Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-39775

Summary
Assigner-OpenHarmony
Assigner Org ID-0cf5dd6e-1214-4398-a481-30441e48fafd
Published At-02 Sep, 2024 | 03:25
Updated At-03 Sep, 2024 | 14:54
Rejected At-
Credits

Net Manager has an out-of-bounds read permission bypass vulnerability

in OpenHarmony v4.1.0 and prior versions allow a remote attacker cause information leak through out-of-bounds Read.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:OpenHarmony
Assigner Org ID:0cf5dd6e-1214-4398-a481-30441e48fafd
Published At:02 Sep, 2024 | 03:25
Updated At:03 Sep, 2024 | 14:54
Rejected At:
▼CVE Numbering Authority (CNA)
Net Manager has an out-of-bounds read permission bypass vulnerability

in OpenHarmony v4.1.0 and prior versions allow a remote attacker cause information leak through out-of-bounds Read.

Affected Products
Vendor
OpenHarmony (OpenAtom Foundation)OpenHarmony
Product
OpenHarmony
Default Status
unaffected
Versions
Affected
  • From v4.0.0 through 4.1.0 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-125CWE-125 Out-of-bounds Read
CWECWE-922CWE-922 Insecure Storage of Sensitive Information
Type: CWE
CWE ID: CWE-125
Description: CWE-125 Out-of-bounds Read
Type: CWE
CWE ID: CWE-922
Description: CWE-922 Insecure Storage of Sensitive Information
Metrics
VersionBase scoreBase severityVector
3.16.5MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Version: 3.1
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2024/2024-09.md
N/A
Hyperlink: https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2024/2024-09.md
Resource: N/A
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:scy@openharmony.io
Published At:02 Sep, 2024 | 05:15
Updated At:04 Sep, 2024 | 16:34

in OpenHarmony v4.1.0 and prior versions allow a remote attacker cause information leak through out-of-bounds Read.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Secondary3.16.5MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Type: Primary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Type: Secondary
Version: 3.1
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CPE Matches
OpenAtom Foundation
openatom
>>openharmony>>Versions from 4.0(inclusive) to 4.1(inclusive)
cpe:2.3:o:openatom:openharmony:*:*:*:*:-:*:*:*
Weaknesses
CWE IDTypeSource
CWE-125Primarynvd@nist.gov
CWE-125Secondaryscy@openharmony.io
CWE-922Secondaryscy@openharmony.io
CWE ID: CWE-125
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-125
Type: Secondary
Source: scy@openharmony.io
CWE ID: CWE-922
Type: Secondary
Source: scy@openharmony.io
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2024/2024-09.mdscy@openharmony.io
Vendor Advisory
Hyperlink: https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2024/2024-09.md
Source: scy@openharmony.io
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

448Records found
CVE-2023-22301
Matching Score-8
Assigner-OpenHarmony
ShareView Details
Matching Score-8
Assigner-OpenHarmony
CVSS Score-6.5||MEDIUM
EPSS-0.30% / 53.81%
||
7 Day CHG~0.00%
Published-10 Mar, 2023 | 10:44
Updated-27 Feb, 2025 | 21:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
The kernel subsystem hmdfs has a arbitrary memory accessing vulnerability.

The kernel subsystem hmdfs within OpenHarmony-v3.1.5 and prior versions has an arbitrary memory accessing vulnerability which network attackers can launch a remote attack to obtain kernel memory data of the target system.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmony
CWE ID-CWE-20
Improper Input Validation
CVE-2025-21089
Matching Score-6
Assigner-OpenHarmony
ShareView Details
Matching Score-6
Assigner-OpenHarmony
CVSS Score-3.3||LOW
EPSS-0.12% / 30.91%
||
7 Day CHG~0.00%
Published-04 Mar, 2025 | 03:44
Updated-04 Mar, 2025 | 14:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Arkcompiler Ets Runtime has an out-of-bounds read vulnerability

in OpenHarmony v5.0.2 and prior versions allow a local attacker cause DOS through out-of-bounds read.

