Total
13113 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-6033 | 1 Ni | 1 Circuit Design Suite | 2025-10-07 | 7.8 High |
| There is a memory corruption vulnerability due to an out of bounds write in XML_Serialize() when using SymbolEditor in NI Circuit Design Suite. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted .sym file. This vulnerability affects NI Circuit Design Suite 14.3.1 and prior versions. | ||||
| CVE-2024-41056 | 2 Linux, Redhat | 3 Linux Kernel, Enterprise Linux, Rhel Eus | 2025-10-07 | 5.5 Medium |
| In the Linux kernel, the following vulnerability has been resolved: firmware: cs_dsp: Use strnlen() on name fields in V1 wmfw files Use strnlen() instead of strlen() on the algorithm and coefficient name string arrays in V1 wmfw files. In V1 wmfw files the name is a NUL-terminated string in a fixed-size array. cs_dsp should protect against overrunning the array if the NUL terminator is missing. | ||||
| CVE-2024-40987 | 1 Linux | 1 Linux Kernel | 2025-10-06 | 5.5 Medium |
| In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix UBSAN warning in kv_dpm.c Adds bounds check for sumo_vid_mapping_entry. | ||||
| CVE-2024-40988 | 2 Linux, Redhat | 3 Linux Kernel, Enterprise Linux, Rhel Eus | 2025-10-06 | 5.5 Medium |
| In the Linux kernel, the following vulnerability has been resolved: drm/radeon: fix UBSAN warning in kv_dpm.c Adds bounds check for sumo_vid_mapping_entry. | ||||
| CVE-2024-45543 | 1 Qualcomm | 130 C-v2x 9150, C-v2x 9150 Firmware, Fastconnect 6200 and 127 more | 2025-10-06 | 6.6 Medium |
| Memory corruption while accessing MSM channel map and mixer functions. | ||||
| CVE-2025-21439 | 1 Qualcomm | 50 Fastconnect 6700, Fastconnect 6700 Firmware, Fastconnect 6900 and 47 more | 2025-10-06 | 7.8 High |
| Memory corruption may occur while reading board data via IOCTL call when the WLAN driver copies the content to the provided output buffer. | ||||
| CVE-2025-1122 | 1 Google | 2 Chrome, Chrome Os | 2025-10-06 | 6.7 Medium |
| Out-Of-Bounds Write in TPM2 Reference Library in Google ChromeOS 15753.50.0 stable on Cr50 Boards allows an attacker with root access to gain persistence and Bypass operating system verification via exploiting the NV_Read functionality during the Challenge-Response process. | ||||
| CVE-2025-1292 | 1 Google | 2 Chrome, Chrome Os | 2025-10-06 | 6.7 Medium |
| Out-Of-Bounds Write in TPM2 Reference Library in Google ChromeOS 122.0.6261.132 stable on Cr50 Boards allows an attacker with root access to gain persistence and bypass operating system verification via exploiting the NV_Read functionality during the Challenge-Response process. | ||||
| CVE-2025-59729 | 1 Ffmpeg | 1 Ffmpeg | 2025-10-06 | N/A |
| When parsing the header for a DHAV file, there's an integer underflow in offset calculation that leads to reading the duration from before the start of the allocated buffer. If we load a DHAV file that is larger than MAX_DURATION_BUFFER_SIZE bytes (0x100000) for example 0x101000 bytes, then at [0] we have size = 0x101000. At [1] we have end_buffer_size = 0x100000, and at [2] we have end_buffer_pos = 0x1000. The loop then scans backwards through the buffer looking for the dhav tag; when it is found, we'll calculate end_pos based on a 32-bit offset read from the buffer. There is subsequently a check [3] that end_pos is within the section of the file that has been copied into end_buffer, but it only correctly handles the cases where end_pos is before the start of the file or after the section copied into end_buffer, and not the case where end_pos is within the the file, but before the section copied into end_buffer. If we provide such an offset, (end_pos - end_buffer_pos) can underflow, resulting in the subsequent access at [4] occurring before the beginning of the allocation. We recommend upgrading to version 8.0 or beyond. | ||||
| CVE-2025-59730 | 1 Ffmpeg | 1 Ffmpeg | 2025-10-06 | N/A |
| When decoding a frame for a SANM file (ANIM v0 variant), the decoded data can be larger than the buffer allocated for it. Frames encoded with codec 48 can specify their resolution (width x height). A buffer of appropriate size is allocated depending on the resolution. This codec can encode the frame contents using a run-length encoding algorithm. There are no checks that the decoded frame fits in the allocated buffer, leading to a heap-buffer-overflow. process_frame_obj initializes the buffers based on the frame resolution: We recommend upgrading to version 8.0 or beyond. | ||||
