Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2020-28023

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-06 May, 2021 | 04:24
Updated At-04 Aug, 2024 | 16:25
Rejected At-
Credits

Exim 4 before 4.94.2 allows Out-of-bounds Read. smtp_setup_msg may disclose sensitive information from process memory to an unauthenticated SMTP client.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:06 May, 2021 | 04:24
Updated At:04 Aug, 2024 | 16:25
Rejected At:
▼CVE Numbering Authority (CNA)

Exim 4 before 4.94.2 allows Out-of-bounds Read. smtp_setup_msg may disclose sensitive information from process memory to an unauthenticated SMTP client.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.exim.org/static/doc/security/CVE-2020-qualys/CVE-2020-28023-SCHAD.txt
x_refsource_MISC
Hyperlink: https://www.exim.org/static/doc/security/CVE-2020-qualys/CVE-2020-28023-SCHAD.txt
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.exim.org/static/doc/security/CVE-2020-qualys/CVE-2020-28023-SCHAD.txt
x_refsource_MISC
x_transferred
Hyperlink: https://www.exim.org/static/doc/security/CVE-2020-qualys/CVE-2020-28023-SCHAD.txt
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:06 May, 2021 | 13:15
Updated At:10 May, 2021 | 16:15

Exim 4 before 4.94.2 allows Out-of-bounds Read. smtp_setup_msg may disclose sensitive information from process memory to an unauthenticated SMTP client.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Primary2.05.0MEDIUM
AV:N/AC:L/Au:N/C:P/I:N/A:N
Type: Primary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Type: Primary
Version: 2.0
Base score: 5.0
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:N
CPE Matches
Exim
exim
>>exim>>Versions from 4.00(inclusive) to 4.94.2(exclusive)
cpe:2.3:a:exim:exim:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-125Primarynvd@nist.gov
CWE ID: CWE-125
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://www.exim.org/static/doc/security/CVE-2020-qualys/CVE-2020-28023-SCHAD.txtcve@mitre.org
Third Party Advisory
Hyperlink: https://www.exim.org/static/doc/security/CVE-2020-qualys/CVE-2020-28023-SCHAD.txt
Source: cve@mitre.org
Resource:
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

520Records found
CVE-2024-35371
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.05% / 16.38%
||
7 Day CHG~0.00%
Published-29 Nov, 2024 | 00:00
Updated-02 Dec, 2024 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Ant-Media-Serverv2.8.2 is affected by Improper Output Neutralization for Logs. The vulnerability stems from insufficient input sanitization in the logging mechanism. Without proper filtering or validation, user-controllable data, such as identifiers or other sensitive information, can be included in log entries without restrictions.

Action-Not Available
Vendor-n/aant-media
Product-n/aAnt-Media-Server
CWE ID-CWE-125
Out-of-bounds Read
CVE-2017-18060
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.5||HIGH
EPSS-0.12% / 32.20%
||
7 Day CHG~0.00%
Published-16 Mar, 2018 | 22:00
Updated-17 Sep, 2024 | 02:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper input validation for resp_event->vdev_id in wma_unified_bcntx_status_event_handler(), which is received from firmware, leads to potential out of bounds memory read.

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidn/a
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-20
Improper Input Validation
CVE-2017-18053
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.5||HIGH
EPSS-0.12% / 32.20%
||
7 Day CHG~0.00%
Published-16 Mar, 2018 | 22:00
Updated-16 Sep, 2024 | 23:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper input validation for fix_param->vdev_id in wma_p2p_lo_event_handler(), which is received from firmware, leads to potential out of bounds memory read.

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidn/a
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-20
Improper Input Validation
CVE-2017-18058
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.5||HIGH
EPSS-0.12% / 32.20%
||
7 Day CHG~0.00%
Published-16 Mar, 2018 | 22:00
Updated-16 Sep, 2024 | 18:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper input validation for wow_buf_pkt_len in wma_wow_wakeup_host_event() which is received from firmware leads to potential out of bounds memory read.

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidn/a
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-20
Improper Input Validation
CVE-2017-17066
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.35% / 79.35%
||
7 Day CHG+0.35%
Published-05 Dec, 2017 | 09:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The (1) i2pd before 2.17 and (2) kovri pre-alpha implementations of the I2P routing protocol do not properly handle Garlic DeliveryTypeTunnel packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading sensitive router memory, aka the GarlicRust bug.

Action-Not Available
Vendor-getkovrii2pdn/a
Product-kovrii2pdn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-40503
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-8.2||HIGH
EPSS-0.07% / 21.25%
||
7 Day CHG~0.00%
Published-04 Apr, 2023 | 04:46
Updated-03 Aug, 2024 | 12:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Buffer over-read in Bluetooth Host.

