Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-54592

Summary
Assigner-GitHub_M
Assigner Org ID-a0819718-46f1-4df5-94e2-005712e83aaa
Published At-30 Jun, 2026 | 23:16
Updated At-01 Jul, 2026 | 12:35
Rejected At-
Credits

Oj: Stack Buffer Overflow in Oj::Doc#each_child via Deeply Nested Input

Oj (Optimized JSON) is a JSON parser and Object marshaller packaged as a Ruby gem. In versions prior to 3.17.3, Oj::Doc#each_child, when invoked recursively over a deeply nested JSON document, overflows a fixed-size stack buffer and aborts the process, leading to DoS. In a two-step chain in ext/oj/fast.c, doc_each_child increments doc->where past the where_path[MAX_STACK = 100] array with no bounds check and never restores it (the doc->where-- is missing), so calling each_child recursively from inside the yield block drives doc->where beyond the array. On the next entry the function copies the path into the 800-byte stack-local buffer save_path[MAX_STACK] using wlen = doc->where - doc->where_path, so when the previous recursive call left doc->where past where_path[100] the wlen exceeds MAX_STACK and the memcpy overflows save_path on the C stack; because the Oj::Doc parser imposes no JSON nesting-depth limit (relying on a C-stack pressure check), deeply nested attacker input reaches this path. This issue has been fixed in version 3.17.3.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:GitHub_M
Assigner Org ID:a0819718-46f1-4df5-94e2-005712e83aaa
Published At:30 Jun, 2026 | 23:16
Updated At:01 Jul, 2026 | 12:35
Rejected At:
▼CVE Numbering Authority (CNA)
Oj: Stack Buffer Overflow in Oj::Doc#each_child via Deeply Nested Input

Oj (Optimized JSON) is a JSON parser and Object marshaller packaged as a Ruby gem. In versions prior to 3.17.3, Oj::Doc#each_child, when invoked recursively over a deeply nested JSON document, overflows a fixed-size stack buffer and aborts the process, leading to DoS. In a two-step chain in ext/oj/fast.c, doc_each_child increments doc->where past the where_path[MAX_STACK = 100] array with no bounds check and never restores it (the doc->where-- is missing), so calling each_child recursively from inside the yield block drives doc->where beyond the array. On the next entry the function copies the path into the 800-byte stack-local buffer save_path[MAX_STACK] using wlen = doc->where - doc->where_path, so when the previous recursive call left doc->where past where_path[100] the wlen exceeds MAX_STACK and the memcpy overflows save_path on the C stack; because the Oj::Doc parser imposes no JSON nesting-depth limit (relying on a C-stack pressure check), deeply nested attacker input reaches this path. This issue has been fixed in version 3.17.3.

Affected Products
Vendor
ohler55
Product
oj
Versions
Affected
  • < 3.17.3
Problem Types
TypeCWE IDDescription
CWECWE-125CWE-125: Out-of-bounds Read
CWECWE-787CWE-787: Out-of-bounds Write
Type: CWE
CWE ID: CWE-125
Description: CWE-125: Out-of-bounds Read
Type: CWE
CWE ID: CWE-787
Description: CWE-787: Out-of-bounds Write
Metrics
VersionBase scoreBase severityVector
3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://github.com/ohler55/oj/security/advisories/GHSA-3m6q-jj5j-38c9
x_refsource_CONFIRM
Hyperlink: https://github.com/ohler55/oj/security/advisories/GHSA-3m6q-jj5j-38c9
Resource:
x_refsource_CONFIRM
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://github.com/ohler55/oj/security/advisories/GHSA-3m6q-jj5j-38c9
exploit
Hyperlink: https://github.com/ohler55/oj/security/advisories/GHSA-3m6q-jj5j-38c9
Resource:
exploit
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security-advisories@github.com
Published At:01 Jul, 2026 | 00:16
Updated At:01 Jul, 2026 | 13:17

Oj (Optimized JSON) is a JSON parser and Object marshaller packaged as a Ruby gem. In versions prior to 3.17.3, Oj::Doc#each_child, when invoked recursively over a deeply nested JSON document, overflows a fixed-size stack buffer and aborts the process, leading to DoS. In a two-step chain in ext/oj/fast.c, doc_each_child increments doc->where past the where_path[MAX_STACK = 100] array with no bounds check and never restores it (the doc->where-- is missing), so calling each_child recursively from inside the yield block drives doc->where beyond the array. On the next entry the function copies the path into the 800-byte stack-local buffer save_path[MAX_STACK] using wlen = doc->where - doc->where_path, so when the previous recursive call left doc->where past where_path[100] the wlen exceeds MAX_STACK and the memcpy overflows save_path on the C stack; because the Oj::Doc parser imposes no JSON nesting-depth limit (relying on a C-stack pressure check), deeply nested attacker input reaches this path. This issue has been fixed in version 3.17.3.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
N/A
Type: Secondary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Type: N/A
Version:
Base score:
Base severity: N/A
Vector:
CPE Matches

Weaknesses
CWE IDTypeSource
CWE-125Secondarysecurity-advisories@github.com
CWE-787Secondarysecurity-advisories@github.com
CWE ID: CWE-125
Type: Secondary
Source: security-advisories@github.com
CWE ID: CWE-787
Type: Secondary
Source: security-advisories@github.com
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://github.com/ohler55/oj/security/advisories/GHSA-3m6q-jj5j-38c9security-advisories@github.com
N/A
https://github.com/ohler55/oj/security/advisories/GHSA-3m6q-jj5j-38c9134c704f-9b21-4f2e-91b3-4a467353bcc0
N/A
Hyperlink: https://github.com/ohler55/oj/security/advisories/GHSA-3m6q-jj5j-38c9
Source: security-advisories@github.com
Resource: N/A
Hyperlink: https://github.com/ohler55/oj/security/advisories/GHSA-3m6q-jj5j-38c9
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

1375Records found

CVE-2023-43861
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.83% / 52.93%
||
7 Day CHG~0.00%
Published-28 Sep, 2023 | 00:00
Updated-24 Sep, 2024 | 14:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

D-Link DIR-619L B1 2.02 is vulnerable to Buffer Overflow via formSetWanPPPoE function.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-dir-619ldir-619l_firmwaren/adir-619l
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-26003
Matching Score-4
Assigner-CERT@VDE
ShareView Details
Matching Score-4
Assigner-CERT@VDE
CVSS Score-7.5||HIGH
EPSS-1.16% / 63.29%
||
7 Day CHG~0.00%
Published-12 Mar, 2024 | 08:12
Updated-23 Jan, 2025 | 18:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PHOENIX CONTACT: DoS of the control agent in CHARX Series

An unauthenticated remote attacker can DoS the control agent due to a out-of-bounds read which may prevent or disrupt the charging functionality. 

Action-Not Available
Vendor-Phoenix Contact GmbH & Co. KG
Product-charx_sec-3150_firmwarecharx_sec-3050charx_sec-3000_firmwarecharx_sec-3100_firmwarecharx_sec-3100charx_sec-3000charx_sec-3150charx_sec-3050_firmwareCHARX SEC-3050CHARX SEC-3000CHARX SEC-3150CHARX SEC-3100charx_sec_3150charx_sec_3050charx_sec_3100charx_sec_3000
CWE ID-CWE-125
Out-of-bounds Read
CVE-2019-19945
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.55% / 72.07%
||
7 Day CHG~0.00%
Published-16 Mar, 2020 | 17:17
Updated-05 Aug, 2024 | 02:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

uhttpd in OpenWrt through 18.06.5 and 19.x through 19.07.0-rc2 has an integer signedness error. This leads to out-of-bounds access to a heap buffer and a subsequent crash. It can be triggered with an HTTP POST request to a CGI script, specifying both "Transfer-Encoding: chunked" and a large negative Content-Length value.

Action-Not Available
Vendor-n/aOpenWrt
Product-openwrtn/a
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-681
Incorrect Conversion between Numeric Types
CVE-2019-19203
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-4.05% / 89.40%
||
7 Day CHG~0.00%
Published-21 Nov, 2019 | 20:06
Updated-05 Aug, 2024 | 02:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Oniguruma 6.x before 6.9.4_rc2. In the function gb18030_mbc_enc_len in file gb18030.c, a UChar pointer is dereferenced without checking if it passed the end of the matched string. This leads to a heap-based buffer over-read.

Action-Not Available
Vendor-oniguruma_projectn/aFedora Project
Product-onigurumafedoran/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2026-53461
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.35% / 27.32%
||
7 Day CHG+0.08%
Published-10 Jun, 2026 | 22:03
Updated-30 Jun, 2026 | 12:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ImageMagick: Out-of-bounds write in ICON decoder due to incorrect loop

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-50 and 7.1.2-25, an incorrect loop in the ICON decoder can result in an out of bounds heap write resulting in a crash. This issue has been patched in versions 6.9.13-50 and 7.1.2-25.

Action-Not Available
Vendor-ImageMagick Studio LLCRed Hat, Inc.
Product-imagemagickImageMagickRed Hat Enterprise Linux 6Red Hat Enterprise Linux 7
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-19275
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-3.26% / 86.83%
||
7 Day CHG~0.00%
Published-26 Nov, 2019 | 14:08
Updated-05 Aug, 2024 | 02:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

typed_ast 1.3.0 and 1.3.1 has an ast_for_arguments out-of-bounds read. An attacker with the ability to cause a Python interpreter to parse Python source (but not necessarily execute it) may be able to crash the interpreter process. This could be a concern, for example, in a web-based service that parses (but does not execute) Python code. (This issue also affected certain Python 3.8.0-alpha prereleases.)

Action-Not Available
Vendor-n/aPython Software Foundation
Product-typed_astn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-43512
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.5||HIGH
EPSS-0.32% / 23.69%
||
7 Day CHG~0.00%
Published-02 Jan, 2024 | 05:38
Updated-02 Aug, 2024 | 19:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Buffer Over-read in Qualcomm ESL

Transient DOS while parsing GATT service data when the total amount of memory that is required by the multiple services is greater than the actual size of the services buffer.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qcn7606qcn7606_firmwareSnapdragonqcn7606_firmware
CWE ID-CWE-126
Buffer Over-read
CWE ID-CWE-125
Out-of-bounds Read
CVE-2019-19906
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-8.04% / 94.08%
||
7 Day CHG~0.00%
Published-19 Dec, 2019 | 17:39
Updated-05 Aug, 2024 | 02:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

cyrus-sasl (aka Cyrus SASL) 2.1.27 has an out-of-bounds write leading to unauthenticated remote denial-of-service in OpenLDAP via a malformed LDAP packet. The OpenLDAP crash is ultimately caused by an off-by-one error in _sasl_add_string in common.c in cyrus-sasl.

Action-Not Available
Vendor-cyrusimapcentosn/aCanonical Ltd.The Apache Software FoundationRed Hat, Inc.Apple Inc.Fedora ProjectDebian GNU/Linux
Product-ubuntu_linuxiphone_osenterprise_linux_server_update_services_for_sap_solutionsenterprise_linux_server_auscyrus-saslenterprise_linuxdebian_linuxipadosbookkeeperjboss_enterprise_web_serverfedoramac_os_xcentosenterprise_linux_eusenterprise_linux_for_ibm_z_systemsenterprise_linux_for_power_little_endian_eusenterprise_linux_server_for_power_little_endian_update_services_for_sap_solutionsenterprise_linux_server_tusenterprise_linux_for_power_little_endianenterprise_linux_for_ibm_z_systems_eusn/a
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-193
Off-by-one Error
CVE-2019-19943
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-4.26% / 89.86%
||
7 Day CHG~0.00%
Published-28 Feb, 2020 | 19:40
Updated-05 Aug, 2024 | 02:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The HTTP service in quickweb.exe in Pablo Quick 'n Easy Web Server 3.3.8 allows Remote Unauthenticated Heap Memory Corruption via a large host or domain parameter. It may be possible to achieve remote code execution because of a double free.

