Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-35371

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-29 Nov, 2024 | 00:00
Updated At-02 Dec, 2024 | 16:25
Rejected At-
Credits

Ant-Media-Serverv2.8.2 is affected by Improper Output Neutralization for Logs. The vulnerability stems from insufficient input sanitization in the logging mechanism. Without proper filtering or validation, user-controllable data, such as identifiers or other sensitive information, can be included in log entries without restrictions.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:29 Nov, 2024 | 00:00
Updated At:02 Dec, 2024 | 16:25
Rejected At:
▼CVE Numbering Authority (CNA)

Ant-Media-Serverv2.8.2 is affected by Improper Output Neutralization for Logs. The vulnerability stems from insufficient input sanitization in the logging mechanism. Without proper filtering or validation, user-controllable data, such as identifiers or other sensitive information, can be included in log entries without restrictions.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/ant-media/ant-media-server/commit/4d4763bd4fd06e515c19544e5170ca0f34c9ce45
N/A
https://github.com/ant-media/Ant-Media-Server/blob/ams-v2.8.2/src/main/java/io/antmedia/rest/RestServiceBase.java#L356
N/A
https://gist.github.com/1047524396/4eb17867f2e375f4824274c5e7b4d384
N/A
Hyperlink: https://github.com/ant-media/ant-media-server/commit/4d4763bd4fd06e515c19544e5170ca0f34c9ce45
Resource: N/A
Hyperlink: https://github.com/ant-media/Ant-Media-Server/blob/ams-v2.8.2/src/main/java/io/antmedia/rest/RestServiceBase.java#L356
Resource: N/A
Hyperlink: https://gist.github.com/1047524396/4eb17867f2e375f4824274c5e7b4d384
Resource: N/A
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Vendor
ant-media
Product
Ant-Media-Server
CPEs
  • cpe:2.3:a:ant-media:Ant-Media-Server:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • 2.8.2
Problem Types
TypeCWE IDDescription
CWECWE-125CWE-125 Out-of-bounds Read
Type: CWE
CWE ID: CWE-125
Description: CWE-125 Out-of-bounds Read
Metrics
VersionBase scoreBase severityVector
3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:29 Nov, 2024 | 20:15
Updated At:02 Dec, 2024 | 17:15

Ant-Media-Serverv2.8.2 is affected by Improper Output Neutralization for Logs. The vulnerability stems from insufficient input sanitization in the logging mechanism. Without proper filtering or validation, user-controllable data, such as identifiers or other sensitive information, can be included in log entries without restrictions.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Type: Secondary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-125Secondary134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE ID: CWE-125
Type: Secondary
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://gist.github.com/1047524396/4eb17867f2e375f4824274c5e7b4d384cve@mitre.org
N/A
https://github.com/ant-media/Ant-Media-Server/blob/ams-v2.8.2/src/main/java/io/antmedia/rest/RestServiceBase.java#L356cve@mitre.org
N/A
https://github.com/ant-media/ant-media-server/commit/4d4763bd4fd06e515c19544e5170ca0f34c9ce45cve@mitre.org
N/A
Hyperlink: https://gist.github.com/1047524396/4eb17867f2e375f4824274c5e7b4d384
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://github.com/ant-media/Ant-Media-Server/blob/ams-v2.8.2/src/main/java/io/antmedia/rest/RestServiceBase.java#L356
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://github.com/ant-media/ant-media-server/commit/4d4763bd4fd06e515c19544e5170ca0f34c9ce45
Source: cve@mitre.org
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

312Records found
CVE-2019-5747
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.38% / 58.33%
||
7 Day CHG~0.00%
Published-09 Jan, 2019 | 16:00
Updated-09 Jun, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in BusyBox through 1.30.0. An out of bounds read in udhcp components (consumed by the DHCP client, server, and/or relay) might allow a remote attacker to leak sensitive information from the stack by sending a crafted DHCP message. This is related to assurance of a 4-byte length when decoding DHCP_SUBNET. NOTE: this issue exists because of an incomplete fix for CVE-2018-20679.

Action-Not Available
Vendor-busyboxn/aCanonical Ltd.
Product-busyboxubuntu_linuxn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-44103
Matching Score-4
Assigner-Huawei Technologies
ShareView Details
Matching Score-4
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.08% / 24.45%
||
7 Day CHG~0.00%
Published-11 Oct, 2023 | 11:51
Updated-18 Sep, 2024 | 15:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-of-bounds read vulnerability in the Bluetooth module.Successful exploitation of this vulnerability may affect service confidentiality.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosemuiHarmonyOSEMUI
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-20224
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.5||HIGH
EPSS-1.50% / 80.40%
||
7 Day CHG~0.00%
Published-13 Jul, 2022 | 18:22
Updated-03 Aug, 2024 | 02:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In AT_SKIP_REST of bta_hf_client_at.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote information disclosure in the Bluetooth stack with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-220732646

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-125
Out-of-bounds Read
CVE-2021-42144
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.10% / 27.32%
||
7 Day CHG~0.00%
Published-24 Jan, 2024 | 00:00
Updated-20 Jun, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer over-read vulnerability in Contiki-NG tinyDTLS through master branch 53a0d97 allows attackers obtain sensitive information via crafted input to dtls_ccm_decrypt_message().

Action-Not Available
Vendor-contiki-ngn/a
Product-contiki-ng_tinydtlsn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-4458
Matching Score-4
Assigner-Fedora Project
ShareView Details
Matching Score-4
Assigner-Fedora Project
CVSS Score-4||MEDIUM
EPSS-0.20% / 41.75%
||
7 Day CHG+0.02%
Published-14 Nov, 2024 | 12:09
Updated-19 Aug, 2025 | 17:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Kernel: ksmbd: smb2_open out-of-bounds read information disclosure vulnerability

A flaw was found within the parsing of extended attributes in the kernel ksmbd module. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this to disclose sensitive information on affected installations of Linux. Only systems with ksmbd enabled are vulnerable to this CVE.

Action-Not Available
Vendor-Linux Kernel Organization, IncRed Hat, Inc.
Product-linux_kernelRed Hat Enterprise Linux 9Red Hat Enterprise Linux 8Red Hat Enterprise Linux 7Red Hat Enterprise Linux 6
CWE ID-CWE-125
Out-of-bounds Read
CVE-2019-7061
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-7.5||HIGH
EPSS-2.06% / 83.17%
||
7 Day CHG~0.00%
Published-23 May, 2019 | 17:27
Updated-04 Aug, 2024 | 20:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010.20098 and earlier, 2017.011.30127 and earlier version, and 2015.006.30482 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure .

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-mac_os_xacrobat_dcwindowsacrobat_reader_dcAdobe Acrobat and Reader
CWE ID-CWE-125
Out-of-bounds Read
CVE-2021-40402
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-9.3||CRITICAL
EPSS-0.34% / 56.37%
||
7 Day CHG~0.00%
Published-14 Apr, 2022 | 19:56
Updated-15 Apr, 2025 | 19:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out-of-bounds read vulnerability exists in the RS-274X aperture macro multiple outline primitives functionality of Gerbv 2.7.0 and dev (commit b5f1eacd), and Gerbv forked 2.7.1 and 2.8.0. A specially-crafted Gerber file can lead to information disclosure. An attacker can provide a malicious file to trigger this vulnerability.