Information disclosure due to buffer over-read in Bluetooth Host while A2DP streaming.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qca9377_firmwaresm7325-ae_firmwaresa6150p_firmwareqcs610qca8337snapdragon_820_automotive_platform_firmwaresnapdragon_wear_2100_platform_firmwarewcn3950_firmwaresa8150p_firmwareqcs2290qca6595au_firmwareqca6335sm8350sdm670csra6620_firmwareqcs605_firmwarecsra6640_firmwareqcs6125_firmwareapq5053-aa_firmwarewcn685x-1qcs400_firmwaresm7350-ab_firmwaremsm8108sm4375wcn3998qca6554a_firmwaremsm8108_firmwareqam8295pwcn3950sm4125mdm9628sm6375_firmwarewcn3660bsm7150-acsm7315_firmwaresm7325-aeqca6574au_firmwaresm4250-aawcd9375_firmwarewcn3998_firmwaresm6225-admsm8909wqca6420snapdragon_xr2\+_gen_1_platformsdx20mqca9367_firmware8909sm6225-ad_firmwareqrb5165m_firmwareqrb5165_firmwareqcs6125sm7250-ab_firmwareqca64308905_firmwarewcd9340sd626_firmwaresw5100qca64368953_firmwaresa6155pmsm8209_firmwarewcn685x-1_firmwaremdm9250_firmwaresm8150_firmwarewcd9341snapdragon_wear_2500_platformqca6696_firmwaresnapdragon_x12_lte_modemwcn3910_firmwaresm4350_firmwaresa8150psm8250-ac_firmwarewsa8830_firmwaresd855_firmwaresd660sd865_5g_firmwaresm7225_firmwarewcn3988sd660_firmwaresm4250-aa_firmwaresa8195p_firmwarewcn6750_firmwareqcn7606_firmwaresm6125_firmwaresa8295p_firmwarewcn3610msm8608sm6375sm6115_firmwareqca8337_firmwarewcd9380_firmwaresdm429wsw5100pmsm8996au_firmwarewcd9330snapdragon_w5\+_gen_1_wearable_platformqca6564ausdm429sd670_firmwareqca6574apq8053-acwcd9380qcs410apq8053-ac_firmwaresm7150-aa_firmwarec-v2x_9150_firmwareqcn9012_firmwaresd626qca6430_firmwarewcd9335_firmwarewcn3980qca6335_firmwaresm7225qcs605wcd9340_firmwarewsa8815sm6150-ac_firmwarewcn3910qca6320sdm429_firmwaremdm9650_firmwareqca6426_firmwarewcn3660b_firmwarewcn3680sd835wcn3980_firmwaresd730snapdragon_xr2\+_gen_1_platform_firmwarewcd9330_firmwaresnapdragon_x50_5g_modem-rf_system_firmwaresm7150-aasa8295psnapdragon_820_automotive_platformsm6350wcn6740_firmwaresm7125snapdragon_xr2_5g_platformapq8064au_firmwarear8031_firmwarewcn3680_firmwaresm7150-ab_firmwareqrb5165sm8350_firmwaresdm660sm6350_firmware9206_lte_modem_firmwarewcn785x-1_firmwaresdm710sd670qca6564a_firmwareapq8053-lite_firmwareqcm4290_firmwaresnapdragon_x24_lte_modemsw5100p_firmwareqcs610_firmwaresa6145par8031qca6595_firmwaresa8145pqca6391_firmwarewcd9370_firmwareqm215_firmwaresm4350-ac_firmwaresdx55sd888_firmwaresm8250csra6640sa8155psnapdragon_x20_lte_modemsnapdragon_1200_wearable_platformqcm2290qcn7606sdm845_firmwaresnapdragon_wear_2100_platformwsa8830sa8145p_firmwaresm6125snapdragon_x24_lte_modem_firmwareqcs2290_firmwarewcn785x-5mdm9628_firmwareflight_rb5_5g_platformmdm9650csra6620flight_rb5_5g_platform_firmwaresm7250-ac_firmwareqcs4290snapdragon_x20_lte_modem_firmwaremdm9250apq8053-liteqca6420_firmwareqca6390_firmwaresd730_firmwarewcd9370snapdragon_835_mobile_platform_firmwareqca6564sm6115qca6426qca6584au_firmwarewcn3990_firmwareqrb5165n_firmwaresm8450qca9377sm8250-abwcd9385_firmwarewcd9326_firmwarewcn3615_firmwaresnapdragon_1200_wearable_platform_firmwareqam8295p_firmwaresm7325-afqcn9011_firmwaresnapdragon_x55_5g_modem-rf_systemqca6320_firmwarewcn3680b_firmwaresdx55_firmwaresda\/sdm845_firmwaresnapdragon_208_processor_firmwarewcn3615qca6595ausm7325-af_firmwaresm7250p_firmware8953wcn3610_firmwareqca6436_firmwaresm4350-acqrb5165nsnapdragon_w5\+_gen_1_wearable_platform_firmwareqca6564au_firmwareqca6584ausd778gsa6155p_firmwareqca6310apq8053-aa_firmwaresm6225snapdragon_208_processorqcs6490snapdragon_x5_lte_modem_firmware9206_lte_modemqca9367snapdragon_wear_3100_platformsm8250_firmwaresm8250-acwcn3988_firmwareqcn9074sa6145p_firmwareqm215sm6250sd778g_firmwaresm7250-aac-v2x_9150sa8195psxr1120sdm710_firmwareapq8017_firmwarewsa8810_firmwaresm4375_firmwaresm8450_firmwarewcd9326wcd9335apq8053-aaqca6174a_firmwareqcs4290_firmwarewcd9385sxr2130_firmwareqcs6490_firmwaresnapdragon_x12_lte_modem_firmwaresm7150-abqca6390wcd9375sda\/sdm845aqt1000apq8064au8909_firmwaresm6250_firmwaresm6150_firmwarewcn3620_firmwaresm8150wsa8815_firmwareqcm6490wsa8835_firmwarewcn3620sm7350-abapq8017sxr1120_firmwareqca6564awcn785x-1qcm6125_firmwaresnapdragon_x5_lte_modemqcm2290_firmwareapq5053-aawcn3990qca6554asdm845sd865_5g8953proqca6595sm8350-ac_firmwaresm8150-acqcn9012sd888sm6150msm8909w_firmwarewsa8835msm8996ausdm429w_firmwaresnapdragon_835_mobile_platformsxr2130qca6574awcn685x-5_firmwareqca6174asm7325psdm670_firmwareqca6310_firmwaresm7325wcn6750sm7150-ac_firmwaresm7250-abqca6574_firmwaresd855sm4125_firmwaresm7325p_firmwaresnapdragon_xr2_5g_platform_firmwareqca6574a_firmware8953pro_firmwaremsm8209qrb5165mwcn785x-5_firmwaresm7315snapdragon_x55_5g_modem-rf_system_firmwaresm8250-ab_firmwareqca6391aqt1000_firmwareqcm4290qcm6490_firmwaresnapdragon_xr1_platformwcn685x-5qcn9011sm6225_firmwareqca6574ausa8155p_firmwarewcd9341_firmwaresdx20m_firmwareqcm6125sm7250-aa_firmwarewsa88108905sm7250-acsm8150-ac_firmwarewcn3680bsm8350-acsd835_firmwareqca6564_firmwaresnapdragon_wear_2500_platform_firmwarewcn6740qca6696sm4350msm8608_firmwaresm6150-acsm7125_firmwaresnapdragon_x50_5g_modem-rf_systemsa6150psm7250psnapdragon_wear_3100_platform_firmwaresw5100_firmwareqcn9074_firmwareqcs410_firmwareqcs400sdm660_firmwaresnapdragon_xr1_platform_firmwaresm7325_firmwareSnapdragon
CWE ID-CWE-126
Buffer Over-read
CWE ID-CWE-125
Out-of-bounds Read
CVE-2017-18051
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.5||HIGH
EPSS-0.12% / 32.20%
||
7 Day CHG~0.00%
Published-16 Mar, 2018 | 22:00
Updated-16 Sep, 2024 | 23:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper input validation for event->vdev_id in wma_rcpi_event_handler(), which is received from firmware, leads to potential out of bounds memory read.

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidn/a
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-20
Improper Input Validation
CVE-2017-18059
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.5||HIGH
EPSS-0.12% / 32.20%
||
7 Day CHG~0.00%
Published-16 Mar, 2018 | 22:00
Updated-17 Sep, 2024 | 02:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper input validation for vdev id in wma_scan_event_callback(), which is received from firmware, leads to potential out of bounds memory read.

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidn/a
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-20
Improper Input Validation
CVE-2022-38981
Matching Score-4
Assigner-Huawei Technologies
ShareView Details
Matching Score-4
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.13% / 33.13%
||
7 Day CHG~0.00%
Published-14 Oct, 2022 | 00:00
Updated-15 May, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The HwAirlink module has an out-of-bounds read vulnerability.Successful exploitation of this vulnerability may cause information leakage.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosHarmonyOS
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-38998
Matching Score-4
Assigner-Huawei Technologies
ShareView Details
Matching Score-4
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.11% / 29.63%
||
7 Day CHG~0.00%
Published-14 Oct, 2022 | 00:00
Updated-15 May, 2025 | 15:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The HISP module has a vulnerability of not verifying the data transferred in the kernel space.Successful exploitation of this vulnerability will cause out-of-bounds read, which affects data confidentiality.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosemuiHarmonyOSEMUI
CWE ID-CWE-125
Out-of-bounds Read
CVE-2017-18057
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.5||HIGH
EPSS-0.12% / 32.20%
||
7 Day CHG~0.00%
Published-16 Mar, 2018 | 22:00
Updated-17 Sep, 2024 | 01:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper input validation for vdev id in wma_nlo_scan_cmp_evt_handler(), which is received from firmware, leads to potential out of bounds memory read.

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidn/a
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-20
Improper Input Validation
CVE-2017-18052
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.5||HIGH
EPSS-0.12% / 32.20%
||
7 Day CHG~0.00%
Published-16 Mar, 2018 | 22:00
Updated-17 Sep, 2024 | 02:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper input validation for cmpl_params->num_reports, param_buf->desc_ids and param_buf->status in wma_mgmt_tx_bundle_completion_handler(), which is received from firmware, leads to potential out of bounds memory read.

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidn/a
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-20
Improper Input Validation
CVE-2022-38333
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.19% / 41.41%
||
7 Day CHG~0.00%
Published-19 Sep, 2022 | 16:13
Updated-03 Aug, 2024 | 10:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Openwrt before v21.02.3 and Openwrt v22.03.0-rc6 were discovered to contain two skip loops in the function header_value(). This vulnerability allows attackers to access sensitive information via a crafted HTTP request.

Action-Not Available
Vendor-n/aOpenWrt
Product-openwrtn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-38984
Matching Score-4
Assigner-Huawei Technologies
ShareView Details
Matching Score-4
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.11% / 29.63%
||
7 Day CHG~0.00%
Published-14 Oct, 2022 | 00:00
Updated-15 May, 2025 | 15:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The HIPP module has a vulnerability of not verifying the data transferred in the kernel space.Successful exploitation of this vulnerability will cause out-of-bounds read, which affects data confidentiality.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosemuiHarmonyOSEMUI
CWE ID-CWE-125
Out-of-bounds Read
CVE-2017-15853
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.09% / 26.57%
||
7 Day CHG~0.00%
Published-03 Apr, 2018 | 17:00
Updated-17 Sep, 2024 | 00:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, while processing PTT commands, ptt_sock_send_msg_to_app() is invoked without validating the packet length. If the packet length is invalid, then a buffer over-read can occur.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.Google LLC
Product-androidAndroid for MSM, Firefox OS for MSM, QRD Android
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-33884
Matching Score-4
Assigner-Autodesk
ShareView Details
Matching Score-4
Assigner-Autodesk
CVSS Score-7.5||HIGH
EPSS-0.99% / 75.92%
||
7 Day CHG~0.00%
Published-03 Oct, 2022 | 14:24
Updated-03 Aug, 2024 | 08:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Parsing a maliciously crafted X_B file can force Autodesk AutoCAD 2023 and 2022 to read beyond allocated boundaries. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.