Action-Not Available
Vendor-pablosoftwaresolutionsn/a
Product-quick_\'n_easy_web_servern/a
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-415
Double Free
CVE-2023-42869
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-0.52% / 40.07%
||
7 Day CHG~0.00%
Published-10 Jan, 2024 | 22:03
Updated-20 Jun, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Ventura 13.4, iOS 16.5 and iPadOS 16.5. Multiple issues in libxml2.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_osmacosipadosmacOSiOS and iPadOS
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-43533
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.5||HIGH
EPSS-0.32% / 24.30%
||
7 Day CHG~0.00%
Published-06 Feb, 2024 | 05:47
Updated-11 Aug, 2025 | 15:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Buffer Over-read in WLAN Firmware

Transient DOS in WLAN Firmware when the length of received beacon is less than length of ieee802.11 beacon frame.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-snapdragon_8_gen_3_mobile_platform_firmwareqcm8550_firmwareqcs410_firmwaresa6150p_firmwaresd865_5gsw5100psxr1120vision_intelligence_300_platformqca6595snapdragon_xr1_platformqcs610_firmwarewcd9335wcd9370qca8081_firmwaresnapdragon_x50_5g_modem-rf_systemqca6696wcd9340_firmwarewcd9341_firmwarewcd9395_firmwaresnapdragon_730_mobile_platformqcn6024qcc2073_firmwareqcc710_firmwareqca6426wcn6740_firmwarefastconnect_6700qca1064_firmwareqcn6422_firmwaresnapdragon_768g_5g_mobile_platform_firmwaresa4150pwsa8832_firmwaresnapdragon_x35_5g_modem-rf_system_firmwareqca8337qca6426_firmwarewcd9395snapdragon_460_mobile_platformsnapdragon_auto_4g_modemqca6574au_firmwaresnapdragon_8cx_gen_3_compute_platform_firmwareqam8295pwcd9341ipq5312qca6574auwcd9390wsa8810_firmwaresd730_firmwarewsa8845h_firmwarecsra6640snapdragon_8cx_gen_2_5g_compute_platformsa9000p_firmwaresrv1hqca2064_firmwaresnapdragon_835_mobile_pc_platform_firmwaresd730snapdragon_730g_mobile_platform_firmwareqca6554afastconnect_6800_firmwaresd835_firmwareqcn6024_firmwaresnapdragon_4_gen_2_mobile_platform_firmwaresnapdragon_695_5g_mobile_platformsnapdragon_4_gen_1_mobile_platform_firmwarevideo_collaboration_vc1_platform_firmwaresnapdragon_778g\+_5g_mobile_platformsa8770pqcm6125_firmwaressg2115pqcc710snapdragon_850_mobile_compute_platformsnapdragon_8cx_compute_platform_firmwareqca2062_firmwaresnapdragon_480\+_5g_mobile_platform_firmwaresxr1120_firmwaresnapdragon_695_5g_mobile_platform_firmwareqsm8250_firmwareqsm8350_firmwarerobotics_rb3_platform315_5g_iot_modem_firmwarefastconnect_6900snapdragon_765g_5g_mobile_platformqcn6402qcn6432video_collaboration_vc1_platformipq5332_firmwareqep8111qfw7114wcd9385_firmwareqca6421315_5g_iot_modemsnapdragon_x55_5g_modem-rf_systemqca6310qam8255p_firmwaresnapdragon_630_mobile_platformsa8155_firmwarewcd9360snapdragon_888_5g_mobile_platform_firmwareqca6335snapdragon_ar2_gen_1_platform_firmwareqcs4490snapdragon_8_gen_1_mobile_platform_firmwaresnapdragon_7c_compute_platformimmersive_home_3210_platform_firmwaresnapdragon_685_4g_mobile_platformsnapdragon_8\+_gen_2_mobile_platform_firmwaresa6155pwsa8845qca6421_firmwareqcm6125qca6564au_firmwaresnapdragon_768g_5g_mobile_platformwsa8810qam8650psa9000pqsm8250snapdragon_8\+_gen_2_mobile_platformsrv1h_firmwareqca6595ausm7315_firmwarewcd9326_firmwaresa6155p_firmwarewsa8840srv1m_firmwareqcs8550_firmwaresd835snapdragon_870_5g_mobile_platform_firmwareqfw7124_firmwareqca6436_firmwaresnapdragon_8\+_gen_1_mobile_platformwcd9371_firmwaresnapdragon_7c_compute_platform_firmwaresnapdragon_8_gen_2_mobile_platformqcs4490_firmwaresnapdragon_7c\+_gen_3_compute_firmwarewcn3910_firmwaresm4125_firmwaresnapdragon_855\+\/860_mobile_platform_firmwareqca6420snapdragon_8_gen_3_mobile_platformsnapdragon_7c_gen_2_compute_platform_firmwarewcn3910wcd9370_firmwarecsrb31024snapdragon_845_mobile_platformsnapdragon_x55_5g_modem-rf_system_firmwareqcc2076snapdragon_750g_5g_mobile_platform_firmwaresnapdragon_660_mobile_platformqca6574aqca6174asa8195pwcd9340snapdragon_630_mobile_platform_firmwareqcm2290snapdragon_auto_5g_modem-rf_gen_2qca6335_firmwareqcm6490ipq5302sm8550p_firmwareimmersive_home_3210_platformqcm8550wcn3988qcn9274qcn9024snapdragon_460_mobile_platform_firmwareqca6574snapdragon_x75_5g_modem-rf_systemsa8775psxr2230p_firmwaresd675_firmwaresnapdragon_8cx_compute_platformqca2066_firmwareqca6430_firmwaresnapdragon_870_5g_mobile_platformsa8775p_firmwareqamsrv1hqcn6412_firmwareqcn9024_firmwaresnapdragon_8cx_gen_3_compute_platformwsa8845hsa6150pwcd9326qcs410qcm2290_firmwaresa8155p_firmwareqca6564asa8155pwsa8830snapdragon_675_mobile_platformipq5312_firmwaresm8550pqcf8000_firmwaresa6145psnapdragon_8\+_gen_1_mobile_platform_firmwaresnapdragon_662_mobile_platformvision_intelligence_400_platform_firmwaresnapdragon_765_5g_mobile_platformsc8180x\+sdx55_firmwaresa8255p_firmwaresnapdragon_665_mobile_platformqcc2073ar8035qamsrv1m_firmwaresa6155sa8650p_firmwareqca2065snapdragon_678_mobile_platform_firmwareqcm4325qcn6224sc8180x\+sdx55qca6698aqwcn3950_firmwaresnapdragon_7c_gen_2_compute_platformsm6250ssg2125p_firmwaresnapdragon_8c_compute_platform_firmwaresnapdragon_8_gen_1_mobile_platformqca1062_firmwarefastconnect_6200snapdragon_710_mobile_platformsd670sm7325p_firmwaresa8145p_firmwaresd460snapdragon_730g_mobile_platformsnapdragon_8cx_gen_2_5g_compute_platform_firmwarewcd9360_firmwaresnapdragon_888\+_5g_mobile_platformsmart_audio_400_platformsnapdragon_855\+\/860_mobile_platformsa8150p_firmwaresnapdragon_w5\+_gen_1_wearable_platformfastconnect_6700_firmwaresnapdragon_636_mobile_platform_firmwarevideo_collaboration_vc3_platform_firmwarewcn3990sd670_firmwaresnapdragon_680_4g_mobile_platform_firmwareimmersive_home_326_platform_firmwareqcs6490snapdragon_712_mobile_platform_firmwaresnapdragon_750g_5g_mobile_platformfastconnect_6200_firmwarewsa8830_firmwareqcn6224_firmwareqca6431qca6678aq_firmwareqca8386_firmwaresd660_firmwaresnapdragon_850_mobile_compute_platform_firmwarewsa8845_firmwarewsa8832snapdragon_auto_4g_modem_firmwareqcc2076_firmwaresxr2130_firmwaresrv1mqca6678aqqcn6432_firmwaresnapdragon_675_mobile_platform_firmwarear8035_firmwaresnapdragon_730_mobile_platform_firmwaresnapdragon_888_5g_mobile_platformsc8380xpqca1064qca6320snapdragon_w5\+_gen_1_wearable_platform_firmwaresa4150p_firmwaresd888_firmwaresnapdragon_712_mobile_platformsnapdragon_662_mobile_platform_firmwareqca6564auqcs6125_firmwaresm6250p_firmwarewsa8815_firmwaresa8195p_firmwareqca8337_firmwareqcm4290ipq5332snapdragon_680_4g_mobile_platformsd_455_firmwareqcm6490_firmwaresnapdragon_8c_compute_platformsm7250p_firmwaresm4125qcm4490_firmwaresnapdragon_855_mobile_platformrobotics_rb3_platform_firmwarewcn3950snapdragon_xr2_5g_platformqcs6125snapdragon_x65_5g_modem-rf_system_firmwareqca6797aq_firmwaresnapdragon_auto_5g_modem-rf_gen_2_firmwaresnapdragon_765g_5g_mobile_platform_firmwaresnapdragon_7c\+_gen_3_computesnapdragon_xr2\+_gen_1_platform_firmwaresnapdragon_670_mobile_platform_firmwaresnapdragon_780g_5g_mobile_platformsnapdragon_710_mobile_platform_firmwaresa8295p_firmwaresd_675_firmwaresnapdragon_720g_mobile_platformsd_455sm7250pcsrb31024_firmwaresa8155sd_8cx_firmwaresm6250_firmwaresnapdragon_780g_5g_mobile_platform_firmwaresnapdragon_845_mobile_platform_firmwareqca6584ausd888qca6320_firmwareqcn6274_firmwaresd460_firmwaresnapdragon_4_gen_2_mobile_platformsw5100_firmwaresnapdragon_765_5g_mobile_platform_firmwarewcn6740sc8380xp_firmwareqca6310_firmwarefastconnect_6800qfw7114_firmwareqca6595_firmwaresnapdragon_685_4g_mobile_platform_firmwarefastconnect_7800_firmwareqcn6422ipq5302_firmwarewcd9371snapdragon_782g_mobile_platform_firmwarefastconnect_6900_firmwarewcd9380sa6145p_firmwareqam8255psa6155_firmwaresnapdragon_732g_mobile_platform_firmwaresxr2230psnapdragon_xr2_5g_platform_firmwaresnapdragon_4_gen_1_mobile_platformsa8150pvision_intelligence_300_platform_firmwaresnapdragon_778g_5g_mobile_platformsnapdragon_665_mobile_platform_firmwareqcf8000snapdragon_835_mobile_pc_platformsnapdragon_auto_5g_modem-rf_firmwaresnapdragon_x35_5g_modem-rf_systemqca2064sxr1230psnapdragon_865\+_5g_mobile_platformsd662_firmwareqca2065_firmwaresw5100video_collaboration_vc3_platformaqt1000snapdragon_865_5g_mobile_platform_firmwareqca6688aqqam8295p_firmwaresd855qca6431_firmwareqcn6402_firmwarewcn3990_firmwaresm7315qca6698aq_firmwareqcs2290qca6564a_firmwarewcd9385qsm8350qcs2290_firmwaresd662snapdragon_678_mobile_platformsa8255psnapdragon_720g_mobile_platform_firmwareqcs4290sxr1230p_firmwarewcd9390_firmwaresnapdragon_778g\+_5g_mobile_platform_firmwaresnapdragon_865\+_5g_mobile_platform_firmwaresnapdragon_690_5g_mobile_platformqep8111_firmwareqca6430sm6250psdx55_firmwaresnapdragon_auto_5g_modem-rfssg2125pqca6554a_firmwaresxr2130qcm4490snapdragon_636_mobile_platformcsra6640_firmwareqamsrv1msnapdragon_xr2\+_gen_1_platformimmersive_home_326_platformqca6174a_firmwaresm7325pqam8650p_firmwaresnapdragon_855_mobile_platform_firmwareqca2062qca6420_firmwareaqt1000_firmwareqcs6490_firmwaresnapdragon_x65_5g_modem-rf_systemsd855_firmwarewcd9335_firmwarewcn3980_firmwareqca6436qca6584au_firmwareqcn6274wsa8835wsa8840_firmwareqca6391_firmwaresnapdragon_480_5g_mobile_platform_firmwareqfw7124qca6595au_firmwaresw5100p_firmwaresnapdragon_ar2_gen_1_platformsnapdragon_732g_mobile_platformsnapdragon_782g_mobile_platformqca6696_firmwareqcs4290_firmwaresnapdragon_865_5g_mobile_platformwcd9380_firmwareqca6574_firmwarecsra6620qca8081sd660wsa8815sg4150psd_8_gen1_5gqam8775pqca6797aqqcm4325_firmwareqcn6412vision_intelligence_400_platformqca6574a_firmwaresdx55qcm4290_firmwaresnapdragon_480\+_5g_mobile_platformsd675qca1062sd_8_gen1_5g_firmwarewcd9375_firmwareqca8386qca6391qcn9274_firmwaresmart_audio_400_platform_firmwaresnapdragon_778g_5g_mobile_platform_firmwaresg4150p_firmwaresnapdragon_480_5g_mobile_platformsnapdragon_670_mobile_platformcsra6620_firmwaresa8770p_firmwaresa8295psnapdragon_8_gen_2_mobile_platform_firmwareqcs8550snapdragon_xr1_platform_firmwaresnapdragon_x50_5g_modem-rf_system_firmwarefastconnect_7800sa8650pqam8775p_firmwaresd865_5g_firmwarewcd9375qca6688aq_firmwarewcn3988_firmwareqamsrv1h_firmwaresa8145psd_675snapdragon_888\+_5g_mobile_platform_firmwareqca2066sd_8cxwsa8835_firmwaressg2115p_firmwaresnapdragon_660_mobile_platform_firmwaresnapdragon_x75_5g_modem-rf_system_firmwarewcn3980snapdragon_690_5g_mobile_platform_firmwareqcs610Snapdragon
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-126
Buffer Over-read
CVE-2025-47401
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.22% / 11.97%
||
7 Day CHG~0.00%
Published-04 May, 2026 | 16:43
Updated-06 May, 2026 | 18:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Buffer Over-read in WLAN HAL