| CVE-2025-8893 | 1 Autodesk | 12 Advance Steel, Autocad, Autocad Architecture and 9 more | 2025-10-06 | 7.8 High |
| A maliciously crafted PDF file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process. | ||||
| CVE-2025-23275 | 3 Linux, Microsoft, Nvidia | 6 Linux Kernel, Windows, Cuda Toolkit and 3 more | 2025-10-06 | 4.2 Medium |
| NVIDIA CUDA Toolkit for all platforms contains a vulnerability in nvJPEG where a local authenticated user may cause a GPU out-of-bounds write by providing certain image dimensions. A successful exploit of this vulnerability may lead to denial of service and information disclosure. | ||||
| CVE-2024-31980 | 1 Siemens | 1 Parasolid | 2025-10-03 | 7.8 High |
| A vulnerability has been identified in Parasolid V35.1 (All versions < V35.1.256), Parasolid V36.0 (All versions < V36.0.210), Parasolid V36.1 (All versions < V36.1.185). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted X_T part file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-23468) | ||||
| CVE-2024-34086 | 1 Siemens | 2 Jt2go, Teamcenter Visualization | 2025-10-03 | 7.8 High |
| A vulnerability has been identified in JT2Go (All versions < V2312.0001), Teamcenter Visualization V14.1 (All versions < V14.1.0.13), Teamcenter Visualization V14.2 (All versions < V14.2.0.10), Teamcenter Visualization V14.3 (All versions < V14.3.0.7), Teamcenter Visualization V2312 (All versions < V2312.0001). The affected applications contain an out of bounds write vulnerability when parsing a specially crafted CGM file. This could allow an attacker to execute code in the context of the current process. | ||||
| CVE-2025-30175 | 1 Siemens | 5 Simatic Pcs Neo, Sinec Nms, Sinema Remote Connect and 2 more | 2025-10-03 | 7.5 High |
| A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions), SIMATIC PCS neo V5.0 (All versions), SINEC NMS (All versions < V4.0), SINEMA Remote Connect (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), Totally Integrated Automation Portal (TIA Portal) V18 (All versions), Totally Integrated Automation Portal (TIA Portal) V19 (All versions), Totally Integrated Automation Portal (TIA Portal) V20 (All versions), User Management Component (UMC) (All versions < V2.15.1.1). Affected products contain a out of bound write buffer overflow vulnerability in the integrated UMC component. This could allow an unauthenticated remote attacker to cause a denial of service condition. | ||||
| CVE-2025-46152 | 2 Linuxfoundation, Pytorch | 2 Pytorch, Pytorch | 2025-10-03 | 5.3 Medium |
| In PyTorch before 2.7.0, bitwise_right_shift produces incorrect output for certain out-of-bounds values of the "other" argument. | ||||
| CVE-2025-9230 | 1 Openssl | 1 Openssl | 2025-10-02 | 7.5 High |
| Issue summary: An application trying to decrypt CMS messages encrypted using password based encryption can trigger an out-of-bounds read and write. Impact summary: This out-of-bounds read may trigger a crash which leads to Denial of Service for an application. The out-of-bounds write can cause a memory corruption which can have various consequences including a Denial of Service or Execution of attacker-supplied code. Although the consequences of a successful exploit of this vulnerability could be severe, the probability that the attacker would be able to perform it is low. Besides, password based (PWRI) encryption support in CMS messages is very rarely used. For that reason the issue was assessed as Moderate severity according to our Security Policy. The FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this issue, as the CMS implementation is outside the OpenSSL FIPS module boundary. | ||||
| CVE-2025-20980 | 1 Google | 1 Android | 2025-10-02 | 4 Medium |
| Out-of-bounds write in libsavscmn prior to Android 15 allows local attackers to cause memory corruption. | ||||
| CVE-2025-20979 | 1 Google | 1 Android | 2025-10-02 | 8.4 High |
| Out-of-bounds write in libsavscmn prior to Android 15 allows local attackers to execute arbitrary code. | ||||
| CVE-2024-52064 | 1 Rti | 1 Connext Professional | 2025-10-02 | 7.1 High |
| Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in RTI Connext Professional (Core Libraries) allows Overflow Variables and Tags.This issue affects Connext Professional: from 7.0.0 before 7.3.0.2, from 6.1.0 before 6.1.2.21, from 6.0.0 before 6.0.1.40, from 5.0.0 before 5.3.1.45. | ||||