Action-Not Available
Vendor-n/aAutodesk Inc.
Product-autocad_advance_steelautocad_mechanicalautocad_plant_3dautocad_map_3dautocadautocad_civil_3dautocad_electricalautocad_ltautocad_architectureautocad_meputodesk® AutoCAD®, Advance Steel and Civil 3D®
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-34742
Matching Score-4
Assigner-Huawei Technologies
ShareView Details
Matching Score-4
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.22% / 44.98%
||
7 Day CHG~0.00%
Published-11 Jul, 2022 | 13:53
Updated-03 Aug, 2024 | 09:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The system module has a read/write vulnerability. Successful exploitation of this vulnerability may affect data confidentiality.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-magic_uiemuiharmonyosMagic UIHarmonyOSEMUI
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-125
Out-of-bounds Read
CVE-2017-15837
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.09% / 26.57%
||
7 Day CHG~0.00%
Published-03 Apr, 2018 | 17:00
Updated-16 Sep, 2024 | 22:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, a policy for the packet pattern attribute NL80211_PKTPAT_OFFSET is not defined which can lead to a buffer over-read in nla_get_u32().

Action-Not Available
Vendor-Qualcomm Technologies, Inc.Google LLC
Product-androidAndroid for MSM, Firefox OS for MSM, QRD Android
CWE ID-CWE-125
Out-of-bounds Read
CVE-2017-16642
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-5.79% / 90.16%
||
7 Day CHG~0.00%
Published-07 Nov, 2017 | 21:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In PHP before 5.6.32, 7.x before 7.0.25, and 7.1.x before 7.1.11, an error in the date extension's timelib_meridian handling of 'front of' and 'back of' directives could be used by attackers able to supply date strings to leak information from the interpreter, related to ext/date/lib/parse_date.c out-of-bounds reads affecting the php_parse_date function. NOTE: this is a different issue than CVE-2017-11145.

Action-Not Available
Vendor-n/aDebian GNU/LinuxCanonical Ltd.NetApp, Inc.The PHP Group
Product-storage_automation_storeclustered_data_ontapdebian_linuxphpubuntu_linuxn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-33228
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-8.2||HIGH
EPSS-0.07% / 21.25%
||
7 Day CHG~0.00%
Published-04 Apr, 2023 | 04:46
Updated-03 Aug, 2024 | 08:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Buffer over-read in Modem

Information disclosure sue to buffer over-read in modem while processing ipv6 packet with hop-by-hop or destination option in header.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-mdm9206wcd9306snapdragon_wear_1300mdm8207snapdragon_wear_1200wcd9330mdm9207snapdragon_x5_lte_modem_firmwaremdm8207_firmwaresnapdragon_wear_1100mdm9205_firmwaremdm9205qca4004_firmwaremdm9206_firmwaremdm9207_firmwareqca4004qts110wcd9306_firmwaresnapdragon_wear_1100_firmwaresnapdragon_wear_1300_firmwarewcd9330_firmwaresnapdragon_wear_1200_firmwaresnapdragon_x5_lte_modemqts110_firmwareSnapdragon
CWE ID-CWE-126
Buffer Over-read
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-33229
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-8.2||HIGH
EPSS-0.08% / 24.38%
||
7 Day CHG~0.00%
Published-09 Feb, 2023 | 06:58
Updated-03 Aug, 2024 | 08:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Buffer over-read in Modem

Information disclosure due to buffer over-read in Modem while using static array to process IPv4 packets.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-wcd9306mdm8207wcd9330wcn3999ar8031_firmwareqca4004_firmwaremdm9607_firmwarecsra6620qcs405qca4024_firmwareqts110mdm9607wcd9306_firmwarewsa8810_firmwarewsa8810qca4020_firmwarewcd9335qca4010csra6620_firmwaremdm9206csra6640_firmwarear8031qcs405_firmwarewcd9335_firmwarewcn3980mdm8207_firmwaremdm9205_firmwaremdm9205mdm9206_firmwareqca4024wsa8815mdm9207_firmwareqca4004csra6640qca4020wsa8815_firmwarewcn3999_firmwarewcn3980_firmwarewcd9330_firmwareqca4010_firmwaremdm9207qts110_firmwareSnapdragoncsra6640_firmwareqcs405_firmwarewcd9335_firmwarear8031_firmwaremdm8207_firmwaremdm9205_firmwareqca4004_firmwaremdm9607_firmwaremdm9206_firmwaremdm9207_firmwareqca4024_firmwarewcd9306_firmwarewsa8815_firmwarewsa8810_firmwarewcn3999_firmwareqca4020_firmwarewcn3980_firmwarewcd9330_firmwarecsra6620_firmwareqca4010_firmwareqts110_firmware
CWE ID-CWE-126
Buffer Over-read
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-33258
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-8.2||HIGH
EPSS-0.07% / 21.25%
||
7 Day CHG~0.00%
Published-04 Apr, 2023 | 04:46
Updated-03 Aug, 2024 | 08:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Buffer over-read in Modem

Information disclosure due to buffer over-read in modem while reading configuration parameters.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-mdm9206wcd9306snapdragon_wear_1300mdm8207snapdragon_wear_1200wcd9330mdm9207snapdragon_x5_lte_modem_firmwaremdm8207_firmwaresnapdragon_wear_1100mdm9205_firmwaremdm9205qca4004_firmwaremdm9206_firmwaremdm9207_firmwareqca4004qts110wcd9306_firmwaresnapdragon_wear_1100_firmwaresnapdragon_wear_1300_firmwarewcd9330_firmwaresnapdragon_wear_1200_firmwaresnapdragon_x5_lte_modemqts110_firmwareSnapdragon9205_lte_modem_firmware9206_lte_modem_firmwaresnapdragon_wear_1300_platform_firmware9207_lte_modem_firmwarewcd9306_firmwaresnapdragon_x5_lte_modem_firmwaremdm8207_firmwarewcd9330_firmwareqca4004_firmwaresnapdragon_1200_wearable_platform_firmwaresnapdragon_1100_wearable_platform_firmwareqts110_firmware
CWE ID-CWE-126
Buffer Over-read
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-33295
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-8.2||HIGH
EPSS-0.08% / 23.76%
||
7 Day CHG~0.00%
Published-04 Apr, 2023 | 04:46
Updated-03 Aug, 2024 | 08:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Buffer over-read in Modem

Information disclosure in Modem due to buffer over-read while parsing the wms message received given the buffer and its length.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-mdm9206wcd9306snapdragon_wear_1300mdm8207snapdragon_wear_1200wcd9330mdm9207snapdragon_x5_lte_modem_firmwaremdm8207_firmwaresnapdragon_wear_1100mdm9205_firmwaremdm9205qca4004_firmwaremdm9206_firmwaremdm9207_firmwareqca4004qts110wcd9306_firmwaresnapdragon_wear_1100_firmwaresnapdragon_wear_1300_firmwarewcd9330_firmwaresnapdragon_wear_1200_firmwaresnapdragon_x5_lte_modemqts110_firmwareSnapdragon
CWE ID-CWE-126
Buffer Over-read
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-33291
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-8.2||HIGH
EPSS-0.07% / 21.25%
||
7 Day CHG~0.00%
Published-04 Apr, 2023 | 04:46
Updated-03 Aug, 2024 | 08:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Buffer over-read in Modem

