Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-58013

Summary
Assigner-redhat
Assigner Org ID-53f830b8-0a3f-465b-8143-3b8a9948e749
Published At-30 Jun, 2026 | 12:57
Updated At-30 Jun, 2026 | 15:58
Rejected At-
Credits

Glib: buffer over-read in glib/giochannel.c via "g_io_channel_read_line_backend"

A flaw was found in GLib. A buffer over-read can occur in g_io_channel_read_line_backend() in the giochannel.c file when a custom line terminator with a length greater than one is set, causing memcmp to read past the GString buffer. This vulnerability can cause a minor information disclosure of 7 bytes or a denial of service when the buffer over-read crosses a page boundary.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:redhat
Assigner Org ID:53f830b8-0a3f-465b-8143-3b8a9948e749
Published At:30 Jun, 2026 | 12:57
Updated At:30 Jun, 2026 | 15:58
Rejected At:
â–¼CVE Numbering Authority (CNA)
Glib: buffer over-read in glib/giochannel.c via "g_io_channel_read_line_backend"

A flaw was found in GLib. A buffer over-read can occur in g_io_channel_read_line_backend() in the giochannel.c file when a custom line terminator with a length greater than one is set, causing memcmp to read past the GString buffer. This vulnerability can cause a minor information disclosure of 7 bytes or a denial of service when the buffer over-read crosses a page boundary.

Affected Products
Vendor
The GNOME ProjectGNOME
Product
GLib
Collection URL
https://gitlab.gnome.org/GNOME/glib/
Package Name
GLib
Default Status
unaffected
Versions
Affected
  • From 0 before 2.88.1 (semver)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux 10
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
glib2
CPEs
  • cpe:/o:redhat:enterprise_linux:10
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux 10
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
mingw-glib2
CPEs
  • cpe:/o:redhat:enterprise_linux:10
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux 6
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
glib2
CPEs
  • cpe:/o:redhat:enterprise_linux:6
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux 7
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
glib2
CPEs
  • cpe:/o:redhat:enterprise_linux:7
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux 8
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
glib2
CPEs
  • cpe:/o:redhat:enterprise_linux:8
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux 8
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
mingw-glib2
CPEs
  • cpe:/o:redhat:enterprise_linux:8
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux 9
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
glib2
CPEs
  • cpe:/o:redhat:enterprise_linux:9
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux 9
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
mingw-glib2
CPEs
  • cpe:/o:redhat:enterprise_linux:9
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Hardened Images
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
glib2
CPEs
  • cpe:/a:redhat:hummingbird:1
Default Status
unaffected
Problem Types
TypeCWE IDDescription
CWECWE-126Buffer Over-read
Type: CWE
CWE ID: CWE-126
Description: Buffer Over-read
Metrics
VersionBase scoreBase severityVector
3.16.5MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
Version: 3.1
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
Metrics Other Info
Red Hat severity rating
value:
Moderate
namespace:
https://access.redhat.com/security/updates/classification/
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

To mitigate this vulnerability, restrict any custom line terminator string passed to g_io_channel_set_line_term() to a maximum length of one byte before calling g_io_channel_read_line_backend(). Using the default line terminators will completely neutralize this issue.

Exploits

Credits

Red Hat would like to thank linhlhq for reporting this issue.
Timeline
EventDate
Reported to Red Hat.2026-06-24 16:49:18
Made public.2026-04-03 00:00:00
Event: Reported to Red Hat.
Date: 2026-06-24 16:49:18
Event: Made public.
Date: 2026-04-03 00:00:00
Replaced By

Rejected Reason

References
HyperlinkResource
https://access.redhat.com/security/cve/CVE-2026-58013
vdb-entry
x_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2492248
issue-tracking
x_refsource_REDHAT
https://gitlab.gnome.org/GNOME/glib/-/issues/3925
N/A
Hyperlink: https://access.redhat.com/security/cve/CVE-2026-58013
Resource:
vdb-entry
x_refsource_REDHAT
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=2492248
Resource:
issue-tracking
x_refsource_REDHAT
Hyperlink: https://gitlab.gnome.org/GNOME/glib/-/issues/3925
Resource: N/A
â–¼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:secalert@redhat.com
Published At:30 Jun, 2026 | 13:19
Updated At:02 Jul, 2026 | 19:29

A flaw was found in GLib. A buffer over-read can occur in g_io_channel_read_line_backend() in the giochannel.c file when a custom line terminator with a length greater than one is set, causing memcmp to read past the GString buffer. This vulnerability can cause a minor information disclosure of 7 bytes or a denial of service when the buffer over-read crosses a page boundary.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.16.5MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
Primary3.18.2HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
N/A
Type: Secondary
Version: 3.1
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
Type: Primary
Version: 3.1
Base score: 8.2
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
Type: N/A
Version:
Base score:
Base severity: N/A
Vector:
CPE Matches

The GNOME Project
gnome
>>glib>>Versions before 2.88.1(exclusive)
cpe:2.3:a:gnome:glib:*:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>enterprise_linux>>6.0
cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>enterprise_linux>>7.0
cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>enterprise_linux>>8.0
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>enterprise_linux>>9.0
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>enterprise_linux>>10.0
cpe:2.3:o:redhat:enterprise_linux:10.0:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-126Secondarysecalert@redhat.com
CWE ID: CWE-126
Type: Secondary
Source: secalert@redhat.com
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://access.redhat.com/security/cve/CVE-2026-58013secalert@redhat.com
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2492248secalert@redhat.com
Issue Tracking
Third Party Advisory
https://gitlab.gnome.org/GNOME/glib/-/issues/3925secalert@redhat.com
Exploit
Issue Tracking
Vendor Advisory
Hyperlink: https://access.redhat.com/security/cve/CVE-2026-58013
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=2492248
Source: secalert@redhat.com
Resource:
Issue Tracking
Third Party Advisory
Hyperlink: https://gitlab.gnome.org/GNOME/glib/-/issues/3925
Source: secalert@redhat.com
Resource:
Exploit
Issue Tracking
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

