Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-30347

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-21 Mar, 2025 | 00:00
Updated At-21 Mar, 2025 | 15:52
Rejected At-
Credits

Varnish Enterprise before 6.0.13r13 allows remote attackers to obtain sensitive information via an out-of-bounds read for range requests on ephemeral MSE4 stevedore objects.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:21 Mar, 2025 | 00:00
Updated At:21 Mar, 2025 | 15:52
Rejected At:
▼CVE Numbering Authority (CNA)

Varnish Enterprise before 6.0.13r13 allows remote attackers to obtain sensitive information via an out-of-bounds read for range requests on ephemeral MSE4 stevedore objects.

Affected Products
Vendor
varnish-software
Product
Varnish Enterprise
Default Status
unaffected
Versions
Affected
  • From 6 before 6.0.13r13 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-125CWE-125 Out-of-bounds Read
Type: CWE
CWE ID: CWE-125
Description: CWE-125 Out-of-bounds Read
Metrics
VersionBase scoreBase severityVector
3.14.0MEDIUM
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N
Version: 3.1
Base score: 4.0
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://docs.varnish-software.com/security/VEV00001/
N/A
Hyperlink: https://docs.varnish-software.com/security/VEV00001/
Resource: N/A
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:21 Mar, 2025 | 07:15
Updated At:24 Mar, 2025 | 14:19

Varnish Enterprise before 6.0.13r13 allows remote attackers to obtain sensitive information via an out-of-bounds read for range requests on ephemeral MSE4 stevedore objects.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.14.0MEDIUM
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N
Primary3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Type: Secondary
Version: 3.1
Base score: 4.0
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N
Type: Primary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CPE Matches
varnish-software
varnish-software
>>varnish_enterprise>>6.0.13
cpe:2.3:a:varnish-software:varnish_enterprise:6.0.13:r10:*:*:*:*:*:*
varnish-software
varnish-software
>>varnish_enterprise>>6.0.13
cpe:2.3:a:varnish-software:varnish_enterprise:6.0.13:r11:*:*:*:*:*:*
varnish-software
varnish-software
>>varnish_enterprise>>6.0.13
cpe:2.3:a:varnish-software:varnish_enterprise:6.0.13:r12:*:*:*:*:*:*
varnish-software
varnish-software
>>varnish_enterprise>>6.0.13
cpe:2.3:a:varnish-software:varnish_enterprise:6.0.13:r2:*:*:*:*:*:*
varnish-software
varnish-software
>>varnish_enterprise>>6.0.13
cpe:2.3:a:varnish-software:varnish_enterprise:6.0.13:r3:*:*:*:*:*:*
varnish-software
varnish-software
>>varnish_enterprise>>6.0.13
cpe:2.3:a:varnish-software:varnish_enterprise:6.0.13:r4:*:*:*:*:*:*
varnish-software
varnish-software
>>varnish_enterprise>>6.0.13
cpe:2.3:a:varnish-software:varnish_enterprise:6.0.13:r5:*:*:*:*:*:*
varnish-software
varnish-software
>>varnish_enterprise>>6.0.13
cpe:2.3:a:varnish-software:varnish_enterprise:6.0.13:r6:*:*:*:*:*:*
varnish-software
varnish-software
>>varnish_enterprise>>6.0.13
cpe:2.3:a:varnish-software:varnish_enterprise:6.0.13:r7:*:*:*:*:*:*
varnish-software
varnish-software
>>varnish_enterprise>>6.0.13
cpe:2.3:a:varnish-software:varnish_enterprise:6.0.13:r8:*:*:*:*:*:*
varnish-software
varnish-software
>>varnish_enterprise>>6.0.13
cpe:2.3:a:varnish-software:varnish_enterprise:6.0.13:r9:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-125Secondarycve@mitre.org
CWE-125Primarynvd@nist.gov
CWE ID: CWE-125
Type: Secondary
Source: cve@mitre.org
CWE ID: CWE-125
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://docs.varnish-software.com/security/VEV00001/cve@mitre.org
Mitigation
Vendor Advisory
Hyperlink: https://docs.varnish-software.com/security/VEV00001/
Source: cve@mitre.org
Resource:
Mitigation
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

313Records found
CVE-2019-20637
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.48% / 64.03%
||
7 Day CHG~0.00%
Published-08 Apr, 2020 | 23:01
Updated-05 Aug, 2024 | 02:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Varnish Cache before 6.0.5 LTS, 6.1.x and 6.2.x before 6.2.2, and 6.3.x before 6.3.1. It does not clear a pointer between the handling of one client request and the next request within the same connection. This sometimes causes information to be disclosed from the connection workspace, such as data structures associated with previous requests within this connection or VCL-related temporary headers.

Action-Not Available
Vendor-varnish-cachevarnish-softwaren/aopenSUSE
Product-varnish_cachebackports_sleleapn/a
CWE ID-CWE-212
Improper Removal of Sensitive Information Before Storage or Transfer
CVE-2019-2310
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.5||HIGH
EPSS-0.30% / 52.59%
||
7 Day CHG~0.00%
Published-12 Dec, 2019 | 08:30
Updated-04 Aug, 2024 | 18:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out of bound read would occur while trying to read action category and action ID without validating the action length of the Rx Frame body in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8909, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, QCA6174A, QCA6574AU, QCA9377, QCA9379, QCN7605, QCS605, SDA660, SDA845, SDM450, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SM8150

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qca9377_firmwaremdm9640_firmwaremsm8996au_firmwaresdm845sdm450_firmwaremdm9650msm8940_firmwaremsm8996auapq8009_firmwaremsm8917sdm670qcs605_firmwaremdm9206qca9379_firmwareqca6174asdm670_firmwaresdm636sda845_firmwareqca9377apq8098qcn7605mdm9206_firmwareqcs605mdm9640msm8937_firmwaremdm9650_firmwareqca6574au_firmwaresda660apq8009msm8909_firmwareapq8053_firmwaresda845msm8920msm8953sdm450sdm636_firmwareapq8098_firmwaresdx20msm8998_firmwaresdm660msm8920_firmwaresdm630mdm9607_firmwareqca6574ausdm710mdm9607apq8017_firmwaresdm710_firmwareqcn7605_firmwaremsm8937mdm9207c_firmwaremdm9207cqca6174a_firmwaresm8150_firmwaremsm8909apq8096ausdm630_firmwaresda660_firmwaremsm8940apq8053apq8096au_firmwaremsm8953_firmwaremsm8917_firmwaremsm8998sm8150sdx20_firmwareapq8017qca9379sdm660_firmwaresdm845_firmwareSnapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
CWE ID-CWE-125
Out-of-bounds Read
CVE-2018-20679
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-11.31% / 93.27%
||
7 Day CHG~0.00%
Published-09 Jan, 2019 | 16:00
Updated-09 Jun, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in BusyBox before 1.30.0. An out of bounds read in udhcp components (consumed by the DHCP server, client, and relay) allows a remote attacker to leak sensitive information from the stack by sending a crafted DHCP message. This is related to verification in udhcp_get_option() in networking/udhcp/common.c that 4-byte options are indeed 4 bytes.

Action-Not Available
Vendor-busyboxn/aCanonical Ltd.
Product-busyboxubuntu_linuxn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2019-16095
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.43% / 61.60%
||
7 Day CHG~0.00%
Published-08 Sep, 2019 | 02:40
Updated-05 Aug, 2024 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Symonics libmysofa 0.7 has an invalid read in getDimension in hrtf/reader.c.