Action-Not Available
Vendor-gerbv_projectGerbv
Product-gerbvGerbv forkedGerbv
CWE ID-CWE-755
Improper Handling of Exceptional Conditions
CWE ID-CWE-125
Out-of-bounds Read
CVE-2020-0413
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.5||HIGH
EPSS-1.62% / 81.07%
||
7 Day CHG~0.00%
Published-14 Oct, 2020 | 13:05
Updated-04 Aug, 2024 | 06:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In gatt_process_read_by_type_rsp of gatt_cl.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure in the Bluetooth server with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11 Android-8.0Android ID: A-158778659

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-125
Out-of-bounds Read
CVE-2021-3998
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-0.10% / 27.97%
||
7 Day CHG~0.00%
Published-24 Aug, 2022 | 00:00
Updated-09 Jun, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in glibc. The realpath() function can mistakenly return an unexpected value, potentially leading to information leakage and disclosure of sensitive data.

Action-Not Available
Vendor-n/aGNUNetApp, Inc.
Product-h700sh300sh410s_firmwareh410c_firmwareh300s_firmwareh700s_firmwareh410ch500sh500s_firmwareglibcontap_select_deploy_administration_utilityh410sglibc
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-252
Unchecked Return Value
CVE-2021-39974
Matching Score-4
Assigner-Huawei Technologies
ShareView Details
Matching Score-4
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.13% / 33.39%
||
7 Day CHG~0.00%
Published-03 Jan, 2022 | 21:07
Updated-04 Aug, 2024 | 02:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is an Out-of-bounds read in Smartphones.Successful exploitation of this vulnerability may affect service confidentiality.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-magic_uiemuiharmonyosMagic UIHarmonyOSEMUI
CWE ID-CWE-125
Out-of-bounds Read
CVE-2021-40400
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-9.3||CRITICAL
EPSS-0.19% / 40.94%
||
7 Day CHG~0.00%
Published-14 Apr, 2022 | 19:56
Updated-15 Apr, 2025 | 19:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out-of-bounds read vulnerability exists in the RS-274X aperture macro outline primitive functionality of Gerbv 2.7.0 and dev (commit b5f1eacd) and the forked version of Gerbv (commit d7f42a9a). A specially-crafted Gerber file can lead to information disclosure. An attacker can provide a malicious file to trigger this vulnerability.

Action-Not Available
Vendor-gerbv_projectGerbv
Product-gerbvGerbv forkedGerbv
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-125
Out-of-bounds Read
CVE-2021-40020
Matching Score-4
Assigner-Huawei Technologies
ShareView Details
Matching Score-4
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.19% / 40.67%
||
7 Day CHG~0.00%
Published-07 Jan, 2022 | 22:39
Updated-04 Aug, 2024 | 02:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is an Out-of-bounds array read vulnerability in the security storage module in smartphones. Successful exploitation of this vulnerability may affect service confidentiality.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-magic_uiemuiMagic UIEMUI
CWE ID-CWE-125
Out-of-bounds Read
CVE-2021-39726
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.5||HIGH
EPSS-0.29% / 51.91%
||
7 Day CHG~0.00%
Published-16 Mar, 2022 | 14:03
Updated-04 Aug, 2024 | 02:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In cd_ParseMsg of cd_codec.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-181782896References: N/A

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-125
Out-of-bounds Read
CVE-2021-39677
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.5||HIGH
EPSS-0.12% / 32.16%
||
7 Day CHG~0.00%
Published-11 Feb, 2022 | 17:40
Updated-04 Aug, 2024 | 02:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In startVideoStream() there is a possibility of an OOB Read in the heap, when the camera buffer is ‘zero’ in size.Product: AndroidVersions: Android-11Android ID: A-205097028

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-125
Out-of-bounds Read
CVE-2021-39809
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.5||HIGH
EPSS-0.29% / 51.91%
||
7 Day CHG~0.00%
Published-12 Apr, 2022 | 16:11
Updated-04 Aug, 2024 | 02:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In avrc_ctrl_pars_vendor_rsp of avrc_pars_ct.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-205837191

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-21226
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.5||HIGH
EPSS-0.66% / 70.29%
||
7 Day CHG~0.00%
Published-28 Jun, 2023 | 00:00
Updated-27 Nov, 2024 | 16:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In SAEMM_RetrieveTaiList of SAEMM_ContextManagement.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-240728187References: N/A

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-125
Out-of-bounds Read
CVE-2021-33649
Matching Score-4
Assigner-openEuler
ShareView Details
Matching Score-4
Assigner-openEuler
CVSS Score-7.5||HIGH
EPSS-0.37% / 58.08%
||
7 Day CHG~0.00%
Published-27 Jun, 2022 | 16:20
Updated-03 Aug, 2024 | 23:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

When performing the inference shape operation of the Transpose operator, if the value in the perm element is greater than or equal to the size of the input_shape, it will access data outside of bounds of input_shape which allocated from heap buffers.

Action-Not Available
Vendor-mindsporen/a
Product-mindsporeopenEuler:mindspore
CWE ID-CWE-125
Out-of-bounds Read
CVE-2019-2310
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.5||HIGH
EPSS-0.30% / 52.58%
||
7 Day CHG~0.00%
Published-12 Dec, 2019 | 08:30
Updated-04 Aug, 2024 | 18:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out of bound read would occur while trying to read action category and action ID without validating the action length of the Rx Frame body in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8909, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, QCA6174A, QCA6574AU, QCA9377, QCA9379, QCN7605, QCS605, SDA660, SDA845, SDM450, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SM8150

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qca9377_firmwaremdm9640_firmwaremsm8996au_firmwaresdm845sdm450_firmwaremdm9650msm8940_firmwaremsm8996auapq8009_firmwaremsm8917sdm670qcs605_firmwaremdm9206qca9379_firmwareqca6174asdm670_firmwaresdm636sda845_firmwareqca9377apq8098qcn7605mdm9206_firmwareqcs605mdm9640msm8937_firmwaremdm9650_firmwareqca6574au_firmwaresda660apq8009msm8909_firmwareapq8053_firmwaresda845msm8920msm8953sdm450sdm636_firmwareapq8098_firmwaresdx20msm8998_firmwaresdm660msm8920_firmwaresdm630mdm9607_firmwareqca6574ausdm710mdm9607apq8017_firmwaresdm710_firmwareqcn7605_firmwaremsm8937mdm9207c_firmwaremdm9207cqca6174a_firmwaresm8150_firmwaremsm8909apq8096ausdm630_firmwaresda660_firmwaremsm8940apq8053apq8096au_firmwaremsm8953_firmwaremsm8917_firmwaremsm8998sm8150sdx20_firmwareapq8017qca9379sdm660_firmwaresdm845_firmwareSnapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
CWE ID-CWE-125
Out-of-bounds Read
CVE-2021-33648
Matching Score-4
Assigner-openEuler
ShareView Details
Matching Score-4
Assigner-openEuler
CVSS Score-7.5||HIGH
EPSS-0.30% / 52.78%
||
7 Day CHG~0.00%
Published-27 Jun, 2022 | 16:17
Updated-03 Aug, 2024 | 23:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

When performing the inference shape operation of Affine, Concat, MatMul, ArgMinMax, EmbeddingLookup, and Gather operators, if the input shape size is 0, it will access data outside of bounds of shape which allocated from heap buffers.