45Records found

CVE-2026-58010
Matching Score-10
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-10
Assigner-Red Hat, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.32% / 24.09%
||
7 Day CHG~0.00%
Published-30 Jun, 2026 | 12:57
Updated-02 Jul, 2026 | 19:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Glib: buffer over-read in glib/gvariant-serialiser.c via gvs_tuple_is_normal()

A flaw was found in GLib. An off-by-one error can occur in the gvs_tuple_is_normal function in the glib/gvariant-serialiser.c file when doing an alignment padding check because the bounds check uses > instead of >=, causing an out-of-bounds read of only 1 byte. This issue can cause a minor information disclosure of 1 byte and a denial of service when the out-of-bounds read crosses a page boundary.

Action-Not Available
Vendor-The GNOME ProjectRed Hat, Inc.
Product-enterprise_linuxglibRed Hat Enterprise Linux 7Red Hat Hardened ImagesRed Hat Enterprise Linux 9Red Hat Enterprise Linux 10Red Hat Enterprise Linux 8GLibRed Hat Enterprise Linux 6
CWE ID-CWE-126
Buffer Over-read
CVE-2026-58012
Matching Score-10
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-10
Assigner-Red Hat, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.32% / 24.09%
||
7 Day CHG~0.00%
Published-30 Jun, 2026 | 12:57
Updated-02 Jul, 2026 | 19:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Glib: buffer over-read in g_regex_replace() via glib/gregex.c:string_append() and g_utf8_next_char()

A flaw was found in GLib. A buffer over-read can occur in the g_regex_replace function when used with the `G_REGEX_RAW` compile flag and case-change replacement escapes because the string_append function processes matched substrings using UTF-8 functions that assume valid UTF-8 input, even when the string is treated as raw bytes. This vulnerability can cause a minor information disclosure of 1-5 bytes and a denial of service when the buffer over-read crosses a page boundary.

Action-Not Available
Vendor-The GNOME ProjectRed Hat, Inc.
Product-enterprise_linuxglibRed Hat Enterprise Linux 7Red Hat Hardened ImagesRed Hat Enterprise Linux 9Red Hat Enterprise Linux 10Red Hat Enterprise Linux 8GLibRed Hat Enterprise Linux 6
CWE ID-CWE-126
Buffer Over-read
CVE-2026-5260
Matching Score-10
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-10
Assigner-Red Hat, Inc.
CVSS Score-8.2||HIGH
EPSS-0.73% / 49.66%
||
7 Day CHG+0.06%
Published-26 May, 2026 | 21:29
Updated-30 Jun, 2026 | 03:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Gnutls: gnutls: information disclosure via heap overread in rsa key exchange

A flaw was found in libgnutls. A remote attacker, by sending an extremely short premaster secret during an RSA key exchange to a server using an RSA key backed by a PKCS#11 token, could trigger a short heap overread. This memory corruption vulnerability could lead to information disclosure.

Action-Not Available
Vendor-Red Hat, Inc.
Product-Red Hat Discovery 2Red Hat Enterprise Linux 8.8 Telecommunications Update ServiceRed Hat Enterprise Linux 7Red Hat Hardened ImagesRed Hat Enterprise Linux 9Red Hat Enterprise Linux 10Red Hat Enterprise Linux 9.6 Extended Update SupportRed Hat Enterprise Linux 8.6 Advanced Mission Critical Update SupportRed Hat Enterprise Linux 10.0 Extended Update SupportRed Hat Enterprise Linux 8.4 Advanced Mission Critical Update SupportRed Hat Enterprise Linux 6Red Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-OnRed Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-OnRed Hat Enterprise Linux 9.4 Update Services for SAP SolutionsRed Hat Update Infrastructure 5Red Hat OpenShift Container Platform 4Red Hat Enterprise Linux 8.8 Update Services for SAP SolutionsRed Hat Enterprise Linux 8
CWE ID-CWE-126
Buffer Over-read
CVE-2026-4371
Matching Score-10
Assigner-Mozilla Corporation
ShareView Details
Matching Score-10
Assigner-Mozilla Corporation
CVSS Score-7.4||HIGH
EPSS-0.36% / 28.07%
||
7 Day CHG+0.07%
Published-24 Mar, 2026 | 20:27
Updated-30 Jun, 2026 | 03:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Out of bounds read in IMAP parsing

A malicious mail server could send malformed strings with negative lengths, causing the parser to read memory outside the buffer. If a mail server or connection to a mail server were compromised, an attacker could cause the parser to malfunction, potentially crashing Thunderbird or leaking sensitive data. This vulnerability was fixed in Thunderbird 149 and Thunderbird 140.9.