Action-Not Available
Vendor-symonicsn/aCanonical Ltd.
Product-libmysofaubuntu_linuxn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-34742
Matching Score-4
Assigner-Huawei Technologies
ShareView Details
Matching Score-4
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.22% / 44.97%
||
7 Day CHG~0.00%
Published-11 Jul, 2022 | 13:53
Updated-03 Aug, 2024 | 09:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The system module has a read/write vulnerability. Successful exploitation of this vulnerability may affect data confidentiality.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-magic_uiemuiharmonyosMagic UIHarmonyOSEMUI
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-125
Out-of-bounds Read
CVE-2020-0034
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.5||HIGH
EPSS-2.42% / 84.49%
||
7 Day CHG~0.00%
Published-10 Mar, 2020 | 19:56
Updated-04 Aug, 2024 | 05:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In vp8_decode_frame of decodeframe.c, there is a possible out of bounds read due to improper input validation. This could lead to remote information disclosure if error correction were turned on, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1Android ID: A-62458770

Action-Not Available
Vendor-n/aGoogle LLCDebian GNU/Linux
Product-androiddebian_linuxAndroid
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-33235
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-8.2||HIGH
EPSS-0.09% / 26.74%
||
7 Day CHG~0.00%
Published-13 Dec, 2022 | 00:00
Updated-22 Apr, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Information disclosure due to buffer over-read in WLAN firmware while parsing security context info attributes. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-wcd9380_firmwareqcn9072_firmwaremsm8996auwcn3615_firmwareqca6595au_firmwaresd730qca1062qca6310qcn9000apq8009qcn7606_firmwareipq8074ipq6028qca6696qca6421qcn9070wcn7850qcn5122qsm8250_firmwareqca6564ausdx24wcn3660bqca6426_firmwaresd720gipq8078asa6150psd460sd710_firmwaremsm8996au_firmwareqca9889_firmwaresdx24_firmwareqcn5124wsa8830ipq8072wsa8815qcn9003ipq9008qca6430sd855ipq9008_firmwareqcs6490_firmwaresd_8cx_gen3_firmwarewcd9340sdx55_firmwaresd_8cx_firmwaresxr2150p_firmwaresdxr2_5g_firmwaresd_8cx_gen2_firmwareqca8386_firmwaresc8180x\+sdx55_firmwareqcn5022_firmwaresd712qca8386qca8072sd765g_firmwareqca6574aqca8084_firmwaresd865_5g_firmwareqcm6125_firmwarewcn6750sa8295p_firmwaresm7325pqcn5024sd695_firmwareqcc5100qca9994qca6335sd_675qcs405qcn5024_firmwareqca6595qca6431_firmwarecsra6640sd480_firmwareqca6430_firmwareqca8081sm7315_firmwaresm7325p_firmwareqca6584ausd870ipq6018qca9367ipq5018_firmwareipq9574qca6390_firmwareqcn9024_firmwaresc8180x\+sdx55ipq4028_firmwareqcn9011_firmwaresa6155_firmwarewcn6855qcx315_firmwareipq8072aipq8070awcn3910ipq8070a_firmwaresd870_firmwareqcm6490_firmwaresm6250ipq8078_firmwareqca6431qca6595auwcd9370sd888_firmwareqcs4290_firmwarewcn3980qcn5152qca2066sm4125_firmwareqca9992sm7315qcn9022sd765_firmwaresd720g_firmwaresd765gsd670qca9888_firmwaresdx55mqam8295pwcn6850_firmwareqcn9002_firmwareqcn9274sm6250pwsa8810_firmwarewsa8815_firmwarewcn3991_firmwaresa8150psd850_firmwarewcn6740ipq8078qca6436ipq8076aipq8069ipq8071aqca4024qcn7605_firmwaresa8155psdxr1wsa8810qca2062_firmwareqca2066_firmwaresw5100p_firmwareaqt1000_firmwareqcn9012wsa8835_firmwareipq8076wcd9335_firmwaresm7250p_firmwareqcn5154_firmwareapq8009_firmwareqca6391qcn9024qcn5052_firmwarecsra6620wcn3998_firmwarear9380_firmwarewcn6851sd778g_firmwarewcd9370_firmwaresd675qca6420_firmwareipq8074aqcn6023_firmwareqcx315qcc5100_firmwareqca6554a_firmwareqca8082_firmwareipq4028qcm6125ipq8174ipq8071ipq8064_firmwareqcn6122qca4020_firmwaresd660csrb31024_firmwaresa4150p_firmwaresdx20ipq8070qcs610qca6391_firmwarewcd9326_firmwareqcn9012_firmwaresm7250psa8155p_firmwarecsra6620_firmwarewcn3610sdx20_firmwaresa6145pwcn3910_firmwareqrb5165_firmwareqca8085_firmwarewcd9375sd750g_firmwareqca6696_firmwareipq8076_firmwareqca2064sxr2150psd865_5gqca2062ipq8071_firmwareqca9377sm6250p_firmwareqca9980_firmwareqcn9003_firmwarewcn3990_firmwarewcn3950_firmwarewcn3988sd778gwcd9371_firmwarewcn3615qca8085ipq8071a_firmwaresd750gqca9980sd768g_firmwareqcs605sd712_firmwarewcn7851qcn9002qca6310_firmwaresd710mdm9640_firmwareqca6436_firmwaresa8195p_firmwareqca4020qca9367_firmwareipq8074a_firmwareqcn5021_firmwarewcd9341_firmwareipq6000_firmwareqcn6102ipq4018wcd9340_firmwaresd850qca8082sd_675_firmwareqca6174a_firmwareqca6564a_firmwareqcn5021sd855_firmwaresd662_firmwareqcn5054_firmwareqca9889sdx50mwcd9371qcs405_firmwareqcn6024_firmwareqcs6490ipq5018sdx55sd460_firmwarewcn3610_firmwaresa6155qca9990qcm4290_firmwareqca1064wcn3660b_firmwaresm4375sd820sd665_firmwaresdx20m_firmwarewcd9360_firmwareqrb5165m_firmwaresa6145p_firmwareqsm8350_firmwareipq5028_firmwaresd768gwcn6740_firmwarewcn6856sm4125qca6390sdx50m_firmwareipq5010_firmwaresa6155pipq8074_firmwaresa8150p_firmwaresd480wcd9330wcn7851_firmwaresa8145p_firmwaresw5100qca4024_firmwarewcn6850csr8811sa8145psa415mwcn3950qcs603_firmwareipq6018_firmwareqca6584au_firmwareqcn9100_firmwareqcn5122_firmwareqcn7605qcm6490qcn6024qca6174awcd9335wcn3999ipq8078a_firmwaresd7c_firmwaresd670_firmwareqca6595_firmwareqrb5165nipq6010qca6421_firmwareqca6438_firmwareqrb5165qca6574au_firmwaresd662qrb5165n_firmwareqca2065_firmwareipq4029_firmwareqam8295p_firmwaresa8295pqcs610_firmwareqcn9074qcm2290_firmwareqcn9274_firmwareqcn5054wcd9380ar8031qca6438qcm4290qcn6102_firmwareqcn5052sd660_firmwaresd730_firmwareqca2064_firmwaresd695ipq8064sd_8cx_gen3ipq8069_firmwarewcd9375_firmwaresa6150p_firmwaresd888ar8035_firmwareipq8070_firmwarewcn6856_firmwareqcn6132_firmwareaqt1000qcn5152_firmwareqcs603qcn6100_firmwarear8035qcn6112wcn6855_firmwareqca8072_firmwareqsm8250qca6420wcd9360sd780g_firmwareqca9898_firmwaresdx65_firmwareqcm2290qcn9011qcn5124_firmwaresa515msd845_firmwareqca6428_firmwaresdxr1_firmwaresa515m_firmwareqcn5164_firmwareqca9994_firmwarewcn3990ipq6028_firmwareqcn6023sd690_5gqca8081_firmwareqca9984qca1062_firmwarewsa8835wcn3998ar8031_firmwarecsr8811_firmwareqca8337_firmwareqca9898qca8075_firmwareqcn5164qcs2290qrb5165mqcn6122_firmwaresd820_firmwareqca9990_firmwareqca1064_firmwaresd7cipq8072a_firmwaresd678wcd9385qca6574auwcn7850_firmwareqcn6112_firmwaresdx65wcd9385_firmwareipq4029mdm9640ipq9574_firmwareapq8096auwcn6750_firmwareqcs410_firmwareqcn9000_firmwareipq8173_firmwaresd680qcn9001_firmwaresd888_5gqcn9070_firmwarepmp8074qca8075pmp8074_firmwaresd678_firmwareqca9379wcn3999_firmwareqcs6125sm4375_firmwareipq6010_firmwareqca9984_firmwareqca6574qsm8350wcn3991sd_8cxcsra6640_firmwareqca6574_firmwaresa415m_firmwareipq8076a_firmwarear9380qca6564asdx20msa8195psd675_firmwareqca6574a_firmwareqca9888sd665sa8155_firmwarewsa8830_firmwaresd888_5g_firmwareipq8174_firmwareqca8337sd_8_gen1_5g_firmwaresm6250_firmwareqcn6100sdxr2_5gqcn6132wcd9341wcn3980_firmwareqcs2290_firmwarewcn6851_firmwareipq4018_firmwarewcd9326sd680_firmwareqca8084qca9379_firmwaresa6155p_firmwareqcn9074_firmwareqca9992_firmwaresa4150pqcn5154qca2065qca9377_firmwareapq8096au_firmwaresw5100_firmwareipq8173qcn9001qcn9072sd780gqca6564au_firmwarecsrb31024qca6426qca6335_firmwaresdx55m_firmwareqcs6125_firmwareqcn9100sd690_5g_firmwareqcn5022sm8475ipq8072_firmwaresa8155ipq6000sd765qcs605_firmwarewcd9330_firmwareipq5010wcn3988_firmwareqcn9022_firmwareqcs4290qca6554aipq5028qcn7606sw5100psd_8cx_gen2sd845qcs410qca6428Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-32894
Matching Score-4
Assigner-Google Devices
ShareView Details
Matching Score-4
Assigner-Google Devices
CVSS Score-7.5||HIGH
EPSS-0.66% / 70.29%
||
7 Day CHG~0.00%
Published-13 Jun, 2024 | 21:01
Updated-27 Mar, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In bc_get_converted_received_bearer of bc_utilities.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-33884
Matching Score-4
Assigner-Autodesk
ShareView Details
Matching Score-4
Assigner-Autodesk
CVSS Score-7.5||HIGH
EPSS-0.99% / 75.91%
||
7 Day CHG~0.00%
Published-03 Oct, 2022 | 14:24
Updated-03 Aug, 2024 | 08:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Parsing a maliciously crafted X_B file can force Autodesk AutoCAD 2023 and 2022 to read beyond allocated boundaries. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.

