Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-47596

Summary
Assigner-GitHub_M
Assigner Org ID-a0819718-46f1-4df5-94e2-005712e83aaa
Published At-11 Dec, 2024 | 19:01
Updated At-13 Dec, 2024 | 17:42
Rejected At-
Credits

GHSL-2024-244: GStreamer has an OOB-read in FOURCC_SMI_ parsing

GStreamer is a library for constructing graphs of media-handling components. An OOB-read has been discovered in the qtdemux_parse_svq3_stsd_data function within qtdemux.c. In the FOURCC_SMI_ case, seqh_size is read from the input file without proper validation. If seqh_size is greater than the remaining size of the data buffer, it can lead to an OOB-read in the following call to gst_buffer_fill, which internally uses memcpy. This vulnerability can result in reading up to 4GB of process memory or potentially causing a segmentation fault (SEGV) when accessing invalid memory. This vulnerability is fixed in 1.24.10.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:GitHub_M
Assigner Org ID:a0819718-46f1-4df5-94e2-005712e83aaa
Published At:11 Dec, 2024 | 19:01
Updated At:13 Dec, 2024 | 17:42
Rejected At:
▼CVE Numbering Authority (CNA)
GHSL-2024-244: GStreamer has an OOB-read in FOURCC_SMI_ parsing

GStreamer is a library for constructing graphs of media-handling components. An OOB-read has been discovered in the qtdemux_parse_svq3_stsd_data function within qtdemux.c. In the FOURCC_SMI_ case, seqh_size is read from the input file without proper validation. If seqh_size is greater than the remaining size of the data buffer, it can lead to an OOB-read in the following call to gst_buffer_fill, which internally uses memcpy. This vulnerability can result in reading up to 4GB of process memory or potentially causing a segmentation fault (SEGV) when accessing invalid memory. This vulnerability is fixed in 1.24.10.

Affected Products
Vendor
gstreamer
Product
gstreamer
Versions
Affected
  • < 1.24.10
Problem Types
TypeCWE IDDescription
CWECWE-125CWE-125: Out-of-bounds Read
Type: CWE
CWE ID: CWE-125
Description: CWE-125: Out-of-bounds Read
Metrics
VersionBase scoreBase severityVector
4.05.1MEDIUM
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
Version: 4.0
Base score: 5.1
Base severity: MEDIUM
Vector:
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://securitylab.github.com/advisories/GHSL-2024-244_Gstreamer/
x_refsource_CONFIRM
https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8059.patch
x_refsource_MISC
https://gstreamer.freedesktop.org/security/sa-2024-0015.html
x_refsource_MISC
Hyperlink: https://securitylab.github.com/advisories/GHSL-2024-244_Gstreamer/
Resource:
x_refsource_CONFIRM
Hyperlink: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8059.patch
Resource:
x_refsource_MISC
Hyperlink: https://gstreamer.freedesktop.org/security/sa-2024-0015.html
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security-advisories@github.com
Published At:12 Dec, 2024 | 02:03
Updated At:18 Dec, 2024 | 21:51

GStreamer is a library for constructing graphs of media-handling components. An OOB-read has been discovered in the qtdemux_parse_svq3_stsd_data function within qtdemux.c. In the FOURCC_SMI_ case, seqh_size is read from the input file without proper validation. If seqh_size is greater than the remaining size of the data buffer, it can lead to an OOB-read in the following call to gst_buffer_fill, which internally uses memcpy. This vulnerability can result in reading up to 4GB of process memory or potentially causing a segmentation fault (SEGV) when accessing invalid memory. This vulnerability is fixed in 1.24.10.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary4.05.1MEDIUM
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Type: Secondary
Version: 4.0
Base score: 5.1
Base severity: MEDIUM
Vector:
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Type: Primary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CPE Matches
gstreamer_project
gstreamer_project
>>gstreamer>>Versions before 1.24.10(exclusive)
cpe:2.3:a:gstreamer_project:gstreamer:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-125Primarysecurity-advisories@github.com
CWE ID: CWE-125
Type: Primary
Source: security-advisories@github.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8059.patchsecurity-advisories@github.com
Patch
https://gstreamer.freedesktop.org/security/sa-2024-0015.htmlsecurity-advisories@github.com
Release Notes
https://securitylab.github.com/advisories/GHSL-2024-244_Gstreamer/security-advisories@github.com
Third Party Advisory
Hyperlink: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8059.patch
Source: security-advisories@github.com
Resource:
Patch
Hyperlink: https://gstreamer.freedesktop.org/security/sa-2024-0015.html
Source: security-advisories@github.com
Resource:
Release Notes
Hyperlink: https://securitylab.github.com/advisories/GHSL-2024-244_Gstreamer/
Source: security-advisories@github.com
Resource:
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

528Records found
CVE-2023-50927
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-8.6||HIGH
EPSS-0.32% / 54.37%
||
7 Day CHG~0.00%
Published-14 Feb, 2024 | 19:22
Updated-24 Apr, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Insufficient boundary checks for DIO and DAO messages in RPL-Lite in Contiki-NG

Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. An attacker can trigger out-of-bounds reads in the RPL-Lite implementation of the RPL protocol in the Contiki-NG operating system. This vulnerability is caused by insufficient control of the lengths for DIO and DAO messages, in particular when they contain RPL sub-option headers. The problem has been patched in Contiki-NG 4.9. Users are advised to upgrade. Users unable to upgrade should manually apply the code changes in PR #2484.

Action-Not Available
Vendor-contiki-ngcontiki-ngcontiki-ng
Product-contiki-ngcontiki-ngcontiki-ng
CWE ID-CWE-125
Out-of-bounds Read
CVE-2021-35086
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.5||HIGH
EPSS-0.24% / 47.68%
||
7 Day CHG~0.00%
Published-14 Jun, 2022 | 09:50
Updated-04 Aug, 2024 | 00:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Possible buffer over read due to improper validation of SIB type when processing a NR system Information message in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-wcn3991_firmwarewcn3991wsa8830qca8337_firmwarewcd9380_firmwareqca8337sd865_5gqca6431_firmwaresdx55m_firmwarewcn6856_firmwarewcd9360_firmwaresd888sdx65wsa8835wcd9380sd765g_firmwaresd888_5gqca6595au_firmwareqca6390_firmwaresd690_5gwcd9370qca6574asd690_5g_firmwarewcn6855_firmwaresm7325pqca6426wcn6750wcn3998wcd9385_firmwaresdxr2_5g_firmwaresa515msd_8_gen1_5g_firmwaresd855wsa8815sm7325p_firmwarewcn6850sd765qca6426_firmwaresm7315_firmwareqca6574a_firmwaresd695qca6574au_firmwaresdx55_firmwaresd768g_firmwareqca6595auqca8081_firmwarewcd9375_firmwarewcn3998_firmwaresm7250p_firmwaresm7315qca6391wcd9360qca6436_firmwaresdx55mqca6421_firmwaresd778gsdx65_firmwaresa515m_firmwareqcs6490qcm6490_firmwaresdxr2_5gsd480_firmwarewcn6851_firmwarewcn3988_firmwareqca6574auqca6421sd778g_firmwarewsa8810_firmwaresd765gwcd9341_firmwaresd480sd765_firmwaresd870qca6436wcn6851wsa8810wcn6855qca8081wcn6856wcd9385wcd9341sd695_firmwaresd768gqca6431qca6696_firmwareqcs6490_firmwaresd750gsd870_firmwareqca6696qca6391_firmwareqca6390ar8035sd750g_firmwarewcd9375wcd9370_firmwaresdx55sd888_firmwarewsa8830_firmwaresd855_firmwaresd865_5g_firmwareqcm6490sd888_5g_firmwarewcn3988wcn6850_firmwarewsa8815_firmwarewsa8835_firmwaresm7250psm8475wcn6750_firmwarear8035_firmwareSnapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-49552
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.14% / 77.50%
||
7 Day CHG~0.00%
Published-02 Jan, 2024 | 00:00
Updated-17 Apr, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An Out of Bounds Write in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjs_op_json_stringify function in the msj.c file.

Action-Not Available
Vendor-cesantan/a
Product-mjsn/a
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-3328
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-3.89% / 87.79%
||
7 Day CHG~0.00%
Published-08 Apr, 2021 | 17:07
Updated-03 Aug, 2024 | 16:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Aprelium Abyss Web Server X1 2.12.1 and 2.14. A crafted HTTP request can lead to an out-of-bounds read that crashes the application.

Action-Not Available
Vendor-apreliumn/a
Product-abyss_web_server_x1n/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2021-32467
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.2||HIGH
EPSS-0.61% / 68.70%
||
7 Day CHG~0.00%
Published-25 Dec, 2021 | 23:25
Updated-03 Aug, 2024 | 23:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle the WPS (Wi-Fi Protected Setup) protocol. (Affected Chipsets MT7603E, MT7610, MT7612, MT7613, MT7615, MT7620, MT7622, MT7628, MT7629, MT7915; Affected Software Versions 7.4.0.0; Out-of-bounds read).

Action-Not Available
Vendor-n/aMediaTek Inc.
Product-mt7615mt7603emt7622_firmwaremt7628mt7612mt7628_firmwaremt7629_firmwaremt7603e_firmwaremt7629mt7915_firmwaremt7612_firmwaremt7613mt7620mt7615_firmwaremt7613_firmwaremt7622mt7915mt7620_firmwaren/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2021-31881
Matching Score-4
Assigner-Siemens
ShareView Details
Matching Score-4
Assigner-Siemens
CVSS Score-7.1||HIGH
EPSS-1.41% / 79.75%
||
7 Day CHG~0.00%
Published-09 Nov, 2021 | 11:31
Updated-11 Mar, 2025 | 09:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions < V2303). When processing a DHCP OFFER message, the DHCP client application does not validate the length of the Vendor option(s), leading to Denial-of-Service conditions. (FSMD-2021-0008)

Action-Not Available
Vendor-Siemens AG
Product-nucleus_readystart_v3talon_tc_compactnucleus_nettalon_tc_compact_firmwareapogee_pxc_compactapogee_modular_equiment_controller_firmwareapogee_pxc_compact_firmwareapogee_modular_equiment_controllerapogee_modular_building_controllercapital_vstarapogee_pxc_modular_firmwareapogee_pxc_modulartalon_tc_modular_firmwaretalon_tc_modularapogee_modular_building_controller_firmwarenucleus_source_codeCapital Embedded AR Classic 431-422Capital Embedded AR Classic R20-11
CWE ID-CWE-125
Out-of-bounds Read
CVE-2021-32468
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.2||HIGH
EPSS-0.61% / 68.70%
||
7 Day CHG-0.39%
Published-25 Dec, 2021 | 23:25
Updated-03 Aug, 2024 | 23:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle the WPS (Wi-Fi Protected Setup) protocol. (Affected Chipsets MT7603E, MT7610, MT7612, MT7613, MT7615, MT7620, MT7622, MT7628, MT7629, MT7915; Affected Software Versions 7.4.0.0; Out-of-bounds read).

Action-Not Available
Vendor-n/aMediaTek Inc.
Product-mt7615mt7628mt7622_firmwaremt7603emt7610mt7612mt7628_firmwaremt7629_firmwaremt7603e_firmwaremt7629mt7613mt7612_firmwaremt7915_firmwaremt7610_firmwaremt7620mt7615_firmwaremt7613_firmwaremt7622mt7915mt7620_firmwaren/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2016-9276
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.82% / 73.48%
||
7 Day CHG~0.00%
Published-23 Mar, 2017 | 18:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The dwarf_get_aranges_list function in dwarf_arrange.c in Libdwarf before 20161124 allows remote attackers to cause a denial of service (out-of-bounds read).

Action-Not Available
Vendor-libdwarf_projectn/a
Product-libdwarfn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-49285
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-8.6||HIGH
EPSS-6.71% / 90.88%
||
7 Day CHG-1.19%
Published-04 Dec, 2023 | 22:56
Updated-13 Feb, 2025 | 17:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Denial of Service in HTTP Message Processing in Squid

Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a Buffer Overread bug Squid is vulnerable to a Denial of Service attack against Squid HTTP Message processing. This bug is fixed by Squid version 6.5. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Action-Not Available
Vendor-Squid Cache
Product-squidsquid
CWE ID-CWE-126
Buffer Over-read
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-2831
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-0.78% / 72.72%
||
7 Day CHG~0.00%
Published-16 Aug, 2022 | 19:21
Updated-03 Aug, 2024 | 00:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in Blender 3.3.0. An interger overflow in source/blender/blendthumb/src/blendthumb_extract.cc may lead to program crash or memory corruption.

Action-Not Available
Vendor-n/aBlender Foundation
Product-blenderBlender
CWE ID-CWE-190
Integer Overflow or Wraparound
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-125
Out-of-bounds Read
CVE-2020-14125
Matching Score-4
Assigner-Xiaomi Technology Co., Ltd.
ShareView Details
Matching Score-4
Assigner-Xiaomi Technology Co., Ltd.
CVSS Score-7.5||HIGH
EPSS-10.97% / 93.14%
||
7 Day CHG-0.37%
Published-08 Jun, 2022 | 14:14
Updated-04 Aug, 2024 | 12:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A denial of service vulnerability exists in some Xiaomi models of phones. The vulnerability is caused by out-of-bound read/write and can be exploited by attackers to make denial of service.

Action-Not Available
Vendor-n/aXiaomi
Product-redmi_note_11redmi_note_9tmiuiRedmi Note 11 ,Redmi Note 9T
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-46724
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-8.6||HIGH
EPSS-0.61% / 68.86%
||
7 Day CHG-0.18%
Published-01 Nov, 2023 | 19:09
Updated-13 Feb, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SQUID-2023:4 Denial of Service in SSL Certificate validation

Squid is a caching proxy for the Web. Due to an Improper Validation of Specified Index bug, Squid versions 3.3.0.1 through 5.9 and 6.0 prior to 6.4 compiled using `--with-openssl` are vulnerable to a Denial of Service attack against SSL Certificate validation. This problem allows a remote server to perform Denial of Service against Squid Proxy by initiating a TLS Handshake with a specially crafted SSL Certificate in a server certificate chain. This attack is limited to HTTPS and SSL-Bump. This bug is fixed in Squid version 6.4. In addition, patches addressing this problem for the stable releases can be found in Squid's patch archives. Those who you use a prepackaged version of Squid should refer to the package vendor for availability information on updated packages.

Action-Not Available
Vendor-Squid Cache
Product-squidsquid
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-1285
Improper Validation of Specified Index, Position, or Offset in Input
CWE ID-CWE-129
Improper Validation of Array Index
CWE ID-CWE-295
Improper Certificate Validation
CWE ID-CWE-786
Access of Memory Location Before Start of Buffer
CWE ID-CWE-823
Use of Out-of-range Pointer Offset
CVE-2020-13987
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.19% / 40.62%
||
7 Day CHG~0.00%
Published-11 Dec, 2020 | 21:37
Updated-04 Aug, 2024 | 12:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Contiki through 3.0. An Out-of-Bounds Read vulnerability exists in the uIP TCP/IP Stack component when calculating the checksums for IP packets in upper_layer_chksum in net/ipv4/uip.c.

Action-Not Available
Vendor-uip_projectopen-iscsi_projectcontiki-osn/aSiemens AG
Product-contikisentron_3va_com800_firmwaresentron_3va_com800uipsentron_3va_com100open-iscsisentron_pac3200sentron_pac3200_firmwaresentron_pac4200sentron_pac4200_firmwaresentron_3va_com100_firmwaren/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2021-3422
Matching Score-4
Assigner-Splunk Inc.
ShareView Details
Matching Score-4
Assigner-Splunk Inc.
CVSS Score-7.5||HIGH
EPSS-0.40% / 59.58%
||
7 Day CHG~0.00%
Published-25 Mar, 2022 | 18:02
Updated-03 Aug, 2024 | 16:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Indexer denial-of-service via malformed S2S request

The lack of validation of a key-value field in the Splunk-to-Splunk protocol results in a denial-of-service in Splunk Enterprise instances configured to index Universal Forwarder traffic. The vulnerability impacts Splunk Enterprise versions before 7.3.9, 8.0 versions before 8.0.9, and 8.1 versions before 8.1.3. It does not impact Universal Forwarders. When Splunk forwarding is secured using TLS or a Token, the attack requires compromising the certificate or token, or both. Implementation of either or both reduces the severity to Medium.