Action-Not Available
Vendor-Red Hat, Inc.Mozilla Corporation
Product-thunderbirdThunderbirdRed Hat Enterprise Linux AppStream EUS (v. 10.0)Red Hat Enterprise Linux AppStream EUS (v.9.6)Red Hat Enterprise Linux AppStream AUS (v.8.6)Red Hat Enterprise Linux AppStream E4S (v.8.6)Red Hat Enterprise Linux 7Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)Red Hat Enterprise Linux AppStream TUS (v.8.8)Red Hat Enterprise Linux 10Red Hat Enterprise Linux AppStream (v. 9)Red Hat Enterprise Linux AppStream (v. 8)Red Hat Enterprise Linux 6Red Hat Enterprise Linux AppStream (v. 10)Red Hat Enterprise Linux AppStream E4S (v.9.2)Red Hat Enterprise Linux AppStream AUS (v. 8.2)Red Hat Enterprise Linux AppStream TUS (v.8.6)Red Hat Enterprise Linux AppStream E4S (v.8.8)Red Hat Enterprise Linux AppStream EUS (v.9.4)Red Hat Enterprise Linux AppStream AUS (v.8.4)Red Hat Enterprise Linux AppStream E4S (v.9.0)
CWE ID-CWE-126
Buffer Over-read
CWE ID-CWE-130
Improper Handling of Length Parameter Inconsistency
CVE-2025-32052
Matching Score-10
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-10
Assigner-Red Hat, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.57% / 43.23%
||
7 Day CHG~0.00%
Published-03 Apr, 2025 | 13:37
Updated-30 Jun, 2026 | 01:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Libsoup: heap buffer overflow in sniff_unknown()

A flaw was found in libsoup. A vulnerability in the sniff_unknown() function may lead to heap buffer over-read.

Action-Not Available
Vendor-Red Hat, Inc.
Product-Red Hat Enterprise Linux 9.4 Extended Update SupportRed Hat Enterprise Linux 7Red Hat Enterprise Linux 9Red Hat Enterprise Linux 10Red Hat Enterprise Linux 9.2 Extended Update SupportRed Hat Enterprise Linux 8Red Hat Enterprise Linux 8.8 Extended Update SupportRed Hat Enterprise Linux 6
CWE ID-CWE-126
Buffer Over-read
CVE-2025-32053
Matching Score-10
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-10
Assigner-Red Hat, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.57% / 43.02%
||
7 Day CHG~0.00%
Published-03 Apr, 2025 | 13:37
Updated-30 Jun, 2026 | 01:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Libsoup: heap buffer overflows in sniff_feed_or_html() and skip_insignificant_space()

A flaw was found in libsoup. A vulnerability in sniff_feed_or_html() and skip_insignificant_space() functions may lead to a heap buffer over-read.

Action-Not Available
Vendor-Red Hat, Inc.
Product-Red Hat Enterprise Linux 9.4 Extended Update SupportRed Hat Enterprise Linux 7Red Hat Enterprise Linux 9Red Hat Enterprise Linux 10Red Hat Enterprise Linux 9.2 Extended Update SupportRed Hat Enterprise Linux 8Red Hat Enterprise Linux 8.8 Extended Update SupportRed Hat Enterprise Linux 6
CWE ID-CWE-126
Buffer Over-read
CVE-2026-6104
Matching Score-8
Assigner-PHP Group
ShareView Details
Matching Score-8
Assigner-PHP Group
CVSS Score-6.3||MEDIUM
EPSS-0.47% / 37.22%
||
7 Day CHG+0.03%
Published-10 May, 2026 | 04:35
Updated-30 Jun, 2026 | 12:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Global buffer over-read in mb_convert_encoding() with attacker-supplied encoding

In PHP versions 8.4.* before 8.4.21 and 8.5.* before 8.5.6, when an encoding name containing an embedded NUL byte is passed to mb_convert_encoding() or related mbstring functions, the code incorrectly assumes that when strncasecmp() returns 0 it means the strings have the same length. This can lead to out-of-bounds read of global memory, potentially causing a crash or information disclosure or crash. Affected functions include mb_convert_encoding(), mb_detect_encoding(), mb_convert_variables(), and mb_detect_order(), as well as the mbstring.detect_order and mbstring.http_output INI settings.

Action-Not Available
Vendor-Red Hat, Inc.The PHP Group
Product-phpPHPRed Hat Enterprise Linux 7Red Hat Hardened ImagesRed Hat Enterprise Linux 9Red Hat Enterprise Linux 10Red Hat Enterprise Linux 8Red Hat Enterprise Linux 6Red Hat Enterprise Linux AppStream (v. 10)
CWE ID-CWE-125
Out-of-bounds Read
CVE-2026-49759
Matching Score-8
Assigner-6b3ad84c-e1a6-4bf7-a703-f496b71e49db
ShareView Details
Matching Score-8
Assigner-6b3ad84c-e1a6-4bf7-a703-f496b71e49db
CVSS Score-8.8||HIGH
EPSS-0.50% / 38.99%
||
7 Day CHG+0.04%
Published-10 Jun, 2026 | 14:35
Updated-01 Jul, 2026 | 04:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Stack buffer overflow in SCTP error cause parsing in inet_drv allows remote VM crash

Stack-based Buffer Overflow vulnerability in Erlang OTP erts (inet_drv) allows an unauthenticated remote attacker to crash the BEAM VM by sending a crafted SCTP ERROR chunk. The sctp_parse_error_chunk function in erts/emulator/drivers/common/inet_drv.c parses SCTP ERROR chunks and writes cause codes into a fixed-size stack-allocated ErlDrvTermData spec[] array without checking bounds. A remote attacker who has established an SCTP association to a listening port can send a single crafted SCTP ERROR chunk containing enough cause codes to overflow the stack buffer, crashing the VM. The attacker can only write 16-bit values interleaved with a fixed tag, so the overflow does not provide a controlled return address, limiting exploitation to Denial of Service. A crafted SCTP ERROR chunk may also leak bits and pieces of Erlang VM memory into the received error packet observed by the Erlang process. Such data is already readable by the user running the Erlang VM, so the disclosure scope is limited. This issue affects OTP from OTP 17.0 before 27.3.4.13, 28.5.0.2 and 29.0.2, corresponding to erts from 6.0 before 15.2.7.9, 16.4.0.2 and 17.0.2.

