Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2023-39908

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-14 Aug, 2023 | 00:00
Updated At-09 Oct, 2024 | 15:05
Rejected At-
Credits

The PKCS11 module of the YubiHSM 2 SDK through 2023.01 does not properly validate the length of specific read operations on object metadata. This may lead to disclosure of uninitialized and previously used memory.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:14 Aug, 2023 | 00:00
Updated At:09 Oct, 2024 | 15:05
Rejected At:
▼CVE Numbering Authority (CNA)

The PKCS11 module of the YubiHSM 2 SDK through 2023.01 does not properly validate the length of specific read operations on object metadata. This may lead to disclosure of uninitialized and previously used memory.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.yubico.com/support/security-advisories/ysa-2023-01/
N/A
https://blog.inhq.net/posts/yubico-yubihsm-pkcs-vuln/
N/A
Hyperlink: https://www.yubico.com/support/security-advisories/ysa-2023-01/
Resource: N/A
Hyperlink: https://blog.inhq.net/posts/yubico-yubihsm-pkcs-vuln/
Resource: N/A
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.yubico.com/support/security-advisories/ysa-2023-01/
x_transferred
https://blog.inhq.net/posts/yubico-yubihsm-pkcs-vuln/
x_transferred
Hyperlink: https://www.yubico.com/support/security-advisories/ysa-2023-01/
Resource:
x_transferred
Hyperlink: https://blog.inhq.net/posts/yubico-yubihsm-pkcs-vuln/
Resource:
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:14 Aug, 2023 | 19:15
Updated At:25 Aug, 2023 | 21:15

The PKCS11 module of the YubiHSM 2 SDK through 2023.01 does not properly validate the length of specific read operations on object metadata. This may lead to disclosure of uninitialized and previously used memory.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Type: Primary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CPE Matches
yubico
yubico
>>yubihsm_2_sdk>>Versions before 2023.08(exclusive)
cpe:2.3:a:yubico:yubihsm_2_sdk:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-125Primarynvd@nist.gov
CWE ID: CWE-125
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://blog.inhq.net/posts/yubico-yubihsm-pkcs-vuln/cve@mitre.org
N/A
https://www.yubico.com/support/security-advisories/ysa-2023-01/cve@mitre.org
Patch
Vendor Advisory
Hyperlink: https://blog.inhq.net/posts/yubico-yubihsm-pkcs-vuln/
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://www.yubico.com/support/security-advisories/ysa-2023-01/
Source: cve@mitre.org
Resource:
Patch
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

316Records found
CVE-2019-8032
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-7.5||HIGH
EPSS-3.84% / 87.71%
||
7 Day CHG~0.00%
Published-20 Aug, 2019 | 19:52
Updated-04 Aug, 2024 | 21:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure .

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcwindowsmacosacrobat_reader_dcAdobe Acrobat and Reader
CWE ID-CWE-125
Out-of-bounds Read
CVE-2019-8105
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-7.5||HIGH
EPSS-2.40% / 84.45%
||
7 Day CHG~0.00%
Published-20 Aug, 2019 | 20:29
Updated-04 Aug, 2024 | 21:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure .

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcwindowsmacosacrobat_reader_dcAdobe Acrobat and Reader
CWE ID-CWE-125
Out-of-bounds Read
CVE-2019-7061
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-7.5||HIGH
EPSS-2.06% / 83.16%
||
7 Day CHG~0.00%
Published-23 May, 2019 | 17:27
Updated-04 Aug, 2024 | 20:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010.20098 and earlier, 2017.011.30127 and earlier version, and 2015.006.30482 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure .

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-mac_os_xacrobat_dcwindowsacrobat_reader_dcAdobe Acrobat and Reader
CWE ID-CWE-125
Out-of-bounds Read
CVE-2019-8094
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-7.5||HIGH
EPSS-3.84% / 87.71%
||
7 Day CHG~0.00%
Published-20 Aug, 2019 | 20:09
Updated-04 Aug, 2024 | 21:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure .

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcwindowsmacosacrobat_reader_dcAdobe Acrobat and Reader
CWE ID-CWE-125
Out-of-bounds Read
CVE-2019-8018
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-7.5||HIGH
EPSS-3.84% / 87.71%
||
7 Day CHG~0.00%
Published-20 Aug, 2019 | 19:43
Updated-04 Aug, 2024 | 21:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure .

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcwindowsmacosacrobat_reader_dcAdobe Acrobat and Reader
CWE ID-CWE-125
Out-of-bounds Read
CVE-2019-8004
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-7.5||HIGH
EPSS-3.84% / 87.71%
||
7 Day CHG~0.00%
Published-20 Aug, 2019 | 19:34
Updated-04 Aug, 2024 | 21:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure .

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcwindowsmacosacrobat_reader_dcAdobe Acrobat and Reader
CWE ID-CWE-125
Out-of-bounds Read
CVE-2019-8103
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-7.5||HIGH
EPSS-2.40% / 84.45%
||
7 Day CHG~0.00%
Published-20 Aug, 2019 | 20:27
Updated-04 Aug, 2024 | 21:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure .

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcwindowsmacosacrobat_reader_dcAdobe Acrobat and Reader
CWE ID-CWE-125
Out-of-bounds Read
CVE-2019-8164
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-7.5||HIGH
EPSS-1.91% / 82.52%
||
7 Day CHG~0.00%
Published-17 Oct, 2019 | 20:13
Updated-04 Aug, 2024 | 21:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure .

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcwindowsmacosacrobat_reader_dcAdobe Acrobat and Reader
CWE ID-CWE-125
Out-of-bounds Read
CVE-2019-8005
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-7.5||HIGH
EPSS-2.40% / 84.45%
||
7 Day CHG~0.00%
Published-20 Aug, 2019 | 19:37
Updated-04 Aug, 2024 | 21:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure .

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcwindowsmacosacrobat_reader_dcAdobe Acrobat and Reader
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-24473
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-5.3||MEDIUM
EPSS-0.10% / 29.01%
||
7 Day CHG~0.00%
Published-30 Mar, 2023 | 15:47
Updated-02 Aug, 2024 | 10:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure vulnerability exists in the TGAInput::read_tga2_header functionality of OpenImageIO Project OpenImageIO v2.4.7.1. A specially crafted targa file can lead to a disclosure of sensitive information. An attacker can provide a malicious file to trigger this vulnerability.

Action-Not Available
Vendor-openimageioOpenImageIO Projectopenimageio
Product-openimageioOpenImageIOopenimageio
CWE ID-CWE-125
Out-of-bounds Read
CVE-2019-8011
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-7.5||HIGH
EPSS-2.40% / 84.45%
||
7 Day CHG~0.00%
Published-20 Aug, 2019 | 19:40
Updated-04 Aug, 2024 | 21:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure .

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcwindowsmacosacrobat_reader_dcAdobe Acrobat and Reader
CWE ID-CWE-125
Out-of-bounds Read
CVE-2019-2208
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.5||HIGH
EPSS-0.42% / 60.93%
||
7 Day CHG~0.00%
Published-13 Nov, 2019 | 17:42
Updated-04 Aug, 2024 | 18:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In PromiseBuiltinsAssembler::NewPromiseCapability of builtins-promise.cc, there is a possible out of bounds read in v8 JIT code due to a bug in code generation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-8.1, Android-9 Android ID: A-138441919

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-21224
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.5||HIGH
EPSS-0.62% / 68.97%
||
7 Day CHG~0.00%
Published-28 Jun, 2023 | 00:00
Updated-03 Dec, 2024 | 19:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In ss_ProcessReturnResultComponent of ss_MmConManagement.c, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-265276966References: N/A

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-21353
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.5||HIGH
EPSS-0.66% / 70.25%
||
7 Day CHG~0.00%
Published-30 Oct, 2023 | 16:56
Updated-06 Sep, 2024 | 19:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In NFA, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-21197
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.5||HIGH
EPSS-0.56% / 67.37%
||
7 Day CHG~0.00%
Published-28 Jun, 2023 | 00:00
Updated-04 Dec, 2024 | 21:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In btm_acl_process_sca_cmpl_pkt of btm_acl.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-251427561

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-21180
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.5||HIGH
EPSS-0.38% / 58.89%
||
7 Day CHG~0.00%
Published-28 Jun, 2023 | 00:00
Updated-04 Dec, 2024 | 21:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In xmlParseTryOrFinish of parser.c, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-261365944

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-125
Out-of-bounds Read
CVE-2019-7108
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-7.5||HIGH
EPSS-3.15% / 86.37%
||
7 Day CHG~0.00%
Published-23 May, 2019 | 16:49
Updated-04 Aug, 2024 | 20:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player versions 32.0.0.156 and earlier, 32.0.0.156 and earlier, and 32.0.0.156 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure .

Action-Not Available
Vendor-Google LLCAdobe Inc.Apple Inc.Microsoft CorporationLinux Kernel Organization, Inc
Product-linux_kernelwindows_8.1chrome_osmac_os_xwindowsflash_player_desktop_runtimewindows_10flash_playerAdobe Flash Player
CWE ID-CWE-125
Out-of-bounds Read
CVE-2019-16094
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.42% / 61.29%
||
7 Day CHG~0.00%
Published-08 Sep, 2019 | 02:40
Updated-05 Aug, 2024 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Symonics libmysofa 0.7 has an invalid read in readOHDRHeaderMessageDataLayout in hdf/dataobject.c.

Action-Not Available
Vendor-symonicsn/aCanonical Ltd.
Product-libmysofaubuntu_linuxn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2019-5747
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.38% / 58.35%
||
7 Day CHG~0.00%
Published-09 Jan, 2019 | 16:00
Updated-09 Jun, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in BusyBox through 1.30.0. An out of bounds read in udhcp components (consumed by the DHCP client, server, and/or relay) might allow a remote attacker to leak sensitive information from the stack by sending a crafted DHCP message. This is related to assurance of a 4-byte length when decoding DHCP_SUBNET. NOTE: this issue exists because of an incomplete fix for CVE-2018-20679.

Action-Not Available
Vendor-busyboxn/aCanonical Ltd.
Product-busyboxubuntu_linuxn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2019-16458
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-7.5||HIGH
EPSS-1.92% / 82.58%
||
7 Day CHG~0.00%
Published-19 Dec, 2019 | 14:54
Updated-05 Aug, 2024 | 01:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.011.30152 and earlier, 2017.011.30155 and earlier version, 2017.011.30152 and earlier, and 2015.006.30505 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure .

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcwindowsmacosacrobat_reader_dcAdobe Acrobat and Reader
CWE ID-CWE-125
Out-of-bounds Read
CVE-2019-16461
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-7.5||HIGH
EPSS-1.92% / 82.58%
||
7 Day CHG~0.00%
Published-19 Dec, 2019 | 14:58
Updated-05 Aug, 2024 | 01:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.011.30152 and earlier, 2017.011.30155 and earlier version, 2017.011.30152 and earlier, and 2015.006.30505 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure .

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcwindowsmacosacrobat_reader_dcAdobe Acrobat and Reader
CWE ID-CWE-125
Out-of-bounds Read
CVE-2019-16457
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-7.5||HIGH
EPSS-1.92% / 82.58%
||
7 Day CHG~0.00%
Published-19 Dec, 2019 | 14:53
Updated-05 Aug, 2024 | 01:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.011.30152 and earlier, 2017.011.30155 and earlier version, 2017.011.30152 and earlier, and 2015.006.30505 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure .

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcwindowsmacosacrobat_reader_dcAdobe Acrobat and Reader
CWE ID-CWE-125
Out-of-bounds Read
CVE-2020-9627
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-7.5||HIGH
EPSS-2.40% / 84.45%
||
7 Day CHG+0.62%
Published-26 Jun, 2020 | 20:05
Updated-04 Aug, 2024 | 10:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe DNG Software Development Kit (SDK) 1.5 and earlier versions have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-dng_software_development_kitmacoswindowsAdobe DNG Software Development Kit (SDK)
CWE ID-CWE-125
Out-of-bounds Read
CVE-2016-5842
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.13% / 77.42%
||
7 Day CHG~0.00%
Published-13 Dec, 2016 | 15:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

MagickCore/property.c in ImageMagick before 7.0.2-1 allows remote attackers to obtain sensitive memory information via vectors involving the q variable, which triggers an out-of-bounds read.

Action-Not Available
Vendor-n/aImageMagick Studio LLCOracle Corporation
Product-imagemagicksolarisn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2019-13120
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.32% / 54.68%
||
7 Day CHG~0.00%
Published-07 Oct, 2019 | 21:57
Updated-04 Aug, 2024 | 23:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Amazon FreeRTOS up to and including v1.4.8 lacks length checking in prvProcessReceivedPublish, resulting in untargetable leakage of arbitrary memory contents on a device to an attacker. If an attacker has the authorization to send a malformed MQTT publish packet to an Amazon IoT Thing, which interacts with an associated vulnerable MQTT message in the application, specific circumstances could trigger this vulnerability.

Action-Not Available
Vendor-amazonn/a
Product-amazon_web_services_freertosn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2021-28801
Matching Score-4
Assigner-QNAP Systems, Inc.
ShareView Details
Matching Score-4
Assigner-QNAP Systems, Inc.
CVSS Score-3.1||LOW
EPSS-0.28% / 50.74%
||
7 Day CHG~0.00%
Published-11 Jun, 2021 | 06:35
Updated-17 Sep, 2024 | 00:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Out-of-Bounds Read Vulnerability in QSS

An out-of-bounds read vulnerability has been reported to affect certain QNAP switches running QSS. If exploited, this vulnerability allows attackers to read sensitive information on the system. This issue affects: QNAP Systems Inc. QSS versions prior to 1.0.2 build 20210122 on QSW-M2108-2C; versions prior to 1.0.2 build 20210122 on QSW-M2108-2S; versions prior to 1.0.2 build 20210122 on QSW-M2108R-2C.

Action-Not Available
Vendor-QNAP Systems, Inc.
Product-qsw-m2108-2sqssqsw-m2108-2cqsw-m2108r-2cQSS
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-30347
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4||MEDIUM
EPSS-0.05% / 14.87%
||
7 Day CHG+0.01%
Published-21 Mar, 2025 | 00:00
Updated-24 Mar, 2025 | 14:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Varnish Enterprise before 6.0.13r13 allows remote attackers to obtain sensitive information via an out-of-bounds read for range requests on ephemeral MSE4 stevedore objects.

Action-Not Available
Vendor-varnish-softwarevarnish-software
Product-varnish_enterpriseVarnish Enterprise
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-21669
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-8.2||HIGH
EPSS-0.08% / 24.38%
||
7 Day CHG~0.00%
Published-06 Jun, 2023 | 07:39
Updated-02 Aug, 2024 | 09:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Buffer Over-read in WLAN HOST

Information Disclosure in WLAN HOST while sending DPP action frame to peer with an invalid source address.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qcm2290_firmwarewcn3991_firmwarewcn3991wcd9380_firmwarewcn3990sdm429wqcs2290_firmwaresd865_5gqca6431_firmwaresm8150-acflight_rb5_5g_platformsdm429flight_rb5_5g_platform_firmwaresdm429w_firmwareqcs4290wcn3950_firmwarewcd9380qca6420_firmwareqcs2290qca6390_firmwaresd730_firmwarewcd9370sxr2130wcn685x-5_firmwaresm7150-aa_firmwareqca6426wcn685x-1qrb5165n_firmwarewcn3990_firmwareqca6430_firmwarewcd9335_firmwaresm8250-abwcn3998wcn3980wcd9385_firmwarewcn3950sm7150-ac_firmwarewcn3660bsd855sm7150-acsm6150-ac_firmwarewsa8815wcn3910sdm429_firmwaresnapdragon_xr2_5g_platform_firmwareqca6426_firmwareqcs8250wcn3660b_firmwaresnapdragon_x55_5g_modem-rf_systemsdx55_firmwarewcd9375_firmwarewcn3998_firmwareqrb5165mwcn3980_firmwaresnapdragon_x55_5g_modem-rf_system_firmwaresd730qca6391qca6420qca6436_firmwaresm8250-ab_firmwareqrb5165nsnapdragon_x50_5g_modem-rf_system_firmwaresm7150-aaqca6421_firmwaresm7125aqt1000_firmwaresnapdragon_xr2_5g_platformqcm4290qrb5165m_firmwareqrb5165_firmwaresm7150-ab_firmwareqrb5165wcn685x-5sm8250_firmwaresm8250-acwcn3988_firmwareqca6430qcn9074qca6421sm6250wsa8810_firmwareqcs8250_firmwarewcd9341_firmwareqcm4290_firmwarewsa8810qca6436wcd9335sm8150-ac_firmwarewcn685x-1_firmwareqcs4290_firmwaresm8150_firmwaresxr2130_firmwarewcd9341wcd9385qca6431snapdragon_675_mobile_platformqca6391_firmwaresm7150-abqca6390wcd9375wcn3910_firmwareaqt1000wcd9370_firmwaresm6150-acsm6250_firmwaresm7125_firmwaresdx55snapdragon_x50_5g_modem-rf_systemsm8250sm8250-ac_firmwaresd855_firmwaresd660sd865_5g_firmwaresm8150wcn3620_firmwarewcn3988wsa8815_firmwaresd660_firmwarewcn3620qcn9074_firmwareqcm2290snapdragon_675_mobile_platform_firmwareSnapdragonqcm2290_firmwareaqt1000_firmwarerobotics_rb5_platform_firmwaresnapdragon_675_mobile_platform_firmwarewcd9380_firmwareqcs2290_firmwareqrb5165m_firmwareqca6431_firmwarefastconnect_6900_firmwarewcn3988_firmwareflight_rb5_5g_platform_firmwaresdm429w_firmwarewcn3950_firmwarewsa8810_firmwareqcs8250_firmwarewcd9341_firmwareqca6420_firmwareqcm4290_firmwaresd730_firmwareqcs4290_firmwaresxr2130_firmwarewcn3990_firmwareqrb5165n_firmwareqca6430_firmwarewcd9335_firmwareqca6391_firmwarewcd9385_firmwarewcn3910_firmwaresnapdragon_855_mobile_platform_firmwarewcd9370_firmwaresm6250_firmwaresnapdragon_660_mobile_platform_firmwaresd855_firmwaresd865_5g_firmwaresnapdragon_xr2_5g_platform_firmwarewcn3620_firmwareqca6426_firmwarewcn3660b_firmwarewsa8815_firmwaresd660_firmwarefastconnect_6200_firmwaresnapdragon_429_mobile_platform_firmwaresdx55_firmwaresnapdragon_865_5g_mobile_platform_firmwarewcd9375_firmwareqcn9074_firmwarefastconnect_6800_firmwaresnapdragon_x55_5g_modem-rf_system_firmwarewcn3980_firmwaresnapdragon_720g_mobile_platform_firmwareqca6436_firmwaresnapdragon_x50_5g_modem-rf_system_firmwareqca6421_firmware
CWE ID-CWE-126
Buffer Over-read
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-21347
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.5||HIGH
EPSS-0.72% / 71.65%
||
7 Day CHG~0.00%
Published-30 Oct, 2023 | 16:56
Updated-02 Aug, 2024 | 09:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-21060
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.5||HIGH
EPSS-0.36% / 57.28%
||
7 Day CHG~0.00%
Published-24 Mar, 2023 | 00:00
Updated-20 Feb, 2025 | 16:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In sms_GetTpPiIe of sms_PduCodec.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-253770924References: N/A