Action-Not Available
Vendor-n/aAutodesk Inc.
Product-autocad_advance_steelautocad_mechanicalautocad_plant_3dautocad_map_3dautocadautocad_civil_3dautocad_electricalautocad_ltautocad_architectureautocad_meputodesk® AutoCAD®, Advance Steel and Civil 3D®
CWE ID-CWE-125
Out-of-bounds Read
CVE-2021-1970
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.5||HIGH
EPSS-0.22% / 44.17%
||
7 Day CHG~0.00%
Published-13 Jul, 2021 | 05:31
Updated-03 Aug, 2024 | 16:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Possible out of bound read due to lack of length check of FT sub-elements in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-wcn3991_firmwarewsa8830sd678sa6150p_firmwaresm6250p_firmwaresa8145p_firmwareqcs610qcs2290_firmwareqca8337csrb31024sd_636csra6620qcs4290wcn3950_firmwaresa8150p_firmwaresd765g_firmwareqca6420_firmwareqca6595au_firmwareqcs2290qca6390_firmwaresa6155qca6335sd690_5gsd730_firmwarewcd9370csra6620_firmwaresd_675_firmwaresd675_firmwarecsra6640_firmwareqca6564qcs6125_firmwareqca6426qca6584au_firmwarewcn3990_firmwaresa415mwcn3998sd_8cx_firmwarewcd9371_firmwaresdxr2_5g_firmwarewcd9385_firmwaresm4125sd720gwcd9326_firmwarewcn3615_firmwarewcn3950sd662sd710_firmwaresd460_firmwaresa8155qca6320_firmwaresm7315_firmwareqca6574au_firmwaresdx55_firmwarewcn3680b_firmwareqca6595ausa6155_firmwarewcd9375_firmwarewcn3615sm7250p_firmwarewcn3998_firmwarewcn3999_firmwareqca6420apq8053_firmwareqca6436_firmwareqca6564au_firmwareqca6584ausa6155p_firmwareqca6310sd778gwcn3999sa515m_firmwaresdxr2_5gqcs6125sa8155_firmwaresd662_firmwaresdm630sa415m_firmwareqcs405qca6430wcn3988_firmwaresa6145p_firmwaresm6250sd778g_firmwarewcd9340sa8195pwsa8810_firmwaresd765gsd765_firmwareqca6436wcd9326wcd9335sa6155pwcn6851qcs4290_firmwarewcd9385wcd9341qca6696_firmwarewcd9371sd750gsd870_firmwarear8035qca6390sd_8cxaqt1000sa8150psd750g_firmwaresm6250_firmwarewcd9375msm8953_firmwarewcn3910_firmwarewsa8830_firmwaresd855_firmwaresd660sd865_5g_firmwarewcn3988sd888_5g_firmwarewcn6850_firmwaresd660_firmwarewsa8815_firmwarewsa8835_firmwaresa8195p_firmwareqca6564awcn6750_firmwareqcm6125_firmwareqcm2290_firmwarewcn3991qca8337_firmwarewcd9380_firmwarewcn3990sd_675sd780gsd865_5gqca6595qca6564ausdx55m_firmwarewcn6856_firmwaresd888sd670_firmwareqca6574wsa8835sd665_firmwarewcd9380sd888_5gsm6250pqca6574asd690_5g_firmwaresdx50m_firmwarewcn6855_firmwaresm7325pqca6310_firmwareqca6430_firmwarewcd9335_firmwarewcn3980wcn6750qca6335_firmwaresa515mqca6574_firmwarewcd9340_firmwaresd855sm4125_firmwaresm7325p_firmwaresd665wcn3910qca6320wcn6850wsa8815qca6175asd_8c_firmwareqca6426_firmwaresd765qca6574a_firmwaresd768g_firmwaresd835wcn3980_firmwaresm7315sd460qca6391sd730sdx55msdxr1_firmwareaqt1000_firmwarewcn6740_firmwaremsm8953sd678_firmwarear8031_firmwarecsrb31024_firmwareqcm4290sdx50msd480_firmwarewcn6851_firmwareqca6574ausa8155p_firmwaresd710sd_636_firmwaresd670qca6564a_firmwarewcd9341_firmwareqcm6125qcm4290_firmwaresd480sd870wcn6855wsa8810qcs610_firmwarewcn6856sd_8csa6145pwcn3680bsd835_firmwareqca6564_firmwaresdxr1sd768gar8031qca6595_firmwareqcs405_firmwaresa8145pwcn6740qca6696sdm630_firmwareqca6391_firmwaresd845_firmwaresd780g_firmwarewcd9370_firmwaresa6150psd888_firmwaresdx55apq8053sa8155pcsra6640sd675sd845sm7250psd720g_firmwareqca6175a_firmwarear8035_firmwareqcm2290Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-20
Improper Input Validation
CVE-2022-33258
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-8.2||HIGH
EPSS-0.07% / 21.25%
||
7 Day CHG~0.00%
Published-04 Apr, 2023 | 04:46
Updated-03 Aug, 2024 | 08:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Buffer over-read in Modem