Action-Not Available
Vendor-erlangErlangRed Hat, Inc.
Product-ertserlang\/otpOTPRed Hat OpenStack Platform 16.2Red Hat OpenStack Platform 17.1Red Hat OpenStack Platform 18.0
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2026-41604
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-8.2||HIGH
EPSS-0.95% / 57.05%
||
7 Day CHG+0.37%
Published-28 Apr, 2026 | 09:20
Updated-30 Jun, 2026 | 03:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache Thrift: Swift Range crash in skip()

Out-of-bounds Read vulnerability in Apache Thrift. This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue.

Action-Not Available
Vendor-The Apache Software FoundationRed Hat, Inc.
Product-thriftApache ThriftRed Hat OpenShift AI (RHOAI)Multicluster Global Hub 1.3.4Red Hat OpenShift Container Platform 4Multicluster Global Hub 1.5.4Multicluster Global Hub 1.4.5Red Hat OpenShift GitOpsRed Hat AI Inference ServerRed Hat OpenShift distributed tracing 3Red Hat Enterprise Linux AI (RHEL AI) 3Red Hat Advanced Cluster Management for Kubernetes 2.15Multicluster Global Hub 1.6.2OpenShift Service Mesh 2Red Hat OpenShift distributed tracing 3.9.3
CWE ID-CWE-125
Out-of-bounds Read
CVE-2026-41607
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-6.5||MEDIUM
EPSS-0.97% / 57.43%
||
7 Day CHG+0.45%
Published-28 Apr, 2026 | 09:21
Updated-30 Jun, 2026 | 12:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache Thrift: C++ JSON OOB read

Out-of-bounds Read vulnerability in Apache Thrift. This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue.

Action-Not Available
Vendor-The Apache Software FoundationRed Hat, Inc.
Product-thriftApache ThriftRed Hat OpenShift AI (RHOAI)Multicluster Global Hub 1.3.4Red Hat OpenShift Container Platform 4Multicluster Global Hub 1.5.4Multicluster Global Hub 1.4.5Red Hat OpenShift GitOpsRed Hat AI Inference ServerRed Hat OpenShift distributed tracing 3Red Hat Enterprise Linux AI (RHEL AI) 3Red Hat Advanced Cluster Management for Kubernetes 2.15Multicluster Global Hub 1.6.2OpenShift Service Mesh 2Red Hat OpenShift distributed tracing 3.9.3
CWE ID-CWE-125
Out-of-bounds Read
CVE-2026-39979
Matching Score-8
Assigner-GitHub, Inc.
ShareView Details
Matching Score-8
Assigner-GitHub, Inc.
CVSS Score-6.9||MEDIUM
EPSS-0.56% / 42.46%
||
7 Day CHG+0.25%
Published-13 Apr, 2026 | 22:18
Updated-02 Jul, 2026 | 12:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
jq: Out-of-Bounds Read in jv_parse_sized() Error Formatting for Non-NUL-Terminated Counted Buffers

jq is a command-line JSON processor. In commits before 2f09060afab23fe9390cce7cb860b10416e1bf5f, the jv_parse_sized() API in libjq accepts a counted buffer with an explicit length parameter, but its error-handling path formats the input buffer using %s in jv_string_fmt(), which reads until a NUL terminator is found rather than respecting the caller-supplied length. This means that when malformed JSON is passed in a non-NUL-terminated buffer, the error construction logic performs an out-of-bounds read past the end of the buffer. The vulnerability is reachable by any libjq consumer calling jv_parse_sized() with untrusted input, and depending on memory layout, can result in memory disclosure or process termination. The issue has been patched in commit 2f09060afab23fe9390cce7cb860b10416e1bf5f.

Action-Not Available
Vendor-jqlangjqlangRed Hat, Inc.
Product-jqjqRed Hat Enterprise Linux AppStream AUS (v.8.6)Red Hat Enterprise Linux AppStream E4S (v.9.2)Red Hat AI Inference Server 3.3Red Hat Enterprise Linux CRB (v. 8)Red Hat OpenShift Container Platform 4.15Red Hat Enterprise Linux BaseOS (v. 10)Red Hat AI Inference Server 3.2Red Hat Enterprise Linux BaseOS EUS (v.9.4)Red Hat Ceph Storage 4Red Hat OpenShift Container Platform 4.13Red Hat OpenShift Container Platform 4.12Red Hat Enterprise Linux BaseOS EUS (v.9.6)Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)Red Hat CodeReady Linux Builder EUS (v.9.4)Red Hat Enterprise Linux AppStream E4S (v.8.6)Red Hat Enterprise Linux AppStream TUS (v.8.6)Red Hat Enterprise Linux AppStream E4S (v.9.0)Red Hat Enterprise Linux BaseOS (v. 9)Red Hat OpenShift Container Platform 4.18Red Hat Enterprise Linux AppStream E4S (v.8.8)Red Hat Enterprise Linux AppStream (v. 8)Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)Red Hat Enterprise Linux BaseOS EUS (v. 10.0)Red Hat OpenShift Container Platform 4.19Red Hat OpenShift Container Platform 4.14Red Hat Ansible Automation Platform 2Red Hat Enterprise Linux AppStream TUS (v.8.8)Red Hat Enterprise Linux AppStream AUS (v.8.4)Red Hat OpenShift Container Platform 4.16Red Hat Hardened ImagesRed Hat CodeReady Linux Builder EUS (v.9.6)
CWE ID-CWE-125
Out-of-bounds Read
CVE-2026-3497
Matching Score-8
Assigner-Canonical Ltd.
ShareView Details
Matching Score-8
Assigner-Canonical Ltd.
CVSS Score-2.7||LOW
EPSS-2.18% / 80.16%
||
7 Day CHG+0.22%
Published-12 Mar, 2026 | 18:27
Updated-30 Jun, 2026 | 12:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the OpenSSH GSSAPI delta included in various Linux distributions. This vulnerability affects the GSSAPI patches added by various Linux distributions and does not affect the OpenSSH upstream project itself. The usage of sshpkt_disconnect() on an error, which does not terminate the process, allows an attacker to send an unexpected GSSAPI message type during the GSSAPI key exchange to the server, which will call the underlying function and continue the execution of the program without setting the related connection variables. As the variables are not initialized to NULL the code later accesses those uninitialized variables, accessing random memory, which could lead to undefined behavior. The recommended workaround is to use ssh_packet_disconnect() instead, which does terminate the process. The impact of the vulnerability depends heavily on the compiler flag hardening configuration.

