Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-7537

Summary
Assigner-zdi
Assigner Org ID-99f1926a-a320-47d8-bbb5-42feb611262e
Published At-05 Aug, 2024 | 23:53
Updated At-06 Aug, 2024 | 13:56
Rejected At-
Credits

oFono QMI SMS Handling Out-Of-Bounds Read Information Disclosure Vulnerability

oFono QMI SMS Handling Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows local attackers to disclose sensitive information on affected installations of oFono. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of SMS message lists. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-23157.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:zdi
Assigner Org ID:99f1926a-a320-47d8-bbb5-42feb611262e
Published At:05 Aug, 2024 | 23:53
Updated At:06 Aug, 2024 | 13:56
Rejected At:
▼CVE Numbering Authority (CNA)
oFono QMI SMS Handling Out-Of-Bounds Read Information Disclosure Vulnerability

oFono QMI SMS Handling Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows local attackers to disclose sensitive information on affected installations of oFono. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of SMS message lists. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-23157.

Affected Products
Vendor
oFono
Product
oFono
Default Status
unknown
Versions
Affected
  • 1.34
Problem Types
TypeCWE IDDescription
CWECWE-125CWE-125: Out-of-bounds Read
Type: CWE
CWE ID: CWE-125
Description: CWE-125: Out-of-bounds Read
Metrics
VersionBase scoreBase severityVector
3.03.3LOW
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Version: 3.0
Base score: 3.3
Base severity: LOW
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.zerodayinitiative.com/advisories/ZDI-24-1077/
x_research-advisory
Hyperlink: https://www.zerodayinitiative.com/advisories/ZDI-24-1077/
Resource:
x_research-advisory
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:zdi-disclosures@trendmicro.com
Published At:06 Aug, 2024 | 00:15
Updated At:29 Aug, 2024 | 18:01

oFono QMI SMS Handling Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows local attackers to disclose sensitive information on affected installations of oFono. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of SMS message lists. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-23157.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.15.5MEDIUM
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Secondary3.03.3LOW
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Type: Primary
Version: 3.1
Base score: 5.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Type: Secondary
Version: 3.0
Base score: 3.3
Base severity: LOW
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CPE Matches
ofono_project
ofono_project
>>ofono>>1.34
cpe:2.3:a:ofono_project:ofono:1.34:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-125Primarynvd@nist.gov
CWE-125Secondaryzdi-disclosures@trendmicro.com
CWE ID: CWE-125
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-125
Type: Secondary
Source: zdi-disclosures@trendmicro.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://www.zerodayinitiative.com/advisories/ZDI-24-1077/zdi-disclosures@trendmicro.com
Third Party Advisory
Hyperlink: https://www.zerodayinitiative.com/advisories/ZDI-24-1077/
Source: zdi-disclosures@trendmicro.com
Resource:
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

377Records found
CVE-2024-47034
Matching Score-4
Assigner-Google Devices
ShareView Details
Matching Score-4
Assigner-Google Devices
CVSS Score-5.1||MEDIUM
EPSS-0.06% / 17.36%
||
7 Day CHG~0.00%
Published-25 Oct, 2024 | 10:34
Updated-28 Oct, 2024 | 17:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroidandroidpixel
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-23909
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-2.8||LOW
EPSS-0.11% / 28.90%
||
7 Day CHG~0.00%
Published-10 May, 2023 | 13:16
Updated-27 Jan, 2025 | 18:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-of-bounds read for some Intel(R) Trace Analyzer and Collector software before version 2021.8.0 published Dec 2022 may allow an authenticated user to potentially enable information disclosure via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-trace_analyzer_and_collectoroneapi_hpc_toolkitIntel(R) Trace Analyzer and Collector software
CWE ID-CWE-125
Out-of-bounds Read
CVE-2019-8691
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.06% / 18.75%
||
7 Day CHG~0.00%
Published-18 Dec, 2019 | 17:33
Updated-04 Aug, 2024 | 21:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A validation issue was addressed with improved input sanitization. This issue is fixed in macOS Mojave 10.14.6. An application may be able to read restricted memory.

Action-Not Available
Vendor-Apple Inc.
Product-mac_os_xmacOS
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-45070
Matching Score-4
Assigner-OpenHarmony
ShareView Details
Matching Score-4
Assigner-OpenHarmony
CVSS Score-5.5||MEDIUM
EPSS-0.11% / 29.00%
||
7 Day CHG+0.08%
Published-07 Jan, 2025 | 07:56
Updated-16 Oct, 2025 | 15:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Liteos_a has an out-of-bounds read vulnerability

in OpenHarmony v4.1.2 and prior versions allow a local attacker cause information leak through out-of-bounds Read.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmony
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-44134
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.07% / 22.37%
||
7 Day CHG~0.00%
Published-16 Sep, 2024 | 23:23
Updated-04 Nov, 2025 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sequoia 15. An app may be able to read sensitive location information.