Information disclosure due to buffer over-read in modem while reading configuration parameters.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-mdm9206wcd9306snapdragon_wear_1300mdm8207snapdragon_wear_1200wcd9330mdm9207snapdragon_x5_lte_modem_firmwaremdm8207_firmwaresnapdragon_wear_1100mdm9205_firmwaremdm9205qca4004_firmwaremdm9206_firmwaremdm9207_firmwareqca4004qts110wcd9306_firmwaresnapdragon_wear_1100_firmwaresnapdragon_wear_1300_firmwarewcd9330_firmwaresnapdragon_wear_1200_firmwaresnapdragon_x5_lte_modemqts110_firmwareSnapdragon9205_lte_modem_firmware9206_lte_modem_firmwaresnapdragon_wear_1300_platform_firmware9207_lte_modem_firmwarewcd9306_firmwaresnapdragon_x5_lte_modem_firmwaremdm8207_firmwarewcd9330_firmwareqca4004_firmwaresnapdragon_1200_wearable_platform_firmwaresnapdragon_1100_wearable_platform_firmwareqts110_firmware
CWE ID-CWE-126
Buffer Over-read
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-33295
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-8.2||HIGH
EPSS-0.08% / 23.76%
||
7 Day CHG~0.00%
Published-04 Apr, 2023 | 04:46
Updated-03 Aug, 2024 | 08:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Buffer over-read in Modem

Information disclosure in Modem due to buffer over-read while parsing the wms message received given the buffer and its length.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-mdm9206wcd9306snapdragon_wear_1300mdm8207snapdragon_wear_1200wcd9330mdm9207snapdragon_x5_lte_modem_firmwaremdm8207_firmwaresnapdragon_wear_1100mdm9205_firmwaremdm9205qca4004_firmwaremdm9206_firmwaremdm9207_firmwareqca4004qts110wcd9306_firmwaresnapdragon_wear_1100_firmwaresnapdragon_wear_1300_firmwarewcd9330_firmwaresnapdragon_wear_1200_firmwaresnapdragon_x5_lte_modemqts110_firmwareSnapdragon
CWE ID-CWE-126
Buffer Over-read
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-33291
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-8.2||HIGH
EPSS-0.07% / 21.25%
||
7 Day CHG~0.00%
Published-04 Apr, 2023 | 04:46
Updated-03 Aug, 2024 | 08:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Buffer over-read in Modem

Information disclosure in Modem due to buffer over-read while receiving a IP header with malformed length.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-snapdragon_1100_wearable_platformwsa8830wcd9380_firmwaressg2125psxr2230p_firmware9207_lte_modemwcd9330wcn785x-59205_lte_modemcsra6620qca4024_firmwarewsa8835sxr1230p_firmwarewcd9380snapdragon_wear_1300_platformcsra6620_firmwarehome_hub_100_platformssg2125p_firmwaressg2115pcsra6640_firmwarewcn685x-5_firmwaresxr1230pwcn685x-1qcs400_firmwarewcd9335_firmwarewcn3980wcn3998wcd9385_firmwaresnapdragon_1200_wearable_platform_firmwarewsa8815sxr2230pwcn3999_firmwarewcn3998_firmwarewcn785x-5_firmwarewcn3980_firmwarewcd9330_firmware9205_lte_modem_firmwarewcd9306mdm8207wcn3999snapdragon_x5_lte_modem_firmwarear8031_firmwarewsa8832_firmware9206_lte_modemwcn685x-5qca4004_firmware9206_lte_modem_firmwarewcn785x-1_firmwareqts110wcd9306_firmwarewsa8810_firmwarewsa8810home_hub_100_platform_firmwarewsa8832snapdragon_ar2_gen_1_platform_firmwarewcd9335qca4010snapdragon_ar2_gen_1_platformwcn685x-1_firmwaresnapdragon_wear_1300_platform_firmwarewcd93859207_lte_modem_firmwarear8031mdm8207_firmwareqca4024snapdragon_1100_wearable_platform_firmwareqca4004wsa8830_firmwarecsra6640wsa8815_firmwarewsa8835_firmwaressg2115p_firmwaresnapdragon_1200_wearable_platformqcs400qca4010_firmwarewcn785x-1snapdragon_x5_lte_modemqts110_firmwareSnapdragon9205_lte_modem_firmwarewcd9380_firmwaresxr2230p_firmwaresmart_audio_400_platform_firmwarear8031_firmwaresnapdragon_x5_lte_modem_firmwarewsa8832_firmwarefastconnect_6900_firmwareqca4004_firmware9206_lte_modem_firmwareqca4024_firmwarewcd9306_firmwaresxr1230p_firmwarewsa8810_firmwarefastconnect_7800_firmwarehome_hub_100_platform_firmwaresnapdragon_ar2_gen_1_platform_firmwarecsra6620_firmwaressg2125p_firmwarecsra6640_firmwaresnapdragon_wear_1300_platform_firmware9207_lte_modem_firmwarewcd9335_firmwaremdm8207_firmwarewcd9385_firmwaresnapdragon_1200_wearable_platform_firmwaresnapdragon_1100_wearable_platform_firmwarewsa8830_firmwarewsa8815_firmwarewsa8835_firmwarefastconnect_6200_firmwaressg2115p_firmwarewcn3999_firmwarewcn3980_firmwarewcd9330_firmwareqca4010_firmwareqts110_firmware
CWE ID-CWE-126
Buffer Over-read
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-33229
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-8.2||HIGH
EPSS-0.08% / 24.38%
||
7 Day CHG~0.00%
Published-09 Feb, 2023 | 06:58
Updated-03 Aug, 2024 | 08:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Buffer over-read in Modem

Information disclosure due to buffer over-read in Modem while using static array to process IPv4 packets.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-wcd9306mdm8207wcd9330wcn3999ar8031_firmwareqca4004_firmwaremdm9607_firmwarecsra6620qcs405qca4024_firmwareqts110mdm9607wcd9306_firmwarewsa8810_firmwarewsa8810qca4020_firmwarewcd9335qca4010csra6620_firmwaremdm9206csra6640_firmwarear8031qcs405_firmwarewcd9335_firmwarewcn3980mdm8207_firmwaremdm9205_firmwaremdm9205mdm9206_firmwareqca4024wsa8815mdm9207_firmwareqca4004csra6640qca4020wsa8815_firmwarewcn3999_firmwarewcn3980_firmwarewcd9330_firmwareqca4010_firmwaremdm9207qts110_firmwareSnapdragoncsra6640_firmwareqcs405_firmwarewcd9335_firmwarear8031_firmwaremdm8207_firmwaremdm9205_firmwareqca4004_firmwaremdm9607_firmwaremdm9206_firmwaremdm9207_firmwareqca4024_firmwarewcd9306_firmwarewsa8815_firmwarewsa8810_firmwarewcn3999_firmwareqca4020_firmwarewcn3980_firmwarewcd9330_firmwarecsra6620_firmwareqca4010_firmwareqts110_firmware
CWE ID-CWE-126
Buffer Over-read
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-33287
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-8.2||HIGH
EPSS-0.07% / 21.25%
||
7 Day CHG~0.00%
Published-04 Apr, 2023 | 04:46
Updated-03 Aug, 2024 | 08:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Buffer over-read in Modem