Action-Not Available
Vendor-Splunk LLC (Cisco Systems, Inc.)
Product-splunkSplunk Enterprise
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-20
Improper Input Validation
CVE-2023-46762
Matching Score-4
Assigner-Huawei Technologies
ShareView Details
Matching Score-4
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.13% / 33.77%
||
7 Day CHG~0.00%
Published-08 Nov, 2023 | 09:32
Updated-04 Sep, 2024 | 20:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-of-bounds write vulnerability in the kernel driver module. Successful exploitation of this vulnerability may cause process exceptions.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-emuiharmonyosHarmonyOSEMUIharmonyosemui
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-50926
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.34% / 56.23%
||
7 Day CHG~0.00%
Published-14 Feb, 2024 | 19:28
Updated-06 Jan, 2025 | 15:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Unvalidated DIO prefix info length in RPL-Lite in Contiki-NG

Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. An out-of-bounds read can be caused by an incoming DIO message when using the RPL-Lite implementation in the Contiki-NG operating system. More specifically, the prefix information of the DIO message contains a field that specifies the length of an IPv6 address prefix. The value of this field is not validated, which means that an attacker can set a value that is longer than the maximum prefix length. Subsequently, a memcmp function call that compares different prefixes can be called with a length argument that surpasses the boundary of the array allocated for the prefix, causing an out-of-bounds read. The problem has been patched in the "develop" branch of Contiki-NG, and is expected to be included in the next release. Users are advised to update as soon as they are able to or to manually apply the changes in Contiki-NG pull request #2721.

Action-Not Available
Vendor-contiki-ngcontiki-ngcontiki-ng
Product-contiki-ngcontiki-ngcontiki-ng
CWE ID-CWE-125
Out-of-bounds Read
CVE-2021-25291
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.54% / 66.60%
||
7 Day CHG~0.00%
Published-19 Mar, 2021 | 03:30
Updated-03 Aug, 2024 | 19:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is an out-of-bounds read in TiffreadRGBATile via invalid tile boundaries.

Action-Not Available
Vendor-n/aPython Software Foundation
Product-pillown/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-46766
Matching Score-4
Assigner-Huawei Technologies
ShareView Details
Matching Score-4
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.18% / 39.26%
||
7 Day CHG~0.00%
Published-08 Nov, 2023 | 09:16
Updated-04 Sep, 2024 | 20:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-of-bounds write vulnerability in the kernel driver module. Successful exploitation of this vulnerability may cause process exceptions.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-emuiharmonyosHarmonyOSEMUIharmonyosemui
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-47264
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.15% / 35.65%
||
7 Day CHG~0.00%
Published-16 Nov, 2023 | 00:00
Updated-02 Aug, 2024 | 21:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain WithSecure products have a buffer over-read whereby processing certain fuzz file types may cause a denial of service (DoS). This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, WithSecure Linux Security 64 12.0, WithSecure Linux Protection 12.0, and WithSecure Atlant (formerly F-Secure Atlant) 15 and later.

Action-Not Available
Vendor-n/aApple Inc.WithSecure CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-linux_security_64server_securitylinux_kernelclient_securityelements_endpoint_protectionatlantwindowsmacosemail_and_server_securitylinux_protectionn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2020-11940
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.47% / 63.74%
||
7 Day CHG~0.00%
Published-23 Apr, 2020 | 14:20
Updated-04 Aug, 2024 | 11:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In nDPI through 3.2 Stable, an out-of-bounds read in concat_hash_string in ssh.c can be exploited by a network-positioned attacker that can send malformed SSH protocol messages on a network segment monitored by nDPI's library.

Action-Not Available
Vendor-ntopn/a
Product-ndpin/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2020-12674
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-6.42% / 90.66%
||
7 Day CHG~0.00%
Published-12 Aug, 2020 | 15:20
Updated-04 Aug, 2024 | 12:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Dovecot before 2.3.11.3, sending a specially formatted RPA request will crash the auth service because a length of zero is mishandled.

Action-Not Available
Vendor-n/aCanonical Ltd.Fedora ProjectDebian GNU/LinuxDovecot
Product-ubuntu_linuxdebian_linuxfedoradovecotn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-46767
Matching Score-4
Assigner-Huawei Technologies
ShareView Details
Matching Score-4
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.18% / 39.26%
||
7 Day CHG~0.00%
Published-08 Nov, 2023 | 09:27
Updated-04 Sep, 2024 | 20:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-of-bounds write vulnerability in the kernel driver module. Successful exploitation of this vulnerability may cause process exceptions.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-emuiharmonyosHarmonyOSEMUIharmonyosemui
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-23437
Matching Score-4
Assigner-Snyk
ShareView Details
Matching Score-4
Assigner-Snyk
CVSS Score-7.5||HIGH
EPSS-0.21% / 43.37%
||
7 Day CHG~0.00%
Published-03 Sep, 2021 | 16:10
Updated-16 Sep, 2024 | 20:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Regular Expression Denial of Service (ReDoS)

The package pillow 5.2.0 and before 8.3.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the getrgb function.

Action-Not Available
Vendor-n/aFedora ProjectPython Software Foundation
Product-pillowfedoraPillow
CWE ID-CWE-125
Out-of-bounds Read
CVE-2020-12673
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.81% / 73.27%
||
7 Day CHG~0.00%
Published-12 Aug, 2020 | 15:18
Updated-04 Aug, 2024 | 12:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Dovecot before 2.3.11.3, sending a specially formatted NTLM request will crash the auth service because of an out-of-bounds read.

Action-Not Available
Vendor-n/aCanonical Ltd.Fedora ProjectDebian GNU/LinuxDovecot
Product-ubuntu_linuxdebian_linuxfedoradovecotn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2021-22484
Matching Score-4
Assigner-Huawei Technologies
ShareView Details
Matching Score-4
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.12% / 31.53%
||
7 Day CHG~0.00%
Published-28 Dec, 2024 | 06:50
Updated-18 Mar, 2025 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Some Huawei wearables have a vulnerability of not verifying the actual data size when reading data. Successful exploitation of this vulnerability may cause a server out of memory (OOM).

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosHarmonyOS
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-20
Improper Input Validation
CVE-2021-21995
Matching Score-4
Assigner-VMware by Broadcom
ShareView Details
Matching Score-4
Assigner-VMware by Broadcom
CVSS Score-7.5||HIGH
EPSS-0.32% / 54.23%
||
7 Day CHG~0.00%
Published-13 Jul, 2021 | 18:05
Updated-03 Aug, 2024 | 18:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

OpenSLP as used in ESXi has a denial-of-service vulnerability due a heap out-of-bounds read issue. A malicious actor with network access to port 427 on ESXi may be able to trigger a heap out-of-bounds read in OpenSLP service resulting in a denial-of-service condition.

Action-Not Available
Vendor-n/aVMware (Broadcom Inc.)
Product-esxicloud_foundationVMware ESXi and VMware Cloud Foundation
CWE ID-CWE-125
Out-of-bounds Read
CVE-2020-11214
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.5||HIGH
EPSS-0.26% / 49.06%
||
7 Day CHG~0.00%
Published-21 Jan, 2021 | 09:41
Updated-04 Aug, 2024 | 11:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer over-read while processing NDL attribute if attribute length is larger than expected and then FW is treating it as more number of immutable schedules in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qpm5579qfs2580qcs610qcn5550qca8337qdm2307qfs2530qpa8802qpa8688pm6125qat3519qcn5124pm8150aipq8078aqtc800hqdm5670qcs2290sa6155pm7150lqpa8821qcn5064qdm5671pmc1000hqat3518sd8csa415mwcn3998wcn3950sm4125sd720gipq8076aqca6428qdm5652sd6905gipq8071qpm8870qpm5679qbt2000pm855pqca6420wcd9360pm6150asdr735gwcn3999pm8150bqsm7250qcs6125ipq6010qcs405qca6430qat3522pmr735awcd9340sd765gsdr660qca6436wcn6851sa6155pqpa6560sdr865wcd9341smr545qca6431qln5020wcd9371sd750gsa8150pqpm5657pm6350qdm5621qtc800ssd660qdm5650wcn3988qca6438wtr3925sdr052qcn5121smb1390pm6150lsd8885gqet4100qpm6585qtc410swcn3991smb1355ipq8072aqln4650qpa8801wcd9330wgr7640qat5568qet5100ipq8078qca6564auipq8173sdxr25gqcn5164pm6150qca6574pm7250bqfs2630qpa8842wcd9380qln4640qcs410smb1381qcn5024sdr735pm7250smb1395pm660lqpa8803smr526wcn3980pmk8003qdm2301qsw8573wsa8815wcn6850sd7cwcn3910qpm6375qca9984ipq6028qcn9024pmp8074pm8009qpa8675sd730sdx55mpm8008qsw8574qcn5054pm855lrsw8577ipq8070sd8655gqpm5621qpm6582wcn6855pm8150lqdm5677sa6145pipq6018qdm2302pmm6155auar8031qpm5577wtr2965pm8150qca4024qpm5875sdx55qet5100msa8155pcsra6640sd675qet4101qat3516qpm5658pm855bsmb2351qln1031qcn7606qcm2290qpm5870wsa8830sdr051pm660qcn9070qln5030qpm6325pm4125qbt1500qpa5581pmi632pm456csrb31024csra6620qpm4621qcn9072qcs4290qet6100pmm855ausdr660gqpa8686smb1396ipq6000pm7150awcd9370ipq8072pm8350sdr425qca6426qca9377ipq5018qpm5641whs9410qcn7605qpm5541qat5516qdm5620qln1021aqipq8074asd662pm8350bhpm3003asa8155qat5533qca6595auqpm6670smb1354ipq5010qca6584auqdm2305qpm8820qpm4641ipq8174pm855pm8250qcn5052qca9367smb1398qdm4643pmx55qcn9074sdr675qca6421sm6250qdm3301sa8195pqpm5677qat5515qca6694smb231qat3514wcd9335qet4200aqqca8081qcn6023ipq8071awcd9385qpm5620pmm8155auqpm4630qca6390wcd9375ar8035aqt1000csr8811qpa8673qdm2310pmm8195auqln4642qca6564asmr546pmx24qet6110qln5040qca8072qpm8895qpm5670wcn3990qcn9000qtm527qca6595pmk8350qpm8830qcn9012pm8350bqat5522wsa8835pm8150cpmr735bsm6250pqpa4360pm855aqcn5154qpa4361qca6574amdm9206qca9889pm8350csmr525qca9888ipq8074qpm4640wcn6750pmr525qpm4650qtm525sa515msd855sd8cxsd665ipq8076qca6175asd765pm640ppmd9607qcn5021qcn5152qat3555sd460qca6391smb1351qpa5461ipq6005qcn9100pm660aqpa4340qcm4290sdx50mpm640asdr8150qfs2608qln1036aqqtc801sqdm4650pmd9655qca6574auqcn5122qsw6310qcm6125qpm6621wsa8810qdm2308qat3550pmx50wcn6856qdm5679qcn5022sdr8250sd768gqca6696sm4350pm8004pm640lpmk8002qca8075sa6150pqcn6024qcn9022qpa2625ipq8070asm7250ppm6250qpa5580Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking
CWE ID-CWE-125
Out-of-bounds Read
CVE-2021-22487
Matching Score-4
Assigner-Huawei Technologies
ShareView Details
Matching Score-4
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.18% / 40.10%
||
7 Day CHG~0.00%
Published-28 Oct, 2021 | 12:25
Updated-03 Aug, 2024 | 18:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is an Out-of-bounds read vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may affect service availability.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-magic_uiemuiMagic UIEMUI
CWE ID-CWE-125
Out-of-bounds Read
CVE-2019-11823
Matching Score-4
Assigner-Synology Inc.
ShareView Details
Matching Score-4
Assigner-Synology Inc.
CVSS Score-8.6||HIGH
EPSS-1.06% / 76.70%
||
7 Day CHG~0.00%
Published-04 May, 2020 | 10:00
Updated-16 Sep, 2024 | 19:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CRLF injection vulnerability in Network Center in Synology Router Manager (SRM) before 1.2.3-8017-2 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via crafted network traffic.

Action-Not Available
Vendor-Synology, Inc.
Product-router_managerSynology Router Manager (SRM)
CWE ID-CWE-125
Out-of-bounds Read
CVE-2019-10895
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-9.71% / 92.62%
||
7 Day CHG~0.00%
Published-09 Apr, 2019 | 03:50
Updated-04 Aug, 2024 | 22:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the NetScaler file parser could crash. This was addressed in wiretap/netscaler.c by improving data validation.

Action-Not Available
Vendor-n/aWireshark FoundationDebian GNU/LinuxCanonical Ltd.Fedora ProjectopenSUSE
Product-ubuntu_linuxdebian_linuxfedorawiresharkleapn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2019-10050
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.47% / 63.54%
||
7 Day CHG~0.00%
Published-13 May, 2019 | 16:18
Updated-04 Aug, 2024 | 22:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A buffer over-read issue was discovered in Suricata 4.1.x before 4.1.4. If the input of the decode-mpls.c function DecodeMPLS is composed only of a packet of source address and destination address plus the correct type field and the right number for shim, an attacker can manipulate the control flow, such that the condition to leave the loop is true. After leaving the loop, the network packet has a length of 2 bytes. There is no validation of this length. Later on, the code tries to read at an empty position, leading to a crash.