Action-Not Available
Vendor-Apple Inc.
Product-macosmacOS
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-43082
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-5.5||MEDIUM
EPSS-0.07% / 22.54%
||
7 Day CHG~0.00%
Published-13 Nov, 2024 | 17:25
Updated-17 Dec, 2024 | 20:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In onActivityResult of EditUserPhotoController.java, there is a possible cross-user media read due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-43063
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-6.1||MEDIUM
EPSS-0.07% / 22.18%
||
7 Day CHG+0.04%
Published-06 Jan, 2025 | 10:33
Updated-10 Jan, 2025 | 15:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Buffer Over-read in Automotive Autonomy

information disclosure while invoking the mailbox read API.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sa9000p_firmwareqam8775psa8775p_firmwareqam8650pqca6595_firmwaresa8770p_firmwareqca6698aqsa8650p_firmwaresa8770psa8255p_firmwareqam8255psa8295pqamsrv1hsa8775pqam8775p_firmwareqca6595sa8540pqam8295pqca6698aq_firmwaresa8295p_firmwaresa9000pqam8650p_firmwaresrv1h_firmwaresa8540p_firmwareqca6595au_firmwaresa8255pqamsrv1h_firmwareqam8295p_firmwareqca6595auqca6696srv1hqca6696_firmwareqam8255p_firmwaresa8650pSnapdragon
CWE ID-CWE-126
Buffer Over-read
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-43508
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.19% / 41.30%
||
7 Day CHG-0.03%
Published-08 Oct, 2024 | 17:35
Updated-08 Jul, 2025 | 15:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Graphics Component Information Disclosure Vulnerability

Windows Graphics Component Information Disclosure Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11_24h2windows_11_22h2windows_server_2022_23h2windows_11_23h2Windows 11 Version 24H2Windows 11 version 22H2Windows 11 Version 23H2Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 version 22H3
CWE ID-CWE-125
Out-of-bounds Read
CVE-2019-8510
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.07% / 20.96%
||
7 Day CHG~0.00%
Published-18 Dec, 2019 | 17:33
Updated-04 Aug, 2024 | 21:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2, watchOS 5.2. A malicious application may be able to determine kernel memory layout.

Action-Not Available
Vendor-Apple Inc.
Product-mac_os_xiphone_oswatchostvostvOSmacOSwatchOSiOS
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-22338
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-4.4||MEDIUM
EPSS-0.04% / 12.56%
||
7 Day CHG~0.00%
Published-11 Aug, 2023 | 02:37
Updated-13 Feb, 2025 | 16:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-of-bounds read in some Intel(R) oneVPL GPU software before version 22.6.5 may allow an authenticated user to potentially enable information disclosure via local access.

Action-Not Available
Vendor-n/aIntel CorporationFedora Project
Product-fedoraonevpl_gpu_runtimeIntel(R) oneVPL GPU software
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-40656
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-5.5||MEDIUM
EPSS-0.06% / 17.34%
||
7 Day CHG~0.00%
Published-11 Sep, 2024 | 00:09
Updated-17 Dec, 2024 | 19:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In handleCreateConferenceComplete of ConnectionServiceWrapper.java, there is a possible way to reveal images across users due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-39806
Matching Score-4
Assigner-OpenHarmony
ShareView Details
Matching Score-4
Assigner-OpenHarmony
CVSS Score-5.5||MEDIUM
EPSS-0.04% / 13.39%
||
7 Day CHG~0.00%
Published-08 Oct, 2024 | 03:03
Updated-16 Oct, 2024 | 16:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Liteos_a has an out-of-bounds Read vulnerability

in OpenHarmony v4.1.0 and prior versions allow a local attacker cause information leak through out-of-bounds Read.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmony
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-39612
Matching Score-4
Assigner-OpenHarmony
ShareView Details
Matching Score-4
Assigner-OpenHarmony
CVSS Score-5.5||MEDIUM
EPSS-0.12% / 30.48%
||
7 Day CHG~0.00%
Published-02 Sep, 2024 | 03:25
Updated-04 Sep, 2024 | 16:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Background Task Manager has an out-of-bounds read permission bypass vulnerability

in OpenHarmony v4.0.0 and prior versions allow a local attacker cause information leak through out-of-bounds Read.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmony
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-922
Insecure Storage of Sensitive Information
CVE-2024-38382
Matching Score-4
Assigner-OpenHarmony
ShareView Details
Matching Score-4
Assigner-OpenHarmony
CVSS Score-5.5||MEDIUM
EPSS-0.12% / 30.48%
||
7 Day CHG~0.00%
Published-02 Sep, 2024 | 03:24
Updated-04 Sep, 2024 | 17:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Ability Runtime has an out-of-bounds read permission bypass vulnerability

in OpenHarmony v4.0.0 and prior versions allow a local attacker cause information leak through out-of-bounds Read.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmony
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-922
Insecure Storage of Sensitive Information
CVE-2024-38155
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.13% / 33.24%
||
7 Day CHG~0.00%
Published-13 Aug, 2024 | 17:30
Updated-10 Jul, 2025 | 16:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Security Center Broker Information Disclosure Vulnerability