Information disclosure in Modem due to buffer over-read while getting length of Unfragmented headers in an IPv6 packet.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-snapdragon_1100_wearable_platformwsa8830wcd9380_firmwaressg2125psxr2230p_firmware9207_lte_modemwcd9330wcn785x-59205_lte_modemcsra6620qca4024_firmwarewsa8835sxr1230p_firmwarewcd9380snapdragon_wear_1300_platformcsra6620_firmwarehome_hub_100_platformssg2125p_firmwaressg2115pcsra6640_firmwarewcn685x-5_firmwaresxr1230pwcn685x-1qcs400_firmwarewcd9335_firmwarewcn3980wcn3998wcd9385_firmwaresnapdragon_1200_wearable_platform_firmwarewsa8815sxr2230pwcn3999_firmwarewcn3998_firmwarewcn785x-5_firmwarewcn3980_firmwarewcd9330_firmware9205_lte_modem_firmwarewcd9306mdm8207wcn3999snapdragon_x5_lte_modem_firmwarear8031_firmwarewsa8832_firmware9206_lte_modemwcn685x-5qca4004_firmware9206_lte_modem_firmwarewcn785x-1_firmwareqts110wcd9306_firmwarewsa8810_firmwarewsa8810home_hub_100_platform_firmwarewsa8832snapdragon_ar2_gen_1_platform_firmwarewcd9335qca4010snapdragon_ar2_gen_1_platformwcn685x-1_firmwaresnapdragon_wear_1300_platform_firmwarewcd93859207_lte_modem_firmwarear8031mdm8207_firmwareqca4024snapdragon_1100_wearable_platform_firmwareqca4004wsa8830_firmwarecsra6640wsa8815_firmwarewsa8835_firmwaressg2115p_firmwaresnapdragon_1200_wearable_platformqcs400qca4010_firmwarewcn785x-1snapdragon_x5_lte_modemqts110_firmwareSnapdragon9205_lte_modem_firmwarewcd9380_firmwaresxr2230p_firmwaresmart_audio_400_platform_firmwarear8031_firmwaresnapdragon_x5_lte_modem_firmwarewsa8832_firmwarefastconnect_6900_firmwareqca4004_firmware9206_lte_modem_firmwareqca4024_firmwarewcd9306_firmwaresxr1230p_firmwarewsa8810_firmwarefastconnect_7800_firmwarehome_hub_100_platform_firmwaresnapdragon_ar2_gen_1_platform_firmwarecsra6620_firmwaressg2125p_firmwarecsra6640_firmwaresnapdragon_wear_1300_platform_firmware9207_lte_modem_firmwarewcd9335_firmwaremdm8207_firmwarewcd9385_firmwaresnapdragon_1200_wearable_platform_firmwaresnapdragon_1100_wearable_platform_firmwarewsa8830_firmwarewsa8815_firmwarewsa8835_firmwarefastconnect_6200_firmwaressg2115p_firmwarewcn3999_firmwarewcn3980_firmwarewcd9330_firmwareqca4010_firmwareqts110_firmware
CWE ID-CWE-126
Buffer Over-read
CWE ID-CWE-125
Out-of-bounds Read
CVE-2021-0925
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.5||HIGH
EPSS-0.39% / 59.48%
||
7 Day CHG~0.00%
Published-15 Dec, 2021 | 18:05
Updated-03 Aug, 2024 | 15:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In rw_t4t_sm_detect_ndef of rw_t4t.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote information disclosure due to a limited change in behavior based on the out of bounds data with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-191444150

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-125
Out-of-bounds Read
CVE-2021-0522
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.5||HIGH
EPSS-2.16% / 83.60%
||
7 Day CHG~0.00%
Published-21 Jun, 2021 | 16:01
Updated-03 Aug, 2024 | 15:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In ConnectionHandler::SdpCb of connection_handler.cc, there is a possible out of bounds read due to a use after free. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-9 Android-10Android ID: A-174182139

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-416
Use After Free
CWE ID-CWE-125
Out-of-bounds Read
CVE-2020-9601
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-7.5||HIGH
EPSS-2.40% / 84.45%
||
7 Day CHG~0.00%
Published-25 Jun, 2020 | 21:23
Updated-04 Aug, 2024 | 10:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011.30166 and earlier, 2017.011.30166 and earlier, and 2015.006.30518 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcwindowsmacosacrobat_reader_dcAdobe Acrobat and Reader
CWE ID-CWE-125
Out-of-bounds Read
CVE-2020-9705
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-7.5||HIGH
EPSS-2.86% / 85.73%
||
7 Day CHG~0.00%
Published-19 Aug, 2020 | 13:20
Updated-04 Aug, 2024 | 10:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcwindowsmacosacrobat_reader_dcAdobe Acrobat and Reader
CWE ID-CWE-125
Out-of-bounds Read
CVE-2020-9628
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-7.5||HIGH
EPSS-2.40% / 84.45%
||
7 Day CHG+0.62%
Published-26 Jun, 2020 | 20:04
Updated-04 Aug, 2024 | 10:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe DNG Software Development Kit (SDK) 1.5 and earlier versions have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-dng_software_development_kitmacoswindowsAdobe DNG Software Development Kit (SDK)
CWE ID-CWE-125
Out-of-bounds Read
CVE-2021-0431
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.5||HIGH
EPSS-1.56% / 80.75%
||
7 Day CHG~0.00%
Published-13 Apr, 2021 | 18:22
Updated-03 Aug, 2024 | 15:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In avrc_msg_cback of avrc_api.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure to a paired device with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-174149901

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-125
Out-of-bounds Read
CVE-2020-9717
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-7.5||HIGH
EPSS-2.86% / 85.73%
||
7 Day CHG~0.00%
Published-19 Aug, 2020 | 14:08
Updated-04 Aug, 2024 | 10:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcwindowsmacosacrobat_reader_dcAdobe Acrobat and Reader
CWE ID-CWE-125
Out-of-bounds Read
CVE-2020-9716
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-7.5||HIGH
EPSS-2.13% / 83.45%
||
7 Day CHG~0.00%
Published-19 Aug, 2020 | 14:07
Updated-04 Aug, 2024 | 10:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcwindowsmacosacrobat_reader_dcAdobe Acrobat and Reader
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-2966
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-3.3||LOW
EPSS-0.09% / 25.92%
||
7 Day CHG~0.00%
Published-16 Dec, 2022 | 19:51
Updated-16 Apr, 2025 | 16:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Delta Electronics DOPSoft Out-of-bounds Read

Out-of-bounds Read vulnerability in Delta Electronics DOPSoft.This issue affects DOPSoft: All Versions.

Action-Not Available
Vendor-Delta Electronics, Inc.
Product-dopsoftDOPSoft
CWE ID-CWE-125
Out-of-bounds Read
CVE-2020-9723
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-7.5||HIGH
EPSS-1.78% / 81.94%
||
7 Day CHG~0.00%
Published-19 Aug, 2020 | 14:15
Updated-04 Aug, 2024 | 10:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcwindowsmacosacrobat_reader_dcAdobe Acrobat and Reader
CWE ID-CWE-125
Out-of-bounds Read
CVE-2020-9599
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-7.5||HIGH
EPSS-2.40% / 84.45%
||
7 Day CHG~0.00%
Published-25 Jun, 2020 | 21:22
Updated-04 Aug, 2024 | 10:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011.30166 and earlier, 2017.011.30166 and earlier, and 2015.006.30518 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcmacoswindowsacrobat_reader_dcAdobe Acrobat and Reader
CWE ID-CWE-125
Out-of-bounds Read
CVE-2020-9720
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-7.5||HIGH
EPSS-2.13% / 83.45%
||
7 Day CHG~0.00%
Published-19 Aug, 2020 | 14:12
Updated-04 Aug, 2024 | 10:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcwindowsmacosacrobat_reader_dcAdobe Acrobat and Reader
CWE ID-CWE-125
Out-of-bounds Read
CVE-2020-9719
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-7.5||HIGH
EPSS-2.13% / 83.45%
||
7 Day CHG~0.00%
Published-19 Aug, 2020 | 14:11
Updated-04 Aug, 2024 | 10:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcwindowsmacosacrobat_reader_dcAdobe Acrobat and Reader
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-28739
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.44% / 62.28%
||
7 Day CHG~0.00%
Published-09 May, 2022 | 00:00
Updated-13 Feb, 2025 | 16:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is a buffer over-read in Ruby before 2.6.10, 2.7.x before 2.7.6, 3.x before 3.0.4, and 3.1.x before 3.1.2. It occurs in String-to-Float conversion, including Kernel#Float and String#to_f.