Action-Not Available
Vendor-Canonical Ltd.UbuntuDebian GNU/LinuxOpenBSDRed Hat, Inc.
Product-opensshdebian_linuxenterprise_linuxubuntu_linuxopensshRed Hat Enterprise Linux BaseOS AUS (v.8.6)Red Hat Enterprise Linux AppStream EUS (v. 10.0)Red Hat Enterprise Linux BaseOS E4S (v.8.6)Red Hat Enterprise Linux AppStream EUS (v.9.6)Red Hat AI Inference Server 3.2Red Hat Enterprise Linux BaseOS E4S (v.8.8)Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)Red Hat Hardened ImagesRed Hat Enterprise Linux 6Red Hat Enterprise Linux AppStream (v. 10)Red Hat OpenShift Container Platform 4.12Red Hat Enterprise Linux BaseOS (v. 10)Red Hat OpenShift Container Platform 4.14Red Hat Update Infrastructure 5Red Hat Enterprise Linux BaseOS AUS (v.8.4)Middleware Containers for OpenShiftOpenShift PipelinesRed Hat Enterprise Linux AppStream TUS (v.8.6)Red Hat OpenShift Container Platform 4.17Red Hat OpenShift Container Platform 4.13Red Hat Enterprise Linux BaseOS E4S (v.9.2)Red Hat Enterprise Linux AppStream EUS (v.9.4)Red Hat Advanced Cluster Management for Kubernetes 2Red Hat Enterprise Linux BaseOS EUS (v.9.4)Red Hat OpenShift Container Platform 4.19Red Hat Enterprise Linux BaseOS (v. 8)Red Hat OpenShift Container Platform 4.18Red Hat OpenShift Container Platform 4.16Red Hat Enterprise Linux AppStream AUS (v.8.6)Red Hat Enterprise Linux AppStream E4S (v.8.6)Red Hat Enterprise Linux 7Multicluster Engine for KubernetesRed Hat Enterprise Linux AppStream TUS (v.8.8)Red Hat Enterprise Linux AppStream (v. 8)Red Hat Enterprise Linux AppStream (v. 9)Red Hat Enterprise Linux BaseOS TUS (v.8.8)Red Hat Enterprise Linux BaseOS E4S (v.9.0)Red Hat OpenShift Container Platform 4.15Red Hat Enterprise Linux AppStream E4S (v.9.2)Red Hat Enterprise Linux BaseOS EUS (v. 10.0)Red Hat Enterprise Linux BaseOS (v. 9)Red Hat Enterprise Linux BaseOS TUS (v.8.6)Red Hat Enterprise Linux AppStream E4S (v.8.8)Red Hat Enterprise Linux BaseOS EUS (v.9.6)Red Hat Enterprise Linux AppStream AUS (v.8.4)Red Hat Enterprise Linux AppStream E4S (v.9.0)Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)Red Hat AI Inference Server 3.3
CWE ID-CWE-824
Access of Uninitialized Pointer
CWE ID-CWE-908
Use of Uninitialized Resource
CVE-2026-35091
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-8.2||HIGH
EPSS-0.87% / 54.30%
||
7 Day CHG~0.00%
Published-01 Apr, 2026 | 13:18
Updated-29 May, 2026 | 16:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Corosync: corosync: denial of service and information disclosure via crafted udp packet

A flaw was found in Corosync. A remote unauthenticated attacker can exploit a wrong return value vulnerability in the Corosync membership commit token sanity check by sending a specially crafted User Datagram Protocol (UDP) packet. This can lead to an out-of-bounds read, causing a denial of service (DoS) and potentially disclosing limited memory contents

Action-Not Available
Vendor-corosyncRed Hat, Inc.
Product-enterprise_linuxopenshiftcorosyncRed Hat Enterprise Linux 7 Extended Lifecycle SupportRed Hat Enterprise Linux 9.6 Extended Update SupportRed Hat Enterprise Linux 9.0 Update Services for SAP SolutionsRed Hat Enterprise Linux 8.8 Update Services for SAP SolutionsRed Hat Enterprise Linux 9.2 Update Services for SAP SolutionsRed Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-OnRed Hat Enterprise Linux 8.6 Update Services for SAP SolutionsRed Hat OpenShift Container Platform 4Red Hat Enterprise Linux 8Red Hat Enterprise Linux 10.0 Extended Update SupportRed Hat Enterprise Linux 9.4 Extended Update SupportRed Hat Enterprise Linux 8.6 Telecommunications Update ServiceRed Hat Enterprise Linux 8.8 Telecommunications Update ServiceRed Hat Enterprise Linux 10Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update SupportRed Hat Enterprise Linux 9Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
CWE ID-CWE-253
Incorrect Check of Function Return Value
CVE-2026-34045
Matching Score-8
Assigner-GitHub, Inc.
ShareView Details
Matching Score-8
Assigner-GitHub, Inc.
CVSS Score-8.2||HIGH
EPSS-0.47% / 37.59%
||
7 Day CHG+0.11%
Published-07 Apr, 2026 | 20:52
Updated-30 Jun, 2026 | 12:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Podman Desktop WebView Server Exposed

Podman Desktop is a graphical tool for developing on containers and Kubernetes. Prior to 1.26.2, an unauthenticated HTTP server exposed by Podman Desktop allows any network attacker to remotely trigger denial-of-service conditions and extract sensitive information. By abusing missing connection limits and timeouts, an attacker can exhaust file descriptors and kernel memory, leading to application crash or full host freeze. Additionally, verbose error responses disclose internal paths and system details (including usernames on Windows), aiding further exploitation. The issue requires no authentication or user interaction and is exploitable over the network. This vulnerability is fixed in 1.26.2.

