High |
| Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally. | ||||
| CVE-2025-59208 | 1 Microsoft | 30 Windows, Windows 10, Windows 10 1507 and 27 more | 2025-12-11 | 7.1 High |
| Out-of-bounds read in Windows MapUrlToZone allows an unauthorized attacker to disclose information over a network. | ||||
| CVE-2025-55695 | 1 Microsoft | 30 Windows, Windows 10, Windows 10 1507 and 27 more | 2025-12-11 | 5.5 Medium |
| Out-of-bounds read in Windows WLAN Auto Config Service allows an authorized attacker to disclose information locally. | ||||
| CVE-2025-50152 | 1 Microsoft | 25 Windows, Windows 10, Windows 10 1507 and 22 more | 2025-12-11 | 7.8 High |
| Out-of-bounds read in Windows Kernel allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-59235 | 1 Microsoft | 19 365, 365 Apps, Access and 16 more | 2025-12-11 | 7.1 High |
| Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally. | ||||
| CVE-2025-58717 | 1 Microsoft | 30 Windows, Windows 10, Windows 10 1507 and 27 more | 2025-12-11 | 6.5 Medium |
| Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. | ||||
| CVE-2025-55700 | 1 Microsoft | 26 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 23 more | 2025-12-11 | 6.5 Medium |
| Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. | ||||
| CVE-2025-55681 | 1 Microsoft | 22 Windows, Windows 10, Windows 10 1809 and 19 more | 2025-12-11 | 7 High |
| Out-of-bounds read in Windows DWM allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-55339 | 1 Microsoft | 12 Windows 11 22h2, Windows 11 22h2, Windows 11 23h2 and 9 more | 2025-12-11 | 7.8 High |
| Out-of-bounds read in Windows NDIS allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-21074 | 1 Samsung | 2 Android, Mobile Devices | 2025-12-11 | 4.3 Medium |
| Out-of-bounds read in libimagecodec.quram.so prior to SMR Nov-2025 Release 1 allows remote attackers to access out-of-bounds memory. | ||||
| CVE-2025-39922 | 1 Linux | 1 Linux Kernel | 2025-12-11 | 7.1 High |
| In the Linux kernel, the following vulnerability has been resolved: ixgbe: fix incorrect map used in eee linkmode incorrectly used ixgbe_lp_map in loops intended to populate the supported and advertised EEE linkmode bitmaps based on ixgbe_ls_map. This results in incorrect bit setting and potential out-of-bounds access, since ixgbe_lp_map and ixgbe_ls_map have different sizes and purposes. ixgbe_lp_map[i] -> ixgbe_ls_map[i] Use ixgbe_ls_map for supported and advertised linkmodes, and keep ixgbe_lp_map usage only for link partner (lp_advertised) mapping. | ||||
| CVE-2025-60709 | 1 Microsoft | 27 Windows, Windows 10, Windows 10 1607 and 24 more | 2025-12-11 | 7.8 High |
| Out-of-bounds read in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally. | ||||