Monthly
Out-of-bounds read in TDengine's SQL tokenizer (versions prior to 3.4.1.14) allows an authenticated user with SQL query access to crash the database server and potentially leak one byte of adjacent heap memory. The flaw resides in tGetToken() within source/libs/parser/src/parTokenizer.c, triggered by submitting a SQL string literal ending in a bare backslash (e.g., 'abc\). No public exploit code has been identified at time of analysis, and this CVE is not listed in the CISA KEV catalog.
Denial of service in TDengine time-series database versions prior to 3.4.1.15 allows unauthenticated remote attackers to crash the server by sending a malformed compressed RPC packet. The transDecompressMsg() function trusts a compression-length field without verifying the packet is large enough to contain the 8-byte STransCompMsg header, leading to an out-of-bounds read, uncontrolled/underflowed allocation, and process crash. No public exploit identified at time of analysis, and the flaw is not listed in CISA KEV; a vendor fix exists in 3.4.1.15.
Heap buffer over-read in NGINX Plus's MQTT filter module (ngx_stream_mqtt_filter_module) allows unauthenticated remote attackers to crash the NGINX worker process, causing a brief, recoverable service disruption. The vulnerability is data-plane only - no control plane exposure exists - and exploitation depends partly on runtime conditions outside the attacker's control, reflected by the CVSS 4.0 AT:P metric. No public exploit code or active exploitation (CISA KEV) has been identified at time of analysis; F5 has released a patch documented in advisory K000162101.
ImageMagick before 7.1.2-26 (7.x branch) and 6.9.13-51 (6.x branch) discloses one byte of process memory beyond a profile boundary when the `identify` command is run with debug output enabled and the embedded profile ends with a non-printable byte. The out-of-bounds read (CWE-125) is highly conditional - requiring local access, explicit debug mode activation, and a specifically crafted profile payload - keeping real-world impact extremely low despite ImageMagick's broad deployment footprint. No public exploit code or active exploitation has been identified at time of analysis.
Out-of-bounds memory read in ASUS System Control Interface v3, ASUS System Control Interface, and ASUS Business Manager exposes kernel and firmware memory contents to local administrators via a crafted IOCTL request that bypasses the driver's length validation. The vulnerability (CWE-125) is constrained to AV:L/PR:H, meaning exploitation requires prior establishment of local administrator access on a system where the affected ASUS software is installed. No public exploit code or active exploitation has been confirmed at time of analysis; the ASUS Security Advisory documents the remediation path.
Media Encoder is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to disclose sensitive information. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
An out-of-bounds read vulnerability was found in libsoup's multipart processing subsystem. The flaw exists in the soup_multipart_input_stream_read_headers() function inside soup-multipart-input-stream.c, which does not adequately restrict or validate the size of incoming multipart boundary strings. When processing a crafted HTTP response containing a malformed or oversized boundary parameter, the internal stream reader reads past the allocated buffer bounds. A remote, unauthenticated attacker can exploit this behavior to cause a service denial (DoS) through application failure or potentially read fragments of unauthorized memory metadata.
Denial of service in Open5GS (open-source 5G/EPC core) through version 2.7.7 lets remote unauthenticated attackers crash the AMF by sending a malformed NAS 5GS mobile-identity information element, triggering a heap out-of-bounds read before authentication completes. Because the AMF handles mobility management for the entire network, a single crafted pre-authentication message can produce a subscriber-wide outage rather than affecting only the sender. There is no public exploit identified at time of analysis, and the flaw is not listed in CISA KEV, but the pre-auth network-reachable nature makes it a high-priority availability issue for anyone running Open5GS in production.
Heap buffer over-read in libsoup's HTTP/2 GOAWAY frame parser allows remote unauthenticated attackers to crash applications or leak heap memory fragments by sending a malformed frame with a non-NUL-terminated Additional Debug Data payload. Affected deployments include applications built on libsoup running on Red Hat Enterprise Linux 10 that accept or initiate HTTP/2 connections. A proof-of-concept exists per SSVC data, though exploitation is rated non-automatable and this vulnerability is not listed in the CISA KEV catalog at time of analysis.