Action-Not Available
Vendor-OpenHarmony (OpenAtom Foundation)
Product-OpenHarmony
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-27534
Matching Score-6
Assigner-OpenHarmony
ShareView Details
Matching Score-6
Assigner-OpenHarmony
CVSS Score-3.3||LOW
EPSS-0.09% / 26.03%
||
7 Day CHG~0.00%
Published-07 Apr, 2025 | 02:35
Updated-16 Oct, 2025 | 15:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
arkcompiler_ets_runtime has an out-of-bounds read vulnerability

in OpenHarmony v5.0.2 and prior versions allow a local attacker case DOS through missing release of memory.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmony
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-22443
Matching Score-6
Assigner-OpenHarmony
ShareView Details
Matching Score-6
Assigner-OpenHarmony
CVSS Score-3.3||LOW
EPSS-0.10% / 27.36%
||
7 Day CHG~0.00%
Published-04 Mar, 2025 | 03:44
Updated-04 Mar, 2025 | 15:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Arkcompiler Ets Runtime has an out-of-bounds read vulnerability

in OpenHarmony v5.0.2 and prior versions allow a local attacker cause DOS through out-of-bounds read.

Action-Not Available
Vendor-OpenHarmony (OpenAtom Foundation)
Product-OpenHarmony
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-23235
Matching Score-6
Assigner-OpenHarmony
ShareView Details
Matching Score-6
Assigner-OpenHarmony
CVSS Score-3.3||LOW
EPSS-0.07% / 20.67%
||
7 Day CHG~0.00%
Published-08 Jun, 2025 | 11:46
Updated-09 Jun, 2025 | 19:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
arkcompiler_ets_runtime has an out-of-bounds write vulnerability

in OpenHarmony v5.0.3 and prior versions allow a local attacker cause DOS through out-of-bounds read.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmony
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-23418
Matching Score-6
Assigner-OpenHarmony
ShareView Details
Matching Score-6
Assigner-OpenHarmony
CVSS Score-3.3||LOW
EPSS-0.10% / 27.36%
||
7 Day CHG~0.00%
Published-04 Mar, 2025 | 03:44
Updated-11 Mar, 2025 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Arkcompiler Ets Runtime has an out-of-bounds read vulnerability

in OpenHarmony v5.0.2 and prior versions allow a local attacker cause DOS through out-of-bounds read.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmony
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-22847
Matching Score-6
Assigner-OpenHarmony
ShareView Details
Matching Score-6
Assigner-OpenHarmony
CVSS Score-3.3||LOW
EPSS-0.10% / 27.36%
||
7 Day CHG~0.00%
Published-04 Mar, 2025 | 03:44
Updated-04 Mar, 2025 | 17:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Arkcompiler Ets Runtime has an out-of-bounds read vulnerability

in OpenHarmony v5.0.2 and prior versions allow a local attacker cause DOS through out-of-bounds read.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmony
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-22841
Matching Score-6
Assigner-OpenHarmony
ShareView Details
Matching Score-6
Assigner-OpenHarmony
CVSS Score-3.3||LOW
EPSS-0.10% / 27.36%
||
7 Day CHG~0.00%
Published-04 Mar, 2025 | 03:44
Updated-04 Mar, 2025 | 17:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Arkcompiler Ets Runtime has an out-of-bounds read vulnerability

in OpenHarmony v5.0.2 and prior versions allow a local attacker cause DOS through out-of-bounds read.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmony
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-22842
Matching Score-6
Assigner-OpenHarmony
ShareView Details
Matching Score-6
Assigner-OpenHarmony
CVSS Score-3.3||LOW
EPSS-0.09% / 26.03%
||
7 Day CHG~0.00%
Published-07 Apr, 2025 | 02:35
Updated-16 Oct, 2025 | 14:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
arkcompiler_ets_runtime has an out-of-bounds read vulnerability

in OpenHarmony v5.0.2 and prior versions allow a local attacker cause DOS through out-of-bounds read.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmony
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-22452
Matching Score-6
Assigner-OpenHarmony
ShareView Details
Matching Score-6
Assigner-OpenHarmony
CVSS Score-3.3||LOW
EPSS-0.09% / 26.03%
||
7 Day CHG~0.00%
Published-07 Apr, 2025 | 02:35
Updated-16 Oct, 2025 | 14:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
arkcompiler_ets_runtime has an out-of-bounds read vulnerability

in OpenHarmony v5.0.2 and prior versions allow a local attacker cause DOS through out-of-bounds read.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmony
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-21098
Matching Score-6
Assigner-OpenHarmony
ShareView Details
Matching Score-6
Assigner-OpenHarmony
CVSS Score-5.5||MEDIUM
EPSS-0.03% / 9.04%
||
7 Day CHG~0.00%
Published-04 Mar, 2025 | 03:44
Updated-04 Mar, 2025 | 15:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Liteos-A has an insecure storage of sensitive information vulnerability

in OpenHarmony v5.0.2 and prior versions allow a local attacker cause information leak through out-of-bounds read bypass permission check.