Action-Not Available
Vendor-oisfn/a
Product-suricatan/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2020-11200
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.5||HIGH
EPSS-0.34% / 55.70%
||
7 Day CHG~0.00%
Published-21 Jan, 2021 | 09:41
Updated-04 Aug, 2024 | 11:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer over-read while parsing RPS due to lack of check of input validation on values received from user side. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qfe3100qfs2580qfe2550qcs610pmi8996qdm2307qfs2530qpa8802qln1030qpa8688pm6125qat3519pm8150asc8180x\+sdx55qtc800hqdm5670qcs2290sa6155qca6335pm7150lqpa8821qln1020wtr3905qdm5671pmc1000hqat3518sd632sd8cwcn3998wcn3950sm4125sd720gqpa5460wcn3660bqfe4320qcc112qca4020pm845qdm5652sd6905gqpm8870qpm5679qbt2000pm855pqca6420wcd9360pm6150asdr735gpm8150bqsm7250pm8996qcs6125qfe2101qca6430qat3522qfe4455fcpmr735awcd9340sd765gqfe3440fcsdr660qca6436wcn6851sa6155pqpa6560sdr865pmc7180smb1358wcd9341pmi8952qca6431qln5020wcd9371smb1350sd750gwtr3950sa8150pqpm5657pm6350qdm5621qfe3340qtc800ssd660qdm5650sd712wcn3988wtr3925qfe2080fcsdr052smb1390pm6150lsd450qet4100mdm9640qpm6585qtc410swcn3991smb1355qln4650qpa8801wgr7640sd636qet5100qca6564ausdxr25gpm6150qca6574pm7250bqpa8842pmm8996auwcd9380qln4640qcs410smb1381sdr735pm7250wtr4905smb1395pm660lqpa8803ar8151smr526wtr5975wcn3980pmk8003qdm2301qsw8573qcs605wsa8815wcn6850qbt1000sd7cqca6320wcn3910sd835pm8009qpa8675sd730sdx55mpm670apm8008msm8953qsw8574pmi8998qfe2520pme605pm855lqcs603rsw8577sd8655gqpm5621qpm6582sd670pm670pm8150lqdm5677pm8005qsm8250sa6145pqdm2302pmm6155ausdxr1apq8096auwtr2965pm8150sdx55apq8053sa8155psd675qet4101pmi8994qat3516pm670lwcn3660qpm5658qca9379pm855bsmb2351qln1031qcm2290wsa8830qfe4465fcpm660sdr051qln5030pm4125qbt1500qpa5581pmi632pm456mdm9650qpa5373pmk8001qcs4290qet6100pmm855ausdr660gsd455qpa8686smb1396pm7150awcd9370qca6564sdr425qca6426whs9410qat5516wtr2955qdm5620qln1021aqsd662smb1380pm3003asa8155qat5533wcn3615qca6595auqtc800tsmb1354qdm2305qca6310qpm8820qpm2630qfe2081fcpm855pm8250sdm630sd821pmx55sdr675qca6421sm6250qdm3301sa8195ppm8953qat5515qca6694qpm5677qat3514wcd9326wcd9335qet4200aqwcd9385qpm5620pmm8155auqca6390wcd9375aqt1000apq8064auqpa8673qdm2310pmm8195auqln4642qca6694ausd820pm8998qca6564aqet6110qln5040qpm8895sdr845qpm5670wcn3990pm8019qca6595qpm8830qat5522wsa8835msm8996aupm8150cpmr735bsm6250prgr7640auqpa4360qln1035bdpm855aqpa4361qca6574aqca6174asmr525wcn6750pmr525qpm4650qtm525wtr6955sd855sd8cxsd665qca6175asd765pm640pqat3555sd460qca6391smb1351qfe2082fcpm660aqpa4340qcm4290sdx50mpm640asdr8150qln1036aqqtc801spmd9655qca6574ausd710qsw6310qcm6125wsa8810qdm2308qat3550pmx50qdm5679wcn3680bsdr8250sd768gqca6696sm4350pm8004pm640lpmk8002qpa2625sa6150psd845sm7250psdm830sd850pm6250qpa5580Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-20
Improper Input Validation
CVE-2020-11119
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.5||HIGH
EPSS-0.26% / 49.06%
||
7 Day CHG~0.00%
Published-21 Jan, 2021 | 09:41
Updated-04 Aug, 2024 | 11:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer over-read can happen when the buffer length received from response handlers is more than the size of the payload in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qfe3100qfe2080fc_firmwareqca9377_firmwareqfs2580qpm5679_firmwaremdm9640_firmwaresm6250p_firmwareipq4028_firmwarepmd9607_firmwareqca1023qca8337qfe4455fc_firmwarear9380ipq8173_firmwareqfs2608_firmwareqfs2530qpm8870_firmwareqln1030qpa8688pm6125qcn5124qat5522_firmwarewcn3950_firmwarepm8150aqdm5670qca6595au_firmwareqpm5541_firmwareqpa5581_firmwaresa6155pm7150lqpa8821mdm8215pm8998_firmwaresd_455_firmwareapq8076wtr5975_firmwareqcs6125_firmwarepm456_firmwareqpa5580_firmwarewcn3998wcd9371_firmwarewcn3950qcn6024_firmwaresd720gsm4125mdm9206_firmwareqsw8573_firmwarewtr1605wcn3660bqsw8574_firmwaresd460_firmwaresmb2351_firmwarepm8953_firmwareqpa4360_firmwareqca8081_firmwarewcn3998_firmwarepm855pqca6420apq8053_firmwarewtr4605_firmwarepm6150aqpm6670_firmwareipq8070_firmwareqca9367_firmwareipq8078a_firmwarepm660_firmwarepm8150bipq8072_firmwareqca0000sa8155_firmwareqfe2101qca6430qat3522qfe4455fcpmr735awcd9340sdm830_firmwaresd765gsdr660qfs2630_firmwaresdr865mdm9250_firmwareqdm5620_firmwareqca9888_firmwaresmb1358smr545qca6696_firmwareqln5020wcd9371smb1350qcn5154_firmwaremdm8215_firmwarepmm855au_firmwaresd_8cxwtr3950sa8150ppm6350qdm5621qtc800sqat3514_firmwareqca9992_firmwaresd660sd865_5g_firmwaresd712pm640p_firmwaresd660_firmwareqcn5121qcn5022_firmwareqcn7606_firmwareqat5516_firmwarepm6150lwcn6750_firmwarepm855l_firmwareqca6428_firmwareqtc410sipq4018_firmwarewcn3991qca9980_firmwareqpa8801ipq8078pm8150l_firmwareipq8173qat5533_firmwaresdx55m_firmwareqpa8673_firmwarepm6150smb1354_firmwaremsm8976_firmwareqca6574sd670_firmwareqfs2630qpa8842csr8811_firmwarepmm8996ausdr052_firmwarewcd9380qln4640qcs410qpm5579_firmwaresmb1380_firmwarepmk8350_firmwareqcn5024pm855p_firmwaresd690_5g_firmwaresmb1381qfe3100_firmwarepm7250qca9379_firmwarewtr4905qpa8803sdx24_firmwareqcn9012_firmwarepmd9645qdm2301ipq6018_firmwarewcd9340_firmwarewsa8815wcn6850qfe2101_firmwarepmp8074_firmwareqca6584_firmwareqdm2301_firmwareqdm5621_firmwareqpm6375sd_8c_firmwaremdm9215_firmwareipq6028ipq8064sd835pmp8074wcn3980_firmwaresd730qfe3320_firmwarepm660l_firmwarepm6250_firmwarepm8008pm8350b_firmwareqtm525_firmwarepme605_firmwareqcn5064_firmwarepme605ipq8078_firmwareqpm5621_firmwareqca6234qcn5054qln1021aq_firmwareqcs603rsw8577qpa6560_firmwareqca9994qpa8802_firmwareqln4640_firmwareqca9980qpm5621qcn9024_firmwareipq8174_firmwarepm8009_firmwareqpm6582qfs2580_firmwaresd670wcn6855qcn7605_firmwarepm8150lpmi8998_firmwareqcs610_firmwaresa6145ppm660a_firmwareqca9886_firmwarear8031qca1023_firmwareqpm5577wtr2965sdm630_firmwaresd820_firmwareqca6391_firmwarepmx20_firmwarepm8150qca4024wcd9370_firmwareqat3516_firmwaresdx55apq8053qcn5021_firmwarecsra6640qat3555_firmwarepmi8994qpa8803_firmwareqca9379pm855bqca6234_firmwareqln1031qcn7606smb2351qpm5870pm8909qfe1040wsa8830pm660qet6110_firmwareqpm6325pm6125_firmwareqbt1500qpa5581qfe1040_firmwarecsrb31024mdm9628_firmwareqfe2340_firmwaremdm9650sd_636pmx24_firmwareqbt1500_firmwareqpm5870_firmwarepmk8001qca9992qet6100pmm855aumdm9250qca6420_firmwareapq8009_firmwaresd690_5gsmb1396pm7150amdm9310_firmwaresd675_firmwareipq8072pm8350qca6564qpa4361_firmwarepm8350c_firmwareqpa5461_firmwareqca6426wcn3990_firmwareqca9984_firmwareqca9377qpm5641wcd9385_firmwareqdm5650_firmwareqpa4340_firmwaresdxr2_5g_firmwarewcd9326_firmwarewcn3615_firmwarewhs9410rgr7640au_firmwarewtr2955pm7250_firmwaresdr845_firmwareqdm5620qln1021aqipq8074asmb1380pmk8002_firmwareqsw6310_firmwaresa8155qca6584qdm4650_firmwareqcn5122_firmwarepmm6155au_firmwareqat5533qln1031_firmwareqcn6023_firmwaresdx55_firmwarewcn3615sm7250p_firmwarewcn3610_firmwareqsm7250_firmwareqpm6670pm7150l_firmwareqca6584auqpm4641qat5515_firmwareipq8174pm855qpm8830_firmwarepm8250qcn5052qca9367qfe2082fc_firmwaresdm630mdm9607_firmwaremdm9655_firmwareqdm4643qfs2530_firmwarewcn3988_firmwarepmx55qpm4641_firmwareqcn9074pm8150c_firmwareqca6421qdm3301qpa8842_firmwareqat3519_firmwaresa8195psdr735_firmwarepm8953qat5515qca6694qpm5677qat3514wcd9326wcd9335pm6350_firmwareqcn6023pm8004_firmwaresdr8150_firmwareqtc800h_firmwareqpm5620qpm4630qca6390qca9898_firmwaresd750g_firmwareaqt1000msm8976wcd9375sm6250_firmwarepmm8195auqln4642msm8994qpm5677_firmwareipq5010_firmwareipq8074a_firmwaresd888_5g_firmwaresdx20_firmwarepm8998smr525_firmwarewsa8815_firmwareqpm8820_firmwarewtr3925_firmwareapq8017qln1020_firmwareqpm6621_firmwarepm670a_firmwareqcm6125_firmwarepmx55_firmwarewtr2955_firmwareqbt1000_firmwaresd865_5gpm8019qca6595pm8150_firmwaresmb1398_firmwareqpm8830pmm8996au_firmwareqat5522pm8150cpmr735bsd665_firmwareqca9369_firmwareqpa4360pmk8003_firmwareqcn5154qca8075_firmwareqpa4361ipq6005_firmwaremdm9206qpm4640_firmwareqpm5577_firmwarewcn6855_firmwareqdm5679_firmwarepm8350csmr525qca9888qca6310_firmwareipq8070a_firmwarepm6150l_firmwarepmr525mdm9615pm8150a_firmwareqca6574_firmwareqca9886wtr3950_firmwareqln1036aq_firmwaresd665pm6150a_firmwarepm6150_firmwareqca6175asd765pmx20pmd9607qca6574a_firmwareqpm4630_firmwareqat3555sd850_firmwareapq8009qpa5461mdm9310qfe2082fcwtr2965_firmwarepm670_firmwarecsrb31024_firmwareqfs2608qcn9070_firmwareqln1036aqqtc801sipq6028_firmwareipq8072a_firmwaremdm9626_firmwareqpm5641_firmwareqca9889_firmwareqfe3320mdm9607qcn5122sd710pm8008_firmwareqln1035bd_firmwaresdx20m_firmwareqpm6621pmr735a_firmwarepmx50pm8018qcn5022qca6564_firmwaresdr8250sd768gqln1030_firmwaresmb1350_firmwarepm8004pm640lpmk8002qca8075apq8096au_firmwareqcn6024qcn9022sd845mdm9615_firmwaresdm830ipq6000_firmwaresmb1357qcs410_firmwareqca6175a_firmwareqpa5580pm8018_firmwareqpm5579qfe2550sa6150p_firmwareqcs610qcn5550pmi8996qpm5620_firmwareqdm2307qca6431_firmwareqpa8802wcd9360_firmwareqpm6585_firmwareqat3519qbt2000_firmwareqca4024_firmwarepm855a_firmwareipq8078aqtc800hsa8150p_firmwaresdr8250_firmwareqca6335qcn5064csra6620_firmwareqcs605_firmwareqln1020sd_675_firmwaresmr546_firmwareqdm5671csra6640_firmwarepmc1000hqpm4650_firmwarewtr3905qat3518sdr425_firmwaresmr526_firmwareipq8076amdm9628pm640a_firmwareqpa5460wgr7640_firmwareqdm2305_firmwareqpm5670_firmwaresd710_firmwareqca4020qca6428qdm5652qca6574au_firmwareqcn5164_firmwareipq8071qpm8870wcd9375_firmwareqpm5679qbt2000sa6155_firmwarewcd9360sdx20mqca6438_firmwarepmx50_firmwareqpa8675_firmwarewhs9410_firmwaresdr735gqpa5460_firmwarewcn3999qdm3301_firmwarepm8996qsm7250ipq4029_firmwareqcs6125ipq6010sd662_firmwaresmb1360qcs405qfe3440fcqdm2308_firmwarersw8577_firmwareqca4020_firmwareqca6436wcn6851sa6155pqcs603_firmwareqpa6560sdr675_firmwarewcd9341pmi8952qdm4643_firmwaremdm9655pm8937_firmwareqca6431qet4100_firmwaresd750gwcn3910_firmwareqpm5657wtr1605_firmwareqpm5875_firmwarewsa8830_firmwaresd855_firmwareqdm5650wcn3988qca6438wtr3925qfe2080fcsdr052sa8195p_firmwaresmb1390qca9898ipq4028qet4100wcn3610mdm9640qpa8686_firmwareipq5018_firmwareqpm6585qca8337_firmwarewcd9380_firmwaresmb1355ipq8072aqln4650qtc800t_firmwaremsm8996au_firmwaresdr735g_firmwarewcd9330wgr7640qat5568csr6030ipq8076a_firmwareqdm5671_firmwareqca6564auqet5100qpa8801_firmwareqtm527_firmwarewcn6856_firmwarepm8005_firmwareqcn5164qet4101_firmwarepm7250bqln4642_firmwarepmk8001_firmwaresmb1355_firmwarepm7250b_firmwarepmd9655_firmwaresmb1351_firmwareqcn5054_firmwarepm8996_firmwareqet4200aq_firmwaresdx50m_firmwaresdr735smb1395smb358spm660lsmb358s_firmwarear8151smr526qca8072_firmwarewtr5975qca6430_firmwarepmk8003qcn5052_firmwareqtc801s_firmwareqat3522_firmwarewcd9335_firmwarewcn3980qca6335_firmwareqsw8573qcs605qbt1000sd7cqca6320wcn3910mdm9650_firmwareqca6426_firmwarepm8350_firmwarewcn3660b_firmwareqca9984qcn9024pm8009qpa8675qcn5550_firmwaresdr051_firmwaresdx55mwcd9330_firmwareipq8064_firmwarepm670aqca6421_firmwarewtr3905_firmwareqat3518_firmwareqsw8574pmi8998sd821_firmwarear8031_firmwarepm855lwcn6851_firmwareqdm5670_firmwareipq8070pm7150a_firmwarepm8150b_firmwaresd_636_firmwarepmc1000h_firmwareqca6564a_firmwareqdm2310_firmwaresmr545_firmwarepmd9645_firmwareqcn5121_firmwarepm670sd210_firmwareqdm5677pm8005ipq6018pm855_firmwareqdm2302pmm6155ausdxr1pm855b_firmwareapq8096auqca6595_firmwareqcs405_firmwareqpm6582_firmwareqpm6375_firmwarepm640l_firmwarepmi8996_firmwareqln4650_firmwareqpm5875qet5100msa8155psd675wtr4605qet4101pm8952qat3516pm670lqpm5658ar8035_firmwareqpm5658_firmwareqcn5024_firmwarewcn3991_firmwareqdm5652_firmwarepmm8155au_firmwareqfe4465fcqcn9070sdr051qln5030pm4125pmi632qpa2625_firmwarepm456sd7c_firmwareqfe2081fc_firmwarepm8350bh_firmwarecsra6620pmr735b_firmwareqet5100_firmwareqpm4621smb1360_firmwareqcn9072qet6100_firmwarepm670l_firmwaresdr660gqfe2340sd765g_firmwareqpa8686smb1358_firmwareipq8069_firmwareqca6390_firmwareipq6000sd730_firmwarewcd9370qcn5152_firmwareqca0000_firmwaresdr425pmr525_firmwareqca6584au_firmwareapq8076_firmwareqcn9000_firmwareipq5018qca9369ar8151_firmwarepmi632_firmwaresd_8cx_firmwareqcn7605qpm5541qat5516sd662qpa8821_firmwareqcn5124_firmwaresdr660g_firmwarepm8350bhpm3003aqca6320_firmwarewcn3680b_firmwareqca6595auwcn3999_firmwareqca6436_firmwareqtc800tsmb1354ipq5010qca6564au_firmwareqdm2305sa6155p_firmwareqca6310qpm8820pm8937qpm2630qfe2081fcqln5020_firmwaresa515m_firmwareqca9990sdxr2_5gsmb1398sd821msm8994_firmwaresa6145p_firmwaresdr675sm6250sd712_firmwareapq8017_firmwarewsa8810_firmwaresmb231sd765_firmwareqdm5677_firmwareqca8081qet4200aqipq8071aqca6174a_firmwareipq8071a_firmwarewcd9385qpm6325_firmwareqdm2302_firmwareqat3550_firmwarepmm8155auqln5040_firmwarepm4125_firmwarear8035csr8811pm8019_firmwareqpa8673qca6694_firmwareqdm2310qfe2550_firmwareqcn9100_firmwareqln5030_firmwarepm8952_firmwaresd210sd820smb1396_firmwarewcn6850_firmwarewsa8835_firmwarecsr6030_firmwareqca6564apmx24smr546qet6110pmi8952_firmwareqca8072qln5040qpm8895sdr845qpm5670wcn3990qcn9000sd_675qtm527qfe3440fc_firmwarear9380_firmwarepmk8350sdx24qcn9012pmi8994_firmwarepm8350bqdm2307_firmwarewsa8835msm8996auqpm5657_firmwaresd888_5gsm6250prgr7640auqln1035bdpm855asdr660_firmwarepm8909_firmwareipq4018qca6574apm8916_firmwareqca9889qca6174asmb1390_firmwareipq8074qca9994_firmwareqpm4640wcn6750pm8956_firmwareqet5100m_firmwareipq8076_firmwareqpm4650qtm525sa515mwtr6955sd855sm4125_firmwareipq8076wtr6955_firmwarepm640pqcn5021ipq8069qcn5152sd768g_firmwaresdr865_firmwareqfe4465fc_firmwarepm8250_firmwaresd460qca6391sdxr1_firmwaresmb1351smb1357_firmwareipq6005aqt1000_firmwareqcn9100qpm8895_firmwaremdm9626pm660aqpa4340sdx50mpm640asdr8150sdx20pm8916smb1395_firmwareqdm4650mdm9215sd_455pmd9655ipq8074_firmwareqca6574ausa8155p_firmwareqsw6310wcd9341_firmwareqcm6125wsa8810qtc410s_firmwareqpm2630_firmwaresmb231_firmwareqat5568_firmwareqdm2308qat3550wtr4905_firmwarewcn6856qdm5679sd_8cwcn3680bsd835_firmwareipq6010_firmwarepm3003a_firmwareqca6696qtc800s_firmwaresmb1381_firmwaresd845_firmwareqpa2625sa6150pqcn9022_firmwareqpa8688_firmwareqca9990_firmwareipq8070apmm8195au_firmwareqcn9072_firmwaresm7250psd720g_firmwareipq8071_firmwareqcn9074_firmwareqpm4621_firmwareipq4029pm8956sd850pm6250Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-20
