CVE-2025-12745 QuickJS quickjs.c js_array_buffer_slice buffer over-read

A weakness has been identified in QuickJS up to eb2c89087def1829ed99630cb14b549d7a98408c. This affects the function jsarraybufferslice of the file quickjs.c. This manipulation causes buffer over-read. The attack is restricted to local execution. The exploit has been made available to the public a...

CVE-2025-12745

A weakness has been identified in QuickJS up to eb2c89087def1829ed99630cb14b549d7a98408c. This affects the function jsarraybufferslice of the file quickjs.c. This manipulation causes buffer over-read. The attack is restricted to local execution. The exploit has been made available to the public a...

PT-2025-45149

Name of the Vulnerable Software and Affected Versions QuickJS versions prior to eb2c89087def1829ed99630cb14b549d7a98408c Description A flaw exists in QuickJS that allows for a buffer over-read. This issue is related to the js array buffer slice function within the quickjs.c file. Exploitation is...

CVE-2025-47368

CVE-2025-47368 affects Qualcomm DSP Service (Memory corruption in MCDM IOCTL processing when dereferencing an invalid userspace address in a user buffer). The CVSS v3.1 vector indicates a Local, Low-Complexity exploit with Low Privileges Required, no user interaction, and impacts on confidentiali...

CVE-2025-47362

CVE-2025-47362 affects an Automotive Software platform based on QNX . The issue is an information disclosure triggered by processing a client message with an invalid payload, attributed to a buffer over-read in the affected software component. Documented impact indicates high confidentiality risk...

CVE-2025-27064 Buffer Over-read in Core Services

Information disclosure while registering commands from clients with diag through diagHal...

CVE-2025-27064 Buffer Over-read in Core Services

Information disclosure while registering commands from clients with diag through diagHal...

PT-2025-44929

Name of the Vulnerable Software and Affected Versions Automotive Software platform based on QNX affected versions not specified Description An information disclosure issue exists when processing messages from a client with an invalid payload. The issue involves a buffer over-read. Recommendations...

PT-2025-44932

Name of the Vulnerable Software and Affected Versions versions prior to 2025 Description A memory corruption issue exists when dereferencing an invalid userspace address in a user buffer during MCDM IOCTL processing. This can lead to a buffer over-read in the DSP Service. Recommendations At the...

PT-2025-44921

Name of the Vulnerable Software and Affected Versions Core Services affected versions not specified Description An information disclosure issue exists when registering commands from clients using diag through diagHal. The issue involves a buffer over-read. Recommendations At the moment, there is ...

Astra Linux – Vulnerability in libssh2

The vulnerability of the libssh2ntohu32 function in the SSH2 protocol implementation library Libssh2 involves reading data beyond the allowable buffer size. Exploiting this vulnerability allows a remote attacker to gain access to confidential data and also cause service failures...

Astra Linux – Vulnerability in gst-plugins-good1.0

In GStreamer through 1.26.1, the isomp4 plugin’s qtdemuxparsetrak function may read past the end of a heap buffer while parsing an MP4 file, potentially leading to information disclosure...

Astra Linux – Vulnerability in apt

The vulnerability of the PackageFromTask function in the software for installing, updating, and deleting Apt software packages is related to reading data beyond the allowable buffer size. Exploiting this vulnerability allows an attacker to cause service failures...

Astra Linux - уязвимость в vim

Buffer Over-read in GitHub repository vim/vim prior to 8.2...

Astra Linux - уязвимость в linux-5.10, linux-5.15, linux-6.1

A flaw was found within the parsing of SMB2 requests that have a transform header in the kernel ksmbd module. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this to disclose...

CVE-2025-62787

Wazuh is a free and open source platform used for threat prevention, detection, and response. Prior to 4.10.2, a buffer over-read occurs in DecodeWinevt when childattrp-attributesj is accessed, because the corresponding index j is incorrect. A compromised agent can cause a READ operation beyond t...

CVE-2025-62792

Wazuh is a free and open source platform used for threat prevention, detection, and response. Prior to 4.12.0, a buffer over-read occurs in wexpressionmatch when strlen is called on strtest, because the corresponding buffer is not being properly NULL terminated during its allocation in OSCleanMSG...

CVE-2025-62787

Wazuh is a free and open source platform used for threat prevention, detection, and response. Prior to 4.10.2, a buffer over-read occurs in DecodeWinevt when childattrp-attributesj is accessed, because the corresponding index j is incorrect. A compromised agent can cause a READ operation beyond t...

EUVD-2025-36674

Wazuh is a free and open source platform used for threat prevention, detection, and response. Prior to 4.12.0, a buffer over-read occurs in wexpressionmatch when strlen is called on strtest, because the corresponding buffer is not being properly NULL terminated during its allocation in OSCleanMSG...

EUVD-2025-36682

Wazuh is a free and open source platform used for threat prevention, detection, and response. Prior to 4.10.2, a buffer over-read occurs in DecodeWinevt when childattrp-attributesj is accessed, because the corresponding index j is incorrect. A compromised agent can cause a READ operation beyond t...