| 2025-01-21 | CVE-2024-24417 | Out-of-bounds Read vulnerability in Linuxfoundation Magma
The Linux Foundation Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) was discovered to contain a buffer overflow in the decode_protocol_configuration_options function at /3gpp/3gpp_24.008_sm_ies.c. | 7.5 |
| 2025-01-15 | CVE-2025-0437 | Out-of-bounds Read vulnerability in Google Chrome
Out of bounds read in Metrics in Google Chrome prior to 132.0.6834.83 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
| 2025-01-14 | CVE-2024-48855 | Out-of-bounds Read vulnerability in Blackberry QNX Software Development Platform 7.0/7.1/8.0
Out-of-bounds read in the TIFF image codec in QNX SDP versions 8.0, 7.1 and 7.0 could allow an unauthenticated attacker to cause an information disclosure in the context of the process using the image codec. | 7.5 |
| 2025-01-14 | CVE-2024-46670 | Out-of-bounds Read vulnerability in Fortinet Fortios
An Out-of-bounds Read vulnerability [CWE-125] in FortiOS version 7.6.0, version 7.4.4 and below, version 7.2.9 and below and FortiSASE FortiOS tenant version 24.3.b IPsec IKE service may allow an unauthenticated remote attacker to trigger memory consumption leading to Denial of Service via crafted requests. | 7.5 |
| 2025-01-09 | CVE-2025-21598 | An Out-of-bounds Read vulnerability in Juniper Networks Junos OS and Junos OS Evolved's routing protocol daemon (rpd) allows an unauthenticated, network-based attacker to send malformed BGP packets to a device configured with packet receive trace options enabled to crash rpd. This issue affects: Junos OS: * from 21.2R3-S8 before 21.2R3-S9, * from 21.4R3-S7 before 21.4R3-S9, * from 22.2R3-S4 before 22.2R3-S5, * from 22.3R3-S2 before 22.3R3-S4, * from 22.4R3 before 22.4R3-S5, * from 23.2R2 before 23.2R2-S2, * from 23.4R1 before 23.4R2-S1, * from 24.2R1 before 24.2R1-S1, 24.2R2. Junos OS Evolved: * from 21.4R3-S7-EVO before 21.4R3-S9-EVO, * from 22.2R3-S4-EVO before 22.2R3-S5-EVO, * from 22.3R3-S2-EVO before 22.3R3-S4-EVO, * from 22.4R3-EVO before 22.4R3-S5-EVO, * from 23.2R2-EVO before 23.2R2-S2-EVO, * from 23.4R1-EVO before 23.4R2-S1-EVO, * from 24.2R1-EVO before 24.2R1-S2-EVO, 24.2R2-EVO. This issue requires a BGP session to be established. This issue can propagate and multiply through multiple ASes until reaching vulnerable devices. This issue affects iBGP and eBGP. This issue affects IPv4 and IPv6. An indicator of compromise may be the presence of malformed update messages in a neighboring AS which is unaffected by this issue: For example, by issuing the command on the neighboring device: show log messages Reviewing for similar messages from devices within proximity to each other may indicate this malformed packet is propagating: rpd[<pid>]: Received malformed update from <IP address> (External AS <AS#>) and rpd[<pid>]: Malformed Attribute | 7.5 |
| 2025-01-06 | CVE-2024-23366 | Out-of-bounds Read vulnerability in Qualcomm products
Information Disclosure while invoking the mailbox write API when message received from user is larger than mailbox size. | 5.5 |
| 2025-01-06 | CVE-2024-33061 | Out-of-bounds Read vulnerability in Qualcomm products
Information disclosure while processing IOCTL call made for releasing a trusted VM process release or opening a channel without initializing the process. | 5.5 |
| 2025-01-06 | CVE-2024-33067 | Out-of-bounds Read vulnerability in Qualcomm products
Information disclosure while invoking callback function of sound model driver from ADSP for every valid opcode received from sound model driver. | 5.5 |
| 2025-01-06 | CVE-2024-43063 | Out-of-bounds Read vulnerability in Qualcomm products
information disclosure while invoking the mailbox read API. | 5.5 |
| 2025-01-06 | CVE-2024-45546 | Out-of-bounds Read vulnerability in Qualcomm products
Memory corruption while processing FIPS encryption or decryption IOCTL call invoked from user-space. | 7.8 |