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-42524
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.5||HIGH
EPSS-0.66% / 70.29%
||
7 Day CHG~0.00%
Published-16 Dec, 2022 | 00:00
Updated-17 Apr, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In sms_GetTpUdlIe of sms_PduCodec.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-243401445References: N/A

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-125
Out-of-bounds Read
CVE-2021-33649
Matching Score-4
Assigner-openEuler
ShareView Details
Matching Score-4
Assigner-openEuler
CVSS Score-7.5||HIGH
EPSS-0.37% / 58.11%
||
7 Day CHG~0.00%
Published-27 Jun, 2022 | 16:20
Updated-03 Aug, 2024 | 23:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

When performing the inference shape operation of the Transpose operator, if the value in the perm element is greater than or equal to the size of the input_shape, it will access data outside of bounds of input_shape which allocated from heap buffers.

Action-Not Available
Vendor-mindsporen/a
Product-mindsporeopenEuler:mindspore
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-41988
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-5.3||MEDIUM
EPSS-0.13% / 33.80%
||
7 Day CHG~0.00%
Published-23 Dec, 2022 | 23:03
Updated-14 Apr, 2025 | 19:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure vulnerability exists in the OpenImageIO::decode_iptc_iim() functionality of OpenImageIO Project OpenImageIO v2.3.19.0. A specially-crafted TIFF file can lead to a disclosure of sensitive information. An attacker can provide a malicious file to trigger this vulnerability.

Action-Not Available
Vendor-openimageioOpenImageIO ProjectDebian GNU/Linux
Product-debian_linuxopenimageioOpenImageIO
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-40503
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-8.2||HIGH
EPSS-0.07% / 21.25%
||
7 Day CHG~0.00%
Published-04 Apr, 2023 | 04:46
Updated-03 Aug, 2024 | 12:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Buffer over-read in Bluetooth Host.