Transient DOS when processing target power rate tables during channel configuration.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qca2062_firmwareqrb5165mflight_rb5_5gqxm8083qca8101_firmwaresnapdragon_8_gen_2_mobilesa7775pqxm1083wsa8845h_firmwareqcn9012_firmwareqca2064_firmwarewcd9378wsa8832_firmwareipq9570_firmwarefastconnect_6700wcd9395_firmwaresa510m_firmwarewsa8850sm8845psm8650q_firmwaresnapdragon_8_elite_gen_5_firmwaresnapdragon_x75_5g_modem-rfg3x_gen_2sa7775p_firmwarex2000094_firmwarenetraniqam8255plemans_au_lgitx1e80100_firmwareqxm1083_firmwareqam8295p_firmwaresm7435_firmwareiqx5121snapdragon_x65_5g_modem-rf_firmwarewcn7861_firmwarewsa8840_firmwareqca8695au_firmwareipq5332_firmwarenetworking_pro_810qamsrv1mqamsrv1hqcn5154sm8475p_firmwarefwa_gen_3_ultra_firmwareqca2066qca6595au_firmwareqmp1000snapdragon_auto_5g_modem-rfqca8085wsa8850wqca6584auqcn9024_firmwareqcn5224robotics_rb5_firmwaresnapdragon_8_gen1_5glemansau_firmwareqpa1083bdqxm1094_firmwaresxr2250pqcn6412qca6174a_firmwareqca6574a_firmwaresnapdragon_888_5g_mobileqca8101milos_iot_firmwaremilosxg101039_firmwarelemans_au_lgit_firmwaresm6850qxm1095wcn6650wcn7760_firmwaresnapdragon_8_elite_firmwareqmp1000_firmwarewcn6650_firmwarenetworking_pro_1200qcs8550sm8635_firmwarecq8725ssa8770p_firmwarewcn3950_firmwarewsa8810_firmwarewsa8832sm8475pqcs4490_firmwaresnapdragon_6_gen_3_mobileqca2062srv1hsar1165p_firmwarefwa_gen_3_ultrawcn7881_firmwaresnapdragon_8_elitefastconnect_6700_firmwaresar2130psnapdragon_x72_5g_modem-rf_firmwareqcn9000qcn6024qrb5165n_firmwarevideo_collaboration_vc3qfw7124qcc710snapdragon_7_gen_1_mobile_firmwarewcd9378c_firmwarex2000077snapdragon_8\+_gen_2_mobileipq5302sm8845p_firmwarewsa8855c_firmwareqcn5124g3x_gen_2_firmwarepalawan25_firmwareqca6174asm7550_firmwareqam8255p_firmwaresnapdragon_4_gen_2_mobile_firmwaresm7425_firmwareqcn9012qln1083bdsa8620pqca6797aq_firmwarewcn7881qca8384_firmwarefastconnect_6200_firmwareqca6574_firmwareqam8397p_firmwarewcd9370_firmwarewsa8830_firmwareimmersive_home_326_firmwareqca6554a_firmwaresm8735psrv1m_firmwareqca6696_firmwareqca6698aqqcm5430networking_pro_610_firmwaresxr2330p_firmwareqcn9160qxm1096_firmwareqxm8083_firmwareqca6564ausc8380xp_firmwaresm7425snapdragon_6_gen_4_mobilewcd9340_firmwareqcn5224_firmwareqxm1095_firmwarevideo_collaboration_vc3_firmwareqca2066_firmwareqcs8550_firmwarear8035molokaiipq5302_firmwareipq9554_firmwaresnapdragon_x62_5g_modem-rfqfw7114_firmwarefastconnect_6900qcf8001_firmwareimmersive_home_3210_firmwaresa7255pxg101039qca8081_firmwarex2000086_firmwareqca6391_firmwaresnapdragon_4_gen_2_mobileqcn9011_firmwarex2000086qca6574qamsrv1m_firmwareqca6574asa6155psa9000p_firmwaresnapdragon_7\+_gen_2_mobile_firmwaresxr2230p_firmwaresm6650psm7635p_firmwaresa510mfastconnect_7800sa8295p_firmwareqcs4490sm6850_firmwarewsa8850_firmwarecq7790sm7525pandeiroqca6391qca6584au_firmwaresnapdragon_6_gen_3_mobile_firmwareqca2064qca6688aq_firmwaresa8155p_firmwaresm6450p_firmwarewsa8835ipq5312wcd9340snapdragon_6_gen_4_mobile_firmwaresm7675snapdragon_8\+_gen_1_mobile_firmwaresxr2330pcq8750m_firmwareqcm4490sm7525_firmwaresm8425_firmwareqcn6224_firmwareqamsrv1h_firmwaresa8620p_firmwareqca8385_firmwarewcd9371x2000090qca8102_firmwareqcn9011qca8081snapdragon_x32_5g_modem-rf_firmwareqcf8001palawan25qxm1093_firmwareqca6595fastconnect_7800_firmwaresnapdragon_8_elite_gen_5qcf8000fastconnect_6200sa8770psm7435pqcn6274sm6650p_firmwareqcs6690qmb415qxm1086_firmwareqca8111_firmwarewcd9371_firmwareg2_gen_1_firmwareqca6777aqsnapdragon_x35_5g_modem-rf_firmwareqxm1086snapdragon_auto_5g_modem-rf_gen_2snapdragon_888\+_5g_mobilexg101002g2_gen_1wcn6450_firmwaremonaco_iotsnapdragon_x62_5g_modem-rf_firmwarex2000092_firmwareipq9554qca8112snapdragon_7_gen_1_mobilefastconnect_6900_firmwareqxm1093qep8111_firmwarewsa8810qca8386wcd9375qmp2001sxr2350p_firmwarewcd9370snapdragon_7\+_gen_2_mobilear8035_firmwareflight_rb5_5g_firmwareqrb5165nsa8255pqca8337sar2130p_firmwaresnapdragon_8\+_gen_2_mobile_firmwareqfw7124_firmwareqmb715qcm6490snapdragon_6_gen_1_mobileqcn6024_firmwarenetrani_firmwarewcn3988ipq9574_firmwaresnapdragon_8cx_gen_3_compute_firmwarenetworking_pro_610orne_firmwareqca6777aq_firmwaresm8650qsm8750p_firmwaresm8735p_firmwarexrv7209_firmwareqcn6432snapdragon_ar1_gen_1_firmwareqcf8000_firmwareqxm1096srv1h_firmwarex1e80100qca8386_firmwarenetworking_pro_1210_firmwareqca8080_firmwarexg101002_firmwarex2000090_firmwarerobotics_rb5wsa8815marinasxr2350pqcn6432_firmwaresdx61snapdragon_ar1_gen_1qpa1083bd_firmwarelemansausnapdragon_ar1\+_gen_1_firmwaresa8295pornenetworking_pro_1610xg101032_firmwaresm8425qcn6274_firmwaresm6475qsnapdragon_x32_5g_modem-rfqcm4490_firmwareqca6678aqsnapdragon_7s_gen_3_mobilesnapdragon_7_gen_4_mobilesa8195p_firmwareqca8084qpa1086bdqca6698aq_firmwareqcn6422_firmwareqca0000_firmwaresxr2250p_firmwaresnapdragon_8\+_gen_1_mobilemonaco_iot_firmwareqca8385qcn5154_firmwarewcn7760wsa8850w_firmwareiqx7181_firmwarewcd9395qca6797aqipq5312_firmwaresm7550p_firmwarecologneipq9570qca6595_firmwaremilos_iotx2000092sm7550wcn7860qca8384sar1165pcologne_firmwareqca8085_firmwaresm6475p_firmwareqca2065networking_pro_1610_firmwareipq9574qmp2001_firmwarewsa8830sa8195pqcn9274sdx61_firmwareqca8082wcd9380wsa8845_firmwarewcd9375_firmwaresm6475q_firmwaresnapdragon_8_gen_2_mobile_firmwaresnapdragon_ar1\+_gen_1marina_firmwarewcn3950qam8397pqln1086bd_firmwareiqx7181qln1083bd_firmwaresm8635p_firmwareqcm5430_firmwarewsa8845hsm8550p_firmwaresm7635pqca8075srv1mwcn7861qca8337_firmwareipq5300_firmwareqpa1086bd_firmwareqcn9274_firmwaresm8635snapdragon_888_5g_mobile_firmwaresnapdragon_888\+_5g_mobile_firmwarenetworking_pro_1200_firmwarenetworking_pro_1210qca6595auqca6787aqwcn7880snapdragon_x75_5g_modem-rf_firmwaresnapdragon_8_gen_1_mobile_firmwaresnapdragon_8cx_gen_3_computeimmersive_home_326qcc710_firmwarewsa8855cqca6678aq_firmwarewcn6450snapdragon_8_gen1_5g_firmwaresa9000psnapdragon_6_gen_1_mobile_firmwarex2000094qca0000qca8080xg101032qca6688aqipq9008_firmwaresm6450psa8155pqca6787aq_firmwareqcn9024milos_firmwarenetworking_pro_810_firmwarewcd9385_firmwaresa6155p_firmwarewcd9390sm8750psnapdragon_8_gen_3_mobileqln1086bdsm7675p_firmwareqca6564au_firmwareqcn6224sm7675_firmwareqca8111snapdragon_7_gen_4_mobile_firmwareqca8102xrv9209wcn6755qmb715_firmwarecq8725s_firmwareqca6574ausm7550pqcn9000_firmwarewcn7880_firmwaresnapdragon_8_gen_3_mobile_firmwarecq7790_firmwareimmersive_home_3210wcd9378_firmwareqcn6402qcs6690_firmwaresnapdragon_x35_5g_modem-rfsm7675piqx5121_firmwaresm7435snapdragon_auto_5g_modem-rf_firmwareqcn6412_firmwarexrv9209_firmwarewcn3988_firmwareqca6554asm6475pqca8112_firmwarewcd9378cwcn7860_firmwareqcm6490_firmwareqep8111ipq5300qmb415_firmwareqcn5124_firmwaresm7435p_firmwaresnapdragon_x65_5g_modem-rfsa8255p_firmwareqrb5165m_firmwarewcd9390_firmwareqca6696sm8635psnapdragon_x72_5g_modem-rfqca8082_firmwaresnapdragon_7s_gen_3_mobile_firmwareqca8695auxrv7209qcn6402_firmwarewsa8815_firmwareqca2065_firmwareqca8084_firmwareqam8295pwcn6755_firmwaresnapdragon_auto_5g_modem-rf_gen_2_firmwaresnapdragon_8_gen_1_mobileipq5332wsa8835_firmwareqcn9160_firmwaresc8380xpwcd9380_firmwarepandeiro_firmwareqxm1094ipq9008qca6574au_firmwaresa7255p_firmwaresm8550pcq8750mqcn6422x2000077_firmwaresxr2230pmolokai_firmwareqfw7114qca8075_firmwarewcd9385wsa8845wsa8840Snapdragon
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-126
Buffer Over-read
CVE-2023-42821
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-1.04% / 59.87%
||
7 Day CHG~0.00%
Published-22 Sep, 2023 | 16:55
Updated-24 Sep, 2024 | 19:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
github.com/gomarkdown/markdown Out-of-bounds Read while parsing citations

The package `github.com/gomarkdown/markdown` is a Go library for parsing Markdown text and rendering as HTML. Prior to pseudoversion `0.0.0-20230922105210-14b16010c2ee`, which corresponds with commit `14b16010c2ee7ff33a940a541d993bd043a88940`, parsing malformed markdown input with parser that uses parser.Mmark extension could result in out-of-bounds read vulnerability. To exploit the vulnerability, parser needs to have `parser.Mmark` extension set. The panic occurs inside the `citation.go` file on the line 69 when the parser tries to access the element past its length. This can result in a denial of service. Commit `14b16010c2ee7ff33a940a541d993bd043a88940`/pseudoversion `0.0.0-20230922105210-14b16010c2ee` contains a patch for this issue.