Action-Not Available
Vendor-OpenHarmony (OpenAtom Foundation)
Product-OpenHarmony
CWE ID-CWE-922
Insecure Storage of Sensitive Information
CVE-2025-20021
Matching Score-6
Assigner-OpenHarmony
ShareView Details
Matching Score-6
Assigner-OpenHarmony
CVSS Score-3.3||LOW
EPSS-0.10% / 27.36%
||
7 Day CHG~0.00%
Published-04 Mar, 2025 | 03:44
Updated-04 Mar, 2025 | 19:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Arkcompiler Ets Runtime has an out-of-bounds read vulnerability

in OpenHarmony v5.0.2 and prior versions allow a local attacker cause DOS through out-of-bounds read.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmony
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-20042
Matching Score-6
Assigner-OpenHarmony
ShareView Details
Matching Score-6
Assigner-OpenHarmony
CVSS Score-5.5||MEDIUM
EPSS-0.11% / 28.57%
||
7 Day CHG~0.00%
Published-04 Mar, 2025 | 03:44
Updated-04 Mar, 2025 | 19:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Liteos-A has an out of bounds read vulnerability

in OpenHarmony v5.0.2 and prior versions allow a local attacker cause information leak through out-of-bounds read.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmony
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-20102
Matching Score-6
Assigner-OpenHarmony
ShareView Details
Matching Score-6
Assigner-OpenHarmony
CVSS Score-3.3||LOW
EPSS-0.09% / 26.03%
||
7 Day CHG~0.00%
Published-07 Apr, 2025 | 02:35
Updated-16 Oct, 2025 | 14:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
arkcompiler_ets_runtime has an out-of-bounds read vulnerability

in OpenHarmony v5.0.2 and prior versions allow a local attacker cause DOS through out-of-bounds read.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmony
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-25176
Matching Score-6
Assigner-OpenHarmony
ShareView Details
Matching Score-6
Assigner-OpenHarmony
CVSS Score-2.9||LOW
EPSS-0.10% / 27.44%
||
7 Day CHG~0.00%
Published-04 Mar, 2024 | 06:18
Updated-16 Dec, 2024 | 19:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Pasteboard has an out-of-bounds read vulnerability

in OpenHarmony v3.2.4 and prior versions allow a local attacker cause information leak through out-of-bounds Read.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmony
CWE ID-CWE-125
Out-of-bounds Read
CVE-2021-33644
Matching Score-6
Assigner-openEuler
ShareView Details
Matching Score-6
Assigner-openEuler
CVSS Score-8.1||HIGH
EPSS-0.22% / 45.45%
||
7 Day CHG~0.00%
Published-09 Aug, 2022 | 00:00
Updated-03 Nov, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger an calling of malloc(0) for a variable gnu_longname, causing an out-of-bounds read.

Action-Not Available
Vendor-feepn/aFedora ProjectHuawei Technologies Co., Ltd.OpenAtom Foundation
Product-libtarfedoraopeneulerlibtar
CWE ID-CWE-125
Out-of-bounds Read
CVE-2021-33643
Matching Score-6
Assigner-openEuler
ShareView Details
Matching Score-6
Assigner-openEuler
CVSS Score-9.1||CRITICAL
EPSS-0.22% / 45.45%
||
7 Day CHG~0.00%
Published-09 Aug, 2022 | 00:00
Updated-03 Nov, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger an calling of malloc(0) for a variable gnu_longlink, causing an out-of-bounds read.

Action-Not Available
Vendor-feepn/aFedora ProjectHuawei Technologies Co., Ltd.OpenAtom Foundation
Product-libtarfedoraopeneulerlibtar
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-41686
Matching Score-6
Assigner-OpenHarmony
ShareView Details
Matching Score-6
Assigner-OpenHarmony
CVSS Score-5.1||MEDIUM
EPSS-0.06% / 19.73%
||
7 Day CHG~0.00%
Published-14 Oct, 2022 | 14:40
Updated-14 May, 2025 | 15:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Out-of-bound memory read and write in /dev/mmz_userdev device driver. The impact depends on the privileges of the attacker. The unprivileged process run on the device could read out-of-bound memory leading sensitive to information disclosure. The proc ...

