Search Results (9603 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-44821 1 Microsoft 12 365 Apps, Microsoft 365, Office 2016 and 9 more 2026-06-11 5.5 Medium
Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally.
CVE-2026-45606 1 Microsoft 26 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 23 more 2026-06-11 5.5 Medium
Out-of-bounds read in Microsoft UxTheme Library (uxtheme.dll) allows an authorized attacker to deny service locally.
CVE-2026-45457 1 Microsoft 7 365 Apps, Microsoft 365, Office 2021 and 4 more 2026-06-11 7.8 High
Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally.
CVE-2026-44820 1 Microsoft 11 365 Apps, Excel, Excel 2016 and 8 more 2026-06-11 7.8 High
Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2026-44822 1 Microsoft 12 365 Apps, Excel, Excel 2016 and 9 more 2026-06-11 8.2 High
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information over a network.
CVE-2026-45485 1 Microsoft 12 365 Apps, Microsoft 365, Office 2016 and 9 more 2026-06-11 3.3 Low
Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally.
CVE-2026-45607 1 Microsoft 21 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 18 more 2026-06-11 8.4 High
Out-of-bounds read in Windows Hyper-V allows an unauthorized attacker to execute code locally.
CVE-2026-46433 2 Lldpd, Lldpd Project 2 Lldpd, Lldpd 2026-06-11 6.5 Medium
lldpd is an implementation of IEEE 802.1ab (LLDP). Prior to version 1.0.22, lldpd_decode() in src/daemon/lldpd.c strips 802.1Q VLAN tags from received Ethernet frames by calling memmove() to shift the frame payload 4 bytes left. The third argument (byte count) is s - 2 * ETHER_ADDR_LEN but should be s - 2 * ETHER_ADDR_LEN - 4, causing a 4-byte heap buffer over-read past the malloc(h_mtu) allocation when the received frame size equals the interface MTU. This issue has been patched in version 1.0.22.
CVE-2026-45160 1 Espressif 1 Esp-idf 2026-06-11 6.5 Medium
ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In versions 5.2.7, 5.3.5, 5.4.4, 5.5.4, and 6.0.1, an out-of-bounds read flaw exists in the DHCP server option parser (parse_options() in components/lwip/apps/dhcpserver/dhcpserver.c) shipped with ESP-IDF's lwIP component. The parser walks the BOOTP/DHCP options field without validating that each option's length byte and declared payload length stay within the received packet buffer. A crafted DHCP request can cause the parser to read past the end of the options buffer into adjacent heap memory. The issue affects the DHCP server used by ESP-IDF's SoftAP and any configuration where the device runs as a DHCP server on a local network. This issue has been patched in versions 5.2.8, 5.3.6, 5.4.5, 5.5.5, and 6.0.2.
CVE-2026-45329 1 Espressif 1 Esp-idf 2026-06-11 7.1 High
ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In versions 5.5.4 and 6.0, several ESP-TEE secure-service wrappers in esp_secure_services.c and esp_secure_services_iram.c validated only some of the caller-supplied pointer arguments, leaving input pointer arguments unchecked. Because the underlying TEE-protected hardware peripherals (e.g., ECC, SHA, SPI) run in RISC-V machine mode (M-mode) with full address-space access, a caller could supply pointers into TEE-exclusive memory as inputs, causing the peripheral to read TEE memory and return results derived from it to the REE. Depending on the wrapper, the result contains raw bytes from TEE memory, a computed function of TEE memory recoverable through repeated calls, or a single bit per call that forms an oracle for incremental disclosure of TEE-resident sensitive data. This issue has been patched in versions 5.5.5 and 6.0.1.
CVE-2026-45641 1 Microsoft 15 Windows 10 21h2, Windows 10 21h2, Windows 10 22h2 and 12 more 2026-06-11 8.4 High
Out-of-bounds read in Windows Hyper-V allows an unauthorized attacker to execute code locally.
CVE-2026-46532 1 Espressif 1 Esp-idf 2026-06-11 4.6 Medium
ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In versions 5.2.6, 5.3.5, 5.4.4, 5.5.3, and 6.0, an out-of-bounds read exists in the BlueDroid AVRCP vendor-command parser (avrc_pars_vendor_cmd() in components/bt/host/bluedroid/stack/avrc/avrc_pars_tg.c). This issue has been patched in versions 5.2.7, 5.3.6, 5.4.5, 5.5.4, and 6.0.1.
CVE-2026-42837 1 Microsoft 18 Windows 10 1809, Windows 10 21h2, Windows 10 21h2 and 15 more 2026-06-11 7.8 High
Buffer over-read in Windows Projected File System Filter Driver allows an authorized attacker to elevate privileges locally.
CVE-2026-44185 1 Apache 1 Http Server 2026-06-11 7.3 High
Buffer Over-read vulnerability in Apache HTTP Server via outbound OCSP requests to an attacker controlled OCSP server This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67. Users are recommended to upgrade to version 2.4.68, which fixes the issue.
CVE-2026-43951 1 Apache 1 Http Server 2026-06-11 6.5 Medium
Out-of-bounds Read vulnerability in Apache HTTP Server with mod_headers and mod_mime and multiple response languages. This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67.
CVE-2026-46185 1 Linux 1 Linux Kernel 2026-06-11 9.1 Critical
In the Linux kernel, the following vulnerability has been resolved: smb/client: fix out-of-bounds read in symlink_data() Since smb2_check_message() returns success without length validation for the symlink error response, in symlink_data() it is possible for iov->iov_len to be smaller than sizeof(struct smb2_err_rsp). If the buffer only contains the base SMB2 header (64 bytes), accessing err->ErrorContextCount (at offset 66) or err->ByteCount later in symlink_data() will cause an out-of-bounds read.
CVE-2026-24196 1 Nvidia 7 Geforce, Gpu Display Driver, Guest Driver and 4 more 2026-06-11 7.1 High
NVIDIA Display Driver for Linux contains a vulnerability where a user could cause an out-of-bounds read. A successful exploit of this vulnerability might lead to denial of service and information disclosure.
CVE-2026-11279 4 Apple, Google, Linux and 1 more 4 Macos, Chrome, Linux Kernel and 1 more 2026-06-10 8.8 High
Out of bounds read in DevTools in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Low)
CVE-2026-5713 1 Python 1 Cpython 2026-06-10 6.0 Medium
The "profiling.sampling" module (Python 3.15+) and "asyncio introspection capabilities" (3.14+, "python -m asyncio ps" and "python -m asyncio pstree") features could be used to read and write addresses in a privileged process if that process connected to a malicious or "infected" Python process via the remote debugging feature. This vulnerability requires persistently and repeatedly connecting to the process to be exploited, even after the connecting process crashes with high likelihood due to ASLR.
CVE-2026-4424 2 Libarchive, Redhat 21 Libarchive, Ai Inference Server, Discovery and 18 more 2026-06-10 7.5 High
A flaw was found in libarchive. This heap out-of-bounds read vulnerability exists in the RAR archive processing logic due to improper validation of the LZSS sliding window size after transitions between compression methods. A remote attacker can exploit this by providing a specially crafted RAR archive, leading to the disclosure of sensitive heap memory information without requiring authentication or user interaction.