Action-Not Available
Vendor-gomarkdowngomarkdown
Product-markdownmarkdown
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-47403
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.22% / 11.97%
||
7 Day CHG~0.00%
Published-04 May, 2026 | 16:43
Updated-06 May, 2026 | 18:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Buffer Over-read in WLAN Firmware

Transient DOS when processing a malformed Fast Transition response frame with an invalid header structure during wireless roaming.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qxm1083wsa8845h_firmwarewcd9378fastconnect_6700wsa8850qcn9070sm8650q_firmwaresnapdragon_8_elite_gen_5_firmwaresnapdragon_x75_5g_modem-rfg3x_gen_2qcn5054_firmwaresa7775p_firmwarex2000094_firmwarelemans_au_lgitx1e80100_firmwaresdx65m_firmwarewcn7861_firmwarenetworking_pro_810qamsrv1mqcn5154qamsrv1hsm8475p_firmwareimmersive_home_214_firmwareqca6584auqcn6132_firmwarelemansau_firmwareqpa1083bdqxm1094_firmwareqcn5024xg101039_firmwaresm6850qca4024snapdragon_8_elite_firmwareqmp1000_firmwarenetworking_pro_1200qcs8550cq8725sqca9888_firmwarewcn3950_firmwaresm8475pqcs4490_firmwareimmersive_home_216sar1165p_firmwarewcn7881_firmwarefwa_gen_3_ultrasnapdragon_8_eliteipq5010_firmwaresnapdragon_x72_5g_modem-rf_firmwareqcn9002qcn5022_firmwarevideo_collaboration_vc3x2000077snapdragon_8\+_gen_2_mobileipq5302wsa8855c_firmwaresm8845p_firmwarepalawan25_firmwareqca6174asm7550_firmwareqcn5152qam8255p_firmwaresnapdragon_4_gen_2_mobile_firmwareimmersive_home_318_firmwaresm7425_firmwareqln1083bdwcn7881qca6797aq_firmwarenetworking_pro_600_firmwarewcd9370_firmwareimmersive_home_326_firmwareqca6554a_firmwaresm8735pqca6698aqqcm5430qxm1096_firmwaresd_8_gen1_5gqca6564ausc8380xp_firmwaresm7425qcn6132qxm1095_firmwarear8035ipq5302_firmwaresnapdragon_x62_5g_modem-rffastconnect_6900immersive_home_3210_firmwareqca8081_firmwarex2000086_firmwaresnapdragon_4_gen_2_mobilex2000086qca6574aqca9889_firmwareqcc2073_firmwaresm7635p_firmwarefastconnect_7800cq7790sm7525qca6391qca6584au_firmwareqca6688aq_firmwaresm6450p_firmwaresnapdragon_6_gen_4_mobile_firmwaresnapdragon_8\+_gen_1_mobile_firmwaresxr2330psm7525_firmwaresm8425_firmwaresa8620p_firmwareqcn9011fwa_gen_5_elite_firmwareipq6000_firmwareqcf8001qca6595fastconnect_7800_firmwareqcf8000snapdragon_8_elite_gen_5sm6650p_firmwareqcn9022_firmwareqcn9003wcd9371_firmwarekobukqca6777aqsnapdragon_auto_5g_modem-rf_gen_2xg101002x2000092_firmwareipq9554networking_pro_400qxm1093wcd9375networking_pro_800sxr2350p_firmwaresnapdragon_7\+_gen_2_mobilear8035_firmwareqcn9002_firmwaresa8255psnapdragon_8\+_gen_2_mobile_firmwareqfw7124_firmwareqmb715networking_pro_400_firmwareqcn6024_firmwarenetworking_pro_610qca6777aq_firmwaresm8650qsm8750p_firmwareqcn6432qcf8000_firmwareqca8386_firmwarenetworking_pro_1210_firmwarex2000090_firmwarewsa8815marinasxr2350pqcn6432_firmwaresnapdragon_ar1_gen_1lemansauipq8078_firmwareornexg101032_firmwaresm8425qcn6274_firmwaretrestlesqcm4490_firmwareqca6678aqsnapdragon_7s_gen_3_mobileqpa1086bdqcn6422_firmwareqca0000_firmwaresxr2250p_firmwarewsa8850w_firmwareimmersive_home_316_firmwareqca6797aqipq9570ipq6000qca6595_firmwarex2000092sm7550wcn7860cologne_firmwaresm6475p_firmwareipq9574qmp2001_firmwarewsa8830qcn9274sdx61_firmwarewcd9380wsa8845_firmwaresm6475q_firmwaresnapdragon_ar1\+_gen_1wcn3950marina_firmwareqam8397pqln1086bd_firmwareqln1083bd_firmwareqcm5430_firmwarewsa8845hqca8075srv1mwcn7861ipq5300_firmwareqcn9274_firmwarenetworking_pro_1200_firmwarenetworking_pro_1210wcn7880snapdragon_x75_5g_modem-rf_firmwareqcn5164qcc710_firmwarewsa8855cwcn6450qca6678aq_firmwareqca0000ipq9008_firmwareqca6787aq_firmwaremilos_firmwarenetworking_pro_810_firmwarewcd9390snapdragon_8_gen_3_mobileqcn9022sm7675p_firmwaresm7675_firmwarexrv9209snapdragon_7_gen_4_mobile_firmwarecq8725s_firmwareqca6574auqcn9001_firmwaresnapdragon_8_gen_3_mobile_firmwarewcd9378_firmwareqcs6690_firmwareiqx5121_firmwaresm7435xrv9209_firmwaresd_8_gen1_5g_firmwareqcn5052qcn5022qca4024_firmwareqcn5124_firmwaresm7435p_firmwareqcn9100qca6696xrv7209qcn6402_firmwarewcn6755_firmwaresnapdragon_auto_5g_modem-rf_gen_2_firmwaresnapdragon_8_gen_1_mobileipq5332wsa8835_firmwaresc8380xppandeiro_firmwarefwa_gen_5_elitesa7255p_firmwaresm8550pcq8750mqcn6422x2000077_firmwareqfw7114qca8075_firmwarenpro_a8_elite_firmwarenetworking_pro_800_firmwarewsa8840snapdragon_8_gen_2_mobilesa7775pqcn9012_firmwarewsa8832_firmwareipq9570_firmwarewcd9395_firmwareqca8072sdx81_firmwaresm8845pipq8076qcn9070_firmwarenetraniqam8255pqxm1083_firmwaresm7435_firmwaresnapdragon_x65_5g_modem-rf_firmwareiqx5121wsa8840_firmwareqca8695au_firmwareipq5332_firmwarefwa_gen_3_ultra_firmwareqca6595au_firmwareqmp1000qca8085qcn6023wsa8850wqcn9024_firmwarenpro_a8_elitesxr2250pqcn6412qca6174a_firmwareqca6574a_firmwaremilos_iot_firmwaremiloscsr8811_firmwarelemans_au_lgit_firmwareqxm1095wcn6650wcn7760_firmwarewcn6650_firmwaresm8635_firmwaresa8770p_firmwarewsa8810_firmwarewsa8832snapdragon_6_gen_3_mobilesrv1hfastconnect_6700_firmwaresar2130pqcn9000qcn6024qcc2076_firmwareqfw7124wcd9378c_firmwareqcc710snapdragon_7_gen_1_mobile_firmwareipq8078qcn5124g3x_gen_2_firmwaresdx65mqcn9003_firmwareqcn9012sa8620pwsa8830_firmwarefastconnect_6200_firmwareipq5028_firmwareqam8397p_firmwareqca6574_firmwaresrv1m_firmwareqca6696_firmwaresxr2330p_firmwarenetworking_pro_610_firmwareimmersive_home_316snapdragon_6_gen_4_mobilewcd9340_firmwarevideo_collaboration_vc3_firmwareqcc2076qcs8550_firmwaremolokaiqcn6122_firmwareipq9554_firmwareqfw7114_firmwareqcf8001_firmwaresa7255pxg101039qca6391_firmwareqcn9011_firmwareqca6574qamsrv1m_firmwaresa9000p_firmwaresnapdragon_7\+_gen_2_mobile_firmwaresxr2230p_firmwareqcn6122sm6650pqcs4490sm6850_firmwarepandeirowsa8850_firmwarecsr8811snapdragon_6_gen_3_mobile_firmwarewsa8835qcn5122wcd9340ipq5312sm7675cq8750m_firmwareqcm4490qcn6224_firmwareqamsrv1h_firmwarewcd9371qcc2073qca9888x2000090qcn5164_firmwareqca8081palawan25qxm1093_firmwarefastconnect_6200sa8770psm7435pqcn6274qcn5052_firmwareqcs6690qmb415qxm1086_firmwareg2_gen_1_firmwareqxm1086trestles_firmwarewcn6450_firmwareg2_gen_1snapdragon_x62_5g_modem-rf_firmwaresnapdragon_7_gen_1_mobilefastconnect_6900_firmwarewsa8810qca8386qmp2001wcd9370qca8337sar2130p_firmwareqcm6490snapdragon_6_gen_1_mobileqcn6023_firmwarenetrani_firmwarewcn3988ipq9574_firmwareorne_firmwareqcn5024_firmwarexrv7209_firmwaresm8735p_firmwarenetworking_pro_600ipq5028snapdragon_ar1_gen_1_firmwareqxm1096srv1h_firmwarex1e80100qcn5122_firmwarexg101002_firmwareqca8080_firmwareqcn5152_firmwaresdx61qpa1083bd_firmwaresnapdragon_ar1\+_gen_1_firmwareqca8072_firmwarenetworking_pro_1610sm6475qipq6018_firmwaresnapdragon_7_gen_4_mobileqca8084qca6698aq_firmwareqcn5054snapdragon_8\+_gen_1_mobileqcn5154_firmwarewcn7760wcd9395iqx7181_firmwarekobuk_firmwareipq5312_firmwaresm7550p_firmwarecolognemilos_iotipq8076_firmwaresar1165pqca8085_firmwarenetworking_pro_1610_firmwareimmersive_home_214ipq6010_firmwareqca8082qcn9001wcd9375_firmwaresnapdragon_8_gen_2_mobile_firmwareiqx7181sm8635p_firmwaresm8550p_firmwaresm7635pqca8337_firmwareqpa1086bd_firmwaresm8635qca6595auqca6787aqsnapdragon_8_gen_1_mobile_firmwareimmersive_home_326sa9000psnapdragon_6_gen_1_mobile_firmwarex2000094qca8080xg101032qca6688aqsm6450pqcn9024wcd9385_firmwaresm8750pqln1086bdqcn6224qca6564au_firmwareqca9889wcn6755qmb715_firmwaresm7550pqcn9000_firmwarecq7790_firmwareimmersive_home_3210qcn6402qcn9100_firmwaresm7675pimmersive_home_216_firmwareqcn6412_firmwarewcn3988_firmwareqca6554asm6475pwcd9378cwcn7860_firmwareqcm6490_firmwareipq5300qmb415_firmwaresnapdragon_x65_5g_modem-rfsa8255p_firmwarewcd9390_firmwareipq6010sm8635psnapdragon_x72_5g_modem-rfqca8082_firmwaresnapdragon_7s_gen_3_mobile_firmwareqca8695auipq6018wsa8815_firmwareqca8084_firmwareimmersive_home_318wcd9380_firmwareqxm1094ipq9008qca6574au_firmwaresdx81sxr2230pmolokai_firmwarewcd9385ipq5010wsa8845wcn7880_firmwareSnapdragon
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-126
Buffer Over-read
CVE-2019-18840
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.97% / 78.01%
||
7 Day CHG~0.00%
Published-09 Nov, 2019 | 12:58
Updated-05 Aug, 2024 | 02:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In wolfSSL 4.1.0 through 4.2.0c, there are missing sanity checks of memory accesses in parsing ASN.1 certificate data while handshaking. Specifically, there is a one-byte heap-based buffer overflow inside the DecodedCert structure in GetName in wolfcrypt/src/asn.c because the domain name location index is mishandled. Because a pointer is overwritten, there is an invalid free.

