Total
6546 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-42070 | 1 Pdf-xchange | 2 Pdf-tools, Pdf-xchange Editor | 2025-05-16 | N/A | 5.5 MEDIUM |
| PDF-XChange Editor Doc Object Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Doc objects. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-21179. | |||||
| CVE-2023-42068 | 1 Pdf-xchange | 2 Pdf-tools, Pdf-xchange Editor | 2025-05-16 | N/A | 5.5 MEDIUM |
| PDF-XChange Editor JB2 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JB2 files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. . Was ZDI-CAN-20985. | |||||
| CVE-2023-42067 | 1 Pdf-xchange | 2 Pdf-tools, Pdf-xchange Editor | 2025-05-16 | N/A | 5.5 MEDIUM |
| PDF-XChange Editor JB2 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JB2 files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-20984. | |||||
| CVE-2023-42072 | 1 Pdf-xchange | 2 Pdf-tools, Pdf-xchange Editor | 2025-05-16 | N/A | 5.5 MEDIUM |
| PDF-XChange Editor JPC File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JPC files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-21311. | |||||
| CVE-2023-42073 | 1 Pdf-xchange | 2 Pdf-tools, Pdf-xchange Editor | 2025-05-16 | N/A | 5.5 MEDIUM |
| PDF-XChange Editor Doc Object Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Doc objects. By performing actions in JavaScript, an attacker can trigger a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-21323. | |||||
| CVE-2023-46045 | 1 Graphviz | 1 Graphviz | 2025-05-15 | N/A | 7.8 HIGH |
| Graphviz 2.36.0 through 9.x before 10.0.1 has an out-of-bounds read via a crafted config6a file. NOTE: exploitability may be uncommon because this file is typically owned by root. | |||||
| CVE-2022-25663 | 1 Qualcomm | 62 Aqt1000, Aqt1000 Firmware, Qca1062 and 59 more | 2025-05-15 | N/A | 5.5 MEDIUM |
| Possible buffer overflow due to lack of buffer length check during management frame Rx handling lead to denial of service in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity | |||||
| CVE-2022-25665 | 1 Qualcomm | 168 Aqt1000, Aqt1000 Firmware, Ar8035 and 165 more | 2025-05-15 | N/A | 7.1 HIGH |
| Information disclosure due to buffer over read in kernel in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Mobile | |||||
| CVE-2022-42900 | 1 Bentley | 2 Microstation, View | 2025-05-15 | N/A | 7.8 HIGH |
| Bentley MicroStation and MicroStation-based applications may be affected by out-of-bounds read issues when opening crafted FBX files. Exploiting these issues could lead to information disclosure and code execution. The fixed versions are 10.17.01.58* for MicroStation and 10.17.01.19* for Bentley View. | |||||
| CVE-2022-42901 | 1 Bentley | 2 Microstation, View | 2025-05-15 | N/A | 7.8 HIGH |
| Bentley MicroStation and MicroStation-based applications may be affected by out-of-bounds and stack overflow issues when opening crafted XMT files. Exploiting these issues could lead to information disclosure and code execution. The fixed versions are 10.17.01.58* for MicroStation and 10.17.01.19* for Bentley View. | |||||
| CVE-2022-42899 | 1 Bentley | 2 Microstation, View | 2025-05-15 | N/A | 7.8 HIGH |
| Bentley MicroStation and MicroStation-based applications may be affected by out-of-bounds read and stack overflow issues when opening crafted SKP files. Exploiting these issues could lead to information disclosure and code execution. The fixed versions are 10.17.01.58* for MicroStation and 10.17.01.19* for Bentley View. | |||||
| CVE-2021-46839 | 1 Huawei | 2 Emui, Harmonyos | 2025-05-15 | N/A | 9.1 CRITICAL |
| The HW_KEYMASTER module has a vulnerability of missing bounds check on length.Successful exploitation of this vulnerability may cause malicious construction of data, which results in out-of-bounds access. | |||||
| CVE-2021-46840 | 1 Huawei | 2 Emui, Harmonyos | 2025-05-15 | N/A | 9.1 CRITICAL |
| The HW_KEYMASTER module has an out-of-bounds access vulnerability in parameter set verification.Successful exploitation of this vulnerability may cause malicious construction of data, which results in out-of-bounds access. | |||||
| CVE-2022-38984 | 1 Huawei | 2 Emui, Harmonyos | 2025-05-15 | N/A | 7.5 HIGH |
| The HIPP module has a vulnerability of not verifying the data transferred in the kernel space.Successful exploitation of this vulnerability will cause out-of-bounds read, which affects data confidentiality. | |||||
| CVE-2022-38998 | 1 Huawei | 2 Emui, Harmonyos | 2025-05-15 | N/A | 7.5 HIGH |
| The HISP module has a vulnerability of not verifying the data transferred in the kernel space.Successful exploitation of this vulnerability will cause out-of-bounds read, which affects data confidentiality. | |||||
| CVE-2022-38981 | 1 Huawei | 1 Harmonyos | 2025-05-15 | N/A | 7.5 HIGH |
| The HwAirlink module has an out-of-bounds read vulnerability.Successful exploitation of this vulnerability may cause information leakage. | |||||
| CVE-2022-41594 | 1 Huawei | 2 Emui, Harmonyos | 2025-05-14 | N/A | 3.4 LOW |
| The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the fingerprint trusted application (TA).Successful exploitation of this vulnerability may affect the fingerprint service. | |||||
| CVE-2022-41592 | 1 Huawei | 2 Emui, Harmonyos | 2025-05-14 | N/A | 3.4 LOW |
| The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the fingerprint trusted application (TA).Successful exploitation of this vulnerability may affect the fingerprint service. | |||||
| CVE-2022-41580 | 1 Huawei | 2 Emui, Harmonyos | 2025-05-14 | N/A | 9.8 CRITICAL |
| The HW_KEYMASTER module has a vulnerability of not verifying the data read.Successful exploitation of this vulnerability may cause malicious construction of data, which results in out-of-bounds access. | |||||
| CVE-2022-41593 | 1 Huawei | 2 Emui, Harmonyos | 2025-05-14 | N/A | 3.4 LOW |
| The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the fingerprint trusted application (TA).Successful exploitation of this vulnerability may affect the fingerprint service. | |||||