Action-Not Available
Vendor-podman-desktopThe Linux FoundationRed Hat, Inc.
Product-podman_desktoppodman-desktopRed Hat Build of Podman DesktopRed Hat Build of Podman Desktop - Tech PreviewRed Hat Enterprise Linux 10Red Hat Enterprise Linux Extensions Channel (v. 10)
CWE ID-CWE-209
Generation of Error Message Containing Sensitive Information
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2021-4024
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-6.5||MEDIUM
EPSS-1.06% / 60.31%
||
7 Day CHG~0.00%
Published-23 Dec, 2021 | 19:48
Updated-03 Aug, 2024 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in podman. The `podman machine` function (used to create and manage Podman virtual machine containing a Podman process) spawns a `gvproxy` process on the host system. The `gvproxy` API is accessible on port 7777 on all IP addresses on the host. If that port is open on the host's firewall, an attacker can potentially use the `gvproxy` API to forward ports on the host to ports in the VM, making private services on the VM accessible to the network. This issue could be also used to interrupt the host's services by forwarding all ports to the VM.

Action-Not Available
Vendor-podman_projectn/aRed Hat, Inc.Fedora Project
Product-podmanfedoraenterprise_linuxpodman
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-346
Origin Validation Error
CVE-2026-25794
Matching Score-8
Assigner-GitHub, Inc.
ShareView Details
Matching Score-8
Assigner-GitHub, Inc.
CVSS Score-8.2||HIGH
EPSS-0.42% / 33.81%
||
7 Day CHG+0.08%
Published-24 Feb, 2026 | 00:53
Updated-30 Jun, 2026 | 12:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ImageMagick has heap-buffer-overflow via signed integer overflow in `WriteUHDRImage` when writing UHDR images with large dimensions

ImageMagick is free and open-source software used for editing and manipulating digital images. `WriteUHDRImage` in `coders/uhdr.c` uses `int` arithmetic to compute the pixel buffer size. Prior to version 7.1.2-15, when image dimensions are large, the multiplication overflows 32-bit `int`, causing an undersized heap allocation followed by an out-of-bounds write. This can crash the process or potentially lead to an out of bounds heap write. Version 7.1.2-15 contains a patch.

Action-Not Available
Vendor-ImageMagick Studio LLCRed Hat, Inc.
Product-imagemagickImageMagickRed Hat Enterprise Linux 6Red Hat Enterprise Linux 7
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2026-2369
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.42% / 33.79%
||
7 Day CHG~0.00%
Published-19 Mar, 2026 | 14:20
Updated-28 Apr, 2026 | 21:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Libsoup: libsoup: buffer overread due to integer underflow when handling zero-length resources

A flaw was found in libsoup. An integer underflow vulnerability occurs when processing content with a zero-length resource, leading to a buffer overread. This can allow an attacker to potentially access sensitive information or cause an application level denial of service.

Action-Not Available
Vendor-The GNOME ProjectRed Hat, Inc.
Product-libsoupRed Hat Enterprise Linux 10Red Hat Enterprise Linux 6Red Hat Enterprise Linux 8Red Hat Enterprise Linux 7Red Hat Enterprise Linux 9
CWE ID-CWE-191
Integer Underflow (Wrap or Wraparound)
CVE-2017-10243
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-6.5||MEDIUM
EPSS-2.86% / 85.05%
||
7 Day CHG~0.00%
Published-08 Aug, 2017 | 15:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JAX-WS). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded, JRockit accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 6.5 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L).

Action-Not Available
Vendor-Oracle CorporationRed Hat, Inc.Debian GNU/LinuxNetApp, Inc.
Product-jrockitdebian_linuxjreenterprise_linux_server_tusoncommand_performance_managerenterprise_linux_desktopstorage_replication_adapter_for_clustered_data_ontaponcommand_balancevasa_provider_for_clustered_data_ontapplug-in_for_symantec_netbackuponcommand_unified_managersteelstore_cloud_integrated_storageoncommand_insightenterprise_linux_server_ausactive_iq_unified_managersnapmanagersatellitejdkenterprise_linux_serverenterprise_linux_workstationoncommand_shiftvirtual_storage_consolee-series_santricity_storage_managerenterprise_linux_euscloud_backupe-series_santricity_os_controllerelement_softwareJava
CVE-2021-3482
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-6.5||MEDIUM
EPSS-2.30% / 81.15%
||
7 Day CHG~0.00%
Published-08 Apr, 2021 | 22:06
Updated-03 Aug, 2024 | 16:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in Exiv2 in versions before and including 0.27.4-RC1. Improper input validation of the rawData.size property in Jp2Image::readMetadata() in jp2image.cpp can lead to a heap-based buffer overflow via a crafted JPG image containing malicious EXIF data.