Action-Not Available
Vendor-mindsporen/a
Product-mindsporeopenEuler:mindspore
CWE ID-CWE-125
Out-of-bounds Read
CVE-2021-33650
Matching Score-4
Assigner-openEuler
ShareView Details
Matching Score-4
Assigner-openEuler
CVSS Score-7.5||HIGH
EPSS-0.30% / 52.78%
||
7 Day CHG~0.00%
Published-27 Jun, 2022 | 16:24
Updated-03 Aug, 2024 | 23:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

When performing the inference shape operation of the SparseToDense operator, if the number of inputs is less than three, it will access data outside of bounds of inputs which allocated from heap buffers.

Action-Not Available
Vendor-mindsporen/a
Product-mindsporeopenEuler:mindspore
CWE ID-CWE-125
Out-of-bounds Read
CVE-2017-18688
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.12% / 32.16%
||
7 Day CHG~0.00%
Published-07 Apr, 2020 | 14:09
Updated-05 Aug, 2024 | 21:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered on Samsung mobile devices with L(5.1), M(6.0), and N(7.0) software. There is an information disclosure (of memory locations outside a buffer) via /dev/dsm_ctrl_dev. The Samsung ID is SVE-2016-7340 (January 2017).

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2019-2208
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.5||HIGH
EPSS-0.42% / 60.91%
||
7 Day CHG~0.00%
Published-13 Nov, 2019 | 17:42
Updated-04 Aug, 2024 | 18:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In PromiseBuiltinsAssembler::NewPromiseCapability of builtins-promise.cc, there is a possible out of bounds read in v8 JIT code due to a bug in code generation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-8.1, Android-9 Android ID: A-138441919

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-23526
Matching Score-4
Assigner-HackerOne
ShareView Details
Matching Score-4
Assigner-HackerOne
CVSS Score-5.3||MEDIUM
EPSS-1.61% / 81.03%
||
7 Day CHG~0.00%
Published-19 Apr, 2024 | 01:10
Updated-06 May, 2025 | 18:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out-of-bounds read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3, in certain conditions can allow an unauthenticated remote attacker to read sensitive information in memory.

Action-Not Available
Vendor-Ivanti Software
Product-avalancheAvalancheavalanche
CWE ID-CWE-125
Out-of-bounds Read
CVE-2021-27482
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.5||HIGH
EPSS-0.18% / 40.32%
||
7 Day CHG~0.00%
Published-12 May, 2022 | 19:18
Updated-16 Apr, 2025 | 16:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
EIPStackGroup OpENer Ethernet/IP Out-of-bounds Read

A specifically crafted packet sent by an attacker to EIPStackGroup OpENer EtherNet/IP commits and versions prior to Feb 10, 2021 may allow the attacker to read arbitrary data.

Action-Not Available
Vendor-opener_projectEIPStackGroup
Product-openerOpENer EtherNet/IP
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-23529
Matching Score-4
Assigner-HackerOne
ShareView Details
Matching Score-4
Assigner-HackerOne
CVSS Score-5.3||MEDIUM
EPSS-1.61% / 81.03%
||
7 Day CHG~0.00%
Published-19 Apr, 2024 | 01:10
Updated-06 May, 2025 | 19:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out-of-bounds read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3, in certain conditions can allow an unauthenticated remote attacker to read sensitive information in memory.

Action-Not Available
Vendor-Ivanti Software
Product-avalancheAvalancheavalanche
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-21458
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.11% / 30.19%
||
7 Day CHG~0.00%
Published-01 Jul, 2024 | 14:17
Updated-01 Aug, 2024 | 22:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Buffer Over-read in WLAN HOST