Information disclosure in Modem due to buffer over-read while receiving a IP header with malformed length.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-snapdragon_1100_wearable_platformwsa8830wcd9380_firmwaressg2125psxr2230p_firmware9207_lte_modemwcd9330wcn785x-59205_lte_modemcsra6620qca4024_firmwarewsa8835sxr1230p_firmwarewcd9380snapdragon_wear_1300_platformcsra6620_firmwarehome_hub_100_platformssg2125p_firmwaressg2115pcsra6640_firmwarewcn685x-5_firmwaresxr1230pwcn685x-1qcs400_firmwarewcd9335_firmwarewcn3980wcn3998wcd9385_firmwaresnapdragon_1200_wearable_platform_firmwarewsa8815sxr2230pwcn3999_firmwarewcn3998_firmwarewcn785x-5_firmwarewcn3980_firmwarewcd9330_firmware9205_lte_modem_firmwarewcd9306mdm8207wcn3999snapdragon_x5_lte_modem_firmwarear8031_firmwarewsa8832_firmware9206_lte_modemwcn685x-5qca4004_firmware9206_lte_modem_firmwarewcn785x-1_firmwareqts110wcd9306_firmwarewsa8810_firmwarewsa8810home_hub_100_platform_firmwarewsa8832snapdragon_ar2_gen_1_platform_firmwarewcd9335qca4010snapdragon_ar2_gen_1_platformwcn685x-1_firmwaresnapdragon_wear_1300_platform_firmwarewcd93859207_lte_modem_firmwarear8031mdm8207_firmwareqca4024snapdragon_1100_wearable_platform_firmwareqca4004wsa8830_firmwarecsra6640wsa8815_firmwarewsa8835_firmwaressg2115p_firmwaresnapdragon_1200_wearable_platformqcs400qca4010_firmwarewcn785x-1snapdragon_x5_lte_modemqts110_firmwareSnapdragon9205_lte_modem_firmwarewcd9380_firmwaresxr2230p_firmwaresmart_audio_400_platform_firmwarear8031_firmwaresnapdragon_x5_lte_modem_firmwarewsa8832_firmwarefastconnect_6900_firmwareqca4004_firmware9206_lte_modem_firmwareqca4024_firmwarewcd9306_firmwaresxr1230p_firmwarewsa8810_firmwarefastconnect_7800_firmwarehome_hub_100_platform_firmwaresnapdragon_ar2_gen_1_platform_firmwarecsra6620_firmwaressg2125p_firmwarecsra6640_firmwaresnapdragon_wear_1300_platform_firmware9207_lte_modem_firmwarewcd9335_firmwaremdm8207_firmwarewcd9385_firmwaresnapdragon_1200_wearable_platform_firmwaresnapdragon_1100_wearable_platform_firmwarewsa8830_firmwarewsa8815_firmwarewsa8835_firmwarefastconnect_6200_firmwaressg2115p_firmwarewcn3999_firmwarewcn3980_firmwarewcd9330_firmwareqca4010_firmwareqts110_firmware
CWE ID-CWE-126
Buffer Over-read
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-33271
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-8.2||HIGH
EPSS-0.09% / 26.72%
||
7 Day CHG~0.00%
Published-09 Feb, 2023 | 06:58
Updated-03 Aug, 2024 | 08:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Buffer over-read in WLAN