Information disclosure due to buffer over-read in Bluetooth Host while A2DP streaming.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qca9377_firmwaresm7325-ae_firmwaresa6150p_firmwareqcs610qca8337snapdragon_820_automotive_platform_firmwaresnapdragon_wear_2100_platform_firmwarewcn3950_firmwaresa8150p_firmwareqcs2290qca6595au_firmwareqca6335sm8350sdm670csra6620_firmwareqcs605_firmwarecsra6640_firmwareqcs6125_firmwareapq5053-aa_firmwarewcn685x-1qcs400_firmwaresm7350-ab_firmwaremsm8108sm4375wcn3998qca6554a_firmwaremsm8108_firmwareqam8295pwcn3950sm4125mdm9628sm6375_firmwarewcn3660bsm7150-acsm7315_firmwaresm7325-aeqca6574au_firmwaresm4250-aawcd9375_firmwarewcn3998_firmwaresm6225-admsm8909wqca6420snapdragon_xr2\+_gen_1_platformsdx20mqca9367_firmware8909sm6225-ad_firmwareqrb5165m_firmwareqrb5165_firmwareqcs6125sm7250-ab_firmwareqca64308905_firmwarewcd9340sd626_firmwaresw5100qca64368953_firmwaresa6155pmsm8209_firmwarewcn685x-1_firmwaremdm9250_firmwaresm8150_firmwarewcd9341snapdragon_wear_2500_platformqca6696_firmwaresnapdragon_x12_lte_modemwcn3910_firmwaresm4350_firmwaresa8150psm8250-ac_firmwarewsa8830_firmwaresd855_firmwaresd660sd865_5g_firmwaresm7225_firmwarewcn3988sd660_firmwaresm4250-aa_firmwaresa8195p_firmwarewcn6750_firmwareqcn7606_firmwaresm6125_firmwaresa8295p_firmwarewcn3610msm8608sm6375sm6115_firmwareqca8337_firmwarewcd9380_firmwaresdm429wsw5100pmsm8996au_firmwarewcd9330snapdragon_w5\+_gen_1_wearable_platformqca6564ausdm429sd670_firmwareqca6574apq8053-acwcd9380qcs410apq8053-ac_firmwaresm7150-aa_firmwarec-v2x_9150_firmwareqcn9012_firmwaresd626qca6430_firmwarewcd9335_firmwarewcn3980qca6335_firmwaresm7225qcs605wcd9340_firmwarewsa8815sm6150-ac_firmwarewcn3910qca6320sdm429_firmwaremdm9650_firmwareqca6426_firmwarewcn3660b_firmwarewcn3680sd835wcn3980_firmwaresd730snapdragon_xr2\+_gen_1_platform_firmwarewcd9330_firmwaresnapdragon_x50_5g_modem-rf_system_firmwaresm7150-aasa8295psnapdragon_820_automotive_platformsm6350wcn6740_firmwaresm7125snapdragon_xr2_5g_platformapq8064au_firmwarear8031_firmwarewcn3680_firmwaresm7150-ab_firmwareqrb5165sm8350_firmwaresdm660sm6350_firmware9206_lte_modem_firmwarewcn785x-1_firmwaresdm710sd670qca6564a_firmwareapq8053-lite_firmwareqcm4290_firmwaresnapdragon_x24_lte_modemsw5100p_firmwareqcs610_firmwaresa6145par8031qca6595_firmwaresa8145pqca6391_firmwarewcd9370_firmwareqm215_firmwaresm4350-ac_firmwaresdx55sd888_firmwaresm8250csra6640sa8155psnapdragon_x20_lte_modemsnapdragon_1200_wearable_platformqcm2290qcn7606sdm845_firmwaresnapdragon_wear_2100_platformwsa8830sa8145p_firmwaresm6125snapdragon_x24_lte_modem_firmwareqcs2290_firmwarewcn785x-5mdm9628_firmwareflight_rb5_5g_platformmdm9650csra6620flight_rb5_5g_platform_firmwaresm7250-ac_firmwareqcs4290snapdragon_x20_lte_modem_firmwaremdm9250apq8053-liteqca6420_firmwareqca6390_firmwaresd730_firmwarewcd9370snapdragon_835_mobile_platform_firmwareqca6564sm6115qca6426qca6584au_firmwarewcn3990_firmwareqrb5165n_firmwaresm8450qca9377sm8250-abwcd9385_firmwarewcd9326_firmwarewcn3615_firmwaresnapdragon_1200_wearable_platform_firmwareqam8295p_firmwaresm7325-afqcn9011_firmwaresnapdragon_x55_5g_modem-rf_systemqca6320_firmwarewcn3680b_firmwaresdx55_firmwaresda\/sdm845_firmwaresnapdragon_208_processor_firmwarewcn3615qca6595ausm7325-af_firmwaresm7250p_firmware8953wcn3610_firmwareqca6436_firmwaresm4350-acqrb5165nsnapdragon_w5\+_gen_1_wearable_platform_firmwareqca6564au_firmwareqca6584ausd778gsa6155p_firmwareqca6310apq8053-aa_firmwaresm6225snapdragon_208_processorqcs6490snapdragon_x5_lte_modem_firmware9206_lte_modemqca9367snapdragon_wear_3100_platformsm8250_firmwaresm8250-acwcn3988_firmwareqcn9074sa6145p_firmwareqm215sm6250sd778g_firmwaresm7250-aac-v2x_9150sa8195psxr1120sdm710_firmwareapq8017_firmwarewsa8810_firmwaresm4375_firmwaresm8450_firmwarewcd9326wcd9335apq8053-aaqca6174a_firmwareqcs4290_firmwarewcd9385sxr2130_firmwareqcs6490_firmwaresnapdragon_x12_lte_modem_firmwaresm7150-abqca6390wcd9375sda\/sdm845aqt1000apq8064au8909_firmwaresm6250_firmwaresm6150_firmwarewcn3620_firmwaresm8150wsa8815_firmwareqcm6490wsa8835_firmwarewcn3620sm7350-abapq8017sxr1120_firmwareqca6564awcn785x-1qcm6125_firmwaresnapdragon_x5_lte_modemqcm2290_firmwareapq5053-aawcn3990qca6554asdm845sd865_5g8953proqca6595sm8350-ac_firmwaresm8150-acqcn9012sd888sm6150msm8909w_firmwarewsa8835msm8996ausdm429w_firmwaresnapdragon_835_mobile_platformsxr2130qca6574awcn685x-5_firmwareqca6174asm7325psdm670_firmwareqca6310_firmwaresm7325wcn6750sm7150-ac_firmwaresm7250-abqca6574_firmwaresd855sm4125_firmwaresm7325p_firmwaresnapdragon_xr2_5g_platform_firmwareqca6574a_firmware8953pro_firmwaremsm8209qrb5165mwcn785x-5_firmwaresm7315snapdragon_x55_5g_modem-rf_system_firmwaresm8250-ab_firmwareqca6391aqt1000_firmwareqcm4290qcm6490_firmwaresnapdragon_xr1_platformwcn685x-5qcn9011sm6225_firmwareqca6574ausa8155p_firmwarewcd9341_firmwaresdx20m_firmwareqcm6125sm7250-aa_firmwarewsa88108905sm7250-acsm8150-ac_firmwarewcn3680bsm8350-acsd835_firmwareqca6564_firmwaresnapdragon_wear_2500_platform_firmwarewcn6740qca6696sm4350msm8608_firmwaresm6150-acsm7125_firmwaresnapdragon_x50_5g_modem-rf_systemsa6150psm7250psnapdragon_wear_3100_platform_firmwaresw5100_firmwareqcn9074_firmwareqcs410_firmwareqcs400sdm660_firmwaresnapdragon_xr1_platform_firmwaresm7325_firmwareSnapdragon
CWE ID-CWE-126
Buffer Over-read
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-27206
Matching Score-4
Assigner-Google Devices
ShareView Details
Matching Score-4
Assigner-Google Devices
CVSS Score-7.5||HIGH
EPSS-0.36% / 57.28%
||
7 Day CHG~0.00%
Published-11 Mar, 2024 | 18:55
Updated-03 Apr, 2025 | 15:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroidandroid
CWE ID-CWE-125
Out-of-bounds Read
CVE-2021-27482
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.5||HIGH
EPSS-0.18% / 40.34%
||
7 Day CHG~0.00%
Published-12 May, 2022 | 19:18
Updated-16 Apr, 2025 | 16:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
EIPStackGroup OpENer Ethernet/IP Out-of-bounds Read