Improper Input Validation
CVE-2020-11241
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.5||HIGH
EPSS-0.24% / 47.68%
||
7 Day CHG~0.00%
Published-09 Jun, 2021 | 05:00
Updated-04 Aug, 2024 | 11:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out of bound read will happen if EAPOL Key length is less than expected while processing NAN shared key descriptor attribute in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qfs2580qca9377_firmwareqpm5679_firmwaremdm9640_firmwaresm6250p_firmwareipq4028_firmwarepmd9607_firmwareqca1023qca8337ar9380ipq8173_firmwareqfs2608_firmwareqfs2530qpm8870_firmwareqln1030qpa8688pm6125qcn5124qat5522_firmwarewcn3950_firmwarepm8150asc8180x\+sdx55qdm5670qca6595au_firmwareqpm5541_firmwareqpa5581_firmwaresa6155pm7150lqpa8821pm8998_firmwarewtr5975_firmwareqcs6125_firmwarepm456_firmwareqpa5580_firmwaresa415mwcn3998wcd9371_firmwarewcn3950qcn6024_firmwaresd720gsm4125qsw8573_firmwarewcn3660bqsw8574_firmwaresd460_firmwaresmb2351_firmwareqpa4360_firmwareqca8081_firmwarewcn3998_firmwarepm855pqca6420pm6150aqpm6670_firmwareipq8070_firmwareipq8078a_firmwarepm660_firmwarepm8150bipq8072_firmwaresa8155_firmwareqca6430qat3522pmr735awcd9340sdm830_firmwaresd765gsdr660qfs2630_firmwaresdr865mdm9250_firmwareqdm5620_firmwareqca9888_firmwareqca6696_firmwareqln5020wcd9371qca1062qcn5154_firmwarepmm855au_firmwaresm4350_firmwaresd_8cxwtr3950sa8150ppm6350qdm5621qtc800sqat3514_firmwareqca9992_firmwaresd660sd865_5g_firmwaresd712pm640p_firmwaresd660_firmwareqcn5121qcn5022_firmwareqcn7606_firmwareqat5516_firmwarepm6150lpm855l_firmwareqca6428_firmwareqtc410sipq4018_firmwarewcn3991qca9980_firmwareqpa8801ipq8078pm8150l_firmwareipq8173qat5533_firmwaresdx55m_firmwareqpa8673_firmwarepm6150smb1354_firmwaresd670_firmwareqca6574qfs2630qpa8842csr8811_firmwarepmm8996ausdr052_firmwarewcd9380qln4640qcs410qpm5579_firmwaresmb1380_firmwarepmk8350_firmwareqcn5024pm855p_firmwaresd690_5g_firmwaresmb1381pm7250qca9379_firmwarewtr4905qpa8803sdx24_firmwareqcn9012_firmwarepmd9645qdm2301ipq6018_firmwarewcd9340_firmwarewsa8815wcn6850pmp8074_firmwareqdm5621_firmwareqdm2301_firmwareqpm6375sd_8c_firmwareipq6028ipq8064pmp8074wcn3980_firmwaresd730pm660l_firmwarepm6250_firmwarepm8008pm8350b_firmwareqtm525_firmwarepme605_firmwareqcn5064_firmwarepme605ipq8078_firmwareqpm5621_firmwareqcn5054qln1021aq_firmwareqcs603rsw8577qpa6560_firmwareqca9994qpa8802_firmwareqln4640_firmwareqca9980qpm5621qcn9024_firmwareipq8174_firmwarepm8009_firmwareqpm6582qfs2580_firmwaresd670qcm4290_firmwarewcn6855qcn7605_firmwarepm8150lpmi8998_firmwareqcs610_firmwaresa6145ppm660a_firmwarear8031qca1023_firmwareqpm5577wtr2965sd820_firmwareqca6391_firmwarepmx20_firmwarepm8150qca4024wcd9370_firmwareqat3516_firmwaresdx55qcn5021_firmwarecsra6640qat3555_firmwarepmi8994qpa8803_firmwareqca9379pm855bsmb2351qln1031qcn7606qpm5870pm8909wsa8830pm660qet6110_firmwareqca1062_firmwareqpm6325pm6125_firmwareqbt1500qpa5581csrb31024mdm9628_firmwaremdm9650pmx24_firmwareqbt1500_firmwareqpm5870_firmwarepmk8001qca9992qcs4290pmm855auqet6100mdm9250qca6420_firmwareapq8009_firmwaresd690_5gsmb1396pm7150asd675_firmwareipq8072pm8350qca6564qpa4361_firmwarepm8350c_firmwareqpa5461_firmwareqca6426wcn3990_firmwareqca9984_firmwareqca9377qpm5641wcd9385_firmwareqdm5650_firmwareqpa4340_firmwaresdxr2_5g_firmwarewcd9326_firmwarewcn3615_firmwarewhs9410rgr7640au_firmwarepm7250_firmwaresdr845_firmwareqdm5620qln1021aqipq8074asmb1380pmk8002_firmwareqsw6310_firmwaresa8155qln1031_firmwareqdm4650_firmwareqcn5122_firmwarepmm6155au_firmwareqat5533sdx55_firmwareqcn6023_firmwarewcn3615sm7250p_firmwarewcn3610_firmwareqsm7250_firmwareqpm6670pm7150l_firmwareqca6584auqpm4641qat5515_firmwareipq8174pm855qpm8830_firmwarepm8250qcn5052mdm9607_firmwaremdm9655_firmwareqdm4643qfs2530_firmwaresa415m_firmwarepmx55qpm4641_firmwareqcn9074wcn3988_firmwarepm8150c_firmwareqca6421qdm3301qpa8842_firmwareqat3519_firmwaresa8195psdr735_firmwareqpm5677qat5515qca6694qat3514wcd9326wcd9335pm6350_firmwareqcn6023pm8004_firmwaresdr8150_firmwareqcs4290_firmwareqtc800h_firmwareqpm5620qpm4630qca6390qca9898_firmwaresd750g_firmwareaqt1000wcd9375sc8180x\+sdx55_firmwarepmm8195ausm6250_firmwareqln4642msm8994qpm5677_firmwareipq5010_firmwareipq8074a_firmwaresd888_5g_firmwaresdx20_firmwarepm8998smr525_firmwarewsa8815_firmwareqpm8820_firmwarewtr3925_firmwareqln1020_firmwareqpm6621_firmwarepm670a_firmwareqcm6125_firmwarepmx55_firmwaresd865_5gqca6595pm8150_firmwaresmb1398_firmwareqpm8830pmm8996au_firmwareqat5522pm8150cpmr735bsd665_firmwareqca9369_firmwareqpa4360pmk8003_firmwareqcn5154qca8075_firmwareqpa4361ipq6005_firmwareqpm4640_firmwareqpm5577_firmwarewcn6855_firmwareqdm5679_firmwarepm8350csmr525qca9888qca6310_firmwareipq8070a_firmwarepm6150l_firmwarepmr525pm8150a_firmwareqca6574_firmwarewtr3950_firmwareqln1036aq_firmwaresd665pm6150a_firmwarepm6150_firmwareqca6175asd765pmx20pmd9607qca6574a_firmwareqpm4630_firmwareqat3555sd850_firmwareapq8009qpa5461wtr2965_firmwarepm670_firmwarecsrb31024_firmwareqfs2608qcn9070_firmwareqln1036aqqtc801sipq6028_firmwareipq8072a_firmwaremdm9626_firmwareqpm5641_firmwareqca9889_firmwaresd710mdm9607qcn5122pm8008_firmwaresdx20m_firmwareqpm6621pmr735a_firmwarepmx50qcn5022qca6564_firmwaresdr8250sd768gqca1064_firmwareqln1030_firmwarepm8004pm640lpmk8002qca8075apq8096au_firmwareqcn6024qcn9022sd845sdm830ipq6000_firmwaresmb1357qcs410_firmwareqca6175a_firmwareqpa5580qpm5579sa6150p_firmwareqcs610qcn5550pmi8996qpm5620_firmwareqdm2307qca6431_firmwareqpa8802wcd9360_firmwareqpm6585_firmwareqat3519qbt2000_firmwareqca4024_firmwarepm855a_firmwareipq8078aqtc800hsa8150p_firmwareqcs2290sdr8250_firmwareqca6335qcn5064csra6620_firmwareqcs605_firmwareqln1020sd_675_firmwarewtr3905qdm5671csra6640_firmwarepmc1000hqpm4650_firmwareqat3518sdr425_firmwaresmr526_firmwareipq8076amdm9628pm640a_firmwareqpa5460wgr7640_firmwareqdm2305_firmwareqpm5670_firmwaresd710_firmwareqca4020qca6428qdm5652qca6574au_firmwareqcn5164_firmwareipq8071qpm8870wcd9375_firmwareqpm5679qbt2000sa6155_firmwarewcd9360sdx20mqca6438_firmwarepmx50_firmwareqpa8675_firmwarewhs9410_firmwaresdr735gqpa5460_firmwarewcn3999qdm3301_firmwarepm8996qsm7250ipq4029_firmwareqcs6125ipq6010sd662_firmwaresmb1360qcs405rsw8577_firmwareqdm2308_firmwareqca4020_firmwareqca6436wcn6851sa6155pqcs603_firmwareqpa6560sdr675_firmwarepmc7180wcd9341qdm4643_firmwaremdm9655qca6431qet4100_firmwaresd750gwcn3910_firmwareqpm5657qpm5875_firmwarewsa8830_firmwaresd855_firmwareqdm5650wcn3988qca6438wtr3925sdr052sa8195p_firmwaresmb1390qca9898ipq4028qet4100wcn3610mdm9640qpa8686_firmwareipq5018_firmwareqpm6585qca8337_firmwarewcd9380_firmwaresmb1355ipq8072aqln4650msm8996au_firmwaresdr735g_firmwarewgr7640ipq8076a_firmwareqat5568qdm5671_firmwareqet5100qca6564auqpa8801_firmwareqtm527_firmwarewcn6856_firmwarepm8005_firmwareqcn5164qet4101_firmwarepm7250bqln4642_firmwarepmk8001_firmwaresmb1355_firmwarepm7250b_firmwarepmd9655_firmwaresmb1351_firmwareqcn5054_firmwarepm8996_firmwareqet4200aq_firmwaresdx50m_firmwaresdr735smb1395pm660lsmr526qca8072_firmwarewtr5975qca6430_firmwarepmk8003qcn5052_firmwareqtc801s_firmwareqat3522_firmwarewcd9335_firmwarewcn3980qca6335_firmwareqsw8573qcs605sd7cwcn3910qca6320mdm9650_firmwareqca6426_firmwarepm8350_firmwarewcn3660b_firmwareqca9984qcn9024pm8009qpa8675qcn5550_firmwaresdr051_firmwaresdx55mipq8064_firmwarepm670aqca6421_firmwarewtr3905_firmwareqat3518_firmwareqsw8574pmi8998ar8031_firmwarepm855lwcn6851_firmwareqdm5670_firmwareipq8070pm7150a_firmwarepm8150b_firmwarepmc1000h_firmwareqca6564a_firmwareqdm2310_firmwarepmd9645_firmwareqcn5121_firmwarepm670qdm5677pm8005ipq6018pm855_firmwareqdm2302pmm6155ausdxr1pm855b_firmwareapq8096auqca6595_firmwareqcs405_firmwareqpm6582_firmwareqpm6375_firmwarepm640l_firmwarepmi8996_firmwareqln4650_firmwareqpm5875qet5100msa8155psd675qet4101qat3516pm670lqpm5658ar8035_firmwareqcm2290qpm5658_firmwareqcn5024_firmwarewcn3991_firmwareqdm5652_firmwarepmm8155au_firmwaresdr051qcn9070qln5030qcs2290_firmwarepm4125pmi632qpa2625_firmwarepm456sd7c_firmwarepm8350bh_firmwarecsra6620pmr735b_firmwareqet5100_firmwareqpm4621smb1360_firmwareqcn9072qet6100_firmwarepm670l_firmwaresdr660gsd765g_firmwareqpa8686ipq8069_firmwareqca6390_firmwareipq6000sd730_firmwarewcd9370qcn5152_firmwaresdr425pmr525_firmwareqca6584au_firmwareqcn9000_firmwareipq5018qca9369pmi632_firmwaresd_8cx_firmwareqcn7605qpm5541qat5516sd662qpa8821_firmwareqcn5124_firmwaresdr660g_firmwarepm8350bhqca1064pm3003aqca6320_firmwarewcn3680b_firmwareqca6595auwcn3999_firmwareqca6436_firmwaresmb1354ipq5010qca6564au_firmwareqdm2305sa6155p_firmwareqca6310qpm8820qpm2630qln5020_firmwaresa515m_firmwareqca9990sdxr2_5gsmb1398msm8994_firmwaresa6145p_firmwaresdr675sm6250sd712_firmwarewsa8810_firmwaresd765_firmwareqdm5677_firmwareqca8081qet4200aqipq8071aqca6174a_firmwareipq8071a_firmwarewcd9385qpm6325_firmwareqdm2302_firmwareqat3550_firmwarepmm8155auqln5040_firmwarepm4125_firmwarear8035csr8811qpa8673qca6694_firmwareqdm2310qln5030_firmwareqcn9100_firmwaresd820smb1396_firmwarewcn6850_firmwarewsa8835_firmwareqca6564apmx24qet6110qln5040qca8072qcm2290_firmwareqpm8895sdr845qpm5670wcn3990qcn9000sd_675qtm527ar9380_firmwarepmk8350sdx24qcn9012pmc7180_firmwarepmi8994_firmwarepm8350bqdm2307_firmwarewsa8835msm8996auqpm5657_firmwaresd888_5gsm6250prgr7640aupm855asdr660_firmwarepm8909_firmwareipq4018qca6574apm8916_firmwareqca9889qca6174asmb1390_firmwareipq8074qca9994_firmwareqpm4640qet5100m_firmwareipq8076_firmwareqpm4650qtm525sa515mwtr6955sd855sm4125_firmwareipq8076wtr6955_firmwarepm640pqcn5021ipq8069qcn5152sd768g_firmwaresdr865_firmwarepm8250_firmwaresd460qca6391sdxr1_firmwaresmb1351smb1357_firmwareipq6005aqt1000_firmwareqcn9100qpm8895_firmwaremdm9626pm660aqpa4340qcm4290sdx50mpm640asdr8150sdx20pm8916smb1395_firmwareqdm4650pmd9655ipq8074_firmwareqca6574ausa8155p_firmwareqsw6310wcd9341_firmwareqcm6125wsa8810qtc410s_firmwareqpm2630_firmwareqat5568_firmwareqdm2308qat3550wtr4905_firmwarewcn6856qdm5679sd_8cwcn3680bipq6010_firmwarepm3003a_firmwareqca6696qtc800s_firmwaresm4350sd845_firmwaresmb1381_firmwareqpa2625sa6150pqcn9022_firmwareqpa8688_firmwareqca9990_firmwareipq8070apmm8195au_firmwareqcn9072_firmwaresm7250psd720g_firmwareipq8071_firmwareqcn9074_firmwareqpm4621_firmwareipq4029sd850pm6250Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking
CWE ID-CWE-125
Out-of-bounds Read
CVE-2017-2858
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-7.5||HIGH
EPSS-0.41% / 60.80%
||
7 Day CHG~0.00%
Published-01 Jun, 2018 | 15:00
Updated-16 Sep, 2024 | 16:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An exploitable denial-of-service vulnerability exists in the traversal of lists functionality of Natus Xltek NeuroWorks 8. A specially crafted network packet can cause an out-of-bounds read, resulting in a denial of service. An attacker can send a malicious packet to trigger this vulnerability.

