Total
407 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-60720 | 1 Microsoft | 27 Windows, Windows 10, Windows 10 1607 and 24 more | 2025-11-25 | 7.8 High |
| Buffer over-read in Windows TDX.sys allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-21484 | 1 Qualcomm | 347 Apq8064au, Apq8064au Firmware, Aqt1000 and 344 more | 2025-11-25 | 8.2 High |
| Information disclosure when UE receives the RTP packet from the network, while decoding and reassembling the fragments from RTP packet. | ||||
| CVE-2025-59192 | 1 Microsoft | 25 Windows, Windows 10, Windows 10 1507 and 22 more | 2025-11-22 | 7.8 High |
| Buffer over-read in Storport.sys Driver allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-55325 | 1 Microsoft | 21 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 18 more | 2025-11-22 | 5.5 Medium |
| Buffer over-read in Windows Storage Management Provider allows an authorized attacker to disclose information locally. | ||||
| CVE-2025-54901 | 1 Microsoft | 14 365, 365 Apps, Excel and 11 more | 2025-11-20 | 5.5 Medium |
| Buffer over-read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally. | ||||
| CVE-2025-53806 | 1 Microsoft | 11 Windows Server 2008, Windows Server 2008 R2, Windows Server 2008 Sp2 and 8 more | 2025-11-20 | 6.5 Medium |
| Buffer over-read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. | ||||
| CVE-2025-53796 | 1 Microsoft | 11 Windows Server 2008, Windows Server 2008 R2, Windows Server 2008 Sp2 and 8 more | 2025-11-20 | 6.5 Medium |
| Buffer over-read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. | ||||
| CVE-2025-53798 | 1 Microsoft | 11 Windows Server 2008, Windows Server 2008 R2, Windows Server 2008 Sp2 and 8 more | 2025-11-20 | 6.5 Medium |
| Buffer over-read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. | ||||
| CVE-2025-53797 | 1 Microsoft | 11 Windows Server 2008, Windows Server 2008 R2, Windows Server 2008 Sp2 and 8 more | 2025-11-20 | 6.5 Medium |
| Buffer over-read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. | ||||
| CVE-2024-31082 | 1 Redhat | 1 Enterprise Linux | 2025-11-20 | 7.3 High |
| A heap-based buffer over-read vulnerability was found in the X.org server's ProcAppleDRICreatePixmap() function. This issue occurs when byte-swapped length values are used in replies, potentially leading to memory leakage and segmentation faults, particularly when triggered by a client with a different endianness. This vulnerability could be exploited by an attacker to cause the X server to read heap memory values and then transmit them back to the client until encountering an unmapped page, resulting in a crash. Despite the attacker's inability to control the specific memory copied into the replies, the small length values typically stored in a 32-bit integer can result in significant attempted out-of-bounds reads. | ||||
| CVE-2024-31081 | 1 Redhat | 6 Enterprise Linux, Rhel Aus, Rhel E4s and 3 more | 2025-11-20 | 7.3 High |
| A heap-based buffer over-read vulnerability was found in the X.org server's ProcXIPassiveGrabDevice() function. This issue occurs when byte-swapped length values are used in replies, potentially leading to memory leakage and segmentation faults, particularly when triggered by a client with a different endianness. This vulnerability could be exploited by an attacker to cause the X server to read heap memory values and then transmit them back to the client until encountering an unmapped page, resulting in a crash. Despite the attacker's inability to control the specific memory copied into the replies, the small length values typically stored in a 32-bit integer can result in significant attempted out-of-bounds reads. | ||||
| CVE-2024-31080 | 1 Redhat | 6 Enterprise Linux, Rhel Aus, Rhel E4s and 3 more | 2025-11-20 | 7.3 High |
| A heap-based buffer over-read vulnerability was found in the X.org server's ProcXIGetSelectedEvents() function. This issue occurs when byte-swapped length values are used in replies, potentially leading to memory leakage and segmentation faults, particularly when triggered by a client with a different endianness. This vulnerability could be exploited by an attacker to cause the X server to read heap memory values and then transmit them back to the client until encountering an unmapped page, resulting in a crash. Despite the attacker's inability to control the specific memory copied into the replies, the small length values typically stored in a 32-bit integer can result in significant attempted out-of-bounds reads. | ||||
| CVE-2025-63602 | 1 Intellibreeze | 1 Awesomeminer | 2025-11-19 | 7.3 High |
| A vulnerability was discovered in Awesome Miner thru 11.2.4 that allows arbitrary read and write to kernel memory and MSRs (such as LSTAR) as an unprivileged user. This is due to the implementation of an insecure version of WinRing0 (1.2.0.5, renamed to IntelliBreeze.Maintenance.Service.sys) that lacks a properly secured DACL, allowing unprivileged users to interact with the driver and, as a result, the kernel. This can result in local privilege escalation, information disclosure, denial of service, and other unspecified impacts. | ||||
| CVE-2025-53736 | 1 Microsoft | 15 365, 365 Apps, Office and 12 more | 2025-11-10 | 6.8 Medium |
| Buffer over-read in Microsoft Office Word allows an unauthorized attacker to disclose information locally. | ||||
| CVE-2025-32053 | 1 Redhat | 2 Enterprise Linux, Rhel Eus | 2025-11-06 | 6.5 Medium |
| A flaw was found in libsoup. A vulnerability in sniff_feed_or_html() and skip_insignificant_space() functions may lead to a heap buffer over-read. | ||||
| CVE-2025-32052 | 1 Redhat | 2 Enterprise Linux, Rhel Eus | 2025-11-06 | 6.5 Medium |
| A flaw was found in libsoup. A vulnerability in the sniff_unknown() function may lead to heap buffer over-read. | ||||
| CVE-2025-12745 | 1 Quickjs-ng | 1 Quickjs | 2025-11-06 | 5.3 Medium |
| A weakness has been identified in QuickJS up to eb2c89087def1829ed99630cb14b549d7a98408c. This affects the function js_array_buffer_slice of the file quickjs.c. This manipulation causes buffer over-read. The attack is restricted to local execution. The exploit has been made available to the public and could be exploited. This product adopts a rolling release strategy to maintain continuous delivery Patch name: c6fe5a98fd3ef3b7064e6e0145dfebfe12449fea. To fix this issue, it is recommended to deploy a patch. | ||||
| CVE-2025-27041 | 1 Qualcomm | 127 Ar8035, Ar8035 Firmware, Fastconnect 6900 and 124 more | 2025-11-05 | 5.5 Medium |
| Transient DOS while processing video packets received from video firmware. | ||||
| CVE-2025-27045 | 1 Qualcomm | 37 Fastconnect 6900, Fastconnect 6900 Firmware, Fastconnect 7800 and 34 more | 2025-11-05 | 6.1 Medium |
| Information disclosure while processing batch command execution in Video driver. | ||||
| CVE-2025-27049 | 1 Qualcomm | 63 Fastconnect 6700, Fastconnect 6700 Firmware, Fastconnect 6900 and 60 more | 2025-11-05 | 5.5 Medium |
| Transient DOS while processing IOCTL call for image encoding. | ||||