Audition is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to disclose sensitive information. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Out-of-bounds read in TDengine's SQL tokenizer (versions prior to 3.4.1.14) allows an authenticated user with SQL query access to crash the database server and potentially leak one byte of adjacent heap memory. The flaw resides in tGetToken() within source/libs/parser/src/parTokenizer.c, triggered by submitting a SQL string literal ending in a bare backslash (e.g., 'abc\). No public exploit code has been identified at time of analysis, and this CVE is not listed in the CISA KEV catalog.
Denial of service in TDengine time-series database versions prior to 3.4.1.15 allows unauthenticated remote attackers to crash the server by sending a malformed compressed RPC packet. The transDecompressMsg() function trusts a compression-length field without verifying the packet is large enough to contain the 8-byte STransCompMsg header, leading to an out-of-bounds read, uncontrolled/underflowed allocation, and process crash. No public exploit identified at time of analysis, and the flaw is not listed in CISA KEV; a vendor fix exists in 3.4.1.15.
Heap buffer over-read in NGINX Plus's MQTT filter module (ngx_stream_mqtt_filter_module) allows unauthenticated remote attackers to crash the NGINX worker process, causing a brief, recoverable service disruption. The vulnerability is data-plane only - no control plane exposure exists - and exploitation depends partly on runtime conditions outside the attacker's control, reflected by the CVSS 4.0 AT:P metric. No public exploit code or active exploitation (CISA KEV) has been identified at time of analysis; F5 has released a patch documented in advisory K000162101.
ImageMagick before 7.1.2-26 (7.x branch) and 6.9.13-51 (6.x branch) discloses one byte of process memory beyond a profile boundary when the `identify` command is run with debug output enabled and the embedded profile ends with a non-printable byte. The out-of-bounds read (CWE-125) is highly conditional - requiring local access, explicit debug mode activation, and a specifically crafted profile payload - keeping real-world impact extremely low despite ImageMagick's broad deployment footprint. No public exploit code or active exploitation has been identified at time of analysis.
Out-of-bounds memory read in ASUS System Control Interface v3, ASUS System Control Interface, and ASUS Business Manager exposes kernel and firmware memory contents to local administrators via a crafted IOCTL request that bypasses the driver's length validation. The vulnerability (CWE-125) is constrained to AV:L/PR:H, meaning exploitation requires prior establishment of local administrator access on a system where the affected ASUS software is installed. No public exploit code or active exploitation has been confirmed at time of analysis; the ASUS Security Advisory documents the remediation path.
Media Encoder is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to disclose sensitive information. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
An out-of-bounds read vulnerability was found in libsoup's multipart processing subsystem. The flaw exists in the soup_multipart_input_stream_read_headers() function inside soup-multipart-input-stream.c, which does not adequately restrict or validate the size of incoming multipart boundary strings. When processing a crafted HTTP response containing a malformed or oversized boundary parameter, the internal stream reader reads past the allocated buffer bounds. A remote, unauthenticated attacker can exploit this behavior to cause a service denial (DoS) through application failure or potentially read fragments of unauthorized memory metadata.
Denial of service in Open5GS (open-source 5G/EPC core) through version 2.7.7 lets remote unauthenticated attackers crash the AMF by sending a malformed NAS 5GS mobile-identity information element, triggering a heap out-of-bounds read before authentication completes. Because the AMF handles mobility management for the entire network, a single crafted pre-authentication message can produce a subscriber-wide outage rather than affecting only the sender. There is no public exploit identified at time of analysis, and the flaw is not listed in CISA KEV, but the pre-auth network-reachable nature makes it a high-priority availability issue for anyone running Open5GS in production.
Heap buffer over-read in libsoup's HTTP/2 GOAWAY frame parser allows remote unauthenticated attackers to crash applications or leak heap memory fragments by sending a malformed frame with a non-NUL-terminated Additional Debug Data payload. Affected deployments include applications built on libsoup running on Red Hat Enterprise Linux 10 that accept or initiate HTTP/2 connections. A proof-of-concept exists per SSVC data, though exploitation is rated non-automatable and this vulnerability is not listed in the CISA KEV catalog at time of analysis.
Audition is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to disclose sensitive information. Exploitation of this issue requires user interaction in that a victim must open a malicious file.