Information disclosure while handling SA query action frame.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qcn5024_firmwareqam8255p_firmwareqcn9070qca8337qam8650pqfw7124ipq8173_firmwareqam8775pqcf8001qamsrv1mqcn6224_firmwareqcn5124qca4024_firmwareqca8082qcn9072qca8386immersive_home_318_platform_firmwareipq8078aipq5028_firmwareqca6595au_firmwareipq6000qcn5152_firmwareqca0000_firmwareqca6584au_firmwareqcn9000_firmwareipq9554qamsrv1hqca6554a_firmwareimmersive_home_216_platformipq8076aimmersive_home_316_platformimmersive_home_316_platform_firmwareqamsrv1h_firmwareqca8386_firmwareqcn6024_firmwareqca8084_firmwareimmersive_home_318_platformipq8074aqcn6412qcn5124_firmwareqca8082_firmwaresa9000p_firmwareqca6574au_firmwareqcn5122_firmwareqcn5164_firmwareqcn6422_firmwareqca6595auqca8081_firmwareqcn6023_firmwareqfw7114sa7255psdx55_firmwareipq5010qca6564au_firmwareqca6584ausa8620p_firmwaresnapdragon_x65_5g_modem-rf_system_firmwareipq8078a_firmwareqcn9274qca6678aq_firmwaresnapdragon_x72_5g_modem-rf_systemsa8775p_firmwareipq8174ipq5028qca6698aqqcn5052qca0000qcf8001_firmwareipq6010qcn6112_firmwareqcn9074srv1hqca8085sa7775p_firmwaresdx65mwcd9340qcn6132qcn6224sa8255p_firmwaresnapdragon_x75_5g_modem-rf_systemqca8081qcf8000qca6698aq_firmwareipq8071aqcn6023sa7775psdx65m_firmwareipq5312ipq8071a_firmwaresnapdragon_auto_5g_modem-rf_gen_2immersive_home_3210_platformqca8085_firmwareipq5300qam8775p_firmwareqca9888_firmwareqcn6122qca6696_firmwaresa8255psa8770p_firmwaresnapdragon_auto_5g_modem-rf_gen_2_firmwareipq9008_firmwareipq9570qcn5154_firmwarear8035csr8811qcc710_firmwareqcn9100_firmwareipq5010_firmwareipq8074a_firmwareqcn5022_firmwareimmersive_home_216_platform_firmwaresa8770pqca8337_firmwareqcn9000ipq8072aqcf8000_firmwareqca6554aipq8076a_firmwareqca6595ipq8078qca6564auqca8084ipq8173ipq9008qcn5164immersive_home_326_platform_firmwareqcn6122_firmwareqca6574qcn6402_firmwarecsr8811_firmwareqcn6274qcn6422ipq9554_firmwaresnapdragon_x72_5g_modem-rf_system_firmwareqcn5154qca8075_firmwareqca6574aqcn5024qca9889qcn6132_firmwareqca9888qcn5052_firmwareqcn9274_firmwareqcc2076_firmwareipq8070a_firmwareqfw7114_firmwareqcc2073_firmwareipq6018_firmwareipq8076_firmwaresa8650pqca6574_firmwaresa9000pwcd9340_firmwareqcn6112ipq8076qca6574a_firmwareqcn5152ipq6028sa8775pqcn9024ipq9574_firmwareimmersive_home_3210_platform_firmwareipq5302fastconnect_7800qcn9100qcn6274_firmwareqca6678aqsnapdragon_x65_5g_modem-rf_systemipq5300_firmwareipq8078_firmwareipq9570_firmwareqcn9070_firmwaresa8650p_firmwaresnapdragon_x75_5g_modem-rf_system_firmwaresrv1h_firmwareipq6028_firmwareipq8072a_firmwareqcn6432_firmwareipq5312_firmwareqca6574auqca9889_firmwareipq9574qcn5122qcn9024_firmwareipq8174_firmwaresa7255p_firmwarefastconnect_7800_firmwaresa8620pqcn6412_firmwareipq5332_firmwareipq5332ipq5302_firmwareimmersive_home_326_platformqamsrv1m_firmwareipq6018qcn5022srv1m_firmwareqam8650p_firmwareqcc710ipq6010_firmwareimmersive_home_214_platformqca6595_firmwareqca6696immersive_home_214_platform_firmwareqca4024sdx55qca8075qcn6402qcn9022_firmwareqcn6024qcn9022qcc2076ipq8070aqcn9072_firmwareipq6000_firmwaresrv1mqcn9074_firmwareqfw7124_firmwareqam8255pqcc2073qcn6432ar8035_firmwareSnapdragonqcn5024_firmwareqam8255p_firmwareqca8337_firmwareqcf8000_firmwareipq8076a_firmwareipq8173_firmwareqcn6224_firmwareqca4024_firmwareimmersive_home_326_platform_firmwareqcn6122_firmwareqcn6402_firmwareimmersive_home_318_platform_firmwarecsr8811_firmwareipq5028_firmwareqca6595au_firmwareipq9554_firmwaresnapdragon_x72_5g_modem-rf_system_firmwareqca8075_firmwareqcn5152_firmwareqca0000_firmwareqcn6132_firmwareqca6584au_firmwareqcn9000_firmwareqcn5052_firmwareqcn9274_firmwareqcc2076_firmwareipq8070a_firmwareqca6554a_firmwareqfw7114_firmwareqcn6024_firmwareqca8386_firmwareqcc2073_firmwareimmersive_home_316_platform_firmwareqamsrv1h_firmwareipq6018_firmwareipq8076_firmwareqca6574_firmwareqca8084_firmwarewcd9340_firmwareqcn5124_firmwareqca8082_firmwaresa9000p_firmwareqca6574a_firmwareqca6574au_firmwareqcn5122_firmwareqcn5164_firmwareqcn6422_firmwaresdx55_firmwareqca8081_firmwareqcn6023_firmwareipq9574_firmwareimmersive_home_3210_platform_firmwareqca6564au_firmwaresa8620p_firmwaresnapdragon_x65_5g_modem-rf_system_firmwareipq8078a_firmwareqca6678aq_firmwareqcn6274_firmwaresa8775p_firmwareipq5300_firmwareipq8078_firmwareipq9570_firmwareqcn9070_firmwaresa8650p_firmwaresnapdragon_x75_5g_modem-rf_system_firmwareqcf8001_firmwaresrv1h_firmwareipq6028_firmwareipq8072a_firmwareqcn6112_firmwareqcn6432_firmwareipq5312_firmwareqca9889_firmwaresa7775p_firmwareqcn9024_firmwareipq8174_firmwaresa7255p_firmwarefastconnect_7800_firmwaresa8255p_firmwareqcn6412_firmwareipq5332_firmwareipq5302_firmwareqca6698aq_firmwareqamsrv1m_firmwaresdx65m_firmwaresrv1m_firmwareipq8071a_firmwareqam8650p_firmwaresa8770p_firmwareqca8085_firmwareqam8775p_firmwareqca9888_firmwaresnapdragon_auto_5g_modem-rf_gen_2_firmwareipq6010_firmwareqca6696_firmwareqca6595_firmwareipq9008_firmwareqcn5154_firmwareimmersive_home_214_platform_firmwareqcc710_firmwareqcn9100_firmwareqcn9022_firmwareipq5010_firmwareipq8074a_firmwareqcn9072_firmwareipq6000_firmwareqcn9074_firmwareqcn5022_firmwareqfw7124_firmwareimmersive_home_216_platform_firmwarear8035_firmware
CWE ID-CWE-126
Buffer Over-read
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-22011
Matching Score-4
Assigner-Google Devices
ShareView Details
Matching Score-4
Assigner-Google Devices
CVSS Score-7.5||HIGH
EPSS-0.50% / 65.05%
||
7 Day CHG~0.00%
Published-11 Mar, 2024 | 18:55
Updated-26 Mar, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In ss_ProcessRejectComponent of ss_MmConManagement.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-21459
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.13% / 32.59%
||
7 Day CHG~0.00%
Published-05 Aug, 2024 | 14:21
Updated-15 Aug, 2025 | 20:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Buffer Over-read in WLAN HOST