Security Center Broker Information Disclosure Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_11_24h2windows_11_21h2windows_10_22h2windows_11_22h2windows_11_23h2Windows 11 version 22H3Windows 11 version 22H2Windows 11 Version 24H2Windows 11 Version 23H2Windows 11 version 21H2Windows 10 Version 22H2Windows 10 Version 1809Windows 10 Version 21H2
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-38414
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-6.1||MEDIUM
EPSS-0.03% / 9.15%
||
7 Day CHG~0.00%
Published-03 Feb, 2025 | 16:51
Updated-05 Feb, 2025 | 13:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Buffer Over-read in Computer Vision

Information disclosure while processing information on firmware image during core initialization.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-fastconnect_7800_firmwaresa8150psa6150p_firmwarefastconnect_6900sw5100_firmwarewcn3988_firmwareqca6696sa8195p_firmwaresa8155p_firmwareqca6696_firmwareqam8295p_firmwaresa8530p_firmwaresnapdragon_8_gen_1_mobile_firmwaresa8145p_firmwarewcd9385_firmwaresa6150pwcd9380_firmwareqca6574au_firmwaresnapdragon_888\+_5g_mobilesa8195pqca6174a_firmwaresa6145p_firmwaresa8295psa6145psnapdragon_888_5g_mobile_firmwaresnapdragon_w5\+_gen_1_wearable_firmwarewcn3980snapdragon_w5\+_gen_1_wearablesw5100snapdragon_888_5g_mobilesa8540p_firmwaresa6155psw5100p_firmwaresa8295p_firmwarewcd9380wsa8830sa8150p_firmwarewsa8835sa8145psa8155psa9000psw5100psa8530pwsa8830_firmwarefastconnect_7800wcn3980_firmwaresa6155p_firmwaresnapdragon_8_gen_1_mobileqam8295pfastconnect_6900_firmwaresa8540pqca6174awcn3988sa9000p_firmwaresnapdragon_888\+_5g_mobile_firmwarewcd9385qca6574auwsa8835_firmwareSnapdragon
CWE ID-CWE-126
Buffer Over-read
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-38417
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-6.1||MEDIUM
EPSS-0.03% / 9.15%
||
7 Day CHG~0.00%
Published-03 Feb, 2025 | 16:51
Updated-05 Feb, 2025 | 13:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Buffer Over-read in Automotive Multimedia

Information disclosure while processing IO control commands.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-fastconnect_7800_firmwareqfw7124sdm429war8035_firmwareqca6696sa8195p_firmwareqcn6224_firmwareqcs610qam8295p_firmwaresa8155p_firmwarec-v2x_9150_firmwareqca8337sa8145p_firmwareqcn9074_firmwarewcn3620_firmwareqca8337_firmwarevideo_collaboration_vc1_platform_firmwareqca9367_firmwarewcn3680bwcd9380_firmwareqca6574au_firmwaresa8195pqcn6274_firmwareqca6584auwcn3950_firmwarewcn3660bsdm429w_firmwarec-v2x_9150wcn3980wcn3950video_collaboration_vc3_platform_firmwaresw5100wcd9370wcd9340_firmwareqcc710_firmwaresa8540p_firmwaresw5100p_firmwaresa8295p_firmwarear8035sa8150p_firmwaresnapdragon_429_mobile_firmwarewsa8835qca9377sa9000pqca8081_firmwareqcn9074fastconnect_7800snapdragon_x75_5g_modem-rfsa6155p_firmwarewcd9341_firmwaresnapdragon_8_gen_1_mobilewcd9340qam8295pwcd9341wcn3988qca6698aq_firmwareqca6574auqfw7114_firmwaresa8150psa6150p_firmwarefastconnect_6900wcn3988_firmwaresw5100_firmwaresnapdragon_auto_5g_modem-rf_gen_2qca6584au_firmwaresnapdragon_429_mobileqcs410_firmwaresa8530p_firmwareqca6696_firmwaresnapdragon_8_gen_1_mobile_firmwaresnapdragon_x72_5g_modem-rf_firmwarewsa8810_firmwaresa6150pwcn3680b_firmwarewsa8810qcn6274qcc710sa8295psa6145p_firmwareqcs610_firmwaresa6145pqca9367wsa8815snapdragon_x72_5g_modem-rfqcs410qca9377_firmwaresa6155psnapdragon_x75_5g_modem-rf_firmwarewcd9380video_collaboration_vc3_platformwsa8830wsa8815_firmwaresa8155psa8145psw5100psa8530pwsa8830_firmwarewcn3620wcn3980_firmwareqca8081qca6698aqvideo_collaboration_vc1_platformfastconnect_6900_firmwaresa8540pqcn6224sa9000p_firmwareqfw7114qfw7124_firmwarewcn3660b_firmwaresnapdragon_auto_5g_modem-rf_gen_2_firmwarewsa8835_firmwarewcd9370_firmwareSnapdragon
CWE ID-CWE-126
Buffer Over-read
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-38056
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.27% / 49.81%
||
7 Day CHG+0.02%
Published-09 Jul, 2024 | 17:02
Updated-10 Feb, 2026 | 23:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Windows Codecs Library Information Disclosure Vulnerability