OpenHarmony-v3.1.2 and prior versions, 3.0.6 and prior versions have an Out-of-bound memory read and write vulnerability in /dev/mmz_userdev device driver. The impact depends on the privileges of the attacker. The unprivileged process run on the device could read out-of-bound memory leading sensitive to information disclosure. The processes with system user UID run on the device would be able to write out-of-bound memory which could lead to unspecified memory corruption.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmony
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-9978
Matching Score-6
Assigner-OpenHarmony
ShareView Details
Matching Score-6
Assigner-OpenHarmony
CVSS Score-5.5||MEDIUM
EPSS-0.18% / 40.18%
||
7 Day CHG~0.00%
Published-03 Dec, 2024 | 12:15
Updated-11 Dec, 2024 | 17:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Liteos_a has an out-of-bounds read vulnerability

in OpenHarmony v4.1.1 and prior versions allow a local attacker cause information leak through out-of-bounds Read.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmony
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-47402
Matching Score-6
Assigner-OpenHarmony
ShareView Details
Matching Score-6
Assigner-OpenHarmony
CVSS Score-3.3||LOW
EPSS-0.07% / 20.86%
||
7 Day CHG~0.00%
Published-05 Nov, 2024 | 08:01
Updated-06 Nov, 2024 | 15:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Liteos_a has an Out-of-bounds Read vulnerability

in OpenHarmony v4.0.0 and prior versions allow a local attacker cause DOS through out-of-bounds read.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmony
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-45070
Matching Score-6
Assigner-OpenHarmony
ShareView Details
Matching Score-6
Assigner-OpenHarmony
CVSS Score-5.5||MEDIUM
EPSS-0.14% / 34.79%
||
7 Day CHG~0.00%
Published-07 Jan, 2025 | 07:56
Updated-16 Oct, 2025 | 15:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Liteos_a has an out-of-bounds read vulnerability

in OpenHarmony v4.1.2 and prior versions allow a local attacker cause information leak through out-of-bounds Read.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmony
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-39806
Matching Score-6
Assigner-OpenHarmony
ShareView Details
Matching Score-6
Assigner-OpenHarmony
CVSS Score-5.5||MEDIUM
EPSS-0.06% / 18.94%
||
7 Day CHG~0.00%
Published-08 Oct, 2024 | 03:03
Updated-16 Oct, 2024 | 16:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Liteos_a has an out-of-bounds Read vulnerability

in OpenHarmony v4.1.0 and prior versions allow a local attacker cause information leak through out-of-bounds Read.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmony
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-39612
Matching Score-6
Assigner-OpenHarmony
ShareView Details
Matching Score-6
Assigner-OpenHarmony
CVSS Score-5.5||MEDIUM
EPSS-0.15% / 35.75%
||
7 Day CHG~0.00%
Published-02 Sep, 2024 | 03:25
Updated-04 Sep, 2024 | 16:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Background Task Manager has an out-of-bounds read permission bypass vulnerability

in OpenHarmony v4.0.0 and prior versions allow a local attacker cause information leak through out-of-bounds Read.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmony
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-922
Insecure Storage of Sensitive Information
CVE-2024-38382
Matching Score-6
Assigner-OpenHarmony
ShareView Details
Matching Score-6
Assigner-OpenHarmony
CVSS Score-5.5||MEDIUM
EPSS-0.15% / 35.75%
||
7 Day CHG~0.00%
Published-02 Sep, 2024 | 03:24
Updated-04 Sep, 2024 | 17:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Ability Runtime has an out-of-bounds read permission bypass vulnerability

in OpenHarmony v4.0.0 and prior versions allow a local attacker cause information leak through out-of-bounds Read.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmony
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-922
Insecure Storage of Sensitive Information
CVE-2023-49118
Matching Score-6
Assigner-OpenHarmony
ShareView Details
Matching Score-6
Assigner-OpenHarmony
CVSS Score-2.9||LOW
EPSS-0.03% / 9.91%
||
7 Day CHG~0.00%
Published-02 Feb, 2024 | 06:18
Updated-09 Sep, 2024 | 12:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Dsoftbus has an out-of-bounds read vulnerability