Action-Not Available
Vendor-n/aExiv2Fedora ProjectRed Hat, Inc.Debian GNU/Linux
Product-exiv2debian_linuxfedoraenterprise_linuxexiv2
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-69534
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.57% / 42.84%
||
7 Day CHG+0.10%
Published-05 Mar, 2026 | 00:00
Updated-30 Jun, 2026 | 12:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Python-Markdown version 3.8 contain a vulnerability where malformed HTML-like sequences can cause html.parser.HTMLParser to raise an unhandled AssertionError during Markdown parsing. Because Python-Markdown does not catch this exception, any application that processes attacker-controlled Markdown may crash. This enables remote, unauthenticated Denial of Service in web applications, documentation systems, CI/CD pipelines, and any service that renders untrusted Markdown. The issue was acknowledged by the vendor and fixed in version 3.8.1. This issue causes a remote Denial of Service in any application parsing untrusted Markdown, and can lead to Information Disclosure through uncaught exceptions.

Action-Not Available
Vendor-python-markdownn/aRed Hat, Inc.
Product-markdownn/aRed Hat Developer Hub 1.9Red Hat OpenShift AI (RHOAI)Multicluster Engine for KubernetesRed Hat Developer Hub 1.8Red Hat Ansible Automation Platform 2.6 for RHEL 9Red Hat Enterprise Linux 6Red Hat Enterprise Linux BaseOS (v. 10)Red Hat Ansible Automation Platform 2Red Hat Ansible Automation Platform 2.5 for RHEL 9Red Hat OpenShift Container Platform 4Red Hat Satellite 6.17 for RHEL 9Red Hat Satellite 6.16 for RHEL 9Red Hat Enterprise Linux BaseOS EUS (v. 10.0)Red Hat Enterprise Linux BaseOS (v. 9)Red Hat OpenShift AI 2.25Red Hat Satellite 6.18 for RHEL 9Red Hat Ansible Automation Platform 2.6 for RHEL 10Red Hat OpenShift Dev SpacesRed Hat Satellite 6External Secrets Operator for Red Hat OpenShiftRed Hat Ansible Automation Platform 2.5 for RHEL 8Red Hat Enterprise Linux BaseOS EUS (v.9.6)Red Hat Enterprise Linux BaseOS EUS (v.9.4)Red Hat Enterprise Linux 8Red Hat Satellite 6.16 for RHEL 8
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-617
Reachable Assertion
CVE-2023-1668
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-8.2||HIGH
EPSS-1.22% / 64.89%
||
7 Day CHG~0.00%
Published-10 Apr, 2023 | 00:00
Updated-23 Apr, 2025 | 16:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in openvswitch (OVS). When processing an IP packet with protocol 0, OVS will install the datapath flow without the action modifying the IP header. This issue results (for both kernel and userspace datapath) in installing a datapath flow matching all IP protocols (nw_proto is wildcarded) for this flow, but with an incorrect action, possibly causing incorrect handling of other IP packets with a != 0 IP protocol that matches this dp flow.

Action-Not Available
Vendor-cloudbasen/aDebian GNU/LinuxRed Hat, Inc.
Product-debian_linuxvirtualizationfast_datapathopenshift_container_platformenterprise_linuxopen_vswitchopenstack_platformopenvswitch
CWE ID-CWE-670
Always-Incorrect Control Flow Implementation
CVE-2025-4969
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.73% / 49.73%
||
7 Day CHG+0.01%
Published-21 May, 2025 | 01:44
Updated-30 Jun, 2026 | 11:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Libsoup: off-by-one out-of-bounds read in find_boundary() in soup-multipart.c

A vulnerability was found in the libsoup package. This flaw stems from its failure to correctly verify the termination of multipart HTTP messages. This can allow a remote attacker to send a specially crafted multipart HTTP body, causing the libsoup-consuming server to read beyond its allocated memory boundaries (out-of-bounds read).

Action-Not Available
Vendor-Red Hat, Inc.
Product-Red Hat Enterprise Linux 7Red Hat Enterprise Linux 9Red Hat Enterprise Linux 10Red Hat Enterprise Linux 8Red Hat Enterprise Linux 6
CWE ID-CWE-125
Out-of-bounds Read
CVE-2019-19624
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-1.74% / 74.99%
||
7 Day CHG~0.00%
Published-06 Dec, 2019 | 14:26
Updated-05 Aug, 2024 | 02:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out-of-bounds read was discovered in OpenCV before 4.1.1. Specifically, variable coarsest_scale is assumed to be greater than or equal to finest_scale within the calc()/ocl_calc() functions in dis_flow.cpp. However, this is not true when dealing with small images, leading to an out-of-bounds read of the heap-allocated arrays Ux and Uy.

Action-Not Available
Vendor-opencvn/aRed Hat, Inc.
Product-opencventerprise_linuxn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2026-25646
Matching Score-6
Assigner-GitHub, Inc.
ShareView Details
Matching Score-6
Assigner-GitHub, Inc.
CVSS Score-8.3||HIGH
EPSS-0.95% / 57.06%
||
7 Day CHG+0.02%
Published-10 Feb, 2026 | 17:04
Updated-30 Jun, 2026 | 12:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
LIBPNG has a heap buffer overflow in png_set_quantize

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to 1.6.55, an out-of-bounds read vulnerability exists in the png_set_quantize() API function. When the function is called with no histogram and the number of colors in the palette is more than twice the maximum supported by the user's display, certain palettes will cause the function to enter into an infinite loop that reads past the end of an internal heap-allocated buffer. The images that trigger this vulnerability are valid per the PNG specification. This vulnerability is fixed in 1.6.55.