Action-Not Available
Vendor-natusTalos (Cisco Systems, Inc.)
Product-xltek_neuroworksNatus
CWE ID-CWE-125
Out-of-bounds Read
CVE-2020-11238
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.5||HIGH
EPSS-0.32% / 54.15%
||
7 Day CHG~0.00%
Published-09 Jun, 2021 | 05:00
Updated-04 Aug, 2024 | 11:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Possible Buffer over-read in ARP/NS parsing due to lack of check of packet length received in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qfe3100qfe2080fc_firmwareqca9377_firmwareqfs2580qpm5679_firmwaresm6250p_firmwareipq4028_firmwareqfe4455fc_firmwareqca8337ar9380ipq8173_firmwareqfs2608_firmwareqfs2530qpm8870_firmwareqln1030qpa8688pm6125qcn5124qat5522_firmwarewcn3950_firmwarepm8150asc8180x\+sdx55qdm5670qca6595au_firmwareqpm5541_firmwareqpa5581_firmwaresa6155pm7150lqpa8821pm8998_firmwaresd_455_firmwarewtr5975_firmwareqcs6125_firmwarepm456_firmwareqpa5580_firmwaresa415mwcn3998wcd9371_firmwarewcn3950qcn6024_firmwaresd720gsm4125qsw8573_firmwareqsw8574_firmwaresd460_firmwaresmb2351_firmwareqpa4360_firmwareqca8081_firmwarewcn3998_firmwarepm855pqca6420pm6150aqpm6670_firmwareipq8070_firmwareipq8078a_firmwarepm660_firmwarepm8150bipq8072_firmwaresa8155_firmwareqfe2101qca6430qat3522qfe4455fcpmr735awcd9340sdm830_firmwaresd765gsdr660qfs2630_firmwaresdr865qdm5620_firmwareqca9888_firmwareqca6696_firmwareqln5020wcd9371smb1350qca1062qcn5154_firmwarepmm855au_firmwaresm4350_firmwaresd_8cxsa8150ppm6350qdm5621qtc800sqat3514_firmwareqca9992_firmwaresd660sd865_5g_firmwaresd712pm640p_firmwaresd660_firmwareqcn5121qcn5022_firmwareqcn7606_firmwareqat5516_firmwarepm6150lpm855l_firmwareqca6428_firmwareqtc410sipq4018_firmwarewcn3991qca9980_firmwareqpa8801ipq8078pm8150l_firmwareipq8173qat5533_firmwaresdx55m_firmwareqpa8673_firmwarepm6150smb1354_firmwaresd670_firmwareqca6574qfs2630qpa8842csr8811_firmwaresdr052_firmwarewcd9380qln4640qcs410qpm5579_firmwaresmb1380_firmwarepmk8350_firmwareqcn5024pm855p_firmwaresd690_5g_firmwaresmb1381qfe3100_firmwarepm7250qpa8803qcn9012_firmwareqdm2301ipq6018_firmwarewcd9340_firmwarewsa8815wcn6850qfe2101_firmwarepmp8074_firmwareqdm5621_firmwareqdm2301_firmwareqpm6375sd_8c_firmwareipq6028ipq8064sd835pmp8074wcn3980_firmwaresd730pm660l_firmwarepm6250_firmwarepm8008pm8350b_firmwareqtm525_firmwarepme605_firmwareqcn5064_firmwarepme605ipq8078_firmwareqpm5621_firmwareqcn5054qln1021aq_firmwareqcs603rsw8577qpa6560_firmwareqca9994qpa8802_firmwareqln4640_firmwareqca9980qpm5621qcn9024_firmwareipq8174_firmwarepm8009_firmwareqpm6582qfs2580_firmwaresd670qcm4290_firmwarewcn6855qcn7605_firmwarepm8150lpmi8998_firmwareqcs610_firmwaresa6145ppm660a_firmwarear8031qpm5577wtr2965sdm630_firmwareqca6391_firmwarepm8150qca4024wcd9370_firmwareqat3516_firmwaresdx55qcn5021_firmwarecsra6640qat3555_firmwareqpa8803_firmwarepm855bsmb2351qln1031qcn7606qpm5870wsa8830pm660qet6110_firmwareqca1062_firmwareqpm6325pm6125_firmwareqbt1500qpa5581csrb31024sd_636pmx24_firmwareqbt1500_firmwareqpm5870_firmwareqca9992qcs4290pmm855auqet6100qca6420_firmwaresd690_5gsmb1396pm7150asd675_firmwareipq8072pm8350qpa5461_firmwareqpa4361_firmwarepm8350c_firmwareqca6426wcn3990_firmwareqca9984_firmwareqca9377qpm5641wcd9385_firmwareqdm5650_firmwareqpa4340_firmwaresdxr2_5g_firmwarewcd9326_firmwarewhs9410pm7250_firmwaresdr845_firmwareqdm5620qln1021aqipq8074asmb1380pmk8002_firmwareqsw6310_firmwaresa8155qln1031_firmwareqdm4650_firmwareqcn5122_firmwarepmm6155au_firmwareqat5533sdx55_firmwareqcn6023_firmwaresm7250p_firmwareqsm7250_firmwareqpm6670pm7150l_firmwareqca6584auqpm4641qat5515_firmwareipq8174pm855qpm8830_firmwarepm8250qcn5052qfe2082fc_firmwaresdm630qdm4643qfs2530_firmwaresa415m_firmwarepmx55qpm4641_firmwareqcn9074wcn3988_firmwarepm8150c_firmwareqca6421qdm3301qpa8842_firmwareqat3519_firmwaresa8195psdr735_firmwareqpm5677qat5515qca6694qat3514wcd9326wcd9335pm6350_firmwareqcn6023pm8004_firmwaresdr8150_firmwareqcs4290_firmwareqtc800h_firmwareqpm5620qpm4630qca6390qca9898_firmwaresd750g_firmwareaqt1000wcd9375sc8180x\+sdx55_firmwarepmm8195ausm6250_firmwareqln4642qpm5677_firmwareipq5010_firmwareipq8074a_firmwaresd888_5g_firmwaresmr525_firmwarepm8998wsa8815_firmwarewtr3925_firmwareqpm8820_firmwareqln1020_firmwareqpm6621_firmwarepm670a_firmwareqcm6125_firmwarepmx55_firmwareqbt1000_firmwaresd865_5gqca6595pm8150_firmwaresmb1398_firmwareqpm8830qat5522pm8150cpmr735bsd665_firmwareqpa4360pmk8003_firmwareqcn5154qca8075_firmwareqpa4361ipq6005_firmwareqpm4640_firmwareqpm5577_firmwarewcn6855_firmwareqdm5679_firmwarepm8350csmr525qca9888qca6310_firmwareipq8070a_firmwarepm6150l_firmwarepmr525pm8150a_firmwareqca6574_firmwareqln1036aq_firmwaresd665pm6150a_firmwarepm6150_firmwareqca6175asd765qca6574a_firmwareqpm4630_firmwareqat3555sd850_firmwareqpa5461qfe2082fcwtr2965_firmwarepm670_firmwarecsrb31024_firmwareqfs2608qcn9070_firmwareqln1036aqqtc801sipq6028_firmwareipq8072a_firmwareqpm5641_firmwareqca9889_firmwaresd710qcn5122pm8008_firmwareqln1035bd_firmwareqpm6621pmr735a_firmwarepmx50qcn5022sdr8250sd768gqca1064_firmwareqln1030_firmwaresmb1350_firmwarepm8004pm640lpmk8002qca8075qcn6024qcn9022sd845sdm830ipq6000_firmwareqcs410_firmwareqca6175a_firmwareqpa5580qpm5579sa6150p_firmwareqcs610qcn5550qpm5620_firmwareqdm2307qca6431_firmwareqpa8802wcd9360_firmwareqpm6585_firmwareqat3519qbt2000_firmwareqca4024_firmwarepm855a_firmwareipq8078aqtc800hsa8150p_firmwareqcs2290sdr8250_firmwareqca6335qcn5064csra6620_firmwareqcs605_firmwareqln1020sd_675_firmwareqdm5671csra6640_firmwarepmc1000hqpm4650_firmwareqat3518sdr425_firmwaresmr526_firmwareipq8076aqpa5460pm640a_firmwarewgr7640_firmwareqdm2305_firmwareqpm5670_firmwaresd710_firmwareqca6428qdm5652qca6574au_firmwareqcn5164_firmwareipq8071qpm8870wcd9375_firmwareqpm5679qbt2000sa6155_firmwarewcd9360qca6438_firmwarepmx50_firmwareqpa8675_firmwarewhs9410_firmwaresdr735gqpa5460_firmwarewcn3999qdm3301_firmwareqsm7250ipq4029_firmwareqcs6125ipq6010sd662_firmwareqcs405qfe3440fcqdm2308_firmwarersw8577_firmwareqca6436wcn6851sa6155pqcs603_firmwareqpa6560sdr675_firmwarepmc7180wcd9341qdm4643_firmwareqca6431qet4100_firmwaresd750gwcn3910_firmwareqpm5657qpm5875_firmwarewsa8830_firmwaresd855_firmwareqdm5650wcn3988qca6438wtr3925qfe2080fcsdr052sa8195p_firmwaresmb1390qca9898ipq4028qet4100qpa8686_firmwareipq5018_firmwareqpm6585qca8337_firmwarewcd9380_firmwaresmb1355ipq8072aqln4650qtc800t_firmwaresdr735g_firmwarewgr7640ipq8076a_firmwareqat5568qdm5671_firmwareqet5100qca6564auqpa8801_firmwareqtm527_firmwarewcn6856_firmwarepm8005_firmwareqcn5164qet4101_firmwarepm7250bqln4642_firmwaresmb1355_firmwarepm7250b_firmwarepmd9655_firmwaresmb1351_firmwareqcn5054_firmwareqet4200aq_firmwaresdx50m_firmwaresdr735smb1395pm660lar8151smr526qca8072_firmwarewtr5975qca6430_firmwarepmk8003qcn5052_firmwareqtc801s_firmwareqat3522_firmwarewcd9335_firmwarewcn3980qca6335_firmwareqsw8573qcs605qbt1000sd7cqca6320wcn3910qca6426_firmwarepm8350_firmwareqca9984qcn9024pm8009qpa8675qcn5550_firmwaresdr051_firmwaresdx55mipq8064_firmwarepm670aqca6421_firmwareqat3518_firmwareqsw8574pmi8998ar8031_firmwarepm855lwcn6851_firmwareqdm5670_firmwareipq8070pm7150a_firmwarepm8150b_firmwaresd_636_firmwarepmc1000h_firmwareqca6564a_firmwareqdm2310_firmwareqcn5121_firmwarepm670qdm5677pm8005ipq6018pm855_firmwareqdm2302pmm6155ausdxr1pm855b_firmwareqca6595_firmwareqcs405_firmwareqpm6582_firmwareqpm6375_firmwarepm640l_firmwareqln4650_firmwareqpm5875qet5100msa8155psd675qet4101qat3516pm670lqpm5658ar8035_firmwareqcm2290qpm5658_firmwareqcn5024_firmwarewcn3991_firmwareqdm5652_firmwarepmm8155au_firmwareqfe4465fcqcn9070sdr051qln5030qcs2290_firmwarepm4125pmi632qpa2625_firmwarepm456sd7c_firmwareqfe2081fc_firmwarepm8350bh_firmwarecsra6620pmr735b_firmwareqet5100_firmwareqpm4621qcn9072qet6100_firmwarepm670l_firmwaresdr660gsd765g_firmwareqpa8686ipq8069_firmwareqca6390_firmwareipq6000sd730_firmwarewcd9370qcn5152_firmwaresdr425pmr525_firmwareqca6584au_firmwareqcn9000_firmwareipq5018ar8151_firmwarepmi632_firmwaresd_8cx_firmwareqcn7605qpm5541qat5516sd662qpa8821_firmwareqcn5124_firmwaresdr660g_firmwarepm8350bhqca1064pm3003aqca6320_firmwareqca6595auwcn3999_firmwareqca6436_firmwareqtc800tsmb1354ipq5010qca6564au_firmwareqdm2305sa6155p_firmwareqca6310qpm8820qpm2630qfe2081fcqln5020_firmwaresa515m_firmwareqca9990sdxr2_5gsmb1398sa6145p_firmwaresdr675sm6250sd712_firmwarewsa8810_firmwaresd765_firmwareqdm5677_firmwareqca8081qet4200aqipq8071aipq8071a_firmwarewcd9385qpm6325_firmwareqdm2302_firmwareqat3550_firmwarepmm8155auqln5040_firmwarepm4125_firmwarear8035csr8811qpa8673qca6694_firmwareqdm2310qln5030_firmwareqcn9100_firmwaresmb1396_firmwarewcn6850_firmwarewsa8835_firmwareqca6564apmx24qet6110qln5040qca8072qcm2290_firmwareqpm8895sdr845qpm5670wcn3990qcn9000sd_675qtm527qfe3440fc_firmwarear9380_firmwarepmk8350qcn9012pmc7180_firmwarepm8350bqdm2307_firmwarewsa8835qpm5657_firmwaresd888_5gsm6250pqln1035bdpm855asdr660_firmwareipq4018qca6574asmb1390_firmwareqca9889ipq8074qca9994_firmwareqpm4640qet5100m_firmwareipq8076_firmwareqpm4650qtm525sa515mwtr6955sd855sm4125_firmwareipq8076wtr6955_firmwarepm640pqcn5021ipq8069qcn5152sd768g_firmwaresdr865_firmwareqfe4465fc_firmwarepm8250_firmwaresd460qca6391sdxr1_firmwaresmb1351ipq6005aqt1000_firmwareqcn9100qpm8895_firmwarepm660aqpa4340qcm4290sdx50mpm640asdr8150smb1395_firmwareqdm4650sd_455pmd9655ipq8074_firmwareqca6574ausa8155p_firmwareqsw6310wcd9341_firmwareqcm6125wsa8810qtc410s_firmwareqpm2630_firmwareqat5568_firmwareqdm2308qat3550wcn6856qdm5679sd_8csd835_firmwareipq6010_firmwarepm3003a_firmwareqca6696qtc800s_firmwaresm4350sd845_firmwaresmb1381_firmwareqpa2625sa6150pqcn9022_firmwareqpa8688_firmwareqca9990_firmwareipq8070apmm8195au_firmwareqcn9072_firmwaresm7250psd720g_firmwareipq8071_firmwareqcn9074_firmwareqpm4621_firmwareipq4029sd850pm6250Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-43533
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.5||HIGH
EPSS-0.12% / 31.95%
||
7 Day CHG~0.00%
Published-06 Feb, 2024 | 05:47
Updated-11 Aug, 2025 | 15:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Buffer Over-read in WLAN Firmware

Transient DOS in WLAN Firmware when the length of received beacon is less than length of ieee802.11 beacon frame.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-snapdragon_8_gen_3_mobile_platform_firmwareqcm8550_firmwareqcs410_firmwaresa6150p_firmwaresd865_5gsw5100psxr1120vision_intelligence_300_platformqca6595snapdragon_xr1_platformqcs610_firmwarewcd9335wcd9370qca8081_firmwaresnapdragon_x50_5g_modem-rf_systemqca6696wcd9340_firmwarewcd9341_firmwarewcd9395_firmwaresnapdragon_730_mobile_platformqcn6024qcc2073_firmwareqcc710_firmwareqca6426wcn6740_firmwarefastconnect_6700qca1064_firmwareqcn6422_firmwaresnapdragon_768g_5g_mobile_platform_firmwaresa4150pwsa8832_firmwaresnapdragon_x35_5g_modem-rf_system_firmwareqca8337qca6426_firmwarewcd9395snapdragon_460_mobile_platformsnapdragon_auto_4g_modemqca6574au_firmwaresnapdragon_8cx_gen_3_compute_platform_firmwareqam8295pwcd9341ipq5312qca6574auwcd9390wsa8810_firmwaresd730_firmwarewsa8845h_firmwarecsra6640snapdragon_8cx_gen_2_5g_compute_platformsa9000p_firmwaresrv1hqca2064_firmwaresnapdragon_835_mobile_pc_platform_firmwaresd730snapdragon_730g_mobile_platform_firmwareqca6554afastconnect_6800_firmwaresd835_firmwareqcn6024_firmwaresnapdragon_4_gen_2_mobile_platform_firmwaresnapdragon_695_5g_mobile_platformsnapdragon_4_gen_1_mobile_platform_firmwarevideo_collaboration_vc1_platform_firmwaresnapdragon_778g\+_5g_mobile_platformsa8770pqcm6125_firmwaressg2115pqcc710snapdragon_850_mobile_compute_platformsnapdragon_8cx_compute_platform_firmwareqca2062_firmwaresnapdragon_480\+_5g_mobile_platform_firmwaresxr1120_firmwaresnapdragon_695_5g_mobile_platform_firmwareqsm8250_firmwareqsm8350_firmwarerobotics_rb3_platform315_5g_iot_modem_firmwarefastconnect_6900snapdragon_765g_5g_mobile_platformqcn6402qcn6432video_collaboration_vc1_platformipq5332_firmwareqep8111qfw7114wcd9385_firmwareqca6421315_5g_iot_modemsnapdragon_x55_5g_modem-rf_systemqca6310qam8255p_firmwaresnapdragon_630_mobile_platformsa8155_firmwarewcd9360snapdragon_888_5g_mobile_platform_firmwareqca6335snapdragon_ar2_gen_1_platform_firmwareqcs4490snapdragon_8_gen_1_mobile_platform_firmwaresnapdragon_7c_compute_platformimmersive_home_3210_platform_firmwaresnapdragon_685_4g_mobile_platformsnapdragon_8\+_gen_2_mobile_platform_firmwaresa6155pwsa8845qca6421_firmwareqcm6125qca6564au_firmwaresnapdragon_768g_5g_mobile_platformwsa8810qam8650psa9000pqsm8250snapdragon_8\+_gen_2_mobile_platformsrv1h_firmwareqca6595ausm7315_firmwarewcd9326_firmwaresa6155p_firmwarewsa8840srv1m_firmwareqcs8550_firmwaresd835snapdragon_870_5g_mobile_platform_firmwareqfw7124_firmwareqca6436_firmwaresnapdragon_8\+_gen_1_mobile_platformwcd9371_firmwaresnapdragon_7c_compute_platform_firmwaresnapdragon_8_gen_2_mobile_platformqcs4490_firmwaresnapdragon_7c\+_gen_3_compute_firmwarewcn3910_firmwaresm4125_firmwaresnapdragon_855\+\/860_mobile_platform_firmwareqca6420snapdragon_8_gen_3_mobile_platformsnapdragon_7c_gen_2_compute_platform_firmwarewcn3910wcd9370_firmwarecsrb31024snapdragon_845_mobile_platformsnapdragon_x55_5g_modem-rf_system_firmwareqcc2076snapdragon_750g_5g_mobile_platform_firmwaresnapdragon_660_mobile_platformqca6574aqca6174asa8195pwcd9340snapdragon_630_mobile_platform_firmwareqcm2290snapdragon_auto_5g_modem-rf_gen_2qca6335_firmwareqcm6490ipq5302sm8550p_firmwareimmersive_home_3210_platformqcm8550wcn3988qcn9274qcn9024snapdragon_460_mobile_platform_firmwareqca6574snapdragon_x75_5g_modem-rf_systemsa8775psxr2230p_firmwaresd675_firmwaresnapdragon_8cx_compute_platformqca2066_firmwareqca6430_firmwaresnapdragon_870_5g_mobile_platformsa8775p_firmwareqamsrv1hqcn6412_firmwareqcn9024_firmwaresnapdragon_8cx_gen_3_compute_platformwsa8845hsa6150pwcd9326qcs410qcm2290_firmwaresa8155p_firmwareqca6564asa8155pwsa8830snapdragon_675_mobile_platformipq5312_firmwaresm8550pqcf8000_firmwaresa6145psnapdragon_8\+_gen_1_mobile_platform_firmwaresnapdragon_662_mobile_platformvision_intelligence_400_platform_firmwaresnapdragon_765_5g_mobile_platformsc8180x\+sdx55_firmwaresa8255p_firmwaresnapdragon_665_mobile_platformqcc2073ar8035qamsrv1m_firmwaresa6155sa8650p_firmwareqca2065snapdragon_678_mobile_platform_firmwareqcm4325qcn6224sc8180x\+sdx55qca6698aqwcn3950_firmwaresnapdragon_7c_gen_2_compute_platformsm6250ssg2125p_firmwaresnapdragon_8c_compute_platform_firmwaresnapdragon_8_gen_1_mobile_platformqca1062_firmwarefastconnect_6200snapdragon_710_mobile_platformsd670sm7325p_firmwaresa8145p_firmwaresd460snapdragon_730g_mobile_platformsnapdragon_8cx_gen_2_5g_compute_platform_firmwarewcd9360_firmwaresnapdragon_888\+_5g_mobile_platformsmart_audio_400_platformsnapdragon_855\+\/860_mobile_platformsa8150p_firmwaresnapdragon_w5\+_gen_1_wearable_platformfastconnect_6700_firmwaresnapdragon_636_mobile_platform_firmwarevideo_collaboration_vc3_platform_firmwarewcn3990sd670_firmwaresnapdragon_680_4g_mobile_platform_firmwareimmersive_home_326_platform_firmwareqcs6490snapdragon_712_mobile_platform_firmwaresnapdragon_750g_5g_mobile_platformfastconnect_6200_firmwarewsa8830_firmwareqcn6224_firmwareqca6431qca6678aq_firmwareqca8386_firmwaresd660_firmwaresnapdragon_850_mobile_compute_platform_firmwarewsa8845_firmwarewsa8832snapdragon_auto_4g_modem_firmwareqcc2076_firmwaresxr2130_firmwaresrv1mqca6678aqqcn6432_firmwaresnapdragon_675_mobile_platform_firmwarear8035_firmwaresnapdragon_730_mobile_platform_firmwaresnapdragon_888_5g_mobile_platformsc8380xpqca1064qca6320snapdragon_w5\+_gen_1_wearable_platform_firmwaresa4150p_firmwaresd888_firmwaresnapdragon_712_mobile_platformsnapdragon_662_mobile_platform_firmwareqca6564auqcs6125_firmwaresm6250p_firmwarewsa8815_firmwaresa8195p_firmwareqca8337_firmwareqcm4290ipq5332snapdragon_680_4g_mobile_platformsd_455_firmwareqcm6490_firmwaresnapdragon_8c_compute_platformsm7250p_firmwaresm4125qcm4490_firmwaresnapdragon_855_mobile_platformrobotics_rb3_platform_firmwarewcn3950snapdragon_xr2_5g_platformqcs6125snapdragon_x65_5g_modem-rf_system_firmwareqca6797aq_firmwaresnapdragon_auto_5g_modem-rf_gen_2_firmwaresnapdragon_765g_5g_mobile_platform_firmwaresnapdragon_7c\+_gen_3_computesnapdragon_xr2\+_gen_1_platform_firmwaresnapdragon_670_mobile_platform_firmwaresnapdragon_780g_5g_mobile_platformsnapdragon_710_mobile_platform_firmwaresa8295p_firmwaresd_675_firmwaresnapdragon_720g_mobile_platformsd_455sm7250pcsrb31024_firmwaresa8155sd_8cx_firmwaresm6250_firmwaresnapdragon_780g_5g_mobile_platform_firmwaresnapdragon_845_mobile_platform_firmwareqca6584ausd888qca6320_firmwareqcn6274_firmwaresd460_firmwaresnapdragon_4_gen_2_mobile_platformsw5100_firmwaresnapdragon_765_5g_mobile_platform_firmwarewcn6740sc8380xp_firmwareqca6310_firmwarefastconnect_6800qfw7114_firmwareqca6595_firmwaresnapdragon_685_4g_mobile_platform_firmwarefastconnect_7800_firmwareqcn6422ipq5302_firmwarewcd9371snapdragon_782g_mobile_platform_firmwarefastconnect_6900_firmwarewcd9380sa6145p_firmwareqam8255psa6155_firmwaresnapdragon_732g_mobile_platform_firmwaresxr2230psnapdragon_xr2_5g_platform_firmwaresnapdragon_4_gen_1_mobile_platformsa8150pvision_intelligence_300_platform_firmwaresnapdragon_778g_5g_mobile_platformsnapdragon_665_mobile_platform_firmwareqcf8000snapdragon_835_mobile_pc_platformsnapdragon_auto_5g_modem-rf_firmwaresnapdragon_x35_5g_modem-rf_systemqca2064sxr1230psnapdragon_865\+_5g_mobile_platformsd662_firmwareqca2065_firmwaresw5100video_collaboration_vc3_platformaqt1000snapdragon_865_5g_mobile_platform_firmwareqca6688aqqam8295p_firmwaresd855qca6431_firmwareqcn6402_firmwarewcn3990_firmwaresm7315qca6698aq_firmwareqcs2290qca6564a_firmwarewcd9385qsm8350qcs2290_firmwaresd662snapdragon_678_mobile_platformsa8255psnapdragon_720g_mobile_platform_firmwareqcs4290sxr1230p_firmwarewcd9390_firmwaresnapdragon_778g\+_5g_mobile_platform_firmwaresnapdragon_865\+_5g_mobile_platform_firmwaresnapdragon_690_5g_mobile_platformqep8111_firmwareqca6430sm6250psdx55_firmwaresnapdragon_auto_5g_modem-rfssg2125pqca6554a_firmwaresxr2130qcm4490snapdragon_636_mobile_platformcsra6640_firmwareqamsrv1msnapdragon_xr2\+_gen_1_platformimmersive_home_326_platformqca6174a_firmwaresm7325pqam8650p_firmwaresnapdragon_855_mobile_platform_firmwareqca2062qca6420_firmwareaqt1000_firmwareqcs6490_firmwaresnapdragon_x65_5g_modem-rf_systemsd855_firmwarewcd9335_firmwarewcn3980_firmwareqca6436qca6584au_firmwareqcn6274wsa8835wsa8840_firmwareqca6391_firmwaresnapdragon_480_5g_mobile_platform_firmwareqfw7124qca6595au_firmwaresw5100p_firmwaresnapdragon_ar2_gen_1_platformsnapdragon_732g_mobile_platformsnapdragon_782g_mobile_platformqca6696_firmwareqcs4290_firmwaresnapdragon_865_5g_mobile_platformwcd9380_firmwareqca6574_firmwarecsra6620qca8081sd660wsa8815sg4150psd_8_gen1_5gqam8775pqca6797aqqcm4325_firmwareqcn6412vision_intelligence_400_platformqca6574a_firmwaresdx55qcm4290_firmwaresnapdragon_480\+_5g_mobile_platformsd675qca1062sd_8_gen1_5g_firmwarewcd9375_firmwareqca8386qca6391qcn9274_firmwaresmart_audio_400_platform_firmwaresnapdragon_778g_5g_mobile_platform_firmwaresg4150p_firmwaresnapdragon_480_5g_mobile_platformsnapdragon_670_mobile_platformcsra6620_firmwaresa8770p_firmwaresa8295psnapdragon_8_gen_2_mobile_platform_firmwareqcs8550snapdragon_xr1_platform_firmwaresnapdragon_x50_5g_modem-rf_system_firmwarefastconnect_7800sa8650pqam8775p_firmwaresd865_5g_firmwarewcd9375qca6688aq_firmwarewcn3988_firmwareqamsrv1h_firmwaresa8145psd_675snapdragon_888\+_5g_mobile_platform_firmwareqca2066sd_8cxwsa8835_firmwaressg2115p_firmwaresnapdragon_660_mobile_platform_firmwaresnapdragon_x75_5g_modem-rf_system_firmwarewcn3980snapdragon_690_5g_mobile_platform_firmwareqcs610Snapdragon
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-126
Buffer Over-read
CVE-2023-43512
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.5||HIGH
EPSS-0.29% / 52.28%
||
7 Day CHG~0.00%
Published-02 Jan, 2024 | 05:38
Updated-02 Aug, 2024 | 19:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Buffer Over-read in Qualcomm ESL

Transient DOS while parsing GATT service data when the total amount of memory that is required by the multiple services is greater than the actual size of the services buffer.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qcn7606qcn7606_firmwareSnapdragonqcn7606_firmware
CWE ID-CWE-126
Buffer Over-read
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-27405
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.09% / 25.69%
||
7 Day CHG+0.01%
Published-22 Apr, 2022 | 00:00
Updated-03 Aug, 2024 | 05:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

FreeType commit 53dfdcd8198d2b3201a23c4bad9190519ba918db was discovered to contain a segmentation violation via the function FNT_Size_Request.

Action-Not Available
Vendor-freetypen/aFedora Project
Product-freetypefedoran/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2021-20275
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-0.57% / 67.61%
||
7 Day CHG~0.00%
Published-09 Mar, 2021 | 13:12
Updated-03 Aug, 2024 | 17:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in privoxy before 3.0.32. A invalid read of size two may occur in chunked_body_is_complete() leading to denial of service.

Action-Not Available
Vendor-privoxyn/aDebian GNU/Linux
Product-privoxydebian_linuxprivoxy
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-125
Out-of-bounds Read
CVE-2021-1964
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.5||HIGH
EPSS-0.39% / 59.50%
||
7 Day CHG~0.00%
Published-13 Jul, 2021 | 05:31
Updated-03 Aug, 2024 | 16:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Possible buffer over read due to improper validation of IE size while parsing beacon from peer device in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sa6150p_firmwareipq4028_firmwareqcn5550qca8337ar9380ipq8173_firmwareqca9561_firmwareqcn5124qca4024_firmwarewcn3950_firmwareipq8078aipq5028_firmwaresa8150p_firmwareqcs2290qca6595au_firmwaresa6155qcn5064sd_675_firmwaresa415mwcn3998wcn3950qcn6024_firmwaresd720gsm4125ipq8076asd710_firmwaresd460_firmwaresm7315_firmwareqca6428qca6574au_firmwareqcn5164_firmwareipq8071wcd9375_firmwareqca8081_firmwarewcn3998_firmwaresa6155_firmwareqca6420apq8053_firmwareqca6438_firmwareipq8070_firmwareipq8065ipq8078a_firmwareipq5028qca7500ipq8072_firmwareipq4029_firmwaresa8155_firmwareipq6010sd662_firmwareipq8068qca6430wcd9340sd765gqca6436wcn6851sa6155pqca9888_firmwareqcn6122wcd9341ipq8068_firmwareqca6696_firmwaresd870_firmwaresd750gqcn5154_firmwarewcn3910_firmwaresd_8cxsa8150pwsa8830_firmwareqca9992_firmwaresd660sd865_5g_firmwaresd855_firmwarewcn3988qca6438sd660_firmwaresa8195p_firmwareqcn5121qcn5022_firmwarewcn6750_firmwareqca9898ipq4028qca6428_firmwareipq5018_firmwareqca9985_firmwarewcn3991ipq4018_firmwareqca8337_firmwarewcd9380_firmwareipq8072aqca7500_firmwareqca9980_firmwareipq8076a_firmwareipq8078qca6564ausdx55m_firmwareipq8173wcn6856_firmwareqcn5164qca9558sd670_firmwareqca6574csr8811_firmwarewcd9380qcn5054_firmwareqcn5024sd690_5g_firmwareipq4019_firmwaresdx50m_firmwareqca8072_firmwareqca9985qcn9012_firmwareqca6430_firmwareqcn5052_firmwarewcd9335_firmwarewcn3980ipq6018_firmwarewcd9340_firmwarewsa8815wcn6850pmp8074_firmwarewcn3910sd_8c_firmwareqca6426_firmwareqca9984ipq6028ipq8064sd835pmp8074qcn9024wcn3980_firmwaresd730qcn5550_firmwaresdx55mipq8064_firmwarewcn6740_firmwaremsm8953qcn5064_firmwaresd678_firmwareipq8078_firmwareqcn5054wcn6851_firmwareipq8070qca9896qcn5502qca9994qca9887_firmwareqca9980sd670qcn9024_firmwareipq8174_firmwaresd_636_firmwareqca6564a_firmwareqca9880qcm4290_firmwaresd480sd870qcn5121_firmwaresa6145pipq6018qca9886_firmwareqca6595_firmwaresa8145psdm630_firmwareqca6391_firmwareqca4024wcd9370_firmwaresd780g_firmwaresdx55sd888_firmwareapq8053qcn5021_firmwaresa8155psd675qca9531_firmwarear8035_firmwareqcm2290qcn5024_firmwarewcn3991_firmwareqcn5500wsa8830sd678qca9561qcn9070sa8145p_firmwareqcs2290_firmwarecsrb31024qca9563_firmwaresd_636qcn9072qca9880_firmwareqca9992qcs4290sd765g_firmwareqca6420_firmwareqca6390_firmwaresd690_5gipq6000sd730_firmwarewcd9370sd675_firmwareipq8072qcn5152_firmwareqca6564qca6426qca6584au_firmwarewcn3990_firmwareqcn9000_firmwareqca9984_firmwareipq5018sd_8cx_firmwarewcd9385_firmwaresdxr2_5g_firmwarewcd9326_firmwarewcn3615_firmwareqca9563ipq8074asd662qcn5124_firmwareqca9982sa8155wcn3680b_firmwareqcn5122_firmwaresdx55_firmwarewcn3615qcn6023_firmwareqca6595ausm7250p_firmwareqca6436_firmwareipq5010qca6564au_firmwareqca6584ausd778gsa6155p_firmwareipq8174sa515m_firmwareqca9990sdxr2_5gqcn5052sdm630sa415m_firmwarewcn3988_firmwareqcn9074sa6145p_firmwaresm6250sd778g_firmwaresa8195pwsa8810_firmwareqca6694sd765_firmwarewcd9326wcd9335qca8081qca9982_firmwareqcn6023ipq8071aipq8071a_firmwareqcs4290_firmwarewcd9385qca6390qca9898_firmwaresd750g_firmwareaqt1000wcd9375ar8035sm6250_firmwarecsr8811ipq4019qca6694_firmwaremsm8953_firmwareqcn9100_firmwareipq5010_firmwareipq8074a_firmwaresd888_5g_firmwarewsa8815_firmwarewcn6850_firmwarewsa8835_firmwareqca6564aqca9882qca8072qcm2290_firmwarewcn3990qcn9000sd_675sd780gsd865_5gqca6595ar9380_firmwareqcn9012sd888qca9558_firmwareqca9896_firmwareqcn6122_firmwareipq8065_firmwarewsa8835sd665_firmwaresd888_5gqcn5154qca8075_firmwareipq4018qca6574aipq6005_firmwareqca9889sm7325pqca9888ipq8074qca9994_firmwarewcn6750ipq8070a_firmwareipq8076_firmwaresa515mqca6574_firmwareqca9886qcn5502_firmwaresd855sm4125_firmwaresm7325p_firmwaresd665ipq8076qca6175asd765qca9887qca6574a_firmwareqcn5021qcn5152sd768g_firmwaresm7315sd460qca6391ipq6005aqt1000_firmwareqcn9100qcm4290csrb31024_firmwaresdx50mqca9882_firmwareqcn9070_firmwaresd480_firmwareipq6028_firmwareipq8072a_firmwareqca9531ipq8074_firmwareqca6574auqca9889_firmwaresd710sa8155p_firmwareqcn5122wcd9341_firmwarewsa8810qcn5500_firmwarewcn6856sd_8cqcn5022wcn3680bsd835_firmwareqca6564_firmwaresd768gipq6010_firmwarewcn6740qca6696sd845_firmwaresa6150pqca8075qcn9022_firmwareqcn6024qcn9022sd845qca9990_firmwareipq8070aqcn9072_firmwaresm7250pipq6000_firmwaresd720g_firmwareipq8071_firmwareqcn9074_firmwareipq4029qca6175a_firmwareSnapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking
CWE ID-CWE-125
Out-of-bounds Read
CVE-2021-1974
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.5||HIGH
EPSS-0.36% / 57.47%
||
7 Day CHG~0.00%
Published-09 Sep, 2021 | 07:36
Updated-03 Aug, 2024 | 16:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Possible buffer over read due to lack of alignment between map or unmap length of IPA SMMU and WLAN SMMU in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-fsm10055sm7250sa6150p_firmwareqcs610ipq4028_firmwareqcn5550qca8337ar9380ipq8173_firmwareqca9561_firmwareqcn5124qca4024_firmwarewcn3950_firmwareipq8078asa8150p_firmwareqcs2290qca6595au_firmwaresa6155qcn5064qcs605_firmwaresd_675_firmwareqcs6125_firmwaresa415mwcn3998wcn3950qcn6024_firmwaresd720gsm4125ipq8076awcn3660bsd710_firmwaresd460_firmwareqca6428qca6574au_firmwareqcn5164_firmwareipq8071wcd9375_firmwareqca8081_firmwarewcn3998_firmwaresa6155_firmwareqca6420qca6438_firmwareipq8070_firmwareipq8065ipq8078a_firmwareqrb5165_firmwareqca7500ipq8072_firmwareipq4029_firmwareqcs6125sa8155_firmwareipq6010sd662_firmwareipq8068qca6430wcd9340sd765gfsm10056_firmwareqca6436wcn6851sa6155pqca9888_firmwarewcd9341ipq8068_firmwareqca6696_firmwaresd870_firmwaresd750gqcn5154_firmwarewcn3910_firmwaresd_8cxsa8150pwsa8830_firmwareqca9992_firmwaresd660sd865_5g_firmwaresd855_firmwarewcn3988qca6438sd660_firmwaresa8195p_firmwareqcn5022_firmwarewcn6750_firmwareqca9898ipq4028wcn3610qca6428_firmwareipq5018_firmwareqca9985_firmwarewcn3991ipq4018_firmwareqca8337_firmwaresda429w_firmwarewcd9380_firmwareipq8072aqca7500_firmwareqca9980_firmwaresdm429wipq8076a_firmwareipq8078qca6564ausdx55m_firmwareipq8173wcn6856_firmwareqcn5164qca9558sd670_firmwareqca6574csr8811_firmwarewcd9380qcn5054_firmwareqcs410qcn5024sd690_5g_firmwareipq4019_firmwaresdx50m_firmwareqca8072_firmwareqca9985qcn9012_firmwareqca6430_firmwareqcn5052_firmwarewcd9335_firmwarewcn3980ipq6018_firmwareqcs605wcd9340_firmwarewsa8815wcn6850pmp8074_firmwarewcn3910sd_8c_firmwareqca6426_firmwarewcn3660b_firmwareqca9984ipq6028ipq8064sd835pmp8074qcn9024wcn3980_firmwaresd730qcn5550_firmwaresdx55mipq8064_firmwarewcn6740_firmwareqcn5064_firmwaresd678_firmwareipq8078_firmwareqcn5054qrb5165wcn6851_firmwareipq8070qca9896qca9994qca9887_firmwareqca9980sd670qcn9024_firmwareipq8174_firmwaresd_636_firmwareqca6564a_firmwareqca9880qcm4290_firmwaresd480sd870sd210_firmwareqcs610_firmwareqsm8250sa6145pipq6018qca9886_firmwareqca6595_firmwaresa8145psdm630_firmwareqca6391_firmwareqca4024wcd9370_firmwaresd780g_firmwaresdx55qcn5021_firmwaresa8155psd675qca9531_firmwarear8035_firmwareqcm2290qsm8250_firmwareqcn5024_firmwarewcn3991_firmwarewsa8830sd678qca9561qcn9070sa8145p_firmwareqcs2290_firmwarefsm10056sm7250_firmwarecsrb31024qca9563_firmwaresd_636fsm10055_firmwareqcn9072qca9880_firmwareqca9992qcs4290sd765g_firmwareqca6420_firmwareqca6390_firmwaresd690_5gipq6000sd730_firmwarewcd9370sd675_firmwareipq8072qcn5152_firmwareqca6564qca6426qca6584au_firmwarewcn3990_firmwareqcn9000_firmwareqca9984_firmwareipq5018sd_8cx_firmwarewcd9385_firmwaresdxr2_5g_firmwarewcd9326_firmwareqca9563ipq8074asd662qcn5124_firmwaresa8155qcn5122_firmwaresdx55_firmwareqca6595auqcn6023_firmwarewcn3610_firmwareqca6436_firmwareipq5010qca6564au_firmwareqca6584ausd778gsa6155p_firmwareipq8174sd429sa515m_firmwareqca9990sdxr2_5gqcn5052sdm630sa415m_firmwarewcn3988_firmwareqcn9074sd205sd429_firmwaresa6145p_firmwaresd778g_firmwaresm6250sa8195pwsa8810_firmwaresd765_firmwarewcd9326wcd9335qca8081qcn6023ipq8071aipq8071a_firmwareqcs4290_firmwarewcd9385qca6390qca9898_firmwaresd750g_firmwareaqt1000wcd9375ar8035sm6250_firmwarecsr8811ipq4019qcn9100_firmwaresda429wsd210wcn3620_firmwareipq5010_firmwareipq8074a_firmwaresd888_5g_firmwarewsa8815_firmwarewcn6850_firmwarewsa8835_firmwarewcn3620qca6564aqcm6125_firmwareqca9882qca8072qcm2290_firmwarewcn3990qcn9000sd_675sd780gsd865_5gqca6595ar9380_firmwareqcn9012qca9558_firmwareqca9896_firmwarewsa8835ipq8065_firmwaresdm429w_firmwaresd665_firmwaresd888_5gqcn5154qca8075_firmwareipq4018qca6574aqca9889qca9888ipq8074sm7325qca9994_firmwarewcn6750ipq8070a_firmwareipq8076_firmwaresa515mqca6574_firmwareqca9886sd855sm4125_firmwaresd665ipq8076qca6175asd765qca9887qca6574a_firmwareqcn5021qcn5152sd768g_firmwaresd460qca6391aqt1000_firmwareqcn9100qcm4290csrb31024_firmwaresdx50mqca9882_firmwareqcn9070_firmwaresd480_firmwareipq6028_firmwareipq8072a_firmwareqca9531ipq8074_firmwareqca6574auqca9889_firmwaresd710sa8155p_firmwareqcn5122sd205_firmwarewcd9341_firmwareqcm6125wsa8810wcn6856sd_8cqcn5022sd835_firmwareqca6564_firmwaresd768gipq6010_firmwarewcn6740qca6696sa6150pqca8075qcn9022_firmwareqcn6024qcn9022qca9990_firmwareipq8070aqcn9072_firmwareipq6000_firmwaresd720g_firmwareipq8071_firmwareqcn9074_firmwareqcs410_firmwareipq4029qca6175a_firmwaresm7325_firmwareSnapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-43539
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.5||HIGH
EPSS-0.25% / 48.48%
||
7 Day CHG~0.00%
Published-04 Mar, 2024 | 10:48
Updated-10 Jan, 2025 | 17:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Buffer Over-read in WLAN Firmware

Transient DOS while processing an improperly formatted 802.11az Fine Time Measurement protocol frame.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qcn6422ipq8070a_firmwarewcd9385_firmwareipq8070aipq6000qcf8001_firmwaresnapdragon_x75_5g_modem-rf_firmwareqcn9072_firmwaresnapdragon_x65_5g_modem-rf_firmwareqcn6132_firmwareqcc2076immersive_home_326_firmwaresnapdragon_8_gen_2_mobile_firmwareqcn6422_firmwareipq9574_firmwaresc8380xpwcd9395_firmwareqca6698aq_firmwarefastconnect_6900_firmwaresxr2230pqca8085qcf8000fastconnect_6900ipq8078aipq8071a_firmwareqcn9024_firmwaresdx55ipq9008qcn6122_firmwaresd865_5gqcn6432qam8775pqcn9274_firmwareqcn6132qcn9024ssg2115p_firmwareqca8085_firmwareqca6698aqipq6028_firmwareimmersive_home_3210qca8081_firmwarear8035_firmwareqcn6224_firmwareqcn9274snapdragon_x65_5g_modem-rfqcf8000_firmwareipq5332_firmwareipq6018_firmwareqcn9074qcn5022sc8380xp_firmwarecsr8811_firmwaresnapdragon_865\+_5g_mobileqcn6112qca8386ipq9570qca6696_firmwareqcn9013_firmwareqfw7124_firmwareqca6574aipq8076qcn9013qca6554a_firmwaresnapdragon_xr2_5gqca6574_firmwarefastconnect_7800ssg2125p_firmwareqam8255pqcn6024qca6595snapdragon_x75_5g_modem-rfwcn6740snapdragon_870_5g_mobilewcd9390qca6797aq_firmwareqcn6122wsa8810qca6426qcn6432_firmwaresnapdragon_ar2_gen_1sdx65mqca6595au_firmwareqcn9012_firmwarewsa8830_firmwareqcc710ipq6010qcc2076_firmwareqcn5024qca8337_firmwareqca6554aqcn5154_firmwaresnapdragon_865\+_5g_mobile_firmwareqca8084_firmwareqcn5122_firmwarewsa8810_firmwareipq8076_firmwaresdx65m_firmwareqcn5052ipq9008_firmwareqca8082_firmwarewcd9395immersive_home_326wsa8830qca8084sa7255pqcn6112_firmwareqca6564auqam8775p_firmwareqca6426_firmwareqca8081qca8075_firmwareqca6436ipq8078qcc2073fastconnect_6800ipq5302qcn6274wsa8815_firmwareimmersive_home_318ipq5332qca6595aufastconnect_7800_firmwareqcn9072qfw7114snapdragon_8\+_gen_2_mobile_firmwareqcn5164_firmwareipq8174sm8550p_firmwaressg2125psxr1230psnapdragon_865_5g_mobileqcn5052_firmwareqam8650pwcn6740_firmwareqca6574a_firmwaresnapdragon_8_gen_2_mobileqca4024ipq8173_firmwareipq8173qcn5154wcd9390_firmwareqca6436_firmwaressg2115pqcs8550qca6797aqwcd9385wcd9380qcn6412_firmwareqcn9100_firmwareqcn6402_firmwarewsa8815wsa8845ipq5312qam8650p_firmwareipq8078a_firmwareipq9554qcn5122qcn5152_firmwareqca6391qcn9070_firmwareipq5028qca6696qca9888_firmwareqca8075wsa8835qam8255p_firmwareqcf8001qcn9000snapdragon_8_gen_3_mobilesnapdragon_8_gen_3_mobile_firmwareqca6574auwcd9380_firmwaresnapdragon_ar2_gen_1_firmwarewsa8845hqcn9100qcn9012wsa8840ipq8076a_firmwareqcn9022qca0000immersive_home_316_firmwareimmersive_home_216qca6584auqca8386_firmwareipq5312_firmwaresnapdragon_870_5g_mobile_firmwarewcd9340sxr2230p_firmwareqcn9074_firmwareqca4024_firmwareqcn9022_firmwaresxr1230p_firmwareqca6584au_firmwareqcn6224ipq8078_firmwaresa7255p_firmwareipq6000_firmwarewsa8845h_firmwareqcc2073_firmwareipq8071aqcn5022_firmwareqcn6023_firmwareqfw7114_firmwarear8035qcn6402ipq5028_firmwareqcn9070sg8275pimmersive_home_214_firmwareipq8076aipq5010sg8275p_firmwareqcn5024_firmwareipq5302_firmwareipq8174_firmwaresnapdragon_8_gen_1_mobileqca6564au_firmwareipq6018qcn5152qcn6023immersive_home_214sm8550pipq8072aqca9889_firmwareimmersive_home_3210_firmwaresnapdragon_8_gen_1_mobile_firmwareqcm8550_firmwareqcn6024_firmwarewsa8845_firmwareqfw7124snapdragon_865_5g_mobile_firmwarewsa8832_firmwaresdx55_firmwareipq8072a_firmwareipq5010_firmwareipq9554_firmwareipq6028qcc710_firmwarewcd9340_firmwareqca8082qca9888ipq8074a_firmwareimmersive_home_216_firmwarewsa8832csr8811qcn5164qca6391_firmwareqca6595_firmwareqcn5124fastconnect_6800_firmwareqca6574au_firmwareqca8337immersive_home_318_firmwaresd865_5g_firmwareipq9570_firmwaresd_8_gen1_5gimmersive_home_316qcs8550_firmwareqca0000_firmwareqca6574qcn5124_firmwaresd_8_gen1_5g_firmwaresnapdragon_8\+_gen_2_mobileipq9574qca9889snapdragon_xr2_5g_firmwareqcm8550wsa8835_firmwareipq8074awsa8840_firmwareqcn6274_firmwareqcn6412ipq6010_firmwareqcn9000_firmwareSnapdragonqcn6412_firmwareqca6574a_firmwarewsa8832_firmwareqcn5124_firmwareqcn9024_firmwareqcn9070_firmwarewsa8835_firmwareqcn6422_firmwarecsr8811_firmwaresnapdragon_8_gen_3_mobile_platform_firmwareipq8076a_firmwareqcn9022_firmwareipq8076_firmwareipq8074a_firmwareqcn6224_firmwareqca8386_firmwareqcn5164_firmwareqcn5052_firmwareimmersive_home_3210_platform_firmwareqca6698aq_firmwareqca8081_firmwareqcn6402_firmwarewcd9385_firmwarefastconnect_7800_firmwarewsa8845h_firmwareqcm8550_firmwareipq8078_firmwaressg2125p_firmwaresnapdragon_x65_5g_modem-rf_system_firmwareqcn6024_firmwareqca6436_firmwareipq8070a_firmwareqca6595_firmwareipq5302_firmwareqca0000_firmwareqcn5152_firmwareqam8650p_firmwareqcn6274_firmwaresa7255p_firmwareqcn6432_firmwareimmersive_home_316_platform_firmwaresnapdragon_8_gen_2_mobile_platform_firmwareqcn5024_firmwareqcc2073_firmwareqca9889_firmwareipq8173_firmwareqcn9012_firmwareipq6018_firmwareqcn9100_firmwareipq9554_firmwarewcd9340_firmwarear8035_firmwareqca8084_firmwarefastconnect_6800_firmwareqcn5022_firmwaresnapdragon_x75_5g_modem-rf_system_firmwarewsa8845_firmwareqcf8001_firmwareqcc710_firmwareqca8075_firmwareqca6574au_firmwareqcf8000_firmwareqcn9274_firmwareipq8071a_firmwareqcn9074_firmwarewcn6740_firmwaresd_8_gen1_5g_firmwareqcn5122_firmwareqcs8550_firmwareipq5312_firmwaresdx65m_firmwareqca6564au_firmwareqca4024_firmwaresnapdragon_xr2_5g_platform_firmwareqcn9000_firmwareqca6696_firmwareimmersive_home_326_platform_firmwareqcn6122_firmwareimmersive_home_318_platform_firmwareqcn9013_firmwareqca8337_firmwareipq6000_firmwareqcn5154_firmwareqca6595au_firmwarewcd9390_firmwaresm8550p_firmwareqca6554a_firmwaresnapdragon_ar2_gen_1_platform_firmwareipq9570_firmwareipq8078a_firmwarewcd9395_firmwaresxr1230p_firmwareqcn9072_firmwareqfw7124_firmwareqca6391_firmwareqcc2076_firmwareipq8174_firmwareipq6010_firmwarefastconnect_6900_firmwarewsa8840_firmwareqca9888_firmwarewcd9380_firmwareqca6584au_firmwareqam8775p_firmwaresnapdragon_8_gen_1_mobile_platform_firmwarewsa8810_firmwareimmersive_home_216_platform_firmwareipq9008_firmwareqfw7114_firmwaresnapdragon_865_5g_mobile_platform_firmwarewsa8830_firmwareqca8085_firmwaresxr2230p_firmwaressg2115p_firmwareqca6574_firmwaresg8275p_firmwareqcn6112_firmwareqcn6023_firmwareipq5028_firmwareipq6028_firmwarewsa8815_firmwareipq8072a_firmwareipq9574_firmwareqca6797aq_firmwareipq5010_firmwaresd865_5g_firmwareqca6426_firmwaresc8380xp_firmwaresdx55_firmwareqca8082_firmwareipq5332_firmwareimmersive_home_214_platform_firmwareqam8255p_firmwareqcn6132_firmware
CWE ID-CWE-126
Buffer Over-read
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-25736
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.5||HIGH
EPSS-0.17% / 37.96%
||
7 Day CHG~0.00%
Published-19 Oct, 2022 | 00:00
Updated-09 May, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Denial of service in WLAN due to out-of-bound read happens while processing VHT action frame in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-wcd9340_firmwareqcs6125_firmwaresw5100pqcn6024qca6428wcd9385_firmwarewcn3988_firmwaremdm9615qca6431_firmwaremdm9215qcs610qam8295p_firmwareqcn9003qcs6125qca2064qca6428_firmwareqcn5024qcn5124qsm8250_firmwareipq8072a_firmwaresd778gipq5028sd460sd_8_gen1_5g_firmwarewcd9385wcn7850_firmwaresdx55m_firmwareipq5028_firmwaresd_8cx_gen3qca2066qrb5165n_firmwaresd845wcd9340qca2064_firmwareqsm8350qcn7606_firmwareqca8082ipq8074a_firmwaresd730_firmwaresd690_5gsd690_5g_firmwareqcn6122qca9980wcn7850sw5100p_firmwaresdx55msdx65_firmwarewcd9326wcn6851_firmwaresa415mmdm9628qcn9274sa8155qca6574_firmwaresd678_firmwareqca6595auipq4028_firmwaresm7250p_firmwaresd480_firmwareipq8071a_firmwareqcn6102qcn9011sa8150psd665qcn6112_firmwareqca8337_firmwareqca9994_firmwareipq6010wcn7851_firmwarewsa8835pmp8074wcn3990_firmwarear8035_firmwarecsra6640wcn6750ipq8071aqca6320_firmwaresa8195psdm630sa6150pqcn5122_firmwaresd768g_firmwareipq8076_firmwareqca6438_firmwaresm4125ipq8174_firmwaresd780g_firmwaresd865_5gipq8064qca6421_firmwareipq5018qca6574aqca6310_firmwareqcn9002_firmwaresd_675wcn3990sdxr2_5gwsa8810_firmwaresd670qca1062_firmwarewcd9335_firmwarewcn3998_firmwareqcs4290ipq6010_firmwarewsa8815qca2062qca6436_firmwaresd888_5gsa6155psa8155psdx55qca6335qca6564aqca6554a_firmwaresdx65ar9380wcn3991_firmwareqcn7605qca6564a_firmwareqcn9074wcd9360qca6391_firmwaresa4155pipq8072aqca2066_firmwareqca9889_firmwareqca6696_firmwarewcn6855sm6250qcn5154_firmwaresd710mdm8215_firmwareqcn6100_firmwaresd765wcn6750_firmwareqca6554acsrb31024_firmwaresd480ipq5010_firmwareipq8173_firmwaresa4150psd662_firmwaresd695sd850csra6640_firmwareipq8072_firmwareqcn5021_firmwareqca8386_firmwaresd845_firmwareipq6000qca1064qca2065qca6174asd660sxr2150pqca9888_firmwarecsr8811qca9984sdxr1_firmwareqcn6112sm8475qca4024_firmwareqca8081aqt1000_firmwarewcd9371_firmwareqcm2290_firmwareqcs605qca8085_firmwareqca9377qcn5164_firmwarewcn7851qcs4290_firmwareqcn6024_firmwaresa8155_firmwaremdm8215qca1062wcn6740qca8075qcn6122_firmwareipq8069qca6431sd730qcn5024_firmwaresa8145p_firmwareqca2062_firmwarewcn3910wcn3910_firmwareipq4029sd888wcd9380_firmwareipq5010qca4024ipq8070_firmwareqcn6023_firmwareqcn9022_firmwarewcn6740_firmwareqca8386qca9889wcd9370sa6155sd678qcn9070qca6574ausa6145pqcc5100_firmwarewsa8815_firmwareipq8078aqcn9000_firmwaresd680qcn5054wcn3950_firmwaresdxr2_5g_firmwaresd870ipq8174sw5100qcn5124_firmwareqca9377_firmwareqcn9070_firmwaresm7325pqca8081_firmwaremdm9310_firmwaresm4375qca6426_firmwaresa8150p_firmwaresd870_firmwareqcs405_firmwareipq8071wcn3950qcs2290_firmwaresa6155_firmwaremdm9607wcd9380qcm4290_firmwareipq4029_firmwareqca8082_firmwareqcs610_firmwareipq6018qcn9024_firmwareqcm4290wcd9326_firmwareqcm6125_firmwareqcn7606sm4125_firmwareqrb5165_firmwaresd662qcn9100sd675wcn3991qca6420_firmwaresd695_firmwaresd712qrb5165sm7325p_firmwareqca9888sa515m_firmwareqcn9022sd750gqcm6125qcn5022_firmwarewcd9341pmp8074_firmwareqcn5021qca9992qca6426qca6335_firmwareipq8078wsa8835_firmwareqcs2290qca6390sd750g_firmwareqca6696sd850_firmwarewcn3980wcd9360_firmwareqcx315_firmwarewcn6856_firmwareqca9898qcn9000qca9980_firmwareqsm8250ipq8070qcx315qca9990sc8180x\+sdx55_firmwareqcn9072sa6150p_firmwareqcs605_firmwaresd780gqcn5052_firmwarecsrb31024qca9994sd680_firmwareqcc5100qcn6100sa8295pqcn9001mdm9615_firmwaresdxr1sa4155p_firmwareqca6420qca6174a_firmwareqca8337qcn5122ipq8078a_firmwaresd_636ipq8076a_firmwaresd888_firmwarewcn3999sm7250pipq8070a_firmwareqcn5154ipq8074_firmwareipq8076asm6250pipq8076qca9992_firmwaresd_675_firmwareqca6430sd7c_firmwaresd675_firmwarewsa8810sd865_5g_firmwarecsr8811_firmwareqca2065_firmwarewcd9341_firmwarewcn6850ar8031qcn9011_firmwareipq4018sxr2150p_firmwaremdm9628_firmwareqrb5165m_firmwareipq5018_firmwareqca6574a_firmwarewcn3999_firmwaresd712_firmwareqca6595au_firmwareqcm2290sd460_firmwaresc8180x\+sdx55ipq8173sd720gqca9898_firmwaresa8295p_firmwaresd765g_firmwareqcn5152_firmwaresw5100_firmwareqca6390_firmwareqca6564au_firmwareqca6574qcn5054_firmwaresm7315_firmwarewcn3998wcd9335sd665_firmwareipq8069_firmwareqca6430_firmwareipq8071_firmwaresm6250_firmwareqca6438sa415m_firmwareqcs405qca6436sm6250p_firmwareaqt1000qca6421qcn7605_firmwareqca8072_firmwareqcn6023ipq6028qcm6490sa515msd7csd855_firmwaresdx50msd855wcn6856sdm630_firmwareqcs410_firmwareqcn9024qcn5164ipq4028qca8085qcn9003_firmwareqam8295pqcn6102_firmwareqcn9012qca6584wcn6855_firmwareipq6018_firmwareqcm6490_firmwareqrb5165nmdm9607_firmwaresm4375_firmwareqcn9012_firmwaresa4150p_firmwaresd720g_firmwaresd835_firmwaresd778g_firmwarewcd9371mdm9215_firmwareipq8074aqcs410qcn9001_firmwareqrb5165mipq8072qca6391qca6595csra6620sd_8cx_gen3_firmwaresd768gsd_8cx_gen2_firmwareqcn5052sd835sd710_firmwaresd670_firmwaresa6155p_firmwareqca6584auqca6584au_firmwareqca9984_firmwareqca8075_firmwareqcs6490_firmwaresa8195p_firmwareqca6574au_firmwarewcd9370_firmwareipq8074sa8155p_firmwareqcn5152sd888_5g_firmwareqca1064_firmwareqcn9002qca8084_firmwarewcd9375qca6310qcs603qcn9074_firmwarear8035wsa8830mdm9310qcn5022wcd9375_firmwarewcn3980_firmwaresd765_firmwaresd765gipq6028_firmwareqca6320qcs603_firmwareqca8072qca6595_firmwaresd_8cx_gen2wcn6850_firmwaresd660_firmwarewcn6851qsm8350_firmwareqcn9072_firmwareqca9990_firmwaresd_8cxipq8078_firmwaresm7315qca8084sd_455_firmwarear9380_firmwareqcs6490ar8031_firmwarewcn3988qca6564auwsa8830_firmwareqcn9100_firmwaresd_8cx_firmwaresdx55_firmwarecsra6620_firmwareipq9008_firmwareipq8070asd_455sd_636_firmwaresa8145pipq8064_firmwareqca6584_firmwareipq9008qcn6132_firmwareipq4018_firmwaresdx50m_firmwareqcn9274_firmwareqcn6132sa6145p_firmwareipq6000_firmwareSnapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
CWE ID-CWE-125
Out-of-bounds Read
CVE-2021-20094
Matching Score-4
Assigner-Tenable Network Security, Inc.
ShareView Details
Matching Score-4
Assigner-Tenable Network Security, Inc.
CVSS Score-7.5||HIGH
EPSS-2.54% / 84.88%
||
7 Day CHG~0.00%
Published-16 Jun, 2021 | 11:09
Updated-03 Aug, 2024 | 17:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A denial of service vulnerability exists in Wibu-Systems CodeMeter versions < 7.21a. An unauthenticated remote attacker can exploit this issue to crash the CodeMeter Runtime Server.

Action-Not Available
Vendor-wibun/aSiemens AG
Product-sicam_230pss_capesicam_230_firmwarecodemeterWibu-Systems CodeMeter
CWE ID-CWE-125
Out-of-bounds Read
CVE-2020-35890
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.33% / 55.62%
||
7 Day CHG~0.00%
Published-31 Dec, 2020 | 08:24
Updated-04 Aug, 2024 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in the ordnung crate through 2020-09-03 for Rust. compact::Vec violates memory safety via out-of-bounds access for large capacity.

Action-Not Available
Vendor-ordnung_projectn/a
Product-ordnungn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-43692
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.05% / 15.97%
||
7 Day CHG~0.00%
Published-14 Aug, 2025 | 00:00
Updated-15 Aug, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Malwarebytes before 4.6.14.326 and before 5.1.5.116 (and Nebula 2020-10-21 and later). Out-of-bound reads in strings detection utilities lead to system crashes.

Action-Not Available
Vendor-n/a
Product-n/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2019-13503
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.33% / 55.62%
||
7 Day CHG~0.00%
Published-11 Jul, 2019 | 01:49
Updated-04 Aug, 2024 | 23:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

mq_parse_http in mongoose.c in Mongoose 6.15 has a heap-based buffer over-read.

Action-Not Available
Vendor-cesantan/a
Product-mongoosen/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2021-0261
Matching Score-4
Assigner-Juniper Networks, Inc.
ShareView Details
Matching Score-4
Assigner-Juniper Networks, Inc.
CVSS Score-7.5||HIGH
EPSS-0.44% / 62.20%
||
7 Day CHG~0.00%
Published-22 Apr, 2021 | 19:37
Updated-16 Sep, 2024 | 19:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS: Denial of Service vulnerability in J-Web and web based (HTTP/HTTPS) services caused by a high number of specific requests

A vulnerability in the HTTP/HTTPS service used by J-Web, Web Authentication, Dynamic-VPN (DVPN), Firewall Authentication Pass-Through with Web-Redirect, and Captive Portal allows an unauthenticated attacker to cause an extended Denial of Service (DoS) for these services by sending a high number of specific requests. This issue affects: Juniper Networks Junos OS 12.3 versions prior to 12.3R12-S17 on EX Series; 12.3X48 versions prior to 12.3X48-D105 on SRX Series; 15.1 versions prior to 15.1R7-S8; 15.1X49 versions prior to 15.1X49-D230 on SRX Series; 16.1 versions prior to 16.1R7-S8; 17.4 versions prior to 17.4R2-S12, 17.4R3-S3; 18.1 versions prior to 18.1R3-S11; 18.2 versions prior to 18.2R3-S6; 18.3 versions prior to 18.3R2-S4, 18.3R3-S3; 18.4 versions prior to 18.4R2-S5, 18.4R3-S4; 19.1 versions prior to 19.1R2-S2, 19.1R3-S2; 19.2 versions prior to 19.2R1-S5, 19.2R3; 19.3 versions prior to 19.3R2-S4, 19.3R3; 19.4 versions prior to 19.4R1-S3, 19.4R2-S2, 19.4R3; 20.1 versions prior to 20.1R1-S3, 20.1R2; 20.2 versions prior to 20.2R1-S1, 20.2R2.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-ex4400srx345srx5800srx380srx4200srx340ex9200srx4100ex4300ex3400ex9250ex2300srx5400ex4650srx550srx300ex4600srx320srx5600junosex2300-csrx4600srx1500Junos OS
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2020-9428
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-8.18% / 91.83%
||
7 Day CHG~0.00%
Published-27 Feb, 2020 | 22:06
Updated-04 Aug, 2024 | 10:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14, the EAP dissector could crash. This was addressed in epan/dissectors/packet-eap.c by using more careful sscanf parsing.

Action-Not Available
Vendor-n/aWireshark FoundationDebian GNU/LinuxFedora ProjectopenSUSE
Product-wiresharkdebian_linuxfedoraleapn/a
CWE ID-CWE-125
Out-of-bounds Read
  • Previous
  • 1
  • 2
  • ...
  • 5
  • 6
  • 7
  • ...
  • 10
  • 11
  • Next
Details not found