Microsoft Windows Codecs Library Information Disclosure Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_server_2022_23h2windows_server_2012windows_10_1507windows_11_21h2windows_10_22h2windows_server_2022windows_11_22h2windows_server_2019windows_10_1607windows_11_23h2Windows 11 version 21H2Windows 11 Version 23H2Windows 10 Version 1809Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 version 22H3Windows Server 2016 (Server Core installation)Windows 10 Version 22H2Windows Server 2019Windows Server 2022Windows 10 Version 1607Windows Server 2019 (Server Core installation)Windows Server 2016Windows 11 version 22H2Windows 10 Version 21H2Windows 10 Version 1507Windows Server 2012 R2Windows Server 2012 R2 (Server Core installation)
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-38416
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-6.1||MEDIUM
EPSS-0.03% / 9.15%
||
7 Day CHG~0.00%
Published-03 Feb, 2025 | 16:51
Updated-05 Feb, 2025 | 13:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Buffer Over-read in Audio

Information disclosure during audio playback.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-fastconnect_7800_firmwareqcn6224_firmwareqam8295p_firmwarec-v2x_9150_firmwareqcn9074_firmwareqcs8550_firmwareqca9367_firmwarewcn3680bqca6574au_firmwareqsm8250_firmwaresa8195pqcn6274_firmwareqca6391qca6584auwcn3950_firmwarewcn3660bqca6564amsm8996auwcn3950video_collaboration_vc3_platform_firmwaresxr2230pqcc710_firmwaresa8540p_firmwaresnapdragon_x55_5g_modem-rfsnapdragon_865\+_5g_mobilear8035sa8150p_firmwareqca6564a_firmwaresxr2230p_firmwaresxr2130snapdragon_xr2_5g_platformsa6155p_firmwarewcd9341qca6698aq_firmwaresnapdragon_x55_5g_modem-rf_firmwaresnapdragon_865_5g_mobilefastconnect_6900qca6574afastconnect_6800qcs410_firmwaresa8530p_firmwarewcd9385_firmwaresa6150pwcn3680b_firmwarewsa8810snapdragon_820_automotivesa8295psa6145p_firmwaresa6145psnapdragon_870_5g_mobile_firmwareqcs410sdx55sa6155psnapdragon_865\+_5g_mobile_firmwaresnapdragon_x75_5g_modem-rf_firmwarewcd9380video_collaboration_vc3_platformqca6436_firmwaresa8155pwsa8832_firmwarewsa8830_firmwareqca6564ausxr2130_firmwaresnapdragon_xr2_5g_platform_firmwareqca8081qcn6224wcd9385qfw7124_firmwarewcn3660b_firmwaresxr2250p_firmwareqca6426qfw7124ar8035_firmwareqca6696sa8195p_firmwaresd865_5g_firmwareqcs610sa8155p_firmwaresd865_5gqca8337sa8145p_firmwareqca8337_firmwarevideo_collaboration_vc1_platform_firmwarewcd9380_firmwareqca6391_firmwarec-v2x_9150wcn3980wcd9370wcd9340_firmwaresa8295p_firmwarewsa8835qca9377sa9000pqsm8250qca6426_firmwareqca8081_firmwareqcn9074fastconnect_7800snapdragon_x75_5g_modem-rfwcd9341_firmwareqca6564au_firmwaresnapdragon_870_5g_mobilesnapdragon_865_5g_mobile_firmwarewcd9340qam8295pqca6574auqcs8550sa8150psa6150p_firmwaresxr2250psnapdragon_auto_5g_modem-rf_gen_2qca6584au_firmwareqca6696_firmwaresnapdragon_x72_5g_modem-rf_firmwarewsa8810_firmwarewsa8832qcn6274qcc710qcs610_firmwareqca9367wsa8815snapdragon_x72_5g_modem-rfsnapdragon_auto_5g_modem-rf_gen_2_firmwaremsm8996au_firmwareqca9377_firmwareqca6574a_firmwaresdx55_firmwarewsa8830wsa8815_firmwaresa8145psa8530pwcn3980_firmwareqca6698aqvideo_collaboration_vc1_platformqca6436fastconnect_6900_firmwaresa8540psa9000p_firmwareqfw7114fastconnect_6800_firmwareqfw7114_firmwaresnapdragon_820_automotive_firmwarewsa8835_firmwarewcd9370_firmwareSnapdragon
CWE ID-CWE-126
Buffer Over-read
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-38151
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.26% / 48.93%
||
7 Day CHG~0.00%
Published-13 Aug, 2024 | 17:30
Updated-10 Jul, 2025 | 16:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Kernel Information Disclosure Vulnerability