Action-Not Available
Vendor-wolfssln/a
Product-wolfssln/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2026-57876
Matching Score-4
Assigner-0df08a0e-a200-4957-9bb0-084f562506f9
ShareView Details
Matching Score-4
Assigner-0df08a0e-a200-4957-9bb0-084f562506f9
CVSS Score-7.5||HIGH
EPSS-0.31% / 23.16%
||
7 Day CHG~0.00%
Published-26 Jun, 2026 | 07:17
Updated-26 Jun, 2026 | 16:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
GV-LPC2011/LPC2211 - unauthorized out-of-bounds writing vulnerability (onvif.cgi)

An unauthenticated out-of-bounds write vulnerability exists in onvif.cgi in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by insufficient bounds checking when processing HTTP request body data. A remote attacker may exploit this vulnerability by sending a crafted request with excessive input, causing memory corruption and resulting in a denial of service.

Action-Not Available
Vendor-GeoVision Inc.
Product-GV-LPCLPC2011/2211
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-25736
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.5||HIGH
EPSS-0.69% / 48.36%
||
7 Day CHG+0.01%
Published-19 Oct, 2022 | 00:00
Updated-09 May, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Denial of service in WLAN due to out-of-bound read happens while processing VHT action frame in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-wcd9340_firmwareqcs6125_firmwaresw5100pqcn6024qca6428wcd9385_firmwarewcn3988_firmwaremdm9615qca6431_firmwaremdm9215qcs610qam8295p_firmwareqcn9003qcs6125qca2064qca6428_firmwareqcn5024qcn5124qsm8250_firmwareipq8072a_firmwaresd778gipq5028sd460sd_8_gen1_5g_firmwarewcd9385wcn7850_firmwaresdx55m_firmwareipq5028_firmwaresd_8cx_gen3qca2066qrb5165n_firmwaresd845wcd9340qca2064_firmwareqsm8350qcn7606_firmwareqca8082ipq8074a_firmwaresd730_firmwaresd690_5gsd690_5g_firmwareqcn6122qca9980wcn7850sw5100p_firmwaresdx55msdx65_firmwarewcd9326wcn6851_firmwaresa415mmdm9628qcn9274sa8155qca6574_firmwaresd678_firmwareqca6595auipq4028_firmwaresm7250p_firmwaresd480_firmwareipq8071a_firmwareqcn6102qcn9011sa8150psd665qcn6112_firmwareqca8337_firmwareqca9994_firmwareipq6010wcn7851_firmwarewsa8835pmp8074wcn3990_firmwarear8035_firmwarecsra6640wcn6750ipq8071aqca6320_firmwaresa8195psdm630sa6150pqcn5122_firmwaresd768g_firmwareipq8076_firmwareqca6438_firmwaresm4125ipq8174_firmwaresd780g_firmwaresd865_5gipq8064qca6421_firmwareipq5018qca6574aqca6310_firmwareqcn9002_firmwaresd_675wcn3990sdxr2_5gwsa8810_firmwaresd670qca1062_firmwarewcd9335_firmwarewcn3998_firmwareqcs4290ipq6010_firmwarewsa8815qca2062qca6436_firmwaresd888_5gsa6155psa8155psdx55qca6335qca6564aqca6554a_firmwaresdx65ar9380wcn3991_firmwareqcn7605qca6564a_firmwareqcn9074wcd9360qca6391_firmwaresa4155pipq8072aqca2066_firmwareqca9889_firmwareqca6696_firmwarewcn6855sm6250qcn5154_firmwaresd710mdm8215_firmwareqcn6100_firmwaresd765wcn6750_firmwareqca6554acsrb31024_firmwaresd480ipq5010_firmwareipq8173_firmwaresa4150psd662_firmwaresd695sd850csra6640_firmwareipq8072_firmwareqcn5021_firmwareqca8386_firmwaresd845_firmwareipq6000qca1064qca2065qca6174asd660sxr2150pqca9888_firmwarecsr8811qca9984sdxr1_firmwareqcn6112sm8475qca4024_firmwareqca8081aqt1000_firmwarewcd9371_firmwareqcm2290_firmwareqcs605qca8085_firmwareqca9377qcn5164_firmwarewcn7851qcs4290_firmwareqcn6024_firmwaresa8155_firmwaremdm8215qca1062wcn6740qca8075qcn6122_firmwareipq8069qca6431sd730qcn5024_firmwaresa8145p_firmwareqca2062_firmwarewcn3910wcn3910_firmwareipq4029sd888wcd9380_firmwareipq5010qca4024ipq8070_firmwareqcn6023_firmwareqcn9022_firmwarewcn6740_firmwareqca8386qca9889wcd9370sa6155sd678qcn9070qca6574ausa6145pqcc5100_firmwarewsa8815_firmwareipq8078aqcn9000_firmwaresd680qcn5054wcn3950_firmwaresdxr2_5g_firmwaresd870ipq8174sw5100qcn5124_firmwareqca9377_firmwareqcn9070_firmwaresm7325pqca8081_firmwaremdm9310_firmwaresm4375qca6426_firmwaresa8150p_firmwaresd870_firmwareqcs405_firmwareipq8071wcn3950qcs2290_firmwaresa6155_firmwaremdm9607wcd9380qcm4290_firmwareipq4029_firmwareqca8082_firmwareqcs610_firmwareipq6018qcn9024_firmwareqcm4290wcd9326_firmwareqcm6125_firmwareqcn7606sm4125_firmwareqrb5165_firmwaresd662qcn9100sd675wcn3991qca6420_firmwaresd695_firmwaresd712qrb5165sm7325p_firmwareqca9888sa515m_firmwareqcn9022sd750gqcm6125qcn5022_firmwarewcd9341pmp8074_firmwareqcn5021qca9992qca6426qca6335_firmwareipq8078wsa8835_firmwareqcs2290qca6390sd750g_firmwareqca6696sd850_firmwarewcn3980wcd9360_firmwareqcx315_firmwarewcn6856_firmwareqca9898qcn9000qca9980_firmwareqsm8250ipq8070qcx315qca9990sc8180x\+sdx55_firmwareqcn9072sa6150p_firmwareqcs605_firmwaresd780gqcn5052_firmwarecsrb31024qca9994sd680_firmwareqcc5100qcn6100sa8295pqcn9001mdm9615_firmwaresdxr1sa4155p_firmwareqca6420qca6174a_firmwareqca8337qcn5122ipq8078a_firmwaresd_636ipq8076a_firmwaresd888_firmwarewcn3999sm7250pipq8070a_firmwareqcn5154ipq8074_firmwareipq8076asm6250pipq8076qca9992_firmwaresd_675_firmwareqca6430sd7c_firmwaresd675_firmwarewsa8810sd865_5g_firmwarecsr8811_firmwareqca2065_firmwarewcd9341_firmwarewcn6850ar8031qcn9011_firmwareipq4018sxr2150p_firmwaremdm9628_firmwareqrb5165m_firmwareipq5018_firmwareqca6574a_firmwarewcn3999_firmwaresd712_firmwareqca6595au_firmwareqcm2290sd460_firmwaresc8180x\+sdx55ipq8173sd720gqca9898_firmwaresa8295p_firmwaresd765g_firmwareqcn5152_firmwaresw5100_firmwareqca6390_firmwareqca6564au_firmwareqca6574qcn5054_firmwaresm7315_firmwarewcn3998wcd9335sd665_firmwareipq8069_firmwareqca6430_firmwareipq8071_firmwaresm6250_firmwareqca6438sa415m_firmwareqcs405qca6436sm6250p_firmwareaqt1000qca6421qcn7605_firmwareqca8072_firmwareqcn6023ipq6028qcm6490sa515msd7csd855_firmwaresdx50msd855wcn6856sdm630_firmwareqcs410_firmwareqcn9024qcn5164ipq4028qca8085qcn9003_firmwareqam8295pqcn6102_firmwareqcn9012qca6584wcn6855_firmwareipq6018_firmwareqcm6490_firmwareqrb5165nmdm9607_firmwaresm4375_firmwareqcn9012_firmwaresa4150p_firmwaresd720g_firmwaresd835_firmwaresd778g_firmwarewcd9371mdm9215_firmwareipq8074aqcs410qcn9001_firmwareqrb5165mipq8072qca6391qca6595csra6620sd_8cx_gen3_firmwaresd768gsd_8cx_gen2_firmwareqcn5052sd835sd710_firmwaresd670_firmwaresa6155p_firmwareqca6584auqca6584au_firmwareqca9984_firmwareqca8075_firmwareqcs6490_firmwaresa8195p_firmwareqca6574au_firmwarewcd9370_firmwareipq8074sa8155p_firmwareqcn5152sd888_5g_firmwareqca1064_firmwareqcn9002qca8084_firmwarewcd9375qca6310qcs603qcn9074_firmwarear8035wsa8830mdm9310qcn5022wcd9375_firmwarewcn3980_firmwaresd765_firmwaresd765gipq6028_firmwareqca6320qcs603_firmwareqca8072qca6595_firmwaresd_8cx_gen2wcn6850_firmwaresd660_firmwarewcn6851qsm8350_firmwareqcn9072_firmwareqca9990_firmwaresd_8cxipq8078_firmwaresm7315qca8084sd_455_firmwarear9380_firmwareqcs6490ar8031_firmwarewcn3988qca6564auwsa8830_firmwareqcn9100_firmwaresd_8cx_firmwaresdx55_firmwarecsra6620_firmwareipq9008_firmwareipq8070asd_455sd_636_firmwaresa8145pipq8064_firmwareqca6584_firmwareipq9008qcn6132_firmwareipq4018_firmwaresdx50m_firmwareqcn9274_firmwareqcn6132sa6145p_firmwareipq6000_firmwareSnapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
CWE ID-CWE-125
Out-of-bounds Read
CVE-2020-11940
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.32% / 67.45%
||
7 Day CHG~0.00%
Published-23 Apr, 2020 | 14:20
Updated-04 Aug, 2024 | 11:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In nDPI through 3.2 Stable, an out-of-bounds read in concat_hash_string in ssh.c can be exploited by a network-positioned attacker that can send malformed SSH protocol messages on a network segment monitored by nDPI's library.

Action-Not Available
Vendor-ntopn/a
Product-ndpin/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-42877
Matching Score-4
Assigner-SAP SE
ShareView Details
Matching Score-4
Assigner-SAP SE
CVSS Score-7.5||HIGH
EPSS-0.46% / 36.41%
||
7 Day CHG~0.00%
Published-09 Dec, 2025 | 02:14
Updated-09 Dec, 2025 | 18:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Memory Corruption vulnerability in SAP Web Dispatcher, Internet Communication Manager and SAP Content Server

SAP Web Dispatcher, Internet Communication Manager (ICM), and SAP Content Server allow an unauthenticated user to exploit logical errors that lead to a memory corruption vulnerability. This results in high impact on the availability with no impact on confidentiality or integrity of the application.

Action-Not Available
Vendor-SAP SE
Product-SAP Web Dispatcher, Internet Communication Manager and SAP Content Server
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-42940
Matching Score-4
Assigner-SAP SE
ShareView Details
Matching Score-4
Assigner-SAP SE
CVSS Score-7.5||HIGH
EPSS-0.37% / 29.04%
||
7 Day CHG+0.01%
Published-11 Nov, 2025 | 00:20
Updated-12 Nov, 2025 | 20:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Memory Corruption vulnerability in SAP CommonCryptoLib

SAP CommonCryptoLib does not perform necessary boundary checks during pre-authentication parsing of manipulated ASN.1 data over the network. This may result in memory corruption followed by an application crash, hence leading to a high impact on availability. There is no impact on confidentiality or integrity.

Action-Not Available
Vendor-SAP SE
Product-SAP CommonCryptoLib
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-41679
Matching Score-4
Assigner-CERT@VDE
ShareView Details
Matching Score-4
Assigner-CERT@VDE
CVSS Score-5.3||MEDIUM
EPSS-0.63% / 45.90%
||
7 Day CHG~0.00%
Published-21 Jul, 2025 | 09:31
Updated-06 Nov, 2025 | 16:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Unauthenticated Buffer Overflow in Conftool Service Leading to Denial of Service

An unauthenticated remote attacker could exploit a buffer overflow vulnerability in the device causing a denial of service that affects only the network initializing wizard (Conftool) service.

Action-Not Available
Vendor-mbconnectlineHelmholzMB connect line
Product-mbnet.minimbnet.mini_firmwarembNET.miniREX 100
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-18676
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-9.18% / 94.70%
||
7 Day CHG~0.00%
Published-26 Nov, 2019 | 16:23
Updated-05 Aug, 2024 | 01:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Squid 3.x and 4.x through 4.8. Due to incorrect input validation, there is a heap-based buffer overflow that can result in Denial of Service to all clients using the proxy. Severity is high due to this vulnerability occurring before normal security checks; any remote client that can reach the proxy port can trivially perform the attack via a crafted URI scheme.

Action-Not Available
Vendor-n/aDebian GNU/LinuxSquid CacheCanonical Ltd.Fedora Project
Product-ubuntu_linuxdebian_linuxfedorasquidn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-41649
Matching Score-4
Assigner-CERT@VDE
ShareView Details
Matching Score-4
Assigner-CERT@VDE
CVSS Score-7.5||HIGH
EPSS-0.40% / 32.48%
||
7 Day CHG~0.00%
Published-27 May, 2025 | 08:37
Updated-28 May, 2025 | 15:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Weidmueller: Out-of-Bounds Write Vulnerability in Industrial Ethernet Switches

An unauthenticated remote attacker can exploit insufficient input validation to write data beyond the bounds of a buffer, potentially leading to a denial-of-service condition for the devices.

Action-Not Available
Vendor-Weidmueller
Product-IE-SW-VL08MT-6TX-2STIE-SW-PL10MT-3GT-7TXIE-SW-PL18MT-2GC-16TXIE-SW-VL08MT-6TX-2SCSIE-SW-VL08MT-8TXIE-SW-PL16MT-16TXIE-SW-PL10M-3GT-7TXIE-SW-VL05MT-5TXIE-SW-PL16M-16TXIE-SW-VL08MT-6TX-2SCIE-SW-VL05M-5TXIE-SW-VL08MT-5TX-1SC-2SCSIE-SW-PL18M-2GC-16TX
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-36532
Matching Score-4
Assigner-Zoom Video Communications, Inc.
ShareView Details
Matching Score-4
Assigner-Zoom Video Communications, Inc.
CVSS Score-5.9||MEDIUM
EPSS-1.26% / 66.00%
||
7 Day CHG~0.00%
Published-08 Aug, 2023 | 17:30
Updated-09 Oct, 2024 | 16:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in Zoom Clients before 5.14.5 may allow an unauthenticated user to enable a denial of service via network access.

Action-Not Available
Vendor-Zoom Communications, Inc.
Product-virtual_desktop_infrastructureroomszoomZoom Clients
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-18298
Matching Score-4
Assigner-Siemens
ShareView Details
Matching Score-4
Assigner-Siemens
CVSS Score-7.5||HIGH
EPSS-2.38% / 81.82%
||
7 Day CHG~0.00%
Published-12 Dec, 2019 | 19:08
Updated-05 Aug, 2024 | 01:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a Denial-of-Service condition by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18290, CVE-2019-18291, CVE-2019-18292, CVE-2019-18294, CVE-2019-18299, CVE-2019-18300, CVE-2019-18301, CVE-2019-18302, CVE-2019-18303, CVE-2019-18304, CVE-2019-18305, CVE-2019-18306, and CVE-2019-18307. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.

Action-Not Available
Vendor-Siemens AG
Product-sppa-t3000_ms3000_migration_serverSPPA-T3000 MS3000 Migration Server
CWE ID-CWE-190
Integer Overflow or Wraparound
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-18299
Matching Score-4
Assigner-Siemens
ShareView Details
Matching Score-4
Assigner-Siemens
CVSS Score-7.5||HIGH
EPSS-2.38% / 81.82%
||
7 Day CHG~0.00%
Published-12 Dec, 2019 | 19:08
Updated-05 Aug, 2024 | 01:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server can trigger a Denial-of-Service condition by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18290, CVE-2019-18291, CVE-2019-18292, CVE-2019-18294, CVE-2019-18298, CVE-2019-18300, CVE-2019-18301, CVE-2019-18302, CVE-2019-18303, CVE-2019-18304, CVE-2019-18305, CVE-2019-18306, and CVE-2019-18307. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.

Action-Not Available
Vendor-Siemens AG
Product-sppa-t3000_ms3000_migration_serverSPPA-T3000 MS3000 Migration Server
CWE ID-CWE-190
Integer Overflow or Wraparound
CWE ID-CWE-787
Out-of-bounds Write
CVE-2026-54341
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.40% / 31.92%
||
7 Day CHG~0.00%
Published-26 Jun, 2026 | 16:42
Updated-26 Jun, 2026 | 19:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Dragonfly: RESTORE operations may crash the server

Dragonfly is an in-memory data store built for modern application workloads. Prior to 1.39.0, a crafted RESTORE payload triggers an out-of-bounds read in DragonflyDB's listpack collection loaders, crashing the entire server process (SIGSEGV). Because DragonflyDB requires no authentication by default and RESTORE is a normal keyspace command, an unauthenticated remote attacker can crash the server with a single ~24-byte command — a remote, repeatable denial of service. This vulnerability is fixed in 1.39.0.

Action-Not Available
Vendor-dragonflydb
Product-dragonfly
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-40796
Matching Score-4
Assigner-Siemens
ShareView Details
Matching Score-4
Assigner-Siemens
CVSS Score-8.7||HIGH
EPSS-0.44% / 35.53%
||
7 Day CHG~0.00%
Published-09 Sep, 2025 | 08:48
Updated-09 Jun, 2026 | 10:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions), SIMATIC PCS neo V5.0 (All versions), SIMATIC PCS neo V6.0 (All versions < V6.0 SP1 Update 1), User Management Component (UMC) (All versions < V2.15.1.3). Affected products contain a out-of-bounds read vulnerability in the integrated UMC component. This could allow an unauthenticated remote attacker to cause a denial of service condition.

Action-Not Available
Vendor-Siemens AG
Product-user_management_componentsimatic_pcs_neoSIMATIC PCS neo V5.0SIMATIC PCS neo V6.0SIMATIC PCS neo V4.1User Management Component (UMC)
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-40797
Matching Score-4
Assigner-Siemens
ShareView Details
Matching Score-4
Assigner-Siemens
CVSS Score-8.7||HIGH
EPSS-0.48% / 37.73%
||
7 Day CHG~0.00%
Published-09 Sep, 2025 | 08:48
Updated-09 Jun, 2026 | 10:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions), SIMATIC PCS neo V5.0 (All versions), SIMATIC PCS neo V6.0 (All versions < V6.0 SP1 Update 1), User Management Component (UMC) (All versions < V2.15.1.3). Affected products contain a out-of-bounds read vulnerability in the integrated UMC component. This could allow an unauthenticated remote attacker to cause a denial of service condition.

Action-Not Available
Vendor-Siemens AG
Product-user_management_componentsimatic_pcs_neoSIMATIC PCS neo V5.0SIMATIC PCS neo V6.0SIMATIC PCS neo V4.1User Management Component (UMC)
CWE ID-CWE-125
Out-of-bounds Read
CVE-2019-18291
Matching Score-4
Assigner-Siemens
ShareView Details
Matching Score-4
Assigner-Siemens
CVSS Score-7.5||HIGH
EPSS-2.38% / 81.82%
||
7 Day CHG~0.00%
Published-12 Dec, 2019 | 19:08
Updated-05 Aug, 2024 | 01:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a Denial-of-Service condition by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18290, CVE-2019-18292, CVE-2019-18294, CVE-2019-18298, CVE-2019-18299, CVE-2019-18300, CVE-2019-18301, CVE-2019-18302, CVE-2019-18303, CVE-2019-18304, CVE-2019-18305, CVE-2019-18306, and CVE-2019-18307. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.

Action-Not Available
Vendor-Siemens AG
Product-sppa-t3000_ms3000_migration_serverSPPA-T3000 MS3000 Migration Server
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-18290
Matching Score-4
Assigner-Siemens
ShareView Details
Matching Score-4
Assigner-Siemens
CVSS Score-7.5||HIGH
EPSS-2.38% / 81.82%
||
7 Day CHG~0.00%
Published-12 Dec, 2019 | 19:08
Updated-05 Aug, 2024 | 01:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a Denial-of-Service condition by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18291, CVE-2019-18292, CVE-2019-18294, CVE-2019-18298, CVE-2019-18299, CVE-2019-18300, CVE-2019-18301, CVE-2019-18302, CVE-2019-18303, CVE-2019-18304, CVE-2019-18305, CVE-2019-18306, and CVE-2019-18307. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.

Action-Not Available
Vendor-Siemens AG
Product-sppa-t3000_ms3000_migration_serverSPPA-T3000 MS3000 Migration Server
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-25200
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.71% / 48.97%
||
7 Day CHG~0.00%
Published-07 Feb, 2024 | 00:00
Updated-20 Jun, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Espruino 2v20 (commit fcc9ba4) was discovered to contain a Stack Overflow via the jspeFactorFunctionCall at src/jsparse.c.

Action-Not Available
Vendor-espruinon/a
Product-espruinon/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-43539
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.5||HIGH
EPSS-0.32% / 24.26%
||
7 Day CHG~0.00%
Published-04 Mar, 2024 | 10:48
Updated-10 Jan, 2025 | 17:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Buffer Over-read in WLAN Firmware

Transient DOS while processing an improperly formatted 802.11az Fine Time Measurement protocol frame.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qcn6422ipq8070a_firmwarewcd9385_firmwareipq8070aipq6000qcf8001_firmwaresnapdragon_x75_5g_modem-rf_firmwareqcn9072_firmwaresnapdragon_x65_5g_modem-rf_firmwareqcn6132_firmwareqcc2076immersive_home_326_firmwaresnapdragon_8_gen_2_mobile_firmwareqcn6422_firmwareipq9574_firmwaresc8380xpwcd9395_firmwareqca6698aq_firmwarefastconnect_6900_firmwaresxr2230pqca8085qcf8000fastconnect_6900ipq8078aipq8071a_firmwareqcn9024_firmwaresdx55ipq9008qcn6122_firmwaresd865_5gqcn6432qam8775pqcn9274_firmwareqcn6132qcn9024ssg2115p_firmwareqca8085_firmwareqca6698aqipq6028_firmwareimmersive_home_3210qca8081_firmwarear8035_firmwareqcn6224_firmwareqcn9274snapdragon_x65_5g_modem-rfqcf8000_firmwareipq5332_firmwareipq6018_firmwareqcn9074qcn5022sc8380xp_firmwarecsr8811_firmwaresnapdragon_865\+_5g_mobileqcn6112qca8386ipq9570qca6696_firmwareqcn9013_firmwareqfw7124_firmwareqca6574aipq8076qcn9013qca6554a_firmwaresnapdragon_xr2_5gqca6574_firmwarefastconnect_7800ssg2125p_firmwareqam8255pqcn6024qca6595snapdragon_x75_5g_modem-rfwcn6740snapdragon_870_5g_mobilewcd9390qca6797aq_firmwareqcn6122wsa8810qca6426qcn6432_firmwaresnapdragon_ar2_gen_1sdx65mqca6595au_firmwareqcn9012_firmwarewsa8830_firmwareqcc710ipq6010qcc2076_firmwareqcn5024qca8337_firmwareqca6554aqcn5154_firmwaresnapdragon_865\+_5g_mobile_firmwareqca8084_firmwareqcn5122_firmwarewsa8810_firmwareipq8076_firmwaresdx65m_firmwareqcn5052ipq9008_firmwareqca8082_firmwarewcd9395immersive_home_326wsa8830qca8084sa7255pqcn6112_firmwareqca6564auqam8775p_firmwareqca6426_firmwareqca8081qca8075_firmwareqca6436ipq8078qcc2073fastconnect_6800ipq5302qcn6274wsa8815_firmwareimmersive_home_318ipq5332qca6595aufastconnect_7800_firmwareqcn9072qfw7114snapdragon_8\+_gen_2_mobile_firmwareqcn5164_firmwareipq8174sm8550p_firmwaressg2125psxr1230psnapdragon_865_5g_mobileqcn5052_firmwareqam8650pwcn6740_firmwareqca6574a_firmwaresnapdragon_8_gen_2_mobileqca4024ipq8173_firmwareipq8173qcn5154wcd9390_firmwareqca6436_firmwaressg2115pqcs8550qca6797aqwcd9385wcd9380qcn6412_firmwareqcn9100_firmwareqcn6402_firmwarewsa8815wsa8845ipq5312qam8650p_firmwareipq8078a_firmwareipq9554qcn5122qcn5152_firmwareqca6391qcn9070_firmwareipq5028qca6696qca9888_firmwareqca8075wsa8835qam8255p_firmwareqcf8001qcn9000snapdragon_8_gen_3_mobilesnapdragon_8_gen_3_mobile_firmwareqca6574auwcd9380_firmwaresnapdragon_ar2_gen_1_firmwarewsa8845hqcn9100qcn9012wsa8840ipq8076a_firmwareqcn9022qca0000immersive_home_316_firmwareimmersive_home_216qca6584auqca8386_firmwareipq5312_firmwaresnapdragon_870_5g_mobile_firmwarewcd9340sxr2230p_firmwareqcn9074_firmwareqca4024_firmwareqcn9022_firmwaresxr1230p_firmwareqca6584au_firmwareqcn6224ipq8078_firmwaresa7255p_firmwareipq6000_firmwarewsa8845h_firmwareqcc2073_firmwareipq8071aqcn5022_firmwareqcn6023_firmwareqfw7114_firmwarear8035qcn6402ipq5028_firmwareqcn9070sg8275pimmersive_home_214_firmwareipq8076aipq5010sg8275p_firmwareqcn5024_firmwareipq5302_firmwareipq8174_firmwaresnapdragon_8_gen_1_mobileqca6564au_firmwareipq6018qcn5152qcn6023immersive_home_214sm8550pipq8072aqca9889_firmwareimmersive_home_3210_firmwaresnapdragon_8_gen_1_mobile_firmwareqcm8550_firmwareqcn6024_firmwarewsa8845_firmwareqfw7124snapdragon_865_5g_mobile_firmwarewsa8832_firmwaresdx55_firmwareipq8072a_firmwareipq5010_firmwareipq9554_firmwareipq6028qcc710_firmwarewcd9340_firmwareqca8082qca9888ipq8074a_firmwareimmersive_home_216_firmwarewsa8832csr8811qcn5164qca6391_firmwareqca6595_firmwareqcn5124fastconnect_6800_firmwareqca6574au_firmwareqca8337immersive_home_318_firmwaresd865_5g_firmwareipq9570_firmwaresd_8_gen1_5gimmersive_home_316qcs8550_firmwareqca0000_firmwareqca6574qcn5124_firmwaresd_8_gen1_5g_firmwaresnapdragon_8\+_gen_2_mobileipq9574qca9889snapdragon_xr2_5g_firmwareqcm8550wsa8835_firmwareipq8074awsa8840_firmwareqcn6274_firmwareqcn6412ipq6010_firmwareqcn9000_firmwareSnapdragonqcn6412_firmwareqca6574a_firmwarewsa8832_firmwareqcn5124_firmwareqcn9024_firmwareqcn9070_firmwarewsa8835_firmwareqcn6422_firmwarecsr8811_firmwaresnapdragon_8_gen_3_mobile_platform_firmwareipq8076a_firmwareqcn9022_firmwareipq8076_firmwareipq8074a_firmwareqcn6224_firmwareqca8386_firmwareqcn5164_firmwareqcn5052_firmwareimmersive_home_3210_platform_firmwareqca6698aq_firmwareqca8081_firmwareqcn6402_firmwarewcd9385_firmwarefastconnect_7800_firmwarewsa8845h_firmwareqcm8550_firmwareipq8078_firmwaressg2125p_firmwaresnapdragon_x65_5g_modem-rf_system_firmwareqcn6024_firmwareqca6436_firmwareipq8070a_firmwareqca6595_firmwareipq5302_firmwareqca0000_firmwareqcn5152_firmwareqam8650p_firmwareqcn6274_firmwaresa7255p_firmwareqcn6432_firmwareimmersive_home_316_platform_firmwaresnapdragon_8_gen_2_mobile_platform_firmwareqcn5024_firmwareqcc2073_firmwareqca9889_firmwareipq8173_firmwareqcn9012_firmwareipq6018_firmwareqcn9100_firmwareipq9554_firmwarewcd9340_firmwarear8035_firmwareqca8084_firmwarefastconnect_6800_firmwareqcn5022_firmwaresnapdragon_x75_5g_modem-rf_system_firmwarewsa8845_firmwareqcf8001_firmwareqcc710_firmwareqca8075_firmwareqca6574au_firmwareqcf8000_firmwareqcn9274_firmwareipq8071a_firmwareqcn9074_firmwarewcn6740_firmwaresd_8_gen1_5g_firmwareqcn5122_firmwareqcs8550_firmwareipq5312_firmwaresdx65m_firmwareqca6564au_firmwareqca4024_firmwaresnapdragon_xr2_5g_platform_firmwareqcn9000_firmwareqca6696_firmwareimmersive_home_326_platform_firmwareqcn6122_firmwareimmersive_home_318_platform_firmwareqcn9013_firmwareqca8337_firmwareipq6000_firmwareqcn5154_firmwareqca6595au_firmwarewcd9390_firmwaresm8550p_firmwareqca6554a_firmwaresnapdragon_ar2_gen_1_platform_firmwareipq9570_firmwareipq8078a_firmwarewcd9395_firmwaresxr1230p_firmwareqcn9072_firmwareqfw7124_firmwareqca6391_firmwareqcc2076_firmwareipq8174_firmwareipq6010_firmwarefastconnect_6900_firmwarewsa8840_firmwareqca9888_firmwarewcd9380_firmwareqca6584au_firmwareqam8775p_firmwaresnapdragon_8_gen_1_mobile_platform_firmwarewsa8810_firmwareimmersive_home_216_platform_firmwareipq9008_firmwareqfw7114_firmwaresnapdragon_865_5g_mobile_platform_firmwarewsa8830_firmwareqca8085_firmwaresxr2230p_firmwaressg2115p_firmwareqca6574_firmwaresg8275p_firmwareqcn6112_firmwareqcn6023_firmwareipq5028_firmwareipq6028_firmwarewsa8815_firmwareipq8072a_firmwareipq9574_firmwareqca6797aq_firmwareipq5010_firmwaresd865_5g_firmwareqca6426_firmwaresc8380xp_firmwaresdx55_firmwareqca8082_firmwareipq5332_firmwareimmersive_home_214_platform_firmwareqam8255p_firmwareqcn6132_firmware
CWE ID-CWE-126
Buffer Over-read
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-37178
Matching Score-4
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-4
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-5.3||MEDIUM
EPSS-0.32% / 24.27%
||
7 Day CHG~0.00%
Published-13 Jan, 2026 | 20:08
Updated-23 Jan, 2026 | 16:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Out-of-Bounds Read Vulnerabilities Leading to Process Crash in AOS-8 Operating System

Multiple out-of-bounds read vulnerabilities were identified in a system component responsible for handling certain data buffers. Due to insufficient validation of maximum buffer size values, the process may attempt to read beyond the intended memory region. Under specific conditions, this can result in a crash of the affected process and a potential denial-of-service of the compromised process.

Action-Not Available
Vendor-Hewlett Packard Enterprise (HPE)Aruba Networks
Product-arubaosArubaOS (AOS)
CWE ID-CWE-125
Out-of-bounds Read
CVE-2019-18307
Matching Score-4
Assigner-Siemens
ShareView Details
Matching Score-4
Assigner-Siemens
CVSS Score-7.5||HIGH
EPSS-2.40% / 82.02%
||
7 Day CHG~0.00%
Published-12 Dec, 2019 | 19:08
Updated-05 Aug, 2024 | 01:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a Denial-of-Service condition by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18290, CVE-2019-18291, CVE-2019-18292, CVE-2019-18294, CVE-2019-18298, CVE-2019-18299, CVE-2019-18300, CVE-2019-18301, CVE-2019-18302, CVE-2019-18303, CVE-2019-18304, CVE-2019-18305, and CVE-2019-18306. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.

Action-Not Available
Vendor-Siemens AG
Product-sppa-t3000_ms3000_migration_serverSPPA-T3000 MS3000 Migration Server
CWE ID-CWE-125
Out-of-bounds Read
CVE-2026-5437
Matching Score-4
Assigner-CERT/CC
ShareView Details
Matching Score-4
Assigner-CERT/CC
CVSS Score-7.5||HIGH
EPSS-0.64% / 46.28%
||
7 Day CHG~0.00%
Published-09 Apr, 2026 | 14:44
Updated-15 Apr, 2026 | 19:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Out-of-Bounds Read in DicomStreamReader

An out-of-bounds read vulnerability exists in `DicomStreamReader` during DICOM meta-header parsing. When processing malformed metadata structures, the parser may read beyond the bounds of the allocated metadata buffer. Although this issue does not typically crash the server or expose data directly to the attacker, it reflects insufficient input validation in the parsing logic.

Action-Not Available
Vendor-orthanc-serverOrthanc
Product-orthancDICOM Server
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-35995
Matching Score-4
Assigner-F5, Inc.
ShareView Details
Matching Score-4
Assigner-F5, Inc.
CVSS Score-8.7||HIGH
EPSS-0.36% / 27.77%
||
7 Day CHG~0.00%
Published-07 May, 2025 | 22:04
Updated-29 Sep, 2025 | 21:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
BIG-IP PEM vulnerability

When a BIG-IP PEM system is licensed with URL categorization, and the URL categorization policy or an iRule with the urlcat command is enabled on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Action-Not Available
Vendor-F5, Inc.
Product-big-ip_policy_enforcement_managerBIG-IP
CWE ID-CWE-125
Out-of-bounds Read
CVE-2019-18292
Matching Score-4
Assigner-Siemens
ShareView Details
Matching Score-4
Assigner-Siemens
CVSS Score-7.5||HIGH
EPSS-2.40% / 82.02%
||
7 Day CHG~0.00%
Published-12 Dec, 2019 | 19:08
Updated-05 Aug, 2024 | 01:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a Denial-of-Service condition by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18290, CVE-2019-18291, CVE-2019-18294, CVE-2019-18298, CVE-2019-18299, CVE-2019-18300, CVE-2019-18301, CVE-2019-18302, CVE-2019-18303, CVE-2019-18304, CVE-2019-18305, CVE-2019-18306, and CVE-2019-18307. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.

Action-Not Available
Vendor-Siemens AG
Product-sppa-t3000_ms3000_migration_serverSPPA-T3000 MS3000 Migration Server
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-32906
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-0.79% / 51.69%
||
7 Day CHG~0.00%
Published-14 Apr, 2025 | 13:58
Updated-29 Jun, 2026 | 21:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Libsoup: out of bounds reads in soup_headers_parse_request()

A flaw was found in libsoup, where the soup_headers_parse_request() function may be vulnerable to an out-of-bound read. This flaw allows a malicious user to use a specially crafted HTTP request to crash the HTTP server.

Action-Not Available
Vendor-Red Hat, Inc.
Product-Red Hat Enterprise Linux 8.4 Telecommunications Update ServiceRed Hat Enterprise Linux 8.4 Update Services for SAP SolutionsRed Hat Enterprise Linux 9.4 Extended Update SupportRed Hat Enterprise Linux 9Red Hat Enterprise Linux 8.2 Advanced Update SupportRed Hat Enterprise Linux 10Red Hat Enterprise Linux 8.8 Extended Update SupportRed Hat Enterprise Linux 9.2 Extended Update SupportRed Hat Enterprise Linux 8.6 Advanced Mission Critical Update SupportRed Hat Enterprise Linux 8.4 Advanced Mission Critical Update SupportRed Hat Enterprise Linux 6Red Hat Enterprise Linux 9.0 Update Services for SAP SolutionsRed Hat Enterprise Linux 7 Extended Lifecycle SupportRed Hat Enterprise Linux 8Red Hat Enterprise Linux 8.6 Telecommunications Update ServiceRed Hat Enterprise Linux 8.6 Update Services for SAP Solutions
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-32396
Matching Score-4
Assigner-Nozomi Networks Inc.
ShareView Details
Matching Score-4
Assigner-Nozomi Networks Inc.
CVSS Score-7.5||HIGH
EPSS-0.34% / 25.95%
||
7 Day CHG~0.00%
Published-07 May, 2025 | 07:05
Updated-13 May, 2025 | 20:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An Heap-based Buffer Overflow in RT-Labs P-Net version 1.0.1 or earlier allows an attacker to induce a crash in IO devices that use the library by sending a malicious RPC packet.