Action-Not Available
Vendor-n/aApple Inc.Debian GNU/LinuxRuby
Product-rubydebian_linuxmacosn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2020-9837
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-0.76% / 72.45%
||
7 Day CHG~0.00%
Published-09 Jun, 2020 | 16:16
Updated-04 Aug, 2024 | 10:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5. A remote attacker may be able to leak memory.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_ostvosmac_os_xipadostvOSmacOSiOS
CWE ID-CWE-125
Out-of-bounds Read
CVE-2020-8753
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-7.5||HIGH
EPSS-0.96% / 75.63%
||
7 Day CHG~0.00%
Published-12 Nov, 2020 | 18:05
Updated-04 Aug, 2024 | 10:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-of-bounds read in DHCP subsystem for Intel(R) AMT, Intel(R) ISM versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow an unauthenticated user to potentially enable information disclosure via network access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-active_management_technology_firmwarestandard_manageabilityIntel(R) AMT, Intel(R) ISM versions
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-0045
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.5||HIGH
EPSS-0.13% / 33.38%
||
7 Day CHG~0.00%
Published-11 Mar, 2024 | 16:35
Updated-17 Dec, 2024 | 15:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In smp_proc_sec_req of smp_act.cc, there is a possible out of bounds read due to improper input validation. This could lead to remote (proximal/adjacent) information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroidandroid
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-125
Out-of-bounds Read
CVE-2020-9272
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.51% / 65.20%
||
7 Day CHG~0.00%
Published-20 Feb, 2020 | 15:17
Updated-04 Aug, 2024 | 10:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ProFTPD 1.3.7 has an out-of-bounds (OOB) read vulnerability in mod_cap via the cap_text.c cap_to_text function.

Action-Not Available
Vendor-proftpdn/aSiemens AGopenSUSE
Product-simatic_net_cp_1543-1simatic_net_cp_1543-1_firmwaresimatic_net_cp_1545-1proftpdsimatic_net_cp_1545-1_firmwarebackports_sleleapn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-25732
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-8.2||HIGH
EPSS-0.08% / 24.38%
||
7 Day CHG~0.00%
Published-09 Feb, 2023 | 06:58
Updated-03 Aug, 2024 | 04:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Buffer Over-read in MODEM

Information disclosure in modem due to buffer over read in dns client due to missing length check

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-wcd9380_firmwarewsa8830ssg2125psxr2230p_firmwarewcd9330wcn6856_firmwarecsra6620qca4024_firmwarewsa8835sxr1230p_firmwarewcd9380csra6620_firmwaressg2125p_firmwaressg2115pmdm9206csra6640_firmwarewcn6855_firmwaresxr1230pwcd9335_firmwarewcn3980wcd9385_firmwaremdm9205mdm9206_firmwarewsa8815sxr2230pqca4020wcn7850wcn3999_firmwarewcn3980_firmwarewcd9330_firmwaremdm9207wcd9306mdm8207wcn3999wcn7851ar8031_firmwarewsa8832_firmwareqca4004_firmwaremdm9607_firmwareqcs405qts110mdm9607wcd9306_firmwarewsa8810_firmwarewsa8810wsa8832qca4020_firmwarewcn6855wcd9335wcn7851_firmwarewcn6856wcd9385ar8031qcs405_firmwaremdm8207_firmwaremdm9205_firmwareqca4024mdm9207_firmwareqca4004csra6640wsa8830_firmwarewsa8815_firmwarewsa8835_firmwarewcn7850_firmwaressg2115p_firmwareqts110_firmwareSnapdragonwcd9380_firmwaresxr2230p_firmwarear8031_firmwarewsa8832_firmwarewcn6856_firmwareqca4004_firmwaremdm9607_firmwareqca4024_firmwarewcd9306_firmwaresxr1230p_firmwarewsa8810_firmwareqca4020_firmwaressg2125p_firmwarecsra6620_firmwarewcn7851_firmwarewcn6855_firmwarecsra6640_firmwareqcs405_firmwarewcd9335_firmwaremdm8207_firmwaremdm9205_firmwarewcd9385_firmwaremdm9206_firmwaremdm9207_firmwarewsa8830_firmwarewsa8815_firmwarewsa8835_firmwarewcn7850_firmwaressg2115p_firmwarewcn3999_firmwarewcn3980_firmwarewcd9330_firmwareqts110_firmware
CWE ID-CWE-126
Buffer Over-read
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-25726
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-8.2||HIGH
EPSS-0.07% / 21.25%
||
7 Day CHG~0.00%
Published-04 Apr, 2023 | 04:46
Updated-03 Aug, 2024 | 04:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Buffer Over-read in MODEM

Information disclosure in modem data due to array out of bound access while handling the incoming DNS response packet

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-wcd9306wcd9380_firmwarewsa8830snapdragon_wear_1300ssg2125psxr2230p_firmwaremdm8207snapdragon_wear_1200wcd9330snapdragon_x5_lte_modem_firmwarewsa8832_firmwarewcn785x-5wcn685x-5qca4004_firmwarewcn785x-1_firmwareqts110wcd9306_firmwaresxr1230p_firmwarewsa8835wcd9380wsa8832snapdragon_wear_1100_firmwaresnapdragon_ar2_gen_1_platform_firmwaresnapdragon_wear_1200_firmwaressg2125p_firmwaressg2115psnapdragon_ar2_gen_1_platformmdm9206wcn685x-5_firmwarewcn685x-1_firmwaresxr1230pwcd9385wcn685x-1snapdragon_x5_lte_modemmdm8207_firmwaresnapdragon_wear_1100mdm9205_firmwarewcd9385_firmwaremdm9205mdm9206_firmwaremdm9207_firmwareqca4004sxr2230pwsa8830_firmwarewsa8835_firmwaressg2115p_firmwaresnapdragon_wear_1300_firmwarewcn785x-5_firmwarewcd9330_firmwarewcn785x-1mdm9207qts110_firmwareSnapdragon9205_lte_modem_firmwarewcd9380_firmwaresnapdragon_wear_1300_platform_firmware9207_lte_modem_firmwaresxr2230p_firmwaresnapdragon_x5_lte_modem_firmwaremdm8207_firmwarewsa8832_firmwarewcd9385_firmwarefastconnect_6900_firmwareqca4004_firmwaresnapdragon_1200_wearable_platform_firmwaresnapdragon_1100_wearable_platform_firmware9206_lte_modem_firmwarewsa8830_firmwarewcd9306_firmwaresxr1230p_firmwarewsa8835_firmwarefastconnect_7800_firmwaressg2115p_firmwaresnapdragon_ar2_gen_1_platform_firmwarewcd9330_firmwaressg2125p_firmwareqts110_firmware
CWE ID-CWE-126
Buffer Over-read
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-25738
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-8.2||HIGH
EPSS-0.08% / 24.38%
||
7 Day CHG~0.00%
Published-09 Feb, 2023 | 06:58
Updated-03 Aug, 2024 | 04:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Buffer Over-read in MODEM

Information disclosure in modem due to buffer over-red while performing checksum of packet received