Action-Not Available
Vendor-libpngpnggroupRed Hat, Inc.
Product-libpnglibpngRed Hat Enterprise Linux BaseOS AUS (v.8.6)Red Hat Enterprise Linux CRB (v. 8)Red Hat Enterprise Linux AppStream EUS (v. 10.0)Red Hat Enterprise Linux BaseOS E4S (v.8.6)Red Hat Enterprise Linux AppStream EUS (v.9.6)Red Hat build of OpenJDK 21Red Hat Enterprise Linux BaseOS E4S (v.8.8)Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)Red Hat OpenJDK 11 ELS for RHEL 9Red Hat Enterprise Linux BaseOS AUS (v. 8.2)Red Hat Hardened ImagesRed Hat Enterprise Linux 10Red Hat Enterprise Linux Server (v. 7 ELS)Red Hat Enterprise Linux 6Red Hat Enterprise Linux AppStream (v. 10)Red Hat OpenShift Container Platform 4.12Red Hat Enterprise Linux BaseOS (v. 10)Red Hat Enterprise Linux Server Optional (v. 7 ELS)Red Hat OpenShift Container Platform 4.14Red Hat Enterprise Linux BaseOS AUS (v.8.4)Red Hat Ceph Storage 8Red Hat OpenJDK 11 ELS for RHEL 7Red Hat Enterprise Linux AppStream TUS (v.8.6)Red Hat OpenShift Container Platform 4.17Red Hat OpenShift Container Platform 4.13Red Hat Enterprise Linux BaseOS E4S (v.9.2)Red Hat Enterprise Linux AppStream EUS (v.9.4)OPENJDK ELS 11.0.31Red Hat Enterprise Linux BaseOS EUS (v.9.4)Red Hat OpenShift Container Platform 4.19Red Hat Enterprise Linux BaseOS (v. 8)Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)Red Hat OpenShift Container Platform 4.18Red Hat build of OpenJDK 25Red Hat OpenShift Container Platform 4.16Red Hat Enterprise Linux AppStream AUS (v.8.6)Red Hat Enterprise Linux AppStream E4S (v.8.6)Red Hat Discovery 2Red Hat build of OpenJDK 1.8Red Hat Enterprise Linux 7Red Hat Enterprise Linux 9Red Hat Enterprise Linux AppStream TUS (v.8.8)Red Hat OpenJDK 11 ELS for RHEL 8Red Hat Enterprise Linux AppStream (v. 8)Red Hat Enterprise Linux AppStream (v. 9)Red Hat Enterprise Linux BaseOS TUS (v.8.8)Red Hat Enterprise Linux BaseOS E4S (v.9.0)Red Hat CodeReady Linux Builder EUS (v.9.4)Red Hat OpenShift Container Platform 4.15Red Hat Enterprise Linux AppStream E4S (v.9.2)Red Hat Enterprise Linux AppStream AUS (v. 8.2)Red Hat Enterprise Linux BaseOS EUS (v. 10.0)Red Hat Enterprise Linux BaseOS (v. 9)Red Hat Enterprise Linux BaseOS TUS (v.8.6)Red Hat Enterprise Linux AppStream E4S (v.8.8)Red Hat CodeReady Linux Builder EUS (v.9.6)Red Hat Enterprise Linux BaseOS EUS (v.9.6)Red Hat Enterprise Linux 8Red Hat Build of OpenJDK 17.0.9Red Hat Enterprise Linux AppStream AUS (v.8.4)Red Hat Enterprise Linux AppStream E4S (v.9.0)Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)Red Hat AI Inference Server 3.3
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-126
Buffer Over-read
CVE-2024-31081
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-7.3||HIGH
EPSS-0.51% / 39.92%
||
7 Day CHG~0.00%
Published-04 Apr, 2024 | 13:48
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Xorg-x11-server: heap buffer overread/data leakage in procxipassivegrabdevice

A heap-based buffer over-read vulnerability was found in the X.org server's ProcXIPassiveGrabDevice() function. This issue occurs when byte-swapped length values are used in replies, potentially leading to memory leakage and segmentation faults, particularly when triggered by a client with a different endianness. This vulnerability could be exploited by an attacker to cause the X server to read heap memory values and then transmit them back to the client until encountering an unmapped page, resulting in a crash. Despite the attacker's inability to control the specific memory copied into the replies, the small length values typically stored in a 32-bit integer can result in significant attempted out-of-bounds reads.

Action-Not Available
Vendor-Red Hat, Inc.
Product-Red Hat Enterprise Linux 8.8 Extended Update SupportRed Hat Enterprise Linux 9Red Hat Enterprise Linux 8.2 Telecommunications Update ServiceRed Hat Enterprise Linux 7Red Hat Enterprise Linux 6Red Hat Enterprise Linux 9.2 Extended Update SupportRed Hat Enterprise Linux 8.4 Update Services for SAP SolutionsRed Hat Enterprise Linux 8Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update SupportRed Hat Enterprise Linux 10Red Hat Enterprise Linux 8.6 Extended Update SupportRed Hat Enterprise Linux 8.4 Telecommunications Update ServiceRed Hat Enterprise Linux 9.0 Extended Update SupportRed Hat Enterprise Linux 8.2 Advanced Update SupportRed Hat Enterprise Linux 6 Extended Lifecycle Support - EXTENSIONRed Hat Enterprise Linux 8.2 Update Services for SAP Solutions
CWE ID-CWE-126
Buffer Over-read
CVE-2024-31080
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-7.3||HIGH
EPSS-0.51% / 39.92%
||
7 Day CHG~0.00%
Published-04 Apr, 2024 | 13:47
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Xorg-x11-server: heap buffer overread/data leakage in procxigetselectedevents

A heap-based buffer over-read vulnerability was found in the X.org server's ProcXIGetSelectedEvents() function. This issue occurs when byte-swapped length values are used in replies, potentially leading to memory leakage and segmentation faults, particularly when triggered by a client with a different endianness. This vulnerability could be exploited by an attacker to cause the X server to read heap memory values and then transmit them back to the client until encountering an unmapped page, resulting in a crash. Despite the attacker's inability to control the specific memory copied into the replies, the small length values typically stored in a 32-bit integer can result in significant attempted out-of-bounds reads.

Action-Not Available
Vendