Out-of-bounds read in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.
Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.
Integer underflow (wrap or wraparound) in Windows Kernel allows an unauthorized attacker to disclose information over an adjacent network.
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.
Improper input validation in Windows Mobile Broadband allows an authorized attacker to elevate privileges locally.
Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.
Out-of-bounds read in Windows Kernel-Mode Drivers allows an authorized attacker to elevate privileges locally.
Out-of-bounds read in Windows USB Video Driver allows an authorized attacker to disclose information with a physical attack.
Incorrect conversion between numeric types in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.
Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.
Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
Microsoft SQL Server Denial of Service Vulnerability
Microsoft Excel Information Disclosure Vulnerability
Microsoft Resilient File System (ReFS) Elevation of Privilege Vulnerability
Microsoft Local Security Authority Subsystem Service Information Disclosure Vulnerability
Windows Kernel Information Disclosure Vulnerability
Windows Common Log File System Driver Elevation of Privilege Vulnerability
Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability
Windows Kernel Elevation of Privilege Vulnerability
Windows Kernel Elevation of Privilege Vulnerability
Remote Procedure Call Runtime Information Disclosure Vulnerability
Windows Kernel Denial of Service Vulnerability
Remote Procedure Call Runtime Denial of Service Vulnerability
Remote Procedure Call Runtime Denial of Service Vulnerability
Microsoft Excel Information Disclosure Vulnerability
Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability
Remote Procedure Call Runtime Denial of Service Vulnerability
Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability
Windows iSCSI Discovery Service Denial of Service Vulnerability
Remote Procedure Call Runtime Denial of Service Vulnerability
Microsoft PostScript Printer Driver Remote Code Execution Vulnerability
Windows Digital Media Elevation of Privilege Vulnerability
Windows Wireless Wide Area Network Service (WwanSvc) Information Disclosure Vulnerability
Remote Procedure Call Runtime Denial of Service Vulnerability
LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in libtiff/tif_unix.c:368, invoked by tools/tiffcrop.c:2903 and tools/tiffcrop.c:6921, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e.
LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3400, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e.
LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3592, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e.
LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3488, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e.
LibTIFF 4.4.0 has an out-of-bounds read in tiffcp in tools/tiffcp.c:948, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit e8131125.
openCryptoki is a PKCS#11 library and provides tooling for Linux and AIX. In versions 3.26.0 and below, the BER/DER decoding functions in the shared common library (asn1.c) accept a raw pointer but no buffer length parameter, and trust attacker-controlled BER length fields without validating them against actual buffer boundaries. All primitive decoders are affected: ber_decode_INTEGER, ber_decode_SEQUENCE, ber_decode_OCTET_STRING, ber_decode_BIT_STRING, and ber_decode_CHOICE. Additionally, ber_decode_INTEGER can produce integer underflows when the encoded length is zero. An attacker supplying a malformed BER-encoded cryptographic object through PKCS#11 operations such as C_CreateObject or C_UnwrapKey, token loading from disk, or remote backend communication can trigger out-of-bounds reads. This affects all token backends (Soft, ICA, CCA, TPM, EP11, ICSF) since the vulnerable code is in the shared common library. A patch is available thorugh commit ed378f463ef73364c89feb0fc923f4dc867332a3.
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From 1.6.26 to 1.6.53, there is an integer truncation in the libpng simplified write API functions png_write_image_16bit and png_write_image_8bit causes heap buffer over-read when the caller provides a negative row stride (for bottom-up image layouts) or a stride exceeding 65535 bytes. The bug was introduced in libpng 1.6.26 (October 2016) by casts added to silence compiler warnings on 16-bit systems. This vulnerability is fixed in 1.6.54.