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-wcd9380_firmwarewsa8830ssg2125psxr2230p_firmwarewcd9330wcn6856_firmwarecsra6620qca4024_firmwarewsa8835sxr1230p_firmwarewcd9380csra6620_firmwaressg2125p_firmwaressg2115pmdm9206csra6640_firmwarewcn6855_firmwaresxr1230pwcd9335_firmwarewcn3980wcn3998wcd9385_firmwaremdm9205mdm9206_firmwarewsa8815sxr2230pqca4020wcn7850wcn3999_firmwarewcn3998_firmwarewcn3980_firmwarewcd9330_firmwaremdm9207wcd9306mdm8207wcn3999wcn7851ar8031_firmwarewsa8832_firmwareqca4004_firmwaremdm9607_firmwareqcs405qts110mdm9607wcd9306_firmwarewsa8810_firmwarewsa8810wsa8832qca4020_firmwarewcn6855wcd9335qca4010wcn7851_firmwarewcn6856wcd9385ar8031qcs405_firmwaremdm8207_firmwaremdm9205_firmwareqca4024mdm9207_firmwareqca4004csra6640wsa8830_firmwarewsa8815_firmwarewsa8835_firmwarewcn7850_firmwaressg2115p_firmwareqca4010_firmwareqts110_firmwareSnapdragon
CWE ID-CWE-126
Buffer Over-read
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-25728
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-8.2||HIGH
EPSS-0.08% / 24.38%
||
7 Day CHG~0.00%
Published-09 Feb, 2023 | 06:58
Updated-03 Aug, 2024 | 04:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Buffer Over-read in MODEM

Information disclosure in modem due to buffer over-read while processing response from DNS server

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-wcd9380_firmwarewsa8830ssg2125psxr2230p_firmwarewcd9330wcn6856_firmwarecsra6620qca4024_firmwarewsa8835sxr1230p_firmwarewcd9380csra6620_firmwaressg2125p_firmwaressg2115pmdm9206csra6640_firmwarewcn6855_firmwaresxr1230pwcd9335_firmwarewcn3980wcn3998wcd9385_firmwaremdm9205mdm9206_firmwarewsa8815sxr2230pqca4020wcn7850wcn3999_firmwarewcn3998_firmwarewcn3980_firmwarewcd9330_firmwaremdm9207wcd9306mdm8207wcn3999wcn7851ar8031_firmwarewsa8832_firmwareqca4004_firmwaremdm9607_firmwareqcs405qts110mdm9607wcd9306_firmwarewsa8810_firmwarewsa8810wsa8832qca4020_firmwarewcn6855wcd9335wcn7851_firmwarewcn6856wcd9385ar8031qcs405_firmwaremdm8207_firmwaremdm9205_firmwareqca4024mdm9207_firmwareqca4004csra6640wsa8830_firmwarewsa8815_firmwarewsa8835_firmwarewcn7850_firmwaressg2115p_firmwareqts110_firmwareSnapdragonwcd9380_firmwaresxr2230p_firmwarear8031_firmwarewsa8832_firmwarewcn6856_firmwareqca4004_firmwaremdm9607_firmwareqca4024_firmwarewcd9306_firmwaresxr1230p_firmwarewsa8810_firmwareqca4020_firmwaressg2125p_firmwarecsra6620_firmwarewcn7851_firmwarewcn6855_firmwarecsra6640_firmwareqcs405_firmwarewcd9335_firmwaremdm8207_firmwaremdm9205_firmwarewcd9385_firmwaremdm9206_firmwaremdm9207_firmwarewsa8830_firmwarewsa8815_firmwarewsa8835_firmwarewcn7850_firmwaressg2115p_firmwarewcn3999_firmwarewcn3998_firmwarewcn3980_firmwarewcd9330_firmwareqts110_firmware
CWE ID-CWE-126
Buffer Over-read
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-25706
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-8.2||HIGH
EPSS-0.11% / 29.54%
||
7 Day CHG~0.00%
Published-16 Sep, 2022 | 05:26
Updated-03 Aug, 2024 | 04:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Information disclosure in Bluetooth driver due to buffer over-read while reading l2cap length in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sm6250p_firmwareqcs610wcn3950_firmwareqcs2290qca6595au_firmwaresa6155qca6335msm8917qcs605_firmwaresd_675_firmwaresd632wcn3998wcd9371_firmwarewcn3950sm4125sd720gsd_8_gen1_5g_firmwarewcn3660bsd450_firmwaresd710_firmwaresd460_firmwaresm7315_firmwarewcn7850qca6574au_firmwarewcd9375_firmwaresa6155_firmwarewcn3998_firmwaremsm8909wapq8009w_firmwareqca6420apq8053_firmwaresm7450_firmwaresd680_firmwaresa8155_firmwaresd662_firmwareqca6430wcd9340qualcomm215_firmwaresd765gsw5100qca6436sd680wcn6851sa6155pqcs603_firmwarewcn7851_firmwarewcn3660_firmwarewcd9341qca6696_firmwarewcd9371sd750gsd870_firmwarewcn3910_firmwarewsa8830_firmwaresd855_firmwaresd660sd865_5g_firmwarewcn3988sd660_firmwarewcn7850_firmwaresa8195p_firmwaresm8475wcn6750_firmwaresd450wcn3991wcd9380_firmwaresdm429wmsm8996au_firmwaresw5100pqca6564ausdx55m_firmwarewcn6856_firmwaresd670_firmwareqca6574sd632_firmwarewcd9380qualcomm215sd690_5g_firmwaresdx50m_firmwareqca6430_firmwarewcd9335_firmwarewcn3980sd439_firmwareqca6335_firmwareqcs605wcd9340_firmwarewsa8815wcn6850wcn3910qca6320qca6426_firmwarewcn3660b_firmwarewcn3680sd695sd835wcn3980_firmwaresd730sdx55msm8475_firmwarewcn6740_firmwaremsm8953sd678_firmwarewcn3680_firmwarewcn6851_firmwareqcs603sd_636_firmwaresd670qca6564a_firmwareapq8009wqcm4290_firmwaresd480sd870wcn6855wsa8832sw5100p_firmwareqcs610_firmwaresa6145psd695_firmwaresdxr1apq8096ausdm630_firmwareqca6391_firmwaresd780g_firmwarewcd9370_firmwaresdx55sd888_firmwareapq8053sa8155psd675sd439wcn3660sm8475p_firmwareqcm2290wcn3991_firmwarewsa8830sd678qcs2290_firmwaresd_636qcs4290sd765g_firmwareqca6420_firmwareqca6390_firmwaresd690_5gsd730_firmwarewcd9370sd675_firmwareqca6426wcn3990_firmwaresdw2500_firmwarewcd9385_firmwaresdxr2_5g_firmwarewcd9326_firmwarewcn3615_firmwaresd662sa8155qca6320_firmwarewcn3680b_firmwaresdx55_firmwareqca6595auwcn3615sm7250p_firmwareqca6436_firmwareqca6564au_firmwaresd778gsa6155p_firmwareqca6310wcn7851qcs6490sd429sdxr2_5gsdm630wcn3988_firmwaresa6145p_firmwaresd429_firmwaresm6250sd778g_firmwaresa8195papq8017_firmwarewsa8810_firmwaresd765_firmwarewcd9326wcd9335qcs4290_firmwarewcd9385qcs6490_firmwareqca6390wcd9375sd750g_firmwareaqt1000sm6250_firmwaremsm8953_firmwaremsm8917_firmwarewcn3620_firmwareqcm6490sd888_5g_firmwarewsa8835_firmwarewcn3620wcn6850_firmwarewsa8815_firmwaresm7450apq8017qca6564aqcm2290_firmwarewcn3990sd_675sd780gsd865_5gsd888msm8909w_firmwarewsa8835msm8996ausdm429w_firmwaresd665_firmwaresd888_5gsm6250pqca6574awcn6855_firmwaresm7325pqca6310_firmwarewcn6750qca6574_firmwaresd855sm4125_firmwaresm7325p_firmwaresd665sd765qca6574a_firmwaresd768g_firmwaresm7315sd460qca6391sdxr1_firmwareaqt1000_firmwareqcm4290qcm6490_firmwaresdx50mwsa8832_firmwaresd480_firmwareqca6574ausa8155p_firmwaresd710wcd9341_firmwarewsa8810wcn6856wcn3680bsd835_firmwaresd768gwcn6740qca6696sd845_firmwaresdw2500apq8096au_firmwaresd845sm7250psd720g_firmwaresw5100_firmwaresm8475pSnapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-25747
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-8.2||HIGH
EPSS-0.06% / 17.68%
||
7 Day CHG~0.00%
Published-04 Apr, 2023 | 04:46
Updated-11 Feb, 2025 | 14:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Buffer Over-read in MODEM