Information disclosure while handling beacon or probe response frame in STA.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qcn5124ipq6000_firmwareqamsrv1mqamsrv1hqcn5152_firmwaresrv1h_firmwareqca6431ar8035_firmwaresa8620pipq6028_firmwarewcd9380qcn6132_firmwareqcn6412sd865_5g_firmwareimmersive_home_318_platformipq5332qca6426_firmwaresnapdragon_x65_5g_modem-rf_system_firmwarevideo_collaboration_vc3_platformqcn5154qca6436_firmwareqcn9100_firmwareqcn9000_firmwareipq9570qcn9074qcf8000_firmwareqcc710_firmwareqca6595au_firmwarewcd9370_firmwareimmersive_home_318_platform_firmwareqca4024_firmwareipq5300_firmwaresa7255par9380_firmwareqca6175aqcn6422_firmwareqca9984qca0000ipq8076a_firmwareqfw7114_firmwarear8035snapdragon_auto_5g_modem-rf_gen_2qcn6402qam8650psnapdragon_865\+_5g_mobile_platform_\(sm8250-ab\)qcn6432qcn5164_firmwareipq9554_firmwareqca7500_firmwareipq8068ipq8064_firmwareipq8074asa6155pqcs410_firmwareipq8071a_firmwarewsa8830ipq9008_firmwareqca8075ipq8174qcn6122qca6595ausa8775psrv1mipq8076aipq8078a_firmwareqca9898srv1m_firmwarewcn3988_firmwaresa8650p_firmwareqcs610qca6595snapdragon_x72_5g_modem-rf_system_firmwareqcn5022_firmwarevideo_collaboration_vc1_platformsw5100psxr2130_firmwareqca8337_firmwaresnapdragon_865_5g_mobile_platformqca8084_firmwareipq8072awcd9385qca6426qcn6274_firmwaresnapdragon_xr2_5g_platformimmersive_home_214_platformqcf8001_firmwareimmersive_home_326_platformqca6574au_firmwareipq8064sa6155p_firmwaresa6145p_firmwareqca6678aqqca6175a_firmwareqcn9072_firmwareqca0000_firmwareipq6028qcn6023qca9992sdx65m_firmwareipq5028_firmwaresa4155psa8255pipq8076_firmwaresdx65mqca9980sd865_5gsa8150p_firmwareipq5300qca9886_firmwarefastconnect_6900ipq8173_firmwareqcn6274ipq8070aqca8085ipq8065sa9000pqcn6132qcn5164qcn6024srv1hsa8255p_firmwareqca6421qca6564auqamsrv1m_firmwareqcn5124_firmwareqcn9024_firmwareqcn9274_firmwarewcd9340sa8155pqca6574a_firmwarecsr8811sa8770pipq5312qca9980_firmwarevideo_collaboration_vc1_platform_firmwaresa6150p_firmwareqca9994_firmwareqcn6422qcn5022qca6696_firmwareqca6421_firmwaresa4150p_firmwareqcs410qca8082qcn6224_firmwareqcn9070fastconnect_7800_firmwareqcn9070_firmwareqcn6402_firmwareipq6000qcn5024_firmwareqca8386_firmwareipq5332_firmwareipq6018snapdragon_870_5g_mobile_platform_\(sm8250-ac\)_firmwarewsa8810_firmwaresa8150pqca6391qcc2076qcn6023_firmwareqca7500ipq9574_firmwareqca6431_firmwarewsa8835_firmwarewcd9370fastconnect_6800_firmwareqam8255p_firmwareipq4029ipq9570_firmwareipq6010wcd9385_firmwaresa4150pipq5010_firmwarewcd9340_firmwarewsa8830_firmwareqca6436qamsrv1h_firmwaresa8195p_firmwarear9380wsa8810ipq4019snapdragon_x65_5g_modem-rf_systemqca9992_firmwareqcn5122_firmwareqcn9074_firmwareqcc2073_firmwareipq8078qca6678aq_firmwareqam8295p_firmwareqcn5052qca6391_firmwareqcn5024wcn3950_firmwareimmersive_home_3210_platform_firmwarewcd9341wsa8815_firmwareipq8065_firmwareqca9898_firmwareqcs610_firmwareqcn6432_firmwareqam8775p_firmwareipq8070a_firmwaresnapdragon_870_5g_mobile_platform_\(sm8250-ac\)sdx55_firmwareipq5302sa8155p_firmwareqcn9022snapdragon_w5\+_gen_1_wearable_platform_firmwareqca9990snapdragon_x75_5g_modem-rf_system_firmwareqca8084ipq9554sa4155p_firmwarewsa8835sa8650psa7775pqfw7124_firmwareqca9880snapdragon_xr2_5g_platform_firmwaresxr2130sa7255p_firmwareipq8072a_firmwareqcn6122_firmwarewcn3988qca9888_firmwareqcn5154_firmwareqca8082_firmwareqca6595_firmwaresnapdragon_w5\+_gen_1_wearable_platformsa7775p_firmwareqca9984_firmwareqca9985_firmwareqfw7124wcn3980_firmwaresnapdragon_x55_5g_modem-rf_systemsa8145pipq5312_firmwarewcd9380_firmwaresw5100_firmwareqcn5052_firmwareipq8078aqam8295pqca9985immersive_home_3210_platformsa9000p_firmwareqcn6224qfw7114qca6698aq_firmwareipq8174_firmwaresnapdragon_auto_5g_modem-rfqca9889_firmwareqcn9072qca6584au_firmwareqcc710qca6554aqcn6412_firmwareqca9880_firmwareipq8173ipq5302_firmwareqca6564au_firmwareqca9886qcc2073sa6145pwcn3950qcn6024_firmwaresa8295p_firmwareqca8081_firmwareipq8078_firmwareqcn9024sa8195pqca8085_firmwareqcn5122fastconnect_7800qca9994sa8620p_firmwaresw5100snapdragon_auto_4g_modemsa6150pipq5010qca6574auqca6696wsa8815sw5100p_firmwareqam8255pimmersive_home_326_platform_firmwareqcf8001qca6574snapdragon_865_5g_mobile_platform_firmwareqca6554a_firmwareqcn9274ipq4028qam8775pcsrb31024qca8075_firmwareqcn5152ipq9008qca9889ipq8074a_firmwareipq9574qcn6112snapdragon_x72_5g_modem-rf_systemqcn9022_firmwareqca6698aqipq8076qam8650p_firmwareqcc2076_firmwareipq5028qca6574_firmwarevideo_collaboration_vc3_platform_firmwareimmersive_home_214_platform_firmwaresnapdragon_auto_4g_modem_firmwareipq6018_firmwareqca8386qca6574asnapdragon_x55_5g_modem-rf_system_firmwareimmersive_home_316_platformcsrb31024_firmwarefastconnect_6800qca6584auqcn6112_firmwareqca9888immersive_home_316_platform_firmwareqcn9100ipq4029_firmwareipq4028_firmwarewcn3980sdx55sa8295pipq8071aimmersive_home_216_platformsnapdragon_auto_5g_modem-rf_gen_2_firmwarefastconnect_6900_firmwareqcf8000snapdragon_x75_5g_modem-rf_systemqca4024qca8337ipq8068_firmwaresa8145p_firmwaresa8770p_firmwaresa8775p_firmwareqca8081immersive_home_216_platform_firmwaresnapdragon_865\+_5g_mobile_platform_\(sm8250-ab\)_firmwarewcd9341_firmwarecsr8811_firmwareipq4019_firmwareqca9990_firmwaresnapdragon_auto_5g_modem-rf_firmwareqcn9000ipq6010_firmwareSnapdragonqcn5024_firmwareqam8255p_firmwaresa6150p_firmwaresa8145p_firmwareipq4028_firmwareipq8173_firmwareqca6431_firmwareqcn6224_firmwareqca4024_firmwareqca9880_firmwareimmersive_home_318_platform_firmwarewcn3950_firmwareipq5028_firmwaresa8150p_firmwareqca6595au_firmwaresnapdragon_auto_4g_modem_firmwareqcn5152_firmwareqca0000_firmwareqca6584au_firmwareqcn9000_firmwareqca9984_firmwareqca6554a_firmwarequalcomm_video_collaboration_vc3_platform_firmwarewcd9385_firmwareqcn6024_firmwareqca8386_firmwareimmersive_home_316_platform_firmwareqamsrv1h_firmwareqca8084_firmwareqcn5124_firmwareqam8295p_firmwareqca8082_firmwaresa9000p_firmwareqca6574au_firmwareqcn5122_firmwareqcn5164_firmwareqcn6422_firmwaresdx55_firmwareqca8081_firmwareqcn6023_firmwareqca6436_firmwareqca6564au_firmwaresa8620p_firmwaresa6155p_firmwaresnapdragon_auto_5g_modem-rf_firmwaresnapdragon_x65_5g_modem-rf_system_firmwareipq8078a_firmwareqca6678aq_firmwaresa8775p_firmwareipq4029_firmwaresa4155p_firmwareqcf8001_firmwareqcn6112_firmwarewcn3988_firmwaresa6145p_firmwaresa7775p_firmwarewsa8810_firmwaresa8255p_firmwareqca6698aq_firmwaresdx65m_firmwareipq8071a_firmwaresa8770p_firmwareqca8085_firmwareqam8775p_firmwareipq8068_firmwareqca9888_firmwaresnapdragon_auto_5g_modem-rf_gen_2_firmwareqca6696_firmwaresxr2130_firmwareipq9008_firmwareqcn5154_firmwareqca9898_firmwareqcc710_firmwareqcn9100_firmwarewsa8830_firmwareqca9992_firmwaresd865_5g_firmwareipq5010_firmwareipq8074a_firmwarewsa8815_firmwarewsa8835_firmwaresa8195p_firmwaresnapdragon_865_5g_mobile_platform_firmwarefastconnect_6800_firmwareqcn5022_firmwaresa8295p_firmwareimmersive_home_216_platform_firmwarequalcomm_video_collaboration_vc1_platform_firmwareqca9985_firmwareqca8337_firmwarewcd9380_firmwareqca7500_firmwareqca9980_firmwareqcf8000_firmwareipq8076a_firmwarear9380_firmwareimmersive_home_326_platform_firmwareqcn6122_firmwareipq8065_firmwareqcn6402_firmwarecsr8811_firmwareipq9554_firmwaresnapdragon_x72_5g_modem-rf_system_firmwareqca8075_firmwareipq4019_firmwareqcn6132_firmwareqca9994_firmwareqcn5052_firmwareqcn9274_firmwareqcc2076_firmwareipq8070a_firmwareqfw7114_firmwareqcc2073_firmwareipq6018_firmwareipq8076_firmwareqca6574_firmwarewcd9340_firmwaresnapdragon_xr2_5g_platform_firmwareqca6426_firmwareqca6574a_firmwareipq9574_firmwarewcn3980_firmwaresnapdragon_x55_5g_modem-rf_system_firmwareimmersive_home_3210_platform_firmwareipq8064_firmwareqca6421_firmwareqcn6274_firmwarecsrb31024_firmwareipq5300_firmwareipq8078_firmwareipq9570_firmwareqcn9070_firmwaresa8650p_firmwaresnapdragon_x75_5g_modem-rf_system_firmwarefastconnect_6900_firmwaresrv1h_firmwareipq6028_firmwareipq8072a_firmwareqcn6432_firmwareipq5312_firmwareqca9889_firmwaresa8155p_firmwareqcn9024_firmwareipq8174_firmwaresa7255p_firmwarewcd9341_firmwarefastconnect_7800_firmwareqcn6412_firmwaresw5100p_firmwareipq5332_firmwareqcs610_firmwareipq5302_firmwareqamsrv1m_firmwaresrv1m_firmwareqca9886_firmwareqam8650p_firmwareipq6010_firmwareqca6595_firmwareqca6391_firmwareimmersive_home_214_platform_firmwaresa4150p_firmwarewcd9370_firmwareqcn9022_firmwareqca9990_firmwareqcn9072_firmwareipq6000_firmwaresw5100_firmwareqcn9074_firmwareqcs410_firmwareqfw7124_firmwareqca6175a_firmwarear8035_firmware
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-126
Buffer Over-read
CVE-2023-39908
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.21% / 43.13%
||
7 Day CHG~0.00%
Published-14 Aug, 2023 | 00:00
Updated-09 Oct, 2024 | 15:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The PKCS11 module of the YubiHSM 2 SDK through 2023.01 does not properly validate the length of specific read operations on object metadata. This may lead to disclosure of uninitialized and previously used memory.