in OpenHarmony v3.2.4 and prior versions allow a local attacker causes information leak through out-of-bounds Read.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmonyopenharmony
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-36243
Matching Score-6
Assigner-OpenHarmony
ShareView Details
Matching Score-6
Assigner-OpenHarmony
CVSS Score-8.2||HIGH
EPSS-1.96% / 83.94%
||
7 Day CHG~0.00%
Published-02 Jul, 2024 | 08:13
Updated-09 Sep, 2024 | 12:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Arkcompiler Ets Runtime has an out-of-bounds read vulnerability

in OpenHarmony v4.0.0 and prior versions allow a remote attacker arbitrary code execution in pre-installed apps through out-of-bounds read and write.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmonyopenharmony
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-49602
Matching Score-6
Assigner-OpenHarmony
ShareView Details
Matching Score-6
Assigner-OpenHarmony
CVSS Score-2.9||LOW
EPSS-0.07% / 21.79%
||
7 Day CHG~0.00%
Published-04 Mar, 2024 | 06:19
Updated-16 Dec, 2024 | 19:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Arkui has a type confusion vulnerability

in OpenHarmony v3.2.4 and prior versions allow a local attacker cause apps crash through type confusion.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmony
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-843
Access of Resource Using Incompatible Type ('Type Confusion')
CVE-2024-21826
Matching Score-6
Assigner-OpenHarmony
ShareView Details
Matching Score-6
Assigner-OpenHarmony
CVSS Score-4.3||MEDIUM
EPSS-0.06% / 20.04%
||
7 Day CHG~0.00%
Published-04 Mar, 2024 | 06:19
Updated-16 Dec, 2024 | 20:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Huks has an insecure storage of sensitive information vulnerability

in OpenHarmony v3.2.4 and prior versions allow a local attacker cause sensitive information leak through insecure storage.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmony
CWE ID-CWE-922
Insecure Storage of Sensitive Information
CVE-2024-23808
Matching Score-6
Assigner-OpenHarmony
ShareView Details
Matching Score-6
Assigner-OpenHarmony
CVSS Score-5.2||MEDIUM
EPSS-0.09% / 26.15%
||
7 Day CHG~0.00%
Published-07 May, 2024 | 06:26
Updated-02 Jan, 2025 | 19:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Arkcompiler ets frontend has an out-of-bounds read vulnerability

in OpenHarmony v4.0.0 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through use after free or cause DOS through NULL pointer dereference.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmonyopenharmony
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2023-43756
Matching Score-6
Assigner-OpenHarmony
ShareView Details
Matching Score-6
Assigner-OpenHarmony
CVSS Score-2.9||LOW
EPSS-0.03% / 9.91%
||
7 Day CHG~0.00%
Published-02 Feb, 2024 | 06:18
Updated-09 Sep, 2024 | 12:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Dsoftbus has an out-of-bounds read vulnerability

in OpenHarmony v3.2.4 and prior versions allow a local attacker causes information leak through out-of-bounds Read.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmony
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-12082
Matching Score-6
Assigner-OpenHarmony
ShareView Details
Matching Score-6
Assigner-OpenHarmony
CVSS Score-5.5||MEDIUM
EPSS-0.18% / 40.18%
||
7 Day CHG~0.00%
Published-03 Dec, 2024 | 12:15
Updated-11 Dec, 2024 | 17:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Ability Runtime has an out-of-bounds read permission bypass vulnerability

in OpenHarmony v4.0.0 and prior versions allow a local attacker cause information leak through out-of-bounds Read.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmony
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-922
Insecure Storage of Sensitive Information
CVE-2020-0254
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.5||HIGH
EPSS-0.12% / 30.17%
||
7 Day CHG~0.00%
Published-11 Aug, 2020 | 19:31
Updated-04 Aug, 2024 | 05:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is a possible out of bounds read due to an incorrect bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-152647751

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-25264
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.00% / 0.10%
||
7 Day CHG~0.00%
Published-25 Feb, 2022 | 19:59
Updated-03 Aug, 2024 | 04:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains TeamCity before 2021.2.3, environment variables of the "password" type could be logged in some cases.