A specifically crafted packet sent by an attacker to EIPStackGroup OpENer EtherNet/IP commits and versions prior to Feb 10, 2021 may allow the attacker to read arbitrary data.

Action-Not Available
Vendor-opener_projectEIPStackGroup
Product-openerOpENer EtherNet/IP
CWE ID-CWE-125
Out-of-bounds Read
CVE-2021-33648
Matching Score-4
Assigner-openEuler
ShareView Details
Matching Score-4
Assigner-openEuler
CVSS Score-7.5||HIGH
EPSS-0.30% / 52.80%
||
7 Day CHG~0.00%
Published-27 Jun, 2022 | 16:17
Updated-03 Aug, 2024 | 23:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

When performing the inference shape operation of Affine, Concat, MatMul, ArgMinMax, EmbeddingLookup, and Gather operators, if the input shape size is 0, it will access data outside of bounds of shape which allocated from heap buffers.

Action-Not Available
Vendor-mindsporen/a
Product-mindsporeopenEuler:mindspore
CWE ID-CWE-125
Out-of-bounds Read
CVE-2021-34424
Matching Score-4
Assigner-Zoom Video Communications, Inc.
ShareView Details
Matching Score-4
Assigner-Zoom Video Communications, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.40% / 59.79%
||
7 Day CHG~0.00%
Published-24 Nov, 2021 | 16:54
Updated-16 Sep, 2024 | 17:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Process memory exposure in Zoom Client and other products

A vulnerability was discovered in the Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.8.4, Zoom Client for Meetings for Blackberry (for Android and iOS) before version 5.8.1, Zoom Client for Meetings for intune (for Android and iOS) before version 5.8.4, Zoom Client for Meetings for Chrome OS before version 5.0.1, Zoom Rooms for Conference Room (for Android, AndroidBali, macOS, and Windows) before version 5.8.3, Controllers for Zoom Rooms (for Android, iOS, and Windows) before version 5.8.3, Zoom VDI Windows Meeting Client before version 5.8.4, Zoom VDI Azure Virtual Desktop Plugins (for Windows x86 or x64, IGEL x64, Ubuntu x64, HP ThinPro OS x64) before version 5.8.4.21112, Zoom VDI Citrix Plugins (for Windows x86 or x64, Mac Universal Installer & Uninstaller, IGEL x64, eLux RP6 x64, HP ThinPro OS x64, Ubuntu x64, CentOS x 64, Dell ThinOS) before version 5.8.4.21112, Zoom VDI VMware Plugins (for Windows x86 or x64, Mac Universal Installer & Uninstaller, IGEL x64, eLux RP6 x64, HP ThinPro OS x64, Ubuntu x64, CentOS x 64, Dell ThinOS) before version 5.8.4.21112, Zoom Meeting SDK for Android before version 5.7.6.1922, Zoom Meeting SDK for iOS before version 5.7.6.1082, Zoom Meeting SDK for macOS before version 5.7.6.1340, Zoom Meeting SDK for Windows before version 5.7.6.1081, Zoom Video SDK (for Android, iOS, macOS, and Windows) before version 1.1.2, Zoom on-premise Meeting Connector before version 4.8.12.20211115, Zoom on-premise Meeting Connector MMR before version 4.8.12.20211115, Zoom on-premise Recording Connector before version 5.1.0.65.20211116, Zoom on-premise Virtual Room Connector before version 4.4.7266.20211117, Zoom on-premise Virtual Room Connector Load Balancer before version 2.5.5692.20211117, Zoom Hybrid Zproxy before version 1.0.1058.20211116, and Zoom Hybrid MMR before version 4.6.20211116.131_x86-64 which potentially allowed for the exposure of the state of process memory. This issue could be used to potentially gain insight into arbitrary areas of the product's memory.

