Total
8372 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-41232 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2025-11-04 | 5.5 Medium |
| An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Monterey 12.7, iOS 17 and iPadOS 17, macOS Ventura 13.6, iOS 16.7 and iPadOS 16.7. An app may be able to disclose kernel memory. | ||||
| CVE-2023-40436 | 1 Apple | 1 Macos | 2025-11-04 | 9.1 Critical |
| The issue was addressed with improved bounds checks. This issue is fixed in macOS Sonoma 14. An attacker may be able to cause unexpected system termination or read kernel memory. | ||||
| CVE-2023-40410 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2025-11-04 | 5.5 Medium |
| An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Ventura 13.6, tvOS 17, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to disclose kernel memory. | ||||
| CVE-2023-32029 | 1 Microsoft | 5 365 Apps, Excel, Office and 2 more | 2025-11-04 | 7.8 High |
| Microsoft Excel Remote Code Execution Vulnerability | ||||
| CVE-2023-1018 | 3 Microsoft, Redhat, Trustedcomputinggroup | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2025-11-04 | 5.5 Medium |
| An out-of-bounds read vulnerability exists in TPM2.0's Module Library allowing a 2-byte read past the end of a TPM2.0 command in the CryptParameterDecryption routine. An attacker who can successfully exploit this vulnerability can read or access sensitive data stored in the TPM. | ||||
| CVE-2022-4203 | 2 Openssl, Redhat | 3 Openssl, Enterprise Linux, Rhel Eus | 2025-11-04 | 4.9 Medium |
| A read buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed the malicious certificate or for the application to continue certificate verification despite failure to construct a path to a trusted issuer. The read buffer overrun might result in a crash which could lead to a denial of service attack. In theory it could also result in the disclosure of private memory contents (such as private keys, or sensitive plaintext) although we are not aware of any working exploit leading to memory contents disclosure as of the time of release of this advisory. In a TLS client, this can be triggered by connecting to a malicious server. In a TLS server, this can be triggered if the server requests client authentication and a malicious client connects. | ||||
| CVE-2022-46378 | 1 Weston-embedded | 1 Uc-ftps | 2025-11-04 | 6.5 Medium |
| An out-of-bounds read vulnerability exists in the PORT command parameter extraction functionality of Weston Embedded uC-FTPs v 1.98.00. A specially-crafted set of network packets can lead to denial of service. An attacker can send packets to trigger this vulnerability.This vulnerability occurs when no port argument is provided to the `PORT` command. | ||||
| CVE-2022-46377 | 1 Weston-embedded | 1 Uc-ftps | 2025-11-04 | 6.5 Medium |
| An out-of-bounds read vulnerability exists in the PORT command parameter extraction functionality of Weston Embedded uC-FTPs v 1.98.00. A specially-crafted set of network packets can lead to denial of service. An attacker can send packets to trigger this vulnerability.This vulnerability occurs when no IP address argument is provided to the `PORT` command. | ||||
| CVE-2022-23124 | 2 Debian, Netatalk | 2 Debian Linux, Netatalk | 2025-11-04 | 9.8 Critical |
| This vulnerability allows remote attackers to disclose sensitive information on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the get_finderinfo method. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-15870. | ||||
| CVE-2022-23123 | 2 Debian, Netatalk | 2 Debian Linux, Netatalk | 2025-11-04 | 9.8 Critical |
| This vulnerability allows remote attackers to disclose sensitive information on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the getdirparams method. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-15830. | ||||
| CVE-2025-59275 | 1 Microsoft | 19 Windows, Windows 10, Windows 10 1507 and 16 more | 2025-11-04 | 7.8 High |
| Improper validation of specified type of input in Windows Authentication Methods allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-59232 | 1 Microsoft | 14 365, 365 Apps, Access and 11 more | 2025-11-04 | 7.1 High |
| Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally. | ||||
| CVE-2025-59208 | 1 Microsoft | 20 Windows, Windows 10, Windows 10 1507 and 17 more | 2025-11-04 | 7.1 High |
| Out-of-bounds read in Windows MapUrlToZone allows an unauthorized attacker to disclose information over a network. | ||||
| CVE-2025-55695 | 1 Microsoft | 20 Windows, Windows 10, Windows 10 1507 and 17 more | 2025-11-04 | 5.5 Medium |
| Out-of-bounds read in Windows WLAN Auto Config Service allows an authorized attacker to disclose information locally. | ||||
| CVE-2025-50152 | 1 Microsoft | 18 Windows, Windows 10, Windows 10 1507 and 15 more | 2025-11-04 | 7.8 High |
| Out-of-bounds read in Windows Kernel allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-59235 | 1 Microsoft | 14 365, 365 Apps, Access and 11 more | 2025-11-04 | 7.1 High |
| Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally. | ||||
| CVE-2025-58717 | 1 Microsoft | 20 Windows, Windows 10, Windows 10 1507 and 17 more | 2025-11-04 | 6.5 Medium |
| Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. | ||||
| CVE-2025-55700 | 1 Microsoft | 16 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 13 more | 2025-11-04 | 6.5 Medium |
| Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. | ||||
| CVE-2025-55681 | 1 Microsoft | 15 Windows, Windows 10, Windows 10 1809 and 12 more | 2025-11-04 | 7 High |
| Out-of-bounds read in Windows DWM allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-55339 | 1 Microsoft | 7 Windows 11 22h2, Windows 11 23h2, Windows 11 24h2 and 4 more | 2025-11-04 | 7.8 High |
| Out-of-bounds read in Windows NDIS allows an authorized attacker to elevate privileges locally. | ||||