105 matches found
CVE-2026-45160
ESF-IDF is the Espressif Internet of Things IOT Development Framework. In versions 5.2.7, 5.3.5, 5.4.4, 5.5.4, and 6.0.1, an out-of-bounds read flaw exists in the DHCP server option parser parseoptions in components/lwip/apps/dhcpserver/dhcpserver.c shipped with ESP-IDF's lwIP component. The pars...
CLSA-2026-1778004214 vim: Fix of 5 CVEs
CVE-2022-2124: fix out-of-bounds read in currentquote when searching for quotes goes over the end of the line textobject.c, upstream patch 8.2.5120 - CVE-2022-2126: fix invalid index use in suggesttriewalk when tsfidx is zero spellsuggest.c, upstream patch 8.2.5123 - CVE-2022-2207: fix read...
CLSA-2026-1777980164 vim: Fix of 5 CVEs
CVE-2022-2124: fix out-of-bounds read in currentquote when searching for quotes goes over the end of the line textobject.c, upstream patch 8.2.5120 - CVE-2022-2126: fix invalid index use in suggesttriewalk when tsfidx is zero spellsuggest.c, upstream patch 8.2.5123 - CVE-2022-2207: fix read...
CLSA-2026-1777540266 vim: Fix of 10 CVEs
CVE-2022-2182: in doonecmd, after ";" sets curwin-wcursor.lnum to ea.line2, call checkcursor instead of checkcursorlnum so the column is validated too, and fall back to checkcursorcol when ea.line2 is zero, preventing read past end-of-line on ":0;'". - CVE-2022-2206: in checkshellsize, clamp...
Adobe InDesign < 20.5.3 / 21.0 < 21.3.0 Multiple Vulnerabilities (APSB26-32) (macOS)
The version of Adobe InDesign installed on the remote macOS host is prior to 20.5.3, 21.3.0. It is, therefore, affected by multiple vulnerabilities as referenced in the APSB26-32 advisory. - Heap-based Buffer Overflow CWE-122 potentially leading to Arbitrary code execution CVE-2026-34627,...
CVE-2026-21345
Substance3D - Stager versions 3.1.6 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current...
CVE-2022-37368
This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
CVE-2020-17401
This vulnerability allows local attackers to disclose sensitive informations on affected installations of Parallels Desktop 15.1.4. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists...
bnxt: Do not read past the end of test names
...
EulerOS 2.0 SP12 : libarchive (EulerOS-SA-2025-2013)
According to the versions of the libarchive package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and...
Linux Distros Unpatched Vulnerability : CVE-2022-1534
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Buffer Over-read at parserawml.c:1416 in GitHub repository bfabiszewski/libmobi prior to 0.11. The bug causes the program reads data past the end of the intente...
CVE-2025-7033
A memory abuse issue exists in the Rockwell Automation Arena® Simulation. A custom file can force Arena Simulation to read and write past the end of memory space. Successful use requires user action, such as opening a bad file or webpage. If used, a threat actor could execute code or disclose...
AZL-63851 CVE-2025-5918 affecting package libarchive for versions less than 3.6.1-7
A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memo...
CVE-2021-31446
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within...
PDF-XChange Editor JB2 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
PT-2024-17649 · Tungsten Automation · Tungsten Automation Power Pdf
Name of the Vulnerable Software and Affected Versions: Tungsten Automation Power PDF affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations of Tungsten Automation Power PDF. User interaction is required to exploit this,...
CVE-2024-9767
IrfanView SID File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page...
CVE-2024-11529
CVE-2024-11529 affects IrfanView due to an out-of-bounds read in the DWG file parser that can lead to remote code execution . The vulnerability arises from insufficient validation of user-supplied data, causing a read past the end of an allocated buffer. Exploitation requires user interaction (ta...
PT-2024-39826 · Tungsten Automation · Tungsten Automation Power Pdf
Name of the Vulnerable Software and Affected Versions: Tungsten Automation Power PDF affected versions not specified Description: This issue allows remote attackers to disclose sensitive information on affected installations of Tungsten Automation Power PDF. User interaction is required to exploi...
PT-2024-39821 · Tungsten Automation · Tungsten Automation Power Pdf
Name of the Vulnerable Software and Affected Versions: Tungsten Automation Power PDF affected versions not specified Description: This issue allows remote attackers to disclose sensitive information on affected installations. User interaction is required, where the target must visit a malicious...