Action-Not Available
Vendor-Google LLCApple Inc.Microsoft CorporationZoom Communications, Inc.Linux Kernel Organization, Inc
Product-iphone_oszoom_on-premise_meeting_connector_mmrcontrollers_for_zoom_roomsmeetingsvdi_vmwarewindows_meeting_sdkmacos_meeting_sdkwindows_video_sdkmacos_video_sdkmeetings_for_intunevirtual_desktop_infrastructuremacosmeetings_for_blackberryzoom_on-premise_virtual_room_connectorzoom_on-premise_recording_connectorandroid_meeting_sdkiphone_os_meeting_sdklinux_kernelmeetings_for_chrome_osrooms_for_conference_roomsandroidhybrid_mmrhybrid_zproxyvdi_azure_virtual_desktopzoom_on-premise_virtual_room_connector_load_balancerwindowsandroid_video_sdkzoom_on-premise_meeting_connector_controlleriphone_os_video_sdkvdi_citrixZoom VDI VMware Plugins (for Windows x86 or x64, Mac Universal Installer & Uninstaller, IGEL x64, eLux RP6 x64, HP ThinPro OS x64, Ubuntu x64, CentOS x 64, Dell ThinOS)Zoom on-premise Meeting ConnectorZoom Hybrid MMRZoom Video SDK (for Android, iOS, macOS, and Windows)Zoom on-premise Virtual Room Connector Load BalancerZoom Meeting SDK for AndroidZoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows)Zoom Meeting SDK for WindowsZoom Meeting SDK for macOSZoom VDI Windows Meeting ClientZoom VDI Citrix Plugins (for Windows x86 or x64, Mac Universal Installer & Uninstaller, IGEL x64, eLux RP6 x64, HP ThinPro OS x64, Ubuntu x64, CentOS x 64, Dell ThinOS)Zoom Client for Meetings for Chrome OSZoom Client for Meetings for Blackberry (for Android and iOS)Zoom on-premise Recording ConnectorZoom Hybrid ZproxyZoom Client for Meetings for intune (for Android and iOS)Zoom on-premise Meeting Connector MMRZoom Rooms for Conference Room (for Android, AndroidBali, macOS, and Windows)Zoom Meeting SDK for iOSZoom VDI Azure Virtual Desktop Plugins (for Windows x86 or x64, IGEL x64, Ubuntu x64, HP ThinPro OS x64)Zoom on-premise Virtual Room ConnectorControllers for Zoom Rooms (for Android, iOS, and Windows)
CWE ID-CWE-125
Out-of-bounds Read
CVE-2021-33650
Matching Score-4
Assigner-openEuler
ShareView Details
Matching Score-4
Assigner-openEuler
CVSS Score-7.5||HIGH
EPSS-0.30% / 52.80%
||
7 Day CHG~0.00%
Published-27 Jun, 2022 | 16:24
Updated-03 Aug, 2024 | 23:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

When performing the inference shape operation of the SparseToDense operator, if the number of inputs is less than three, it will access data outside of bounds of inputs which allocated from heap buffers.

Action-Not Available
Vendor-mindsporen/a
Product-mindsporeopenEuler:mindspore
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-39283
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-5.9||MEDIUM
EPSS-0.09% / 26.75%
||
7 Day CHG~0.00%
Published-12 Oct, 2022 | 00:00
Updated-23 Apr, 2025 | 16:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
FreeRDP may read and display out of bounds data

FreeRDP is a free remote desktop protocol library and clients. All FreeRDP based clients when using the `/video` command line switch might read uninitialized data, decode it as audio/video and display the result. FreeRDP based server implementations are not affected. This issue has been patched in version 2.8.1. If you cannot upgrade do not use the `/video` switch.

Action-Not Available
Vendor-FreeRDPFedora Project
Product-freerdpfedoraFreeRDP
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-908
Use of Uninitialized Resource
CVE-2021-30660
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-0.60% / 68.53%
||
7 Day CHG~0.00%
Published-08 Sep, 2021 | 14:48
Updated-03 Aug, 2024 | 22:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. A malicious application may be able to disclose kernel memory.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_oswatchostvosipadosmacostvOSmacOSwatchOSiOS and iPadOS
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-23334
Matching Score-4
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-4
Assigner-NVIDIA Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.05% / 14.31%
||
7 Day CHG~0.00%
Published-06 Aug, 2025 | 12:43
Updated-12 Aug, 2025 | 16:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability in the Python backend, where an attacker could cause an out-of-bounds read by sending a request. A successful exploit of this vulnerability might lead to information disclosure.

Action-Not Available
Vendor-NVIDIA CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-triton_inference_serverwindowslinux_kernelTriton Inference Server
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-23333
Matching Score-4
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-4
Assigner-NVIDIA Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.05% / 14.31%
||
7 Day CHG~0.00%
Published-06 Aug, 2025 | 12:42
Updated-12 Aug, 2025 | 16:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability in the Python backend, where an attacker could cause an out-of-bounds read by manipulating shared memory data. A successful exploit of this vulnerability might lead to information disclosure.

Action-Not Available
Vendor-NVIDIA CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-triton_inference_serverwindowslinux_kernelTriton Inference Server
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-39891
Matching Score-4
Assigner-Samsung Mobile
ShareView Details
Matching Score-4
Assigner-Samsung Mobile
CVSS Score-4.3||MEDIUM
EPSS-0.28% / 51.16%
||
7 Day CHG~0.00%
Published-09 Nov, 2022 | 00:00
Updated-01 May, 2025 | 19:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap overflow vulnerability in parse_pce function in libsavsaudio.so in Editor Lite prior to version 4.0.41.3 allows attacker to get information.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-editor_liteEditor Lite
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-20915
Matching Score-4
Assigner-Samsung Mobile
ShareView Details
Matching Score-4
Assigner-Samsung Mobile
CVSS Score-5.5||MEDIUM
EPSS-0.04% / 12.46%
||
7 Day CHG~0.00%
Published-06 Mar, 2025 | 05:04
Updated-17 Jul, 2025 | 01:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-of-bounds read in applying binary of voice content in Samsung Notes prior to version 4.4.26.71 allows attackers to read out-of-bounds memory.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-notesSamsung Notes
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-20918
Matching Score-4
Assigner-Samsung Mobile
ShareView Details
Matching Score-4
Assigner-Samsung Mobile
CVSS Score-5.5||MEDIUM
EPSS-0.04% / 12.46%
||
7 Day CHG~0.00%
Published-06 Mar, 2025 | 05:04
Updated-16 Jul, 2025 | 17:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-of-bounds read in applying extra data of base content in Samsung Notes prior to version 4.4.26.71 allows attackers to read out-of-bounds memory.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-notesSamsung Notes
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-20659
Matching Score-4
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-4
Assigner-MediaTek, Inc.
CVSS Score-7.5||HIGH
EPSS-0.14% / 35.29%
||
7 Day CHG~0.00%
Published-07 Apr, 2025 | 03:14
Updated-11 Apr, 2025 | 13:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01519028; Issue ID: MSV-2768.

Action-Not Available
Vendor-MediaTek Inc.
Product-mt6833p_firmwaremt8798_firmwaremt6739_firmwaremt6762_firmwaremt6853_firmwaremt6980mt6980d_firmwaremt6769kmt6761_firmwaremt6785u_firmwaremt8796mt6781_firmwaremt8673_firmwaremt6853t_firmwaremt2737_firmwaremt6899_firmwaremt6985_firmwaremt6896_firmwaremt6765mt6893mt8676_firmwaremt6813_firmwaremt6883_firmwaremt8797_firmwaremt6855tmt6879_firmwaremt6873mt6983mt6779mt8667_firmwaremt2737mt6883mt6765_firmwaremt6991mt8786mt6785umt6877t_firmwaremt6991_firmwaremt6855mt6779_firmwaremt8786_firmwaremt8791t_firmwaremt6895_firmwaremt6885_firmwaremt6833pmt6895ttmt8666_firmwaremt6769_firmwaremt6878mt8771mt8788e_firmwaremt6990mt6853tmt6762dmt6899mt8766_firmwaremt8768_firmwaremt8678mt6896mt6769zmt8791tmt6980_firmwaremt6879mt6835t_firmwaremt6897mt6985t_firmwaremt6769s_firmwaremt6877ttmt6835tmt8768mt6895tt_firmwaremt6762mmt8675_firmwaremt8676mt6877tt_firmwaremt8788mt6890mt6886mt6762m_firmwaremt6763mt6983t_firmwaremt6891_firmwaremt8678_firmwaremt6769tmt6875t_firmwaremt8788emt8667mt6989_firmwaremt6767mt6833_firmwaremt6769mt6761mt8797mt8796_firmwaremt6878mmt2735mt6853mt6989tmt6769t_firmwaremt6880_firmwaremt6989t_firmwaremt6877mt6855_firmwaremt6878_firmwaremt6878m_firmwaremt6875_firmwaremt6771_firmwaremt6889mt6768mt6762d_firmwaremt6897_firmwaremt8771_firmwaremt6873_firmwaremt6769k_firmwaremt6880mt6785tmt6835_firmwaremt6877tmt8765mt6980dmt6983tmt6895mt6877_firmwaremt6985tmt6885mt6886_firmwaremt8781_firmwaremt8863mt6833mt6889_firmwaremt6783mt6875tmt6855t_firmwaremt6891mt8666mt6890_firmwaremt8798mt6785mt6985mt8673mt6771mt6783_firmwaremt6989mt6789mt6768_firmwaremt6765tmt6739mt6762mt6835mt6983_firmwaremt2735_firmwaremt6763_firmwaremt6875mt6785t_firmwaremt6781mt8766mt6765t_firmwaremt8675mt6990_firmwaremt8781mt8788_firmwaremt6769smt6785_firmwaremt6769z_firmwaremt6789_firmwaremt6813mt6767_firmwaremt6893_firmwaremt8765_firmwaremt8863_firmwareMT2735, MT2737, MT6739, MT6761, MT6762, MT6762D, MT6762M, MT6763, MT6765, MT6765T, MT6767, MT6768, MT6769, MT6769K, MT6769S, MT6769T, MT6769Z, MT6771, MT6779, MT6781, MT6783, MT6785, MT6785T, MT6785U, MT6789, MT6813, MT6833, MT6833P, MT6835, MT6835T, MT6853, MT6853T, MT6855, MT6855T, MT6873, MT6875, MT6875T, MT6877, MT6877T, MT6877TT, MT6878, MT6878M, MT6879, MT6880, MT6883, MT6885, MT6886, MT6889, MT6890, MT6891, MT6893, MT6895, MT6895TT, MT6896, MT6897, MT6899, MT6980, MT6980D, MT6983, MT6983T, MT6985, MT6985T, MT6989, MT6989T, MT6990, MT6991, MT8666, MT8667, MT8673, MT8675, MT8676, MT8678, MT8765, MT8766, MT8768, MT8771, MT8781, MT8786, MT8788, MT8788E, MT8791T, MT8796, MT8797, MT8798, MT8863
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-20914
Matching Score-4
Assigner-Samsung Mobile
ShareView Details
Matching Score-4
Assigner-Samsung Mobile
CVSS Score-5.5||MEDIUM
EPSS-0.04% / 12.46%
||
7 Day CHG~0.00%
Published-06 Mar, 2025 | 05:04
Updated-17 Jul, 2025 | 01:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-of-bounds read in applying binary of hand writing content in Samsung Notes prior to version 4.4.26.71 allows attackers to read out-of-bounds memory.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-notesSamsung Notes
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-20921
Matching Score-4
Assigner-Samsung Mobile
ShareView Details
Matching Score-4
Assigner-Samsung Mobile
CVSS Score-5.5||MEDIUM
EPSS-0.04% / 12.46%
||
7 Day CHG~0.00%
Published-06 Mar, 2025 | 05:04
Updated-16 Jul, 2025 | 16:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-of-bounds read in applying binary of text content in Samsung Notes prior to version 4.4.26.71 allows attackers to read out-of-bounds memory.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-notesSamsung Notes
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-20922
Matching Score-4
Assigner-Samsung Mobile
ShareView Details
Matching Score-4
Assigner-Samsung Mobile
CVSS Score-5.5||MEDIUM
EPSS-0.04% / 12.46%
||
7 Day CHG~0.00%
Published-06 Mar, 2025 | 05:04
Updated-16 Jul, 2025 | 16:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-of-bounds read in appending text paragraph in Samsung Notes prior to version 4.4.26.71 allows attackers to read out-of-bounds memory.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-notesSamsung Notes
CWE ID-CWE-125
Out-of-bounds Read
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • Next
Details not found