Information disclosure due to buffer over-read in WLAN while parsing NMF frame.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qca9377_firmwaresd_8cx_gen3_firmwareqca2066mdm9640_firmwaresm6250p_firmwaresa6150p_firmwareqcs610qca8337ar9380ipq8173_firmwareqca6431_firmwarewcd9360_firmwaresdx65qcn5124qca4024_firmwarewcn3950_firmwareipq8078aipq5028_firmwaresa8150p_firmwareqca6595au_firmwaresa6155qca6335qca2062sd_455_firmwarecsra6620_firmwareqcs605_firmwaresd_675_firmwarecsra6640_firmwareqcs6125_firmwaresa415mwcn3998qca6554a_firmwarewcd9371_firmwareqam8295pwcn3950qcn6024_firmwaresd720gsm4125sd_8cx_gen2_firmwareipq8076aqca8386_firmwaresd_8_gen1_5g_firmwareqca8084_firmwareqsm8350_firmwaresd710_firmwareqsm8350sd460_firmwaresm7315_firmwarewcn7850qca6574au_firmwareqcn5164_firmwarewcd9375_firmwareqca8081_firmwarewcn3998_firmwaresa6155_firmwareqca6420wcd9360sdx20mqcn9002qca9986sd680_firmwareipq8070_firmwareqca9367_firmwareipq8065ipq8078a_firmwareqca6678aq_firmwarewcn3999sd_8cx_gen2qrb5165_firmwareipq5028qrb5165m_firmwareqca6698aqqcs6125sa8155_firmwareipq6010sd662_firmwareipq8068qcs405qca6430wcd9340qcn6132sd765gsw5100sd680qca6436wcn6851sa6155pqcs603_firmwarewcn7851_firmwareqca6698aq_firmwareqca9888_firmwareqcn6122wcd9341ipq8068_firmwareqca2066_firmwareqca6696_firmwareqca6431wcd9371sd870_firmwaresd750gqca1062ipq9008_firmwareqcn5154_firmwarewcn3910_firmwaresxr2150p_firmwaresd_8cxsa8150pwsa8830_firmwareqca9992_firmwaresd660sd865_5g_firmwaresnapdragon_4_gen_1sd712sd855_firmwarewcn3988sd660_firmwarewcn7850_firmwaresa8195p_firmwaresm8475qcn5022_firmwareqcn7606_firmwarewcn6750_firmwaresa8295p_firmwaremdm9640ipq5018_firmwareqca9985_firmwarewcn3991qca8337_firmwarewcd9380_firmwaressg2125pipq8072aqca9980_firmwaresw5100pmsm8996au_firmwarewcd9330ipq8076a_firmwareipq8078qca8084qcn9001_firmwareipq8173sdx55m_firmwareqca6564auwcn6856_firmwareipq9008qcn5164sd670_firmwareqca6574csr8811_firmwarewcd9380qcn5054_firmwareqcs410qcn5024sd690_5g_firmwaresdx50m_firmwaresxr1230psdx24_firmwareqca8072_firmwareqca9985qcn9012_firmwareqca6430_firmwareqcn9274_firmwareqcn5052_firmwarewcd9335_firmwarewcn3980qca6335_firmwareipq6018_firmwareqcm4325_firmwareqcs605wcd9340_firmwarewsa8815wcn6850sd7cpmp8074_firmwareqcn6112wcn3910qca6320qca9986_firmwareqca6426_firmwaresd695ipq6028ipq8064sd835pmp8074qca9984ipq9574_firmwarewcn3980_firmwareqcn9024sd730wcd9330_firmwaresdx55mipq8064_firmwareqcc5100_firmwaresa8295pqca6421_firmwareqca2062_firmwarewcn6740_firmwaresd821_firmwareqca6678aqsd678_firmwarear8031_firmwareipq8078_firmwareqcn5054qrb5165wcn6851_firmwareqcs603ipq8070qca9994qca9980sd670qcn9024_firmwareipq8174_firmwaresd_636_firmwareqca6564a_firmwaresd480sd870wsa8832wcn6855qcn7605_firmwaresw5100p_firmwareqcs610_firmwareqsm8250sa6145pipq6018qca9886_firmwaresd695_firmwaresdxr1ar8031apq8096auqca6595_firmwareqcs405_firmwaresa8145psdm630_firmwaresd820_firmwareqca6391_firmwaresa4150p_firmwareqca4024wcd9370_firmwareqca2064sd780g_firmwaresdx55sd888_firmwareqcn5021_firmwaresa8155pcsra6640sd675ssg2115p_firmwaresxr2150par8035_firmwareqsm8250_firmwareqcn7606qcn5024_firmwarewcn3991_firmwarewsa8830sd678qcn9070sxr2230p_firmwaresa8145p_firmwareqca1062_firmwaresd7c_firmwarecsrb31024snapdragon_4_gen_1_firmwaresd_636csra6620qca8082qcn9072qca8386qca9992sd765g_firmwareqca6420_firmwareqca6390_firmwareqca2064_firmwaresd690_5gipq6000sd730_firmwarewcd9370sd675_firmwaressg2115pqcn5152_firmwareqca6426qca6584au_firmwarewcn3990_firmwareqrb5165n_firmwareqcn9000_firmwareqca9984_firmwareqca9377ipq5018sd_8cx_firmwarewcd9385_firmwaresdxr2_5g_firmwareqcn7605wcd9326_firmwareipq8074aqca2065sd662qcn5124_firmwareqam8295p_firmwareqcn6102_firmwareqcn9011_firmwareqca1064sa8155qcn6100_firmwareqca8082_firmwareqca6320_firmwareqcn5122_firmwaresdx55_firmwareqca6595auqcn6023_firmwarewcn3999_firmwaresm7250p_firmwareqca6436_firmwareqrb5165nipq5010qca6564au_firmwareqca6584ausd778gsa6155p_firmwareqca6310qcn9274ipq8174wcn7851sa515m_firmwareqca9990qcn9001qcn5052qca9367qcs6490sdxr2_5gsdm630sd821qcn6112_firmwaresa415m_firmwarewcn3988_firmwareqcn9074sa6145p_firmwareqca6421qca8085sd778g_firmwaresm6250sa8195psd712_firmwarewsa8810_firmwaresd765_firmwarewcd9326wcd9335sg4150pqca8081qcn6023ipq8071aqca6174a_firmwareipq8071a_firmwarewcd9385qca8085_firmwareqcs6490_firmwareqca2065_firmwaresd_8cx_gen3qca6390wcd9375sd750g_firmwareaqt1000ar8035csr8811sm6250_firmwareqcn9100_firmwareipq5010_firmwareipq8074a_firmwaresd888_5g_firmwaresdx20_firmwarewsa8815_firmwaresd820qcm6490wcn6850_firmwarewsa8835_firmwareqca6564asa4150psg4150p_firmwareqcm6125_firmwareqcm4325qca8072wcn3990qcn9000sd_675sd780gqca6554asd865_5gqca6595ar9380_firmwareqcc5100sdx24qcn9012sd888qcn6122_firmwareipq8065_firmwaresxr1230p_firmwarewsa8835msm8996ausd665_firmwaresd888_5gsm6250pqcn5154qca8075_firmwaresc8180xssg2125p_firmwareqca6574awcn6855_firmwareqca9889qca6174asm7325pqcn6132_firmwareqcn9003_firmwareqca9888qca6310_firmwareqca9994_firmwarewcn6750qcn9003ipq8070a_firmwareipq8076_firmwaresa515mqca6574_firmwareqca9886sd855sm4125_firmwaresm7325p_firmwaresd665sxr2230pipq8076sd765qca6574a_firmwareqcn5021qcn5152sd768g_firmwareqrb5165msd850_firmwaresm7315sd460qca6391sdxr1_firmwareaqt1000_firmwareqcn6102qcn9100sdx65_firmwarecsrb31024_firmwareqcm6490_firmwarewsa8832_firmwaresdx50mqcn9070_firmwaresdx20sd480_firmwareipq6028_firmwareipq8072a_firmwareqcn9011sc8180x_firmwaresd_455qca6574auqca9889_firmwaresd710sa8155p_firmwareqcn5122ipq9574wcd9341_firmwaresdx20m_firmwareqcm6125wsa8810wcn6856qcn5022sd835_firmwaresd768gipq6010_firmwareqca1064_firmwarewcn6740qca6696sd845_firmwaresa6150pqca8075qcn9022_firmwareapq8096au_firmwareqcn6024qcn9022sd845qca9990_firmwareipq8070aqcn9002_firmwareqcn6100qcn9072_firmwaresm7250pipq6000_firmwaresd720g_firmwaresw5100_firmwareqcn9074_firmwareqcs410_firmwaresd850Snapdragonqcn5024_firmwareqca9377_firmwaresd_8cx_gen3_firmwarewcn3991_firmwaremdm9640_firmwaresa6150p_firmwaresa8145p_firmwaresm6250p_firmwaresxr2230p_firmwareqca1062_firmwareipq8173_firmwareqca6431_firmwaresd7c_firmwaresnapdragon_4_gen_1_firmwarewcd9360_firmwareqca4024_firmwarewcn3950_firmwareipq5028_firmwaresa8150p_firmwareqca6420_firmwareqca6595au_firmwaresd765g_firmwareqca6390_firmwareqca2064_firmwaresd730_firmwaresd_455_firmwarecsra6620_firmwareqcs605_firmwaresd_675_firmwaresd675_firmwarecsra6640_firmwareqcn5152_firmwareqcs6125_firmwareqca6584au_firmwarewcn3990_firmwareqrb5165n_firmwareqcn9000_firmwareqca9984_firmwareqca6554a_firmwaresd_8cx_firmwarewcd9371_firmwaresdxr2_5g_firmwaresd_8cx_gen2_firmwareqcn6024_firmwareqca8386_firmwarewcd9326_firmwarewcd9385_firmwaresd_8_gen1_5g_firmwareqca8084_firmwareqsm8350_firmwaresd710_firmwareqcn5124_firmwaresd460_firmwareqam8295p_firmwareqcn6100_firmwareqcn6102_firmwareqcn9011_firmwareqca8082_firmwareqca6320_firmwaresm7315_firmwareqca6574au_firmwareqcn5122_firmwareqcn5164_firmwaresdx55_firmwarewcd9375_firmwareqca8081_firmwareqcn6023_firmwaresa6155_firmwaresm7250p_firmwarewcn3998_firmwarewcn3999_firmwareqca6436_firmwareqca6564au_firmwaresd680_firmwareipq8070_firmwareqca9367_firmwaresa6155p_firmwareipq8078a_firmwareqca6678aq_firmwaresa515m_firmwareqrb5165_firmwareqrb5165m_firmwaresa8155_firmwaresd662_firmwareqcn6112_firmwaresa415m_firmwarewcn3988_firmwaresa6145p_firmwaresd712_firmwaresd778g_firmwarewsa8810_firmwaresd765_firmwareqcs603_firmwarewcn7851_firmwareqca6698aq_firmwareqca6174a_firmwareipq8071a_firmwareqca8085_firmwareqca9888_firmwareipq8068_firmwareqca2066_firmwareqca6696_firmwareqca2065_firmwareqcs6490_firmwaresd870_firmwareipq9008_firmwareqcn5154_firmwarewcn3910_firmwaresxr2150p_firmwaresd750g_firmwaresm6250_firmwareqcn9100_firmwarewsa8830_firmwareqca9992_firmwaresd855_firmwaresd865_5g_firmwareipq5010_firmwareipq8074a_firmwaresd888_5g_firmwaresdx20_firmwaresd660_firmwarewcn6850_firmwarewcn7850_firmwaresa8195p_firmwarewsa8815_firmwarewsa8835_firmwareqcn5022_firmwareqcn7606_firmwaresa8295p_firmwarewcn6750_firmwaresg4150p_firmwareqcm6125_firmwareipq5018_firmwareqca9985_firmwareqca8337_firmwarewcd9380_firmwareqca9980_firmwaremsm8996au_firmwareipq8076a_firmwarear9380_firmwareqcn9001_firmwaresdx55m_firmwarewcn6856_firmwareqcn6122_firmwareipq8065_firmwaresd670_firmwaresxr1230p_firmwaresd665_firmwarecsr8811_firmwareqcn5054_firmwareqca8075_firmwaressg2125p_firmwaresd690_5g_firmwaresdx50m_firmwarewcn6855_firmwareqcn6132_firmwareqcn9003_firmwaresdx24_firmwareqca8072_firmwareqca6310_firmwareqca6430_firmwareqca9994_firmwareqcn5052_firmwareqcn9012_firmwareipq8070a_firmwareqcn9274_firmwarewcd9335_firmwareqca6335_firmwareipq6018_firmwareipq8076_firmwareqcm4325_firmwareqca6574_firmwarewcd9340_firmwaresm4125_firmwaresm7325p_firmwarepmp8074_firmwareqca9986_firmwareqca6426_firmwareqca6574a_firmwaresd768g_firmwareipq9574_firmwaresd850_firmwarewcn3980_firmwaresdxr1_firmwarewcd9330_firmwareipq8064_firmwareqcc5100_firmwareqca6421_firmwareaqt1000_firmwareqca2062_firmwarewcn6740_firmwaresdx65_firmwaresd821_firmwaresd678_firmwarear8031_firmwarecsrb31024_firmwareqcm6490_firmwareipq8078_firmwarewsa8832_firmwareqcn9070_firmwaresd480_firmwarewcn6851_firmwareipq6028_firmwareipq8072a_firmwareqca9889_firmwaresa8155p_firmwaresd_636_firmwareqca6564a_firmwareipq8174_firmwareqcn9024_firmwarewcd9341_firmwaresdx20m_firmwareqcn7605_firmwaresw5100p_firmwareqcs610_firmwaresd835_firmwareqca9886_firmwaresd695_firmwareipq6010_firmwareqca6595_firmwareqcs405_firmwareqca1064_firmwaresdm630_firmwaresd820_firmwareqca6391_firmwaresa4150p_firmwaresd845_firmwaresd780g_firmwarewcd9370_firmwaresd888_firmwareqcn9022_firmwareqcn5021_firmwareapq8096au_firmwareqca9990_firmwareqcn9002_firmwareqcn9072_firmwareipq6000_firmwaresd720g_firmwaressg2115p_firmwaresw5100_firmwareqcn9074_firmwareqcs410_firmwarear8035_firmwareqsm8250_firmware
CWE ID-CWE-126
Buffer Over-read
CWE ID-CWE-125
Out-of-bounds Read
CVE-2017-14905
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.09% / 26.57%
||
7 Day CHG~0.00%
Published-05 Dec, 2017 | 17:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing a specially crafted cfg80211 vendor command, a buffer over-read can occur.