Information disclosure in modem due to improper input validation during parsing of upcoming CoAP message

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-mdm9206wcd9306snapdragon_wear_1300mdm8207snapdragon_wear_1200wcd9330mdm9207snapdragon_x5_lte_modem_firmwaremdm8207_firmwaresnapdragon_wear_1100mdm9205_firmwaremdm9205qca4004_firmwaremdm9206_firmwaremdm9207_firmwareqca4004qts110wcd9306_firmwaresnapdragon_wear_1100_firmwaresnapdragon_wear_1300_firmwarewcd9330_firmwaresnapdragon_wear_1200_firmwaresnapdragon_x5_lte_modemqts110_firmwareSnapdragon
CWE ID-CWE-126
Buffer Over-read
CWE ID-CWE-125
Out-of-bounds Read
CVE-2020-7067
Matching Score-4
Assigner-PHP Group
ShareView Details
Matching Score-4
Assigner-PHP Group
CVSS Score-7.5||HIGH
EPSS-9.01% / 92.28%
||
7 Day CHG~0.00%
Published-27 Apr, 2020 | 20:38
Updated-17 Sep, 2024 | 02:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OOB Read in urldecode()

In PHP versions 7.2.x below 7.2.30, 7.3.x below 7.3.17 and 7.4.x below 7.4.5, if PHP is compiled with EBCDIC support (uncommon), urldecode() function can be made to access locations past the allocated memory, due to erroneously using signed numbers as array indexes.

Action-Not Available
Vendor-Oracle CorporationDebian GNU/LinuxTenable, Inc.The PHP Group
Product-communications_diameter_signaling_routerphpdebian_linuxtenable.scPHP
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-196
Unsigned to Signed Conversion Error
CVE-2022-23483
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.21% / 43.30%
||
7 Day CHG~0.00%
Published-09 Dec, 2022 | 17:50
Updated-23 Apr, 2025 | 16:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Out-of-Bound Read in libxrdp

xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a Out of Bound Read in libxrdp_send_to_channel() function. There are no known workarounds for this issue. Users are advised to upgrade.

Action-Not Available
Vendor-neutrinolabsneutrinolabsDebian GNU/Linux
Product-debian_linuxxrdpxrdp
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-48404
Matching Score-4
Assigner-Google Devices
ShareView Details
Matching Score-4
Assigner-Google Devices
CVSS Score-7.5||HIGH
EPSS-0.30% / 53.08%
||
7 Day CHG~0.00%
Published-08 Dec, 2023 | 15:40
Updated-02 Aug, 2024 | 21:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In ProtocolMiscCarrierConfigSimInfoIndAdapter of protocolmiscadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-125
Out-of-bounds Read
CVE-2020-3804
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-7.5||HIGH
EPSS-4.30% / 88.44%
||
7 Day CHG~0.00%
Published-25 Mar, 2020 | 17:28
Updated-04 Aug, 2024 | 07:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011.30158 and earlier, 2017.011.30158 and earlier, 2015.006.30510 and earlier, and 2015.006.30510 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure .

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcwindowsmacosacrobat_reader_dcAdobe Acrobat and Reader
CWE ID-CWE-125
Out-of-bounds Read
CVE-2020-3744
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-7.5||HIGH
EPSS-1.91% / 82.52%
||
7 Day CHG~0.00%
Published-13 Feb, 2020 | 15:44
Updated-04 Aug, 2024 | 07:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011.30156 and earlier, 2017.011.30156 and earlier, and 2015.006.30508 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure .

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcwindowsmacosacrobat_reader_dcAdobe Acrobat and Reader
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-20605
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.5||HIGH
EPSS-0.59% / 68.31%
||
7 Day CHG~0.00%
Published-16 Dec, 2022 | 00:00
Updated-18 Apr, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In SAECOMM_CopyBufferBytes of SAECOMM_Utility.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-231722405References: N/A

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-48398
Matching Score-4
Assigner-Google Devices
ShareView Details
Matching Score-4
Assigner-Google Devices
CVSS Score-7.5||HIGH
EPSS-0.09% / 25.85%
||
7 Day CHG~0.00%
Published-08 Dec, 2023 | 15:39
Updated-09 Oct, 2024 | 15:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In ProtocolNetAcBarringInfo::ProtocolNetAcBarringInfo() of protocolnetadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with baseband firmware compromise required. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-20410
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.5||HIGH
EPSS-0.47% / 63.66%
||
7 Day CHG~0.00%
Published-11 Oct, 2022 | 00:00
Updated-03 Aug, 2024 | 02:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In avrc_ctrl_pars_vendor_rsp of avrc_pars_ct.cc, there is a possible out of bounds read due to an integer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-205570663

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2020-3700
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.5||HIGH
EPSS-0.44% / 62.11%
||
7 Day CHG~0.00%
Published-30 Jul, 2020 | 11:40
Updated-04 Aug, 2024 | 07:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Possible out of bounds read due to a missing bounds check and could lead to local information disclosure in the wifi driver with no additional execution privileges needed in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8053, APQ8096AU, IPQ4019, IPQ8064, IPQ8074, MDM9607, MSM8909W, MSM8996AU, QCA6574AU, QCA9531, QCA9558, QCA9980, SC8180X, SDM439, SDX55, SM8150, SM8250, SXR2130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qca9980_firmwaremsm8996au_firmwaresdm439mdm9607_firmwaresm8250_firmwaresc8180x_firmwareqca9531qca9558_firmwareipq8074_firmwareqca6574auqca9558msm8909w_firmwaremdm9607msm8996auqca9980sxr2130sc8180xipq4019_firmwaresm8150_firmwaresxr2130_firmwareipq8074apq8096ausdm439_firmwareipq4019sdx55apq8053apq8096au_firmwaresm8250sm8150qca9531_firmwareipq8064qca6574au_firmwaresdx55_firmwaremsm8909wapq8053_firmwareipq8064_firmwareSnapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
CWE ID-CWE-125
Out-of-bounds Read
CVE-2020-3747
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-7.5||HIGH
EPSS-1.91% / 82.52%
||
7 Day CHG~0.00%
Published-13 Feb, 2020 | 15:44
Updated-04 Aug, 2024 | 07:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011.30156 and earlier, 2017.011.30156 and earlier, and 2015.006.30508 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure .

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcwindowsmacosacrobat_reader_dcAdobe Acrobat and Reader
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-20418
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.5||HIGH
EPSS-0.47% / 63.66%
||
7 Day CHG~0.00%
Published-11 Oct, 2022 | 00:00
Updated-03 Aug, 2024 | 02:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In pickStartSeq of AAVCAssembler.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12L Android-13Android ID: A-231986464

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-125
Out-of-bounds Read
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 6
  • 7
  • Next
Details not found