Action-Not Available
Vendor-yubicon/a
Product-yubihsm_2_sdkn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2019-16458
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-7.5||HIGH
EPSS-1.92% / 82.59%
||
7 Day CHG~0.00%
Published-19 Dec, 2019 | 14:54
Updated-05 Aug, 2024 | 01:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.011.30152 and earlier, 2017.011.30155 and earlier version, 2017.011.30152 and earlier, and 2015.006.30505 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure .

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcwindowsmacosacrobat_reader_dcAdobe Acrobat and Reader
CWE ID-CWE-125
Out-of-bounds Read
CVE-2019-16091
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.43% / 61.58%
||
7 Day CHG~0.00%
Published-08 Sep, 2019 | 02:41
Updated-05 Aug, 2024 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Symonics libmysofa 0.7 has an out-of-bounds read in directblockRead in hdf/fractalhead.c.

Action-Not Available
Vendor-symonicsn/aCanonical Ltd.
Product-libmysofaubuntu_linuxn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2019-16094
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.42% / 61.27%
||
7 Day CHG~0.00%
Published-08 Sep, 2019 | 02:40
Updated-05 Aug, 2024 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Symonics libmysofa 0.7 has an invalid read in readOHDRHeaderMessageDataLayout in hdf/dataobject.c.

Action-Not Available
Vendor-symonicsn/aCanonical Ltd.
Product-libmysofaubuntu_linuxn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2019-16456
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-7.5||HIGH
EPSS-1.92% / 82.59%
||
7 Day CHG~0.00%
Published-19 Dec, 2019 | 14:52
Updated-05 Aug, 2024 | 01:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.011.30152 and earlier, 2017.011.30155 and earlier version, 2017.011.30152 and earlier, and 2015.006.30505 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure .

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcwindowsmacosacrobat_reader_dcAdobe Acrobat and Reader
CWE ID-CWE-125
Out-of-bounds Read
CVE-2019-16465
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-7.5||HIGH
EPSS-1.92% / 82.59%
||
7 Day CHG~0.00%
Published-19 Dec, 2019 | 15:02
Updated-05 Aug, 2024 | 01:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.011.30152 and earlier, 2017.011.30155 and earlier version, 2017.011.30152 and earlier, and 2015.006.30505 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure .

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcwindowsmacosacrobat_reader_dcAdobe Acrobat and Reader
CWE ID-CWE-125
Out-of-bounds Read
CVE-2019-16449
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-7.5||HIGH
EPSS-1.92% / 82.59%
||
7 Day CHG~0.00%
Published-19 Dec, 2019 | 14:39
Updated-05 Aug, 2024 | 01:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.011.30152 and earlier, 2017.011.30155 and earlier version, 2017.011.30152 and earlier, and 2015.006.30505 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure .

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcwindowsmacosacrobat_reader_dcAdobe Acrobat and Reader
CWE ID-CWE-125
Out-of-bounds Read
CVE-2019-16461
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-7.5||HIGH
EPSS-1.92% / 82.59%
||
7 Day CHG~0.00%
Published-19 Dec, 2019 | 14:58
Updated-05 Aug, 2024 | 01:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.011.30152 and earlier, 2017.011.30155 and earlier version, 2017.011.30152 and earlier, and 2015.006.30505 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure .

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcwindowsmacosacrobat_reader_dcAdobe Acrobat and Reader
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-39176
Matching Score-4
Assigner-Fedora Project
ShareView Details
Matching Score-4
Assigner-Fedora Project
CVSS Score-5.8||MEDIUM
EPSS-0.24% / 46.23%
||
7 Day CHG~0.00%
Published-18 Nov, 2024 | 09:50
Updated-06 Aug, 2025 | 13:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Kernel: ksmbd: transform header out-of-bounds read information disclosure vulnerability

A flaw was found within the parsing of SMB2 requests that have a transform header in the kernel ksmbd module. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this to disclose sensitive information on affected installations of Linux. Only systems with ksmbd enabled are vulnerable to this CVE.

Action-Not Available
Vendor-Linux Kernel Organization, IncRed Hat, Inc.
Product-linux_kernelRed Hat Enterprise Linux 9Red Hat Enterprise Linux 8Red Hat Enterprise Linux 7Red Hat Enterprise Linux 6
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-39179
Matching Score-4
Assigner-Fedora Project
ShareView Details
Matching Score-4
Assigner-Fedora Project
CVSS Score-7.5||HIGH
EPSS-0.17% / 38.73%
||
7 Day CHG~0.00%
Published-18 Nov, 2024 | 09:51
Updated-06 Aug, 2025 | 13:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Kernel: ksmbd: read request out-of-bounds read information disclosure vulnerability

A flaw was found within the handling of SMB2 read requests in the kernel ksmbd module. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this to disclose sensitive information on affected installations of Linux. Only systems with ksmbd enabled are vulnerable to this CVE.

Action-Not Available
Vendor-Linux Kernel Organization, IncRed Hat, Inc.
Product-linux_kernelRed Hat Enterprise Linux 9Red Hat Enterprise Linux 8Red Hat Enterprise Linux 7Red Hat Enterprise Linux 6
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-21467
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.10% / 28.51%
||
7 Day CHG~0.00%
Published-05 Aug, 2024 | 14:21
Updated-26 Nov, 2024 | 15:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Buffer Over-read in WLAN Host Communication

Information disclosure while handling beacon probe frame during scan entry generation in client side.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qam8255p_firmwareipq8173_firmwareqca6431_firmwareqcf8001qam8775pqamsrv1mqcn5124qca4024_firmwareimmersive_home_318_platform_firmwareipq8078aipq5028_firmwareqca6595au_firmwaresnapdragon_865\+_5g_mobile_platform_\(sm8250-ab\)_firmwareqca6554a_firmwareqcn6024_firmwareqca8386_firmwareipq8076aimmersive_home_316_platform_firmwareqca8084_firmwareqcn6412qcn5164_firmwareqca6574au_firmwareqcn6422_firmwareqca8081_firmwareipq8078a_firmwareqca6678aq_firmwareipq5028sa4155p_firmwareqca6698aqqcf8001_firmwareqca0000ipq6010sdx65msa7775p_firmwareqcn6432snapdragon_870_5g_mobile_platform_\(sm8250-ac\)qcn6132sw5100qca6436sa6155pqcf8000qca6698aq_firmwareipq5312snapdragon_auto_5g_modem-rf_gen_2_firmwareqcn6122sa8255pqca9888_firmwareqam8775p_firmwareqca6431qca6696_firmwareipq9008_firmwareqcn5154_firmwarewsa8830_firmwarewcn3988sa8195p_firmwaresnapdragon_865_5g_mobile_platform_firmwarefastconnect_6800_firmwareqcn5022_firmwareimmersive_home_216_platform_firmwaresa8770pwcd9380_firmwareipq8072asw5100pipq8076a_firmwaresnapdragon_w5\+_gen_1_wearable_platformqca8084qca6564auipq8078ipq8173ipq9008qcn5164snapdragon_870_5g_mobile_platform_\(sm8250-ac\)_firmwareqca6574qcn6402_firmwarecsr8811_firmwarewcd9380ipq9554_firmwareqcn5024wcn3980qcn5052_firmwareqcn9274_firmwareqcc2073_firmwareipq6018_firmwarewsa8815qcn6112qca6426_firmwareipq6028qcn9024ipq9574_firmwarewcn3980_firmwareimmersive_home_3210_platform_firmwareipq5302qca6421_firmwaresnapdragon_x65_5g_modem-rf_systemqca6678aqsa8650p_firmwareipq8078_firmwarefastconnect_6900snapdragon_865\+_5g_mobile_platform_\(sm8250-ab\)fastconnect_6900_firmwareqcn9024_firmwaresa7255p_firmwareipq8174_firmwaresa8620pqcn6412_firmwaresw5100p_firmwareipq5332ipq5302_firmwareqamsrv1m_firmwareimmersive_home_326_platformipq6018immersive_home_214_platformqca6595_firmwareqca6391_firmwaresa4150p_firmwareimmersive_home_214_platform_firmwareqca4024sdx55qcn6402sa8155psrv1mqam8255psa4155pqcn5024_firmwarewsa8830qcn9070qam8650psnapdragon_865_5g_mobile_platformqcn9072qca8082qca8386ipq6000qcn5152_firmwareqca0000_firmwareqca6426qca6584au_firmwareqcn9000_firmwareqamsrv1hipq9554wcd9385_firmwareimmersive_home_216_platformimmersive_home_316_platformqamsrv1h_firmwareipq8074aimmersive_home_318_platformqcn5124_firmwaresa9000p_firmwaresnapdragon_x55_5g_modem-rf_systemqca8082_firmwaresdx55_firmwaresa7255pqcn5122_firmwareqca6595auqcn6023_firmwareqca6436_firmwaresnapdragon_w5\+_gen_1_wearable_platform_firmwareipq5010qca6564au_firmwaresa8620p_firmwaresa6155p_firmwareqca6584ausnapdragon_x65_5g_modem-rf_system_firmwareqcn9274sa8775p_firmwareipq8174qcn5052qcn6112_firmwarewcn3988_firmwareqcn9074srv1hqca8085qca6421sa8195pwsa8810_firmwaresa8255p_firmwareqca8081snapdragon_auto_5g_modem-rf_gen_2qcn6023sdx65m_firmwaresa7775pipq8071aipq8071a_firmwareimmersive_home_3210_platformwcd9385sa8770p_firmwareqca8085_firmwareipq5300ipq9570csr8811qcn9100_firmwareipq5010_firmwarewsa8815_firmwareipq8074a_firmwarewsa8835_firmwaresa4150pqcn9000qcf8000_firmwareqca6554afastconnect_6800qca6595immersive_home_326_platform_firmwarewsa8835qcn6122_firmwareqcn6422qcn5154qca8075_firmwareqca6574aqca9889qcn6132_firmwareqca9888qcc2076_firmwareipq8070a_firmwareipq8076_firmwaresa8650psa9000pqca6574_firmwareipq8076qca6175asa8775pqcn5152qca6574a_firmwaresnapdragon_x55_5g_modem-rf_system_firmwareqca6391fastconnect_7800qcn9100ipq5300_firmwareipq9570_firmwareqcn9070_firmwaresrv1h_firmwareipq8072a_firmwareipq6028_firmwareqcn6432_firmwareipq5312_firmwareqca6574ausa8155p_firmwareqca9889_firmwareqcn5122ipq9574fastconnect_7800_firmwarewsa8810ipq5332_firmwaresrv1m_firmwareqcn5022qam8650p_firmwareipq6010_firmwareqca6696qcn9022_firmwareqca8075qcn9022qcn6024qcc2076ipq8070aqcn9072_firmwareipq6000_firmwaresw5100_firmwareqcn9074_firmwareqcc2073qca6175a_firmwareSnapdragonqcn5024_firmwareqam8255p_firmwarewcd9380_firmwareqcf8000_firmwareipq8076a_firmwareipq8173_firmwareqca6431_firmwareqca4024_firmwareimmersive_home_326_platform_firmwareqcn6122_firmwareqcn6402_firmwareimmersive_home_318_platform_firmwarecsr8811_firmwareipq5028_firmwareqca6595au_firmwareipq9554_firmwareqca8075_firmwareqcn5152_firmwareqca0000_firmwareqcn6132_firmwareqca6584au_firmwareqcn9000_firmwareqcn5052_firmwareqcn9274_firmwareqcc2076_firmwareipq8070a_firmwareqca6554a_firmwarewcd9385_firmwareqcn6024_firmwareqca8386_firmwareqcc2073_firmwareimmersive_home_316_platform_firmwareqamsrv1h_firmwareipq6018_firmwareipq8076_firmwareqca6574_firmwareqca8084_firmwareqcn5124_firmwareqca6426_firmwareqca8082_firmwaresa9000p_firmwareqca6574a_firmwareqca6574au_firmwareqcn5122_firmwareqcn5164_firmwareqcn6422_firmwaresdx55_firmwareqca8081_firmwareqcn6023_firmwareipq9574_firmwarewcn3980_firmwaresnapdragon_x55_5g_modem-rf_system_firmwareimmersive_home_3210_platform_firmwareqca6436_firmwareqca6421_firmwareqca6564au_firmwaresa8620p_firmwaresa6155p_firmwaresnapdragon_x65_5g_modem-rf_system_firmwareipq8078a_firmwareqca6678aq_firmwaresa8775p_firmwareipq5300_firmwareipq8078_firmwaresa4155p_firmwareipq9570_firmwareqcn9070_firmwaresa8650p_firmwareqcf8001_firmwarefastconnect_6900_firmwaresrv1h_firmwareipq6028_firmwareipq8072a_firmwareqcn6112_firmwarewcn3988_firmwareqcn6432_firmwareipq5312_firmwareqca9889_firmwaresa8155p_firmwaresa7775p_firmwareqcn9024_firmwareipq8174_firmwaresa7255p_firmwarewsa8810_firmwarefastconnect_7800_firmwaresa8255p_firmwareqcn6412_firmwaresw5100p_firmwareipq5332_firmwareipq5302_firmwareqca6698aq_firmwareqamsrv1m_firmwaresdx65m_firmwaresrv1m_firmwareipq8071a_firmwareqam8650p_firmwaresa8770p_firmwareqca8085_firmwareqam8775p_firmwareqca9888_firmwaresnapdragon_auto_5g_modem-rf_gen_2_firmwareipq6010_firmwareqca6696_firmwareqca6595_firmwareipq9008_firmwareqca6391_firmwareqcn5154_firmwareimmersive_home_214_platform_firmwaresa4150p_firmwareqcn9100_firmwareqcn9022_firmwarewsa8830_firmwareipq5010_firmwareipq8074a_firmwarewsa8815_firmwarewsa8835_firmwareqcn9072_firmwareipq6000_firmwaresa8195p_firmwaresnapdragon_865_5g_mobile_platform_firmwaresw5100_firmwareqcn9074_firmwarefastconnect_6800_firmwareqcn5022_firmwareimmersive_home_216_platform_firmwareqca6175a_firmware
CWE ID-CWE-126
Buffer Over-read
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-4918
Matching Score-4
Assigner-Mozilla Corporation
ShareView Details
Matching Score-4
Assigner-Mozilla Corporation
CVSS Score-7.5||HIGH
EPSS-0.05% / 16.92%
||
7 Day CHG~0.00%
Published-17 May, 2025 | 21:07
Updated-28 May, 2025 | 14:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An attacker was able to perform an out-of-bounds read or write on a JavaScript `Promise` object. This vulnerability affects Firefox < 138.0.4, Firefox ESR < 128.10.1, Firefox ESR < 115.23.1, Thunderbird < 128.10.2, and Thunderbird < 138.0.2.