Action-Not Available
Vendor-Google LLCQualcomm Technologies, Inc.
Product-androidAndroid for MSM, Firefox OS for MSM, QRD Android
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-2966
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-3.3||LOW
EPSS-0.09% / 25.91%
||
7 Day CHG~0.00%
Published-16 Dec, 2022 | 19:51
Updated-16 Apr, 2025 | 16:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Delta Electronics DOPSoft Out-of-bounds Read

Out-of-bounds Read vulnerability in Delta Electronics DOPSoft.This issue affects DOPSoft: All Versions.

Action-Not Available
Vendor-Delta Electronics, Inc.
Product-dopsoftDOPSoft
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-28739
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.44% / 62.28%
||
7 Day CHG~0.00%
Published-09 May, 2022 | 00:00
Updated-13 Feb, 2025 | 16:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is a buffer over-read in Ruby before 2.6.10, 2.7.x before 2.7.6, 3.x before 3.0.4, and 3.1.x before 3.1.2. It occurs in String-to-Float conversion, including Kernel#Float and String#to_f.

Action-Not Available
Vendor-n/aApple Inc.Debian GNU/LinuxRuby
Product-rubydebian_linuxmacosn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2017-14903
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.09% / 26.57%
||
7 Day CHG~0.00%
Published-05 Dec, 2017 | 17:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing the SENDACTIONFRAME IOCTL, a buffer over-read can occur if the payload length is less than 7.

Action-Not Available
Vendor-Google LLCQualcomm Technologies, Inc.
Product-androidAndroid for MSM, Firefox OS for MSM, QRD Android
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-28330
Matching Score-4
Assigner-Apache Software Foundation
ShareView Details
Matching Score-4
Assigner-Apache Software Foundation
CVSS Score-5.3||MEDIUM
EPSS-0.24% / 47.49%
||
7 Day CHG~0.00%
Published-08 Jun, 2022 | 10:00
Updated-03 Aug, 2024 | 05:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
read beyond bounds in mod_isapi

Apache HTTP Server 2.4.53 and earlier on Windows may read beyond bounds when configured to process requests with the mod_isapi module.

Action-Not Available
Vendor-The Apache Software FoundationMicrosoft Corporation
Product-http_serverwindowsApache HTTP Server
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-25732
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-8.2||HIGH
EPSS-0.08% / 24.38%
||
7 Day CHG~0.00%
Published-09 Feb, 2023 | 06:58
Updated-03 Aug, 2024 | 04:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Buffer Over-read in MODEM

Information disclosure in modem due to buffer over read in dns client due to missing length check

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-wcd9380_firmwarewsa8830ssg2125psxr2230p_firmwarewcd9330wcn6856_firmwarecsra6620qca4024_firmwarewsa8835sxr1230p_firmwarewcd9380csra6620_firmwaressg2125p_firmwaressg2115pmdm9206csra6640_firmwarewcn6855_firmwaresxr1230pwcd9335_firmwarewcn3980wcd9385_firmwaremdm9205mdm9206_firmwarewsa8815sxr2230pqca4020wcn7850wcn3999_firmwarewcn3980_firmwarewcd9330_firmwaremdm9207wcd9306mdm8207wcn3999wcn7851ar8031_firmwarewsa8832_firmwareqca4004_firmwaremdm9607_firmwareqcs405qts110mdm9607wcd9306_firmwarewsa8810_firmwarewsa8810wsa8832qca4020_firmwarewcn6855wcd9335wcn7851_firmwarewcn6856wcd9385ar8031qcs405_firmwaremdm8207_firmwaremdm9205_firmwareqca4024mdm9207_firmwareqca4004csra6640wsa8830_firmwarewsa8815_firmwarewsa8835_firmwarewcn7850_firmwaressg2115p_firmwareqts110_firmwareSnapdragonwcd9380_firmwaresxr2230p_firmwarear8031_firmwarewsa8832_firmwarewcn6856_firmwareqca4004_firmwaremdm9607_firmwareqca4024_firmwarewcd9306_firmwaresxr1230p_firmwarewsa8810_firmwareqca4020_firmwaressg2125p_firmwarecsra6620_firmwarewcn7851_firmwarewcn6855_firmwarecsra6640_firmwareqcs405_firmwarewcd9335_firmwaremdm8207_firmwaremdm9205_firmwarewcd9385_firmwaremdm9206_firmwaremdm9207_firmwarewsa8830_firmwarewsa8815_firmwarewsa8835_firmwarewcn7850_firmwaressg2115p_firmwarewcn3999_firmwarewcn3980_firmwarewcd9330_firmwareqts110_firmware
CWE ID-CWE-126
Buffer Over-read
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-25726
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-8.2||HIGH
EPSS-0.07% / 21.25%
||
7 Day CHG~0.00%
Published-04 Apr, 2023 | 04:46
Updated-03 Aug, 2024 | 04:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Buffer Over-read in MODEM

Information disclosure in modem data due to array out of bound access while handling the incoming DNS response packet