Action-Not Available
Vendor-rt-labsRT-Labs
Product-p-netP-Net
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2026-5172
Matching Score-4
Assigner-CERT/CC
ShareView Details
Matching Score-4
Assigner-CERT/CC
CVSS Score-7.3||HIGH
EPSS-0.93% / 56.37%
||
7 Day CHG+0.29%
Published-11 May, 2026 | 16:48
Updated-30 Jun, 2026 | 03:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CVE-2026-5172

A buffer overflow in dnsmasq’s extract_addresses() function allows an attacker to trigger a heap out-of-bounds read and crash by exploiting a malformed DNS response, enabling extract_name() to advance the pointer past the record’s end.

Action-Not Available
Vendor-dnsmasqRed Hat, Inc.
Product-dnsmasqRed Hat OpenShift Container Platform 4Red Hat Enterprise Linux 7Red Hat Enterprise Linux 9Red Hat Enterprise Linux 8Red Hat Enterprise Linux 6Red Hat Enterprise Linux AppStream (v. 10)
CWE ID-CWE-125
Out-of-bounds Read
CVE-2019-1789
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-7.5||HIGH
EPSS-1.49% / 71.02%
||
7 Day CHG~0.00%
Published-05 Nov, 2019 | 18:25
Updated-19 Nov, 2024 | 18:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ClamAV Denial of Service Vulnerability

ClamAV versions prior to 0.101.2 are susceptible to a denial of service (DoS) vulnerability. An out-of-bounds heap read condition may occur when scanning PE files. An example is Windows EXE and DLL files that have been packed using Aspack as a result of inadequate bound-checking.

Action-Not Available
Vendor-ClamAVCisco Systems, Inc.
Product-clamavClamAV
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-32405
Matching Score-4
Assigner-Nozomi Networks Inc.
ShareView Details
Matching Score-4
Assigner-Nozomi Networks Inc.
CVSS Score-7.5||HIGH
EPSS-0.46% / 36.58%
||
7 Day CHG~0.00%
Published-07 May, 2025 | 07:05
Updated-13 May, 2025 | 20:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An Out-of-bounds Write in RT-Labs P-Net version 1.0.1 or earlier allows an attacker to induce a crash in IO devices that use the library by sending a malicious RPC packet.

Action-Not Available
Vendor-rt-labsRT-Labs
Product-p-netP-Net
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-32397
Matching Score-4
Assigner-Nozomi Networks Inc.
ShareView Details
Matching Score-4
Assigner-Nozomi Networks Inc.
CVSS Score-7.5||HIGH
EPSS-0.34% / 25.95%
||
7 Day CHG~0.00%
Published-07 May, 2025 | 07:05
Updated-13 May, 2025 | 20:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An Heap-based Buffer Overflow in RT-Labs P-Net version 1.0.1 or earlier allows an attacker to induce a crash in IO devices that use the library by sending a malicious RPC packet.

Action-Not Available
Vendor-rt-labsRT-Labs
Product-p-netP-Net
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-32402
Matching Score-4
Assigner-Nozomi Networks Inc.
ShareView Details
Matching Score-4
Assigner-Nozomi Networks Inc.
CVSS Score-7.5||HIGH
EPSS-0.34% / 25.42%
||
7 Day CHG~0.00%
Published-07 May, 2025 | 07:05
Updated-13 May, 2025 | 20:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An Out-of-bounds Write in RT-Labs P-Net version 1.0.1 or earlier allows an attacker to induce a crash in IO devices that use the library by sending a malicious RPC packet.

Action-Not Available
Vendor-rt-labsRT-Labs
Product-p-netP-Net
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-32415
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-2.9||LOW
EPSS-0.53% / 40.72%
||
7 Day CHG~0.00%
Published-17 Apr, 2025 | 00:00
Updated-03 Nov, 2025 | 20:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In libxml2 before 2.13.8 and 2.14.x before 2.14.2, xmlSchemaIDCFillNodeTables in xmlschemas.c has a heap-based buffer under-read. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML schema must be used.

Action-Not Available
Vendor-libxml2 (XMLSoft)
Product-libxml2libxml2
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-1284
Improper Validation of Specified Quantity in Input
CVE-2025-32400
Matching Score-4
Assigner-Nozomi Networks Inc.
ShareView Details
Matching Score-4
Assigner-Nozomi Networks Inc.
CVSS Score-7.5||HIGH
EPSS-0.34% / 25.95%
||
7 Day CHG~0.00%
Published-07 May, 2025 | 07:05
Updated-13 May, 2025 | 20:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An Heap-based Buffer Overflow in RT-Labs P-Net version 1.0.1 or earlier allows an attacker to induce a crash in IO devices that use the library by sending a malicious RPC packet.

Action-Not Available
Vendor-rt-labsRT-Labs
Product-p-netP-Net
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-41111
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.1||HIGH
EPSS-0.59% / 43.90%
||
7 Day CHG~0.00%
Published-08 Nov, 2023 | 00:00
Updated-17 Sep, 2024 | 13:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Samsung Mobile Processor, Wearable Processor, Automotive Processor, and Modem (Exynos 9810, 9610, 9820, 980, 850, 1080, 2100, 2200, 1280, 1380, 1330, 9110, W920, Modem 5123, Modem 5300, and Auto T5123). Improper handling of a length parameter inconsistency can cause abnormal termination of a mobile phone. This occurs in the RLC task and RLC module.

Action-Not Available
Vendor-n/aSamsung
Product-exynos_1380exynos_850_firmwareexynos_9820_firmwareexynos_980_firmwareexynos_1330exynos_auto_t5123exynos_9610exynos_1330_firmwareexynos_9810_firmwareexynos_2100exynos_9110exynos_980exynos_modem_5300_firmwareexynos_2200_firmwareexynos_9820exynos_modem_5123_firmwareexynos_9810exynos_9110_firmwareexynos_1280exynos_850exynos_1080exynos_2200exynos_w920_firmwareexynos_w920exynos_auto_t5123_firmwareexynos_1080_firmwareexynos_2100_firmwareexynos_1280_firmwareexynos_modem_5300exynos_1380_firmwareexynos_9610_firmwareexynos_modem_5123n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-25669
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.5||HIGH
EPSS-0.39% / 31.27%
||
7 Day CHG+0.01%
Published-16 Sep, 2022 | 05:25
Updated-03 Aug, 2024 | 04:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Denial of service in video due to buffer over read while parsing MP4 clip in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qca9377_firmwaresm6250p_firmwareqcs610wcn3950_firmwareqca6595au_firmwaresa6155qca6335csra6620_firmwareqcs605_firmwaresd_675_firmwarecsra6640_firmwarewcn3998wcd9371_firmwarewcn3950sm4125mdm9628sd720gmdm9206_firmwaresd_8_gen1_5g_firmwarewcn3660bsd710_firmwaresd460_firmwareqca4020sm7315_firmwarewcn7850qca6574au_firmwarewcd9375_firmwarewcn3998_firmwaresa6155_firmwaremsm8909wapq8009w_firmwareqca6420apq8053_firmwaresm7450_firmwaresd680_firmwareqca9367_firmwarewcn3999sa8155_firmwaresd662_firmwareqcs405qca6430wcd9340qualcomm215_firmwaresd765gsw5100qca4020_firmwareqca6436sd680sa6155pwcn6851qcs603_firmwarewcn7851_firmwaremdm9250_firmwarewcd9341qca6696_firmwarewcd9371sd750gsd870_firmwarewcn3910_firmwarewsa8830_firmwaresd855_firmwaresd660sd865_5g_firmwarewcn3988sd660_firmwarewcn7850_firmwaresa8195p_firmwaresm8475wcn6750_firmwarewcn3610wcn3991wcd9380_firmwaresdm429wmsm8996au_firmwaresw5100pwcd9330qca6564ausdx55m_firmwarewcn6856_firmwaresd670_firmwareqca6574wcd9380qualcomm215qcs410sd690_5g_firmwaresdx50m_firmwareqca9379_firmwareqca6430_firmwarewcd9335_firmwarewcn3980sd439_firmwareqca6335_firmwareqcs605wcd9340_firmwarewsa8815wcn6850wcn3910qca6320mdm9650_firmwareqca6426_firmwarewcn3660b_firmwarewcn3680sd835wcn3980_firmwaresd730wcd9330_firmwaresdx55msm8475_firmwarewcn6740_firmwaremsm8953sd678_firmwarear8031_firmwarewcn3680_firmwarewcn6851_firmwareqcs603sd_636_firmwaresd670qca6564a_firmwareapq8009wqcm4290_firmwaresd480sd870wcn6855wsa8832sw5100p_firmwareqcs610_firmwaresa6145psdxr1apq8096auar8031qcs405_firmwareqca6391_firmwaresd780g_firmwarewcd9370_firmwaresdx55sd888_firmwareapq8053sa8155pcsra6640sd675sd439sm8475p_firmwareqca9379wcn3991_firmwarewsa8830sd678mdm9628_firmwaremdm9650sd_636csra6620qcs4290mdm9250sd765g_firmwareqca6420_firmwareqca6390_firmwareapq8009_firmwaresd690_5gsd730_firmwarewcd9370sd675_firmwareqca6564qca6426wcn3990_firmwareqca9377sdw2500_firmwarewcd9385_firmwaresdxr2_5g_firmwarewcd9326_firmwarewcn3615_firmwaresd662sa8155qca6320_firmwarewcn3680b_firmwaresdx55_firmwareqca6595auwcn3615wcn3999_firmwaresm7250p_firmwarewcn3610_firmwareqca6436_firmwareqca6564au_firmwaresd778gsa6155p_firmwareqca6310wcn7851qcs6490sd429sdxr2_5gqca9367mdm9607_firmwarewcn3988_firmwaresa6145p_firmwaresd429_firmwaresm6250sd778g_firmwaresa8195pwsa8810_firmwaresd765_firmwarewcd9326wcd9335qca6174a_firmwareqcs4290_firmwarewcd9385qcs6490_firmwareqca6390wcd9375sd750g_firmwareaqt1000sm6250_firmwaremsm8953_firmwarewcn3620_firmwaresdx20_firmwareqcm6490sd888_5g_firmwarewcn6850_firmwarewcn3620wsa8835_firmwarewsa8815_firmwaresm7450qca6564awcn3990sd_675sd780gsd865_5gsd888msm8909w_firmwarewsa8835msm8996ausdm429w_firmwaresd888_5gsm6250pqca6574amdm9206wcn6855_firmwareqca6174asm7325pqca6310_firmwarewcn6750qca6574_firmwaresd855sm4125_firmwaresm7325p_firmwaresd765qca6574a_firmwaresd768g_firmwaresm7315apq8009qca6391sd460sdxr1_firmwareaqt1000_firmwaremdm9626qcm4290qcm6490_firmwaresdx50mwsa8832_firmwaresdx20sd480_firmwaremdm9626_firmwareqca6574ausa8155p_firmwaresd710mdm9607wcd9341_firmwarewsa8810wcn6856wcn3680bsd835_firmwareqca6564_firmwaresd768gwcn6740qca6696sd845_firmwaresdw2500apq8096au_firmwaresd845sm7250psd720g_firmwaresw5100_firmwareqcs410_firmwaresm8475pSnapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-30176
Matching Score-4
Assigner-Siemens
ShareView Details
Matching Score-4
Assigner-Siemens
CVSS Score-8.7||HIGH
EPSS-0.53% / 40.98%
||
7 Day CHG~0.00%
Published-13 May, 2025 | 09:38
Updated-03 Oct, 2025 | 19:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions), SIMATIC PCS neo V5.0 (All versions), SINEC NMS (All versions < V4.0), SINEMA Remote Connect (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), Totally Integrated Automation Portal (TIA Portal) V18 (All versions), Totally Integrated Automation Portal (TIA Portal) V19 (All versions), Totally Integrated Automation Portal (TIA Portal) V20 (All versions), User Management Component (UMC) (All versions < V2.15.1.1). Affected products contain a out of bound read buffer overflow vulnerability in the integrated UMC component. This could allow an unauthenticated remote attacker to cause a denial of service condition.

Action-Not Available
Vendor-Siemens AG
Product-totally_integrated_automation_portaluser_management_componentsinec_nmssimatic_pcs_neosinema_remote_connectTotally Integrated Automation Portal (TIA Portal) V19SIMATIC PCS neo V4.1Totally Integrated Automation Portal (TIA Portal) V17Totally Integrated Automation Portal (TIA Portal) V20SINEC NMSTotally Integrated Automation Portal (TIA Portal) V18SINEMA Remote ConnectSIMATIC PCS neo V5.0User Management Component (UMC)
CWE ID-CWE-125
Out-of-bounds Read
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 27
  • 28
  • Next
Details not found