Action-Not Available
Vendor-n/aJetBrains s.r.o.
Product-teamcityn/a
CWE ID-CWE-922
Insecure Storage of Sensitive Information
CVE-2023-37879
Matching Score-4
Assigner-Switzerland National Cyber Security Centre (NCSC)
ShareView Details
Matching Score-4
Assigner-Switzerland National Cyber Security Centre (NCSC)
CVSS Score-6.5||MEDIUM
EPSS-0.31% / 54.75%
||
7 Day CHG+0.06%
Published-12 Sep, 2023 | 08:15
Updated-24 Sep, 2024 | 20:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Exposed Session Variable in Wing FTP Server <= 7.2.0

Insecure storage of sensitive information in Wing FTP Server (User Web Client) allows information elicitation.This issue affects Wing FTP Server: <= 7.2.0.

Action-Not Available
Vendor-wftpserverWing FTP Server
Product-wing_ftp_serverWing FTP Server
CWE ID-CWE-922
Insecure Storage of Sensitive Information
CVE-2021-32029
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.20% / 42.09%
||
7 Day CHG~0.00%
Published-08 Oct, 2021 | 16:44
Updated-03 Aug, 2024 | 23:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in postgresql. Using an UPDATE ... RETURNING command on a purpose-crafted table, an authenticated database user could read arbitrary bytes of server memory. The highest threat from this vulnerability is to data confidentiality.

Action-Not Available
Vendor-n/aThe PostgreSQL Global Development GroupRed Hat, Inc.
Product-jboss_enterprise_application_platformpostgresqlpostgresql
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-36905
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-3.56% / 88.01%
||
7 Day CHG~0.00%
Published-08 Aug, 2023 | 17:08
Updated-01 Jan, 2025 | 01:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Wireless Wide Area Network Service (WwanSvc) Information Disclosure Vulnerability

Windows Wireless Wide Area Network Service (WwanSvc) Information Disclosure Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_11_21h2windows_10_22h2windows_10windows_11_22h2windows_server_2019windows_10_1607Windows 10 Version 1607Windows 10 Version 1507Windows 10 Version 21H2Windows 11 version 22H2Windows Server 2019 (Server Core installation)Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 11 version 21H2Windows Server 2019Windows 10 Version 22H2Windows Server 2016
CWE ID-CWE-125
Out-of-bounds Read
CVE-2020-14163
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.40% / 61.09%
||
7 Day CHG~0.00%
Published-15 Jun, 2020 | 20:14
Updated-04 Aug, 2024 | 12:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in ecma/operations/ecma-container-object.c in JerryScript 2.2.0. Operations with key/value pairs did not consider the case where garbage collection is triggered after the key operation but before the value operation, as demonstrated by improper read access to memory in ecma_gc_set_object_visited in ecma/base/ecma-gc.c.

Action-Not Available
Vendor-jerryscriptn/a
Product-jerryscriptn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-36201
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.15% / 35.54%
||
7 Day CHG~0.00%
Published-07 Jul, 2023 | 00:00
Updated-13 Nov, 2024 | 21:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue in JerryscriptProject jerryscript v.3.0.0 allows an attacker to obtain sensitive information via a crafted script to the arrays.

Action-Not Available
Vendor-jerryscriptn/a
Product-jerryscriptn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-35656
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.5||HIGH
EPSS-0.10% / 27.45%
||
7 Day CHG~0.00%
Published-18 Oct, 2023 | 19:10
Updated-13 Sep, 2024 | 14:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In multiple functions of protocolembmsadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroidandroid_kernel
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-35663
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.5||HIGH
EPSS-0.10% / 27.45%
||
7 Day CHG~0.00%
Published-18 Oct, 2023 | 19:10
Updated-13 Sep, 2024 | 14:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Init of protocolnetadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-35661
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.5||HIGH
EPSS-0.66% / 71.76%
||
7 Day CHG~0.00%
Published-11 Oct, 2023 | 19:25
Updated-18 Sep, 2024 | 18:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In ProfSixDecomTcpSACKoption of RohcPacketCommon.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-35652
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.5||HIGH
EPSS-0.19% / 40.98%
||
7 Day CHG~0.00%
Published-11 Oct, 2023 | 19:21
Updated-18 Sep, 2024 | 16:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In ProtocolEmergencyCallListIndAdapter::Init of protocolcalladapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with baseband firmware compromise required. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-125
Out-of-bounds Read
CVE-2020-12783
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-5.45% / 90.39%
||
7 Day CHG~0.00%
Published-11 May, 2020 | 13:51
Updated-04 Aug, 2024 | 12:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Exim through 4.93 has an out-of-bounds read in the SPA authenticator that could result in SPA/NTLM authentication bypass in auths/spa.c and auths/auth-spa.c.