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-wcd9306wcd9380_firmwarewsa8830snapdragon_wear_1300ssg2125psxr2230p_firmwaremdm8207snapdragon_wear_1200wcd9330snapdragon_x5_lte_modem_firmwarewsa8832_firmwarewcn785x-5wcn685x-5qca4004_firmwarewcn785x-1_firmwareqts110wcd9306_firmwaresxr1230p_firmwarewsa8835wcd9380wsa8832snapdragon_wear_1100_firmwaresnapdragon_ar2_gen_1_platform_firmwaresnapdragon_wear_1200_firmwaressg2125p_firmwaressg2115psnapdragon_ar2_gen_1_platformmdm9206wcn685x-5_firmwarewcn685x-1_firmwaresxr1230pwcd9385wcn685x-1snapdragon_x5_lte_modemmdm8207_firmwaresnapdragon_wear_1100mdm9205_firmwarewcd9385_firmwaremdm9205mdm9206_firmwaremdm9207_firmwareqca4004sxr2230pwsa8830_firmwarewsa8835_firmwaressg2115p_firmwaresnapdragon_wear_1300_firmwarewcn785x-5_firmwarewcd9330_firmwarewcn785x-1mdm9207qts110_firmwareSnapdragon9205_lte_modem_firmwarewcd9380_firmwaresnapdragon_wear_1300_platform_firmware9207_lte_modem_firmwaresxr2230p_firmwaresnapdragon_x5_lte_modem_firmwaremdm8207_firmwarewsa8832_firmwarewcd9385_firmwarefastconnect_6900_firmwareqca4004_firmwaresnapdragon_1200_wearable_platform_firmwaresnapdragon_1100_wearable_platform_firmware9206_lte_modem_firmwarewsa8830_firmwarewcd9306_firmwaresxr1230p_firmwarewsa8835_firmwarefastconnect_7800_firmwaressg2115p_firmwaresnapdragon_ar2_gen_1_platform_firmwarewcd9330_firmwaressg2125p_firmwareqts110_firmware
CWE ID-CWE-126
Buffer Over-read
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-25706
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-8.2||HIGH
EPSS-0.11% / 29.53%
||
7 Day CHG~0.00%
Published-16 Sep, 2022 | 05:26
Updated-03 Aug, 2024 | 04:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Information disclosure in Bluetooth driver due to buffer over-read while reading l2cap length in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sm6250p_firmwareqcs610wcn3950_firmwareqcs2290qca6595au_firmwaresa6155qca6335msm8917qcs605_firmwaresd_675_firmwaresd632wcn3998wcd9371_firmwarewcn3950sm4125sd720gsd_8_gen1_5g_firmwarewcn3660bsd450_firmwaresd710_firmwaresd460_firmwaresm7315_firmwarewcn7850qca6574au_firmwarewcd9375_firmwaresa6155_firmwarewcn3998_firmwaremsm8909wapq8009w_firmwareqca6420apq8053_firmwaresm7450_firmwaresd680_firmwaresa8155_firmwaresd662_firmwareqca6430wcd9340qualcomm215_firmwaresd765gsw5100qca6436sd680wcn6851sa6155pqcs603_firmwarewcn7851_firmwarewcn3660_firmwarewcd9341qca6696_firmwarewcd9371sd750gsd870_firmwarewcn3910_firmwarewsa8830_firmwaresd855_firmwaresd660sd865_5g_firmwarewcn3988sd660_firmwarewcn7850_firmwaresa8195p_firmwaresm8475wcn6750_firmwaresd450wcn3991wcd9380_firmwaresdm429wmsm8996au_firmwaresw5100pqca6564ausdx55m_firmwarewcn6856_firmwaresd670_firmwareqca6574sd632_firmwarewcd9380qualcomm215sd690_5g_firmwaresdx50m_firmwareqca6430_firmwarewcd9335_firmwarewcn3980sd439_firmwareqca6335_firmwareqcs605wcd9340_firmwarewsa8815wcn6850wcn3910qca6320qca6426_firmwarewcn3660b_firmwarewcn3680sd695sd835wcn3980_firmwaresd730sdx55msm8475_firmwarewcn6740_firmwaremsm8953sd678_firmwarewcn3680_firmwarewcn6851_firmwareqcs603sd_636_firmwaresd670qca6564a_firmwareapq8009wqcm4290_firmwaresd480sd870wcn6855wsa8832sw5100p_firmwareqcs610_firmwaresa6145psd695_firmwaresdxr1apq8096ausdm630_firmwareqca6391_firmwaresd780g_firmwarewcd9370_firmwaresdx55sd888_firmwareapq8053sa8155psd675sd439wcn3660sm8475p_firmwareqcm2290wcn3991_firmwarewsa8830sd678qcs2290_firmwaresd_636qcs4290sd765g_firmwareqca6420_firmwareqca6390_firmwaresd690_5gsd730_firmwarewcd9370sd675_firmwareqca6426wcn3990_firmwaresdw2500_firmwarewcd9385_firmwaresdxr2_5g_firmwarewcd9326_firmwarewcn3615_firmwaresd662sa8155qca6320_firmwarewcn3680b_firmwaresdx55_firmwareqca6595auwcn3615sm7250p_firmwareqca6436_firmwareqca6564au_firmwaresd778gsa6155p_firmwareqca6310wcn7851qcs6490sd429sdxr2_5gsdm630wcn3988_firmwaresa6145p_firmwaresd429_firmwaresm6250sd778g_firmwaresa8195papq8017_firmwarewsa8810_firmwaresd765_firmwarewcd9326wcd9335qcs4290_firmwarewcd9385qcs6490_firmwareqca6390wcd9375sd750g_firmwareaqt1000sm6250_firmwaremsm8953_firmwaremsm8917_firmwarewcn3620_firmwareqcm6490sd888_5g_firmwarewsa8835_firmwarewcn3620wcn6850_firmwarewsa8815_firmwaresm7450apq8017qca6564aqcm2290_firmwarewcn3990sd_675sd780gsd865_5gsd888msm8909w_firmwarewsa8835msm8996ausdm429w_firmwaresd665_firmwaresd888_5gsm6250pqca6574awcn6855_firmwaresm7325pqca6310_firmwarewcn6750qca6574_firmwaresd855sm4125_firmwaresm7325p_firmwaresd665sd765qca6574a_firmwaresd768g_firmwaresm7315sd460qca6391sdxr1_firmwareaqt1000_firmwareqcm4290qcm6490_firmwaresdx50mwsa8832_firmwaresd480_firmwareqca6574ausa8155p_firmwaresd710wcd9341_firmwarewsa8810wcn6856wcn3680bsd835_firmwaresd768gwcn6740qca6696sd845_firmwaresdw2500apq8096au_firmwaresd845sm7250psd720g_firmwaresw5100_firmwaresm8475pSnapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-25731
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.5||HIGH
EPSS-0.13% / 33.27%
||
7 Day CHG~0.00%
Published-04 Apr, 2023 | 04:46
Updated-03 Aug, 2024 | 04:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Incorrect Calculation of Buffer Size in MODEM

Information disclosure in modem due to buffer over-read while processing packets from DNS server

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-mdm9206wcd9306snapdragon_wear_1300mdm8207snapdragon_wear_1200wcd9330mdm9207snapdragon_x5_lte_modem_firmwaremdm8207_firmwaresnapdragon_wear_1100mdm9205_firmwaremdm9205qca4004_firmwaremdm9206_firmwaremdm9207_firmwareqca4004qts110wcd9306_firmwaresnapdragon_wear_1100_firmwaresnapdragon_wear_1300_firmwareqca4010wcd9330_firmwaresnapdragon_wear_1200_firmwareqca4010_firmwaresnapdragon_x5_lte_modemqts110_firmwareSnapdragon
CWE ID-CWE-131
Incorrect Calculation of Buffer Size
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-25872
Matching Score-4
Assigner-Snyk
ShareView Details
Matching Score-4
Assigner-Snyk
CVSS Score-5.3||MEDIUM
EPSS-0.22% / 44.63%
||
7 Day CHG~0.00%
Published-17 Jun, 2022 | 20:05
Updated-16 Sep, 2024 | 16:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Out-of-bounds Read

All versions of package fast-string-search are vulnerable to Out-of-bounds Read due to incorrect memory freeing and length calculation for any non-string input as the source. This allows the attacker to read previously allocated memory.

Action-Not Available
Vendor-fast_string_search_projectn/a
Product-fast_string_searchfast-string-search
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-25730
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-8.2||HIGH
EPSS-0.07% / 21.25%
||
7 Day CHG~0.00%
Published-04 Apr, 2023 | 04:46
Updated-03 Aug, 2024 | 04:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Buffer Over-read in MODEM

Information disclosure in modem due to improper check of IP type while processing DNS server query

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-wcd9306wcd9380_firmwarewsa8830snapdragon_wear_1300ssg2125psxr2230p_firmwaremdm8207snapdragon_wear_1200wcd9330snapdragon_x5_lte_modem_firmwarewsa8832_firmwarewcn785x-5wcn685x-5qca4004_firmwarewcn785x-1_firmwareqts110wcd9306_firmwaresxr1230p_firmwarewsa8835wcd9380wsa8832snapdragon_ar2_gen_1_platform_firmwaresnapdragon_wear_1100_firmwareqca4010snapdragon_wear_1200_firmwaressg2125p_firmwaressg2115psnapdragon_ar2_gen_1_platformmdm9206wcn685x-5_firmwarewcn685x-1_firmwaresxr1230pwcd9385wcn685x-1snapdragon_x5_lte_modemmdm8207_firmwaresnapdragon_wear_1100mdm9205_firmwarewcd9385_firmwaremdm9205mdm9206_firmwaremdm9207_firmwareqca4004sxr2230pwsa8830_firmwarewsa8835_firmwaressg2115p_firmwaresnapdragon_wear_1300_firmwarewcn785x-5_firmwarewcd9330_firmwareqca4010_firmwarewcn785x-1mdm9207qts110_firmwareSnapdragonfastconnect_7800wcd9306snapdragon_1100_wearable_platformwsa8830sxr1230pssg2125pwcd93859207_lte_modemmdm8207wcd93309206_lte_modemfastconnect_6900snapdragon_ar2_gen1_platform9205_lte_modemqca4004sxr2230pqts110wsa8835wcd9380wsa8832snapdragon_1200_wearable_platformsnapdragon_x5_lte_firmwareqca4010snapdragon_wear_1300_platformssg2115p
CWE ID-CWE-126
Buffer Over-read
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-25747
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-8.2||HIGH
EPSS-0.06% / 17.71%
||
7 Day CHG~0.00%
Published-04 Apr, 2023 | 04:46
Updated-11 Feb, 2025 | 14:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Buffer Over-read in MODEM

Information disclosure in modem due to improper input validation during parsing of upcoming CoAP message

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-mdm9206wcd9306snapdragon_wear_1300mdm8207snapdragon_wear_1200wcd9330mdm9207snapdragon_x5_lte_modem_firmwaremdm8207_firmwaresnapdragon_wear_1100mdm9205_firmwaremdm9205qca4004_firmwaremdm9206_firmwaremdm9207_firmwareqca4004qts110wcd9306_firmwaresnapdragon_wear_1100_firmwaresnapdragon_wear_1300_firmwarewcd9330_firmwaresnapdragon_wear_1200_firmwaresnapdragon_x5_lte_modemqts110_firmwareSnapdragon
CWE ID-CWE-126
Buffer Over-read
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-25738
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-8.2||HIGH
EPSS-0.08% / 24.38%
||
7 Day CHG~0.00%
Published-09 Feb, 2023 | 06:58
Updated-03 Aug, 2024 | 04:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Buffer Over-read in MODEM

Information disclosure in modem due to buffer over-red while performing checksum of packet received

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-wcd9380_firmwarewsa8830ssg2125psxr2230p_firmwarewcd9330wcn6856_firmwarecsra6620qca4024_firmwarewsa8835sxr1230p_firmwarewcd9380csra6620_firmwaressg2125p_firmwaressg2115pmdm9206csra6640_firmwarewcn6855_firmwaresxr1230pwcd9335_firmwarewcn3980wcn3998wcd9385_firmwaremdm9205mdm9206_firmwarewsa8815sxr2230pqca4020wcn7850wcn3999_firmwarewcn3998_firmwarewcn3980_firmwarewcd9330_firmwaremdm9207wcd9306mdm8207wcn3999wcn7851ar8031_firmwarewsa8832_firmwareqca4004_firmwaremdm9607_firmwareqcs405qts110mdm9607wcd9306_firmwarewsa8810_firmwarewsa8810wsa8832qca4020_firmwarewcn6855wcd9335qca4010wcn7851_firmwarewcn6856wcd9385ar8031qcs405_firmwaremdm8207_firmwaremdm9205_firmwareqca4024mdm9207_firmwareqca4004csra6640wsa8830_firmwarewsa8815_firmwarewsa8835_firmwarewcn7850_firmwaressg2115p_firmwareqca4010_firmwareqts110_firmwareSnapdragon
CWE ID-CWE-126
Buffer Over-read
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-25728
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-8.2||HIGH
EPSS-0.08% / 24.38%
||
7 Day CHG~0.00%
Published-09 Feb, 2023 | 06:58
Updated-03 Aug, 2024 | 04:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Buffer Over-read in MODEM

Information disclosure in modem due to buffer over-read while processing response from DNS server

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-wcd9380_firmwarewsa8830ssg2125psxr2230p_firmwarewcd9330wcn6856_firmwarecsra6620qca4024_firmwarewsa8835sxr1230p_firmwarewcd9380csra6620_firmwaressg2125p_firmwaressg2115pmdm9206csra6640_firmwarewcn6855_firmwaresxr1230pwcd9335_firmwarewcn3980wcn3998wcd9385_firmwaremdm9205mdm9206_firmwarewsa8815sxr2230pqca4020wcn7850wcn3999_firmwarewcn3998_firmwarewcn3980_firmwarewcd9330_firmwaremdm9207wcd9306mdm8207wcn3999wcn7851ar8031_firmwarewsa8832_firmwareqca4004_firmwaremdm9607_firmwareqcs405qts110mdm9607wcd9306_firmwarewsa8810_firmwarewsa8810wsa8832qca4020_firmwarewcn6855wcd9335wcn7851_firmwarewcn6856wcd9385ar8031qcs405_firmwaremdm8207_firmwaremdm9205_firmwareqca4024mdm9207_firmwareqca4004csra6640wsa8830_firmwarewsa8815_firmwarewsa8835_firmwarewcn7850_firmwaressg2115p_firmwareqts110_firmwareSnapdragonwcd9380_firmwaresxr2230p_firmwarear8031_firmwarewsa8832_firmwarewcn6856_firmwareqca4004_firmwaremdm9607_firmwareqca4024_firmwarewcd9306_firmwaresxr1230p_firmwarewsa8810_firmwareqca4020_firmwaressg2125p_firmwarecsra6620_firmwarewcn7851_firmwarewcn6855_firmwarecsra6640_firmwareqcs405_firmwarewcd9335_firmwaremdm8207_firmwaremdm9205_firmwarewcd9385_firmwaremdm9206_firmwaremdm9207_firmwarewsa8830_firmwarewsa8815_firmwarewsa8835_firmwarewcn7850_firmwaressg2115p_firmwarewcn3999_firmwarewcn3998_firmwarewcn3980_firmwarewcd9330_firmwareqts110_firmware
CWE ID-CWE-126
Buffer Over-read
CWE ID-CWE-125
Out-of-bounds Read
CVE-2017-13261
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.5||HIGH
EPSS-21.50% / 95.50%
||
7 Day CHG~0.00%
Published-04 Apr, 2018 | 17:00
Updated-17 Sep, 2024 | 01:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In bnep_process_control_packet of bnep_utils.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-69177292.

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-125
Out-of-bounds Read
CVE-2017-13260
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.5||HIGH
EPSS-20.86% / 95.40%
||
7 Day CHG~0.00%
Published-04 Apr, 2018 | 17:00
Updated-16 Sep, 2024 | 19:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In bnep_data_ind of bnep_main.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-69177251.

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-23483
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.21% / 43.30%
||
7 Day CHG~0.00%
Published-09 Dec, 2022 | 17:50
Updated-23 Apr, 2025 | 16:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Out-of-Bound Read in libxrdp

xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a Out of Bound Read in libxrdp_send_to_channel() function. There are no known workarounds for this issue. Users are advised to upgrade.

Action-Not Available
Vendor-neutrinolabsneutrinolabsDebian GNU/Linux
Product-debian_linuxxrdpxrdp
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-23528
Matching Score-4
Assigner-HackerOne
ShareView Details
Matching Score-4
Assigner-HackerOne
CVSS Score-5.3||MEDIUM
EPSS-1.61% / 81.02%
||
7 Day CHG~0.00%
Published-19 Apr, 2024 | 01:10
Updated-06 May, 2025 | 18:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out-of-bounds read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3, in certain conditions can allow an unauthenticated remote attacker to read sensitive information in memory.

Action-Not Available
Vendor-Ivanti Software
Product-avalancheAvalancheavalanche
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-23526
Matching Score-4
Assigner-HackerOne
ShareView Details
Matching Score-4
Assigner-HackerOne
CVSS Score-5.3||MEDIUM
EPSS-1.61% / 81.02%
||
7 Day CHG~0.00%
Published-19 Apr, 2024 | 01:10
Updated-06 May, 2025 | 18:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out-of-bounds read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3, in certain conditions can allow an unauthenticated remote attacker to read sensitive information in memory.

Action-Not Available
Vendor-Ivanti Software
Product-avalancheAvalancheavalanche
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-23527
Matching Score-4
Assigner-HackerOne
ShareView Details
Matching Score-4
Assigner-HackerOne
CVSS Score-5.3||MEDIUM
EPSS-1.37% / 79.48%
||
7 Day CHG~0.00%
Published-24 Apr, 2024 | 23:12
Updated-06 May, 2025 | 13:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out-of-bounds read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3, in certain conditions can allow an unauthenticated remote attacker to read sensitive information in memory.

Action-Not Available
Vendor-Ivanti Software
Product-avalancheAvalancheavalanche
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-21060
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.5||HIGH
EPSS-0.36% / 57.28%
||
7 Day CHG~0.00%
Published-24 Mar, 2023 | 00:00
Updated-20 Feb, 2025 | 16:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In sms_GetTpPiIe of sms_PduCodec.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-253770924References: N/A

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-20605
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.5||HIGH
EPSS-0.59% / 68.31%
||
7 Day CHG~0.00%
Published-16 Dec, 2022 | 00:00
Updated-18 Apr, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In SAECOMM_CopyBufferBytes of SAECOMM_Utility.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-231722405References: N/A

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-1738
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-8.7||HIGH
EPSS-0.06% / 19.93%
||
7 Day CHG~0.00%
Published-19 Oct, 2022 | 17:24
Updated-16 Apr, 2025 | 17:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Fuji Electric D300win Out-of-bounds Read

Fuji Electric D300win prior to version 3.7.1.17 is vulnerable to an out-of-bounds read, which could allow an attacker to leak sensitive data from the process memory.

Action-Not Available
Vendor-Fuji Electric Co., Ltd.
Product-d300winD300win
CWE ID-CWE-125
Out-of-bounds Read
CVE-2017-13258
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.5||HIGH
EPSS-17.01% / 94.72%
||
7 Day CHG~0.00%
Published-04 Apr, 2018 | 17:00
Updated-16 Sep, 2024 | 18:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In bnep_data_ind of bnep_main.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-67863755.

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-48398
Matching Score-4
Assigner-Google Devices
ShareView Details
Matching Score-4
Assigner-Google Devices
CVSS Score-7.5||HIGH
EPSS-0.09% / 25.85%
||
7 Day CHG~0.00%
Published-08 Dec, 2023 | 15:39
Updated-09 Oct, 2024 | 15:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In ProtocolNetAcBarringInfo::ProtocolNetAcBarringInfo() of protocolnetadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with baseband firmware compromise required. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-125
Out-of-bounds Read
  • Previous
  • 1
  • 2
  • ...
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • Next
Details not found