Action-Not Available
Vendor-Mozilla Corporation
Product-firefoxthunderbirdThunderbirdFirefoxFirefox ESR
CWE ID-CWE-125
Out-of-bounds Read
CVE-2019-10983
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.5||HIGH
EPSS-0.48% / 64.03%
||
7 Day CHG~0.00%
Published-28 Jun, 2019 | 20:38
Updated-04 Aug, 2024 | 22:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In WebAccess/SCADA Versions 8.3.5 and prior, an out-of-bounds read vulnerability is caused by a lack of proper validation of user-supplied data. Exploitation of this vulnerability may allow disclosure of information.

Action-Not Available
Vendor-Advantech (Advantech Co., Ltd.)
Product-webaccessWebAccess/SCADA
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-36905
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-3.75% / 87.56%
||
7 Day CHG~0.00%
Published-08 Aug, 2023 | 17:08
Updated-01 Jan, 2025 | 01:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Wireless Wide Area Network Service (WwanSvc) Information Disclosure Vulnerability

Windows Wireless Wide Area Network Service (WwanSvc) Information Disclosure Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_11_21h2windows_10_22h2windows_10windows_11_22h2windows_server_2019windows_10_1607Windows 10 Version 1607Windows 10 Version 1507Windows 10 Version 21H2Windows 11 version 22H2Windows Server 2019 (Server Core installation)Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 11 version 21H2Windows Server 2019Windows 10 Version 22H2Windows Server 2016
CWE ID-CWE-125
Out-of-bounds Read
CVE-2020-0176
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.5||HIGH
EPSS-0.31% / 53.78%
||
7 Day CHG~0.00%
Published-11 Jun, 2020 | 14:43
Updated-04 Aug, 2024 | 05:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In avdt_msg_prs_rej of avdt_msg.cc, there is a possible out-of-bounds read due to improper input validation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-79702484

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-20
Improper Input Validation
CVE-2020-0128
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.5||HIGH
EPSS-0.31% / 53.78%
||
7 Day CHG~0.00%
Published-11 Jun, 2020 | 14:43
Updated-04 Aug, 2024 | 05:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In addPacket of AMPEG4ElementaryAssembler, there is an out of bounds read due to an integer overflow. This could lead to remote information disclosure with no additional execution privileges required. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-123940919

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2018-9484
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.5||HIGH
EPSS-0.14% / 34.90%
||
7 Day CHG~0.00%
Published-20 Nov, 2024 | 17:45
Updated-18 Dec, 2024 | 18:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In l2cu_send_peer_config_rej of l2c_utils.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroidandroid
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-1869
Matching Score-4
Assigner-HP Inc.
ShareView Details
Matching Score-4
Assigner-HP Inc.
CVSS Score-7.5||HIGH
EPSS-0.09% / 26.91%
||
7 Day CHG~0.00%
Published-01 Mar, 2024 | 21:31
Updated-23 Aug, 2024 | 15:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain HP DesignJet print products are potentially vulnerable to information disclosure related to accessing memory out-of-bounds when using the general-purpose gateway (GGW) over port 9220.

Action-Not Available
Vendor-HP Inc.
Product-HP DesignJetdesignjet_t120designjet_t520_36indesignjet_t520_24in
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-35663
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.5||HIGH
EPSS-0.10% / 28.28%
||
7 Day CHG~0.00%
Published-18 Oct, 2023 | 19:10
Updated-13 Sep, 2024 | 14:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Init of protocolnetadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-35656
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.5||HIGH
EPSS-0.10% / 28.28%
||
7 Day CHG~0.00%
Published-18 Oct, 2023 | 19:10
Updated-13 Sep, 2024 | 14:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In multiple functions of protocolembmsadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroidandroid_kernel
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-36201
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.09% / 25.68%
||
7 Day CHG~0.00%
Published-07 Jul, 2023 | 00:00
Updated-13 Nov, 2024 | 21:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue in JerryscriptProject jerryscript v.3.0.0 allows an attacker to obtain sensitive information via a crafted script to the arrays.

Action-Not Available
Vendor-jerryscriptn/a
Product-jerryscriptn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-30347
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4||MEDIUM
EPSS-0.05% / 14.87%
||
7 Day CHG+0.01%
Published-21 Mar, 2025 | 00:00
Updated-24 Mar, 2025 | 14:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Varnish Enterprise before 6.0.13r13 allows remote attackers to obtain sensitive information via an out-of-bounds read for range requests on ephemeral MSE4 stevedore objects.

Action-Not Available
Vendor-varnish-softwarevarnish-software
Product-varnish_enterpriseVarnish Enterprise
CWE ID-CWE-125
Out-of-bounds Read
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • Next
Details not found