Action-Not Available
Vendor-n/aCanonical Ltd.Fedora ProjectDebian GNU/LinuxExim
Product-ubuntu_linuxeximdebian_linuxfedoran/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-35694
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.5||HIGH
EPSS-0.51% / 66.90%
||
7 Day CHG~0.00%
Published-12 Jul, 2023 | 23:56
Updated-01 Nov, 2024 | 19:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In DMPixelLogger_ProcessDmCommand of DMPixelLogger.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-35316
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-6.5||MEDIUM
EPSS-3.21% / 87.36%
||
7 Day CHG~0.00%
Published-11 Jul, 2023 | 17:02
Updated-01 Jan, 2025 | 01:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Remote Procedure Call Runtime Information Disclosure Vulnerability

Remote Procedure Call Runtime Information Disclosure Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_server_2012windows_server_2008windows_10_1507windows_11_21h2windows_10_22h2windows_server_2022windows_11_22h2windows_server_2019windows_10_1607Windows Server 2022Windows 10 Version 1607Windows 11 version 22H2Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 11 version 21H2Windows Server 2012 (Server Core installation)Windows Server 2016Windows 10 Version 1507Windows 10 Version 21H2Windows Server 2008 R2 Service Pack 1Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)Windows 10 Version 22H2
CWE ID-CWE-125
Out-of-bounds Read
CVE-2020-12018
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.5||HIGH
EPSS-0.33% / 56.56%
||
7 Day CHG~0.00%
Published-08 May, 2020 | 11:51
Updated-04 Aug, 2024 | 11:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. An out-of-bounds vulnerability exists that may allow access to unauthorized data.

Action-Not Available
Vendor-n/aAdvantech (Advantech Co., Ltd.)
Product-webaccessAdvantech WebAccess Node
CWE ID-CWE-125
Out-of-bounds Read
CVE-2020-11115
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.5||HIGH
EPSS-0.24% / 47.31%
||
7 Day CHG~0.00%
Published-08 Sep, 2020 | 09:31
Updated-04 Aug, 2024 | 11:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

u'Buffer over read occurs while processing information element from beacon due to lack of check of data received from beacon' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8053, APQ8096AU, APQ8098, Bitra, Kamorta, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8905, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, QCA6174A, QCA6574AU, QCA9377, QCA9379, QCM2150, QCN7605, QCS405, QCS605, QM215, Rennell, SA415M, Saipan, SC8180X, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM632, SDM660, SDM845, SDX20, SDX55, SM6150, SM7150, SM8150, SM8250, SXR2130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qca9377_firmwarekamorta_firmwareqcm2150_firmwaremdm9640_firmwaresdm429wmsm8996au_firmwaresdm632_firmwaresdm845sdm450_firmwaresdm632sdm439mdm9650sdm429msm8940_firmwaresm7150_firmwaresm6150msm8909w_firmwaremsm8996ausdm429w_firmwaresm7150apq8009_firmwaremsm8917sxr2130qcs605_firmwaresc8180xmdm9206qca9379_firmwareqca6174asda845_firmwareqca9377sa415mbitraapq8098qcn7605mdm9206_firmwareqcs605bitra_firmwaremsm8937_firmwaremdm9650_firmwaresdm429_firmwaremsm8905_firmwareqca6574au_firmwaresdx55_firmwaremsm8909wapq8009apq8053_firmwaresda845msm8920msm8953sdm450sdm845_firmwareapq8098_firmwaresdx20msm8998_firmwareqcm2150msm8920_firmwaresdm660mdm9607_firmwaresm8250_firmwaresc8180x_firmwaresa415m_firmwareqcs405qca6574auqm215mdm9607qcn7605_firmwaremsm8937mdm9207c_firmwaremsm8905mdm9207cqca6174a_firmwaresm8150_firmwaresxr2130_firmwareapq8096ausdm439_firmwareqcs405_firmwarerennellrennell_firmwareqm215_firmwaresdx55msm8953_firmwaremsm8940saipan_firmwaresm6150_firmwareapq8053msm8917_firmwareapq8096au_firmwaremsm8998sm8150sdx20_firmwaresm8250kamortasaipanqca9379sdm660_firmwaremdm9640Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
CWE ID-CWE-125
Out-of-bounds Read
CVE-2026-4424
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-0.08% / 23.72%
||
7 Day CHG-0.02%
Published-19 Mar, 2026 | 13:50
Updated-10 Jun, 2026 | 18:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Libarchive: libarchive: information disclosure via heap out-of-bounds read in rar archive processing