Windows Kernel Information Disclosure Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_server_2022_23h2windows_server_2012windows_server_2008windows_10_1507windows_11_21h2windows_11_24h2windows_10_22h2windows_server_2022windows_11_22h2windows_server_2019windows_10_1607windows_11_23h2Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2022Windows Server 2012 R2 (Server Core installation)Windows Server 2016 (Server Core installation)Windows Server 2012 R2Windows Server 2008 Service Pack 2Windows 11 Version 24H2Windows 11 Version 23H2Windows Server 2008 R2 Service Pack 1Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows 10 Version 1809Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2019Windows 11 version 22H3Windows Server 2016Windows Server 2012 (Server Core installation)Windows 11 version 22H2Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 11 version 21H2Windows 10 Version 22H2Windows 10 Version 1507Windows Server 2012Windows 10 Version 1607Windows 10 Version 21H2
CWE ID-CWE-125
Out-of-bounds Read
CVE-2019-8692
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.06% / 18.75%
||
7 Day CHG~0.00%
Published-18 Dec, 2019 | 17:33
Updated-04 Aug, 2024 | 21:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A validation issue was addressed with improved input sanitization. This issue is fixed in macOS Mojave 10.14.6. An application may be able to read restricted memory.

Action-Not Available
Vendor-Apple Inc.
Product-mac_os_xmacOS
CWE ID-CWE-125
Out-of-bounds Read
CVE-2019-8520
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.06% / 18.75%
||
7 Day CHG~0.00%
Published-18 Dec, 2019 | 17:33
Updated-04 Aug, 2024 | 21:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Mojave 10.14.4. A malicious application may be able to read restricted memory.

Action-Not Available
Vendor-Apple Inc.
Product-mac_os_xmacOS
CWE ID-CWE-125
Out-of-bounds Read
CVE-2019-8519
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.13% / 32.46%
||
7 Day CHG~0.00%
Published-18 Dec, 2019 | 17:33
Updated-04 Aug, 2024 | 21:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Mojave 10.14.4. An application may be able to read restricted memory.

Action-Not Available
Vendor-Apple Inc.
Product-mac_os_xmacOS
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-34628
Matching Score-4
Assigner-Samsung Mobile
ShareView Details
Matching Score-4
Assigner-Samsung Mobile
CVSS Score-5.5||MEDIUM
EPSS-0.18% / 40.09%
||
7 Day CHG~0.00%
Published-07 Aug, 2024 | 01:30
Updated-09 Aug, 2024 | 20:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-of-bounds read in applying binary with path in Samsung Notes prior to version 4.4.21.62 allows local attackers to potentially read memory.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-notesSamsung Notes
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-34631
Matching Score-4
Assigner-Samsung Mobile
ShareView Details
Matching Score-4
Assigner-Samsung Mobile
CVSS Score-5.5||MEDIUM
EPSS-0.18% / 40.09%
||
7 Day CHG~0.00%
Published-07 Aug, 2024 | 01:30
Updated-09 Aug, 2024 | 20:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-of-bounds read in applying new binary in Samsung Notes prior to version 4.4.21.62 allows local attackers to potentially read memory.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-notesSamsung Notes
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-23441
Matching Score-4
Assigner-Honor Device Co., Ltd.
ShareView Details
Matching Score-4
Assigner-Honor Device Co., Ltd.
CVSS Score-6||MEDIUM
EPSS-0.04% / 12.86%
||
7 Day CHG~0.00%
Published-29 Dec, 2023 | 03:11
Updated-02 Aug, 2024 | 10:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Some Honor products are affected by out of bounds read vulnerability, successful exploitation could cause information leak.

Action-Not Available
Vendor-Honor Device Co., Ltd.
Product-magic_uiMagic UI
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-34630
Matching Score-4
Assigner-Samsung Mobile
ShareView Details
Matching Score-4
Assigner-Samsung Mobile
CVSS Score-5.5||MEDIUM
EPSS-0.18% / 40.09%
||
7 Day CHG~0.00%
Published-07 Aug, 2024 | 01:30
Updated-09 Aug, 2024 | 20:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-of-bounds read in applying own binary with textbox in Samsung Notes prior to version 4.4.21.62 allows local attackers to potentially read memory.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-notesSamsung Notes
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-34624
Matching Score-4
Assigner-Samsung Mobile
ShareView Details
Matching Score-4
Assigner-Samsung Mobile
CVSS Score-5.5||MEDIUM
EPSS-0.18% / 40.09%
||
7 Day CHG~0.00%
Published-07 Aug, 2024 | 01:30
Updated-09 Aug, 2024 | 20:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-of-bounds read in applying paragraphs in Samsung Notes prior to version 4.4.21.62 allows local attackers to potentially read memory.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-notesSamsung Notes
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-34627
Matching Score-4
Assigner-Samsung Mobile
ShareView Details
Matching Score-4
Assigner-Samsung Mobile
CVSS Score-5.5||MEDIUM
EPSS-0.21% / 43.28%
||
7 Day CHG~0.00%
Published-07 Aug, 2024 | 01:30
Updated-09 Aug, 2024 | 20:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-of-bounds read in parsing implemention in Samsung Notes prior to version 4.4.21.62 allows local attackers to potentially read memory.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-notesSamsung Notes
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-34625
Matching Score-4
Assigner-Samsung Mobile
ShareView Details
Matching Score-4
Assigner-Samsung Mobile
CVSS Score-5.5||MEDIUM
EPSS-0.18% / 40.09%
||
7 Day CHG~0.00%
Published-07 Aug, 2024 | 01:30
Updated-09 Aug, 2024 | 20:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-of-bounds read in applying connection point in Samsung Notes prior to version 4.4.21.62 allows local attackers to potentially read memory.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-notesSamsung Notes
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-34626
Matching Score-4
Assigner-Samsung Mobile
ShareView Details
Matching Score-4
Assigner-Samsung Mobile
CVSS Score-5.5||MEDIUM
EPSS-0.18% / 40.09%
||
7 Day CHG~0.00%
Published-07 Aug, 2024 | 01:30
Updated-09 Aug, 2024 | 20:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-of-bounds read in applying own binary in Samsung Notes prior to version 4.4.21.62 allows local attackers to potentially read memory.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-notesSamsung Notes
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-34629
Matching Score-4
Assigner-Samsung Mobile
ShareView Details
Matching Score-4
Assigner-Samsung Mobile
CVSS Score-5.5||MEDIUM
EPSS-0.18% / 40.09%
||
7 Day CHG~0.00%
Published-07 Aug, 2024 | 01:30
Updated-09 Aug, 2024 | 20:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-of-bounds read in applying binary with text common object in Samsung Notes prior to version 4.4.21.62 allows local attackers to potentially read memory.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-notesSamsung Notes
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-34621
Matching Score-4
Assigner-Samsung Mobile
ShareView Details
Matching Score-4
Assigner-Samsung Mobile
CVSS Score-5.5||MEDIUM
EPSS-0.12% / 30.97%
||
7 Day CHG~0.00%
Published-07 Aug, 2024 | 01:30
Updated-09 Aug, 2024 | 20:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-of-bounds read in applying binary with data in Samsung Notes prior to version 4.4.21.62 allows local attackers to potentially read memory.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-notesSamsung Notes
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-33067
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-6.1||MEDIUM
EPSS-0.07% / 22.18%
||
7 Day CHG+0.04%
Published-06 Jan, 2025 | 10:33
Updated-11 Aug, 2025 | 15:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Buffer Over-read in Audio

Information disclosure while invoking callback function of sound model driver from ADSP for every valid opcode received from sound model driver.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sdm429w_firmwareqcs410_firmwaresa6150p_firmwaresd865_5gsnapdragon_auto_4g_modem_firmwareqcs610_firmwarewcd9335sxr2130_firmwarewcd9370qca8081_firmwarear8035_firmwareqca6696wcd9340_firmwaresa8530pwcd9341_firmwareqca6320qcc710_firmwareqca6426qca6564auqcn9074wsa8815_firmwaresa8195p_firmwareqca8337_firmwareqca8337qca6426_firmwaresnapdragon_auto_4g_modemqca9377_firmwareqca6574au_firmwaresnapdragon_x72_5g_modem-rfqam8295pwcd9341qca6574ausnapdragon_820_automotivewcn3950wsa8810_firmwaresnapdragon_870_5g_mobile_firmwaresa9000p_firmwaresnapdragon_auto_5g_modem-rf_gen_2_firmwarewcn3660b_firmwaresnapdragon_820_automotive_firmwarefastconnect_6800_firmwaresa8295p_firmwaresnapdragon_870_5g_mobilesd835_firmwarecsrb31024_firmwarevideo_collaboration_vc1_platform_firmwarec-v2x_9150qca6584auqca6320_firmwareqcn6274_firmwareqcc710snapdragon_xr2_5g_firmwaresa8540pqca6310_firmwareqsm8250_firmwarefastconnect_6800qfw7114_firmwarefastconnect_7800_firmwarefastconnect_6900video_collaboration_vc1_platformsnapdragon_865_5g_mobile_firmwareqfw7114fastconnect_6900_firmwareqca6310wcd9380sa6145p_firmwaresnapdragon_xr2_5gsa8150pmsm8996au_firmwaresa6155pqca6564au_firmwaresnapdragon_429_mobile_firmwarewsa8810qsm8250sa9000pvideo_collaboration_vc3_platformqca6595auc-v2x_9150_firmwaresa6155p_firmwareqam8295p_firmwaresd835wcn3990_firmwaresnapdragon_x55_5g_modem-rfqfw7124_firmwareqca6564a_firmwareqca6436_firmwareqca6698aq_firmwareqca9367_firmwaresnapdragon_x55_5g_modem-rf_firmwaresnapdragon_865\+_5g_mobilewcd9370_firmwarecsrb31024sdx55_firmwareqca9367wcn3660bqca6574asnapdragon_x72_5g_modem-rf_firmwaresxr2130wcn3620_firmwaresa8195pwcd9340snapdragon_auto_5g_modem-rf_gen_2snapdragon_835_mobile_pc_firmwaresa8540p_firmwaresdm429wqca6584au_firmwarewcd9335_firmwareqcn6274qca6436qfw7124wcn3980_firmwareqca6595au_firmwareqca6391_firmwareqca6696_firmwarewcd9380_firmwaresa6150pqcs410sa8155p_firmwareqca8081qca6564awsa8815sa8155pqca9377sa6145psnapdragon_x75_5g_modem-rfqcn9074_firmwarear8035qca6574a_firmwaresdx55msm8996ausnapdragon_865_5g_mobilewcn3620snapdragon_835_mobile_pcqca6391qcn6224snapdragon_865\+_5g_mobile_firmwaresnapdragon_429_mobileqca6698aqwcn3950_firmwaresa8530p_firmwaresa8295pfastconnect_7800sa8145p_firmwarewcn3680bsd865_5g_firmwaresa8150p_firmwarevideo_collaboration_vc3_platform_firmwaresa8145pwcn3990snapdragon_x75_5g_modem-rf_firmwarewcn3980wcn3680b_firmwareqcn6224_firmwareqcs610Snapdragon
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-126
Buffer Over-read
CVE-2024-33061
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.07% / 22.18%
||
7 Day CHG+0.04%
Published-06 Jan, 2025 | 10:33
Updated-10 Jan, 2025 | 16:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Buffer Over-read in DSP Service

Information disclosure while processing IOCTL call made for releasing a trusted VM process release or opening a channel without initializing the process.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-wcn3980sw5100sw5100p_firmwarewcn3660bwsa8830wsa8830_firmwaresw5100_firmwarewcn3680bwcn3988_firmwareqcs8550_firmwarewcn3988wcn3660b_firmwarewsa8835_firmwareqcs8550wsa8835wcn3980_firmwarewcn3680b_firmwaresw5100pSnapdragon
CWE ID-CWE-126
Buffer Over-read
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-21352
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-5.5||MEDIUM
EPSS-0.04% / 12.09%
||
7 Day CHG~0.00%
Published-30 Oct, 2023 | 16:56
Updated-06 Sep, 2024 | 19:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In NFA, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-32893
Matching Score-4
Assigner-Google Devices
ShareView Details
Matching Score-4
Assigner-Google Devices
CVSS Score-8.1||HIGH
EPSS-0.09% / 25.90%
||
7 Day CHG~0.00%
Published-13 Jun, 2024 | 21:01
Updated-02 Aug, 2024 | 02:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In _s5e9865_mif_set_rate of exynos_dvfs.c, there is a possible out of bounds read due to improper casting. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroidpixel
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-704
Incorrect Type Conversion or Cast
CVE-2024-32914
Matching Score-4
Assigner-Google Devices
ShareView Details
Matching Score-4
Assigner-Google Devices
CVSS Score-5.5||MEDIUM
EPSS-0.04% / 13.00%
||
7 Day CHG~0.00%
Published-13 Jun, 2024 | 21:02
Updated-06 Nov, 2024 | 15:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In tpu_get_int_state of tpu.c, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-Android
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-21211
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-5.5||MEDIUM
EPSS-0.03% / 8.33%
||
7 Day CHG~0.00%
Published-28 Jun, 2023 | 00:00
Updated-03 Dec, 2024 | 19:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In multiple files, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-262235998

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-125
Out-of-bounds Read
CVE-2019-6207
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.66% / 70.61%
||
7 Day CHG~0.00%
Published-18 Dec, 2019 | 17:33
Updated-04 Aug, 2024 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2, watchOS 5.2. A malicious application may be able to determine kernel memory layout.

Action-Not Available
Vendor-Apple Inc.
Product-mac_os_xiphone_oswatchostvostvOSmacOSwatchOSiOS
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-21308
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-5.5||MEDIUM
EPSS-0.03% / 8.02%
||
7 Day CHG~0.00%
Published-30 Oct, 2023 | 16:56
Updated-06 Sep, 2024 | 20:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Composer, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-21155
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-5.5||MEDIUM
EPSS-0.05% / 14.51%
||
7 Day CHG~0.00%
Published-28 Jun, 2023 | 00:00
Updated-03 Dec, 2024 | 14:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In BuildSetRadioNode of protocolmiscbuilder.cpp, there is a possible out of bounds read due to a missing null check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-264540700References: N/A

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-21507
Matching Score-4
Assigner-Samsung Mobile
ShareView Details
Matching Score-4
Assigner-Samsung Mobile
CVSS Score-4.4||MEDIUM
EPSS-0.04% / 11.57%
||
7 Day CHG~0.00%
Published-04 May, 2023 | 00:00
Updated-12 Feb, 2025 | 16:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-of-bounds Read vulnerability while processing BC_TUI_CMD_SEND_RESOURCE_DATA_ARRAY command in bc_tui trustlet from Samsung Blockchain Keystore prior to version 1.3.12.1 allows local attacker to read arbitrary memory.

Action-Not Available
Vendor-Samsung ElectronicsSamsung
Product-samsung_blockchain_keystoreSamsung Blockchain Keystore
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-27367
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.4||MEDIUM
EPSS-0.05% / 14.64%
||
7 Day CHG~0.00%
Published-09 Sep, 2024 | 00:00
Updated-14 Mar, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Samsung Mobile Processor Exynos Wearable Processor Exynos 980, Exynos 850, Exynos 1080, Exynos 1280, Exynos 1380, Exynos 1330, Exynos 1480, Exynos W920, Exynos W930. In the function slsi_rx_scan_ind(), there is no input validation check on a length coming from userspace, which can lead to integer overflow and a potential heap over-read.

Action-Not Available
Vendor-n/aSamsung
Product-exynos_850exynos_w920_firmwareexynos_850_firmwareexynos_1480_firmwareexynos_980exynos_1380_firmwareexynos_1280exynos_1080exynos_1380exynos_1330exynos_w930exynos_1330_firmwareexynos_w920exynos_1480exynos_w930_firmwareexynos_1280_firmwareexynos_980_firmwareexynos_1080_firmwaren/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-29739
Matching Score-4
Assigner-Google Devices
ShareView Details
Matching Score-4
Assigner-Google Devices
CVSS Score-5.5||MEDIUM
EPSS-0.02% / 5.44%
||
7 Day CHG~0.00%
Published-05 Apr, 2024 | 20:02
Updated-21 Aug, 2024 | 14:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In tmu_get_temp_lut of tmu.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-Androidandroid
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-29742
Matching Score-4
Assigner-Google Devices
ShareView Details
Matching Score-4
Assigner-Google Devices
CVSS Score-5.5||MEDIUM
EPSS-0.02% / 5.44%
||
7 Day CHG~0.00%
Published-05 Apr, 2024 | 20:02
Updated-06 Nov, 2024 | 20:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In apply_minlock_constraint of dvfs.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-Android
CWE ID-CWE-125
Out-of-bounds Read
CVE-2018-9410
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-5.5||MEDIUM
EPSS-0.07% / 22.15%
||
7 Day CHG~0.00%
Published-19 Nov, 2024 | 21:04
Updated-22 Nov, 2024 | 22:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In analyzeAxes of FontUtils.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-21271
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-5.5||MEDIUM
EPSS-0.02% / 5.44%
||
7 Day CHG~0.00%
Published-14 Aug, 2023 | 21:00
Updated-09 Oct, 2024 | 15:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In parseInputs of ShimPreparedModel.cpp, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroidandroid
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-29750
Matching Score-4
Assigner-Google Devices
ShareView Details
Matching Score-4
Assigner-Google Devices
CVSS Score-5.5||MEDIUM
EPSS-0.02% / 5.44%
||
7 Day CHG~0.00%
Published-05 Apr, 2024 | 20:02
Updated-21 Aug, 2024 | 14:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In km_exp_did_inner of kmv.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-Androidandroid
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-30016
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.25% / 48.43%
||
7 Day CHG~0.00%
Published-14 May, 2024 | 16:57
Updated-03 May, 2025 | 00:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Cryptographic Services Information Disclosure Vulnerability

Windows Cryptographic Services Information Disclosure Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_server_2022_23h2windows_server_2012windows_server_2008windows_10_1507windows_11_21h2windows_10_22h2windows_server_2022windows_11_22h2windows_server_2019windows_10_1607windows_11_23h2Windows 11 version 22H3Windows Server 2012 (Server Core installation)Windows Server 2016 (Server Core installation)Windows Server 2008 Service Pack 2Windows Server 2016Windows 10 Version 1507Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2012Windows Server 2019Windows 10 Version 21H2Windows 10 Version 1607Windows 11 version 22H2Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 Version 23H2Windows Server 2022Windows 11 version 21H2Windows Server 2008 R2 Service Pack 1Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2012 R2 (Server Core installation)Windows 10 Version 22H2
CWE ID-CWE-125
Out-of-bounds Read
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 7
  • 8
  • Next
Details not found