A flaw was found in libarchive. This heap out-of-bounds read vulnerability exists in the RAR archive processing logic due to improper validation of the LZSS sliding window size after transitions between compression methods. A remote attacker can exploit this by providing a specially crafted RAR archive, leading to the disclosure of sensitive heap memory information without requiring authentication or user interaction.

Action-Not Available
Vendor-Red Hat, Inc.libarchive
Product-enterprise_linuxopenshift_container_platform_for_powerhardened_imageslibarchiveopenshift_container_platform_for_arm64enterprise_linux_server_ausopenshift_container_platformRHEL-8 based Middleware ContainersRed Hat OpenShift Container Platform 4.14Red Hat OpenShift Container Platform 4.12Red Hat Enterprise Linux 8.8 Telecommunications Update ServiceRed Hat Enterprise Linux 8.6 Telecommunications Update ServiceRed Hat Enterprise Linux 9.6 Extended Update SupportRed Hat OpenShift Container Platform 4.16Red Hat Enterprise Linux 7 Extended Lifecycle SupportRed Hat OpenShift Container Platform 4.17Red Hat OpenShift Container Platform 4.18Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-OnRed Hat Discovery 2Red Hat Enterprise Linux 9Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update SupportRed Hat Enterprise Linux 9.2 Update Services for SAP SolutionsRed Hat Enterprise Linux 6Red Hat AI Inference Server 3.2Red Hat Enterprise Linux 10Red Hat OpenShift Container Platform 4.19Red Hat Insights proxy 1.5Red Hat Enterprise Linux 8.2 Advanced Update SupportRed Hat Enterprise Linux 8.6 Update Services for SAP SolutionsRed Hat Enterprise Linux 8.8 Update Services for SAP SolutionsRed Hat Enterprise Linux 8Red Hat Hardened ImagesRed Hat OpenShift Container Platform 4.13Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update SupportRed Hat Enterprise Linux 10.0 Extended Update SupportRed Hat Enterprise Linux 9.4 Extended Update SupportRed Hat Enterprise Linux 9.0 Update Services for SAP SolutionsRed Hat Update Infrastructure 5Red Hat OpenShift Container Platform 4.15Red Hat AI Inference Server 3.3
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-30347
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4||MEDIUM
EPSS-0.35% / 58.09%
||
7 Day CHG~0.00%
Published-21 Mar, 2025 | 00:00
Updated-24 Mar, 2025 | 14:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Varnish Enterprise before 6.0.13r13 allows remote attackers to obtain sensitive information via an out-of-bounds read for range requests on ephemeral MSE4 stevedore objects.

Action-Not Available
Vendor-varnish-softwarevarnish-software
Product-varnish_enterpriseVarnish Enterprise
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-3064
Matching Score-4
Assigner-Switzerland National Cyber Security Centre (NCSC)
ShareView Details
Matching Score-4
Assigner-Switzerland National Cyber Security Centre (NCSC)
CVSS Score-7.5||HIGH
EPSS-0.36% / 58.39%
||
7 Day CHG+0.24%
Published-05 Jun, 2023 | 08:24
Updated-08 Jan, 2025 | 17:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Mobatime mobile application - Sensitive information disclosure

Anonymous user may get the list of existing users managed by the application, that could ease further attacks (see CVE-2023-3065 and 3066)This issue affects Mobatime mobile application AMXGT100 through 1.3.20.

Action-Not Available
Vendor-mobatimeMobatime
Product-amxgt_100Mobatime mobile application AMXGT100
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-922
Insecure Storage of Sensitive Information
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 8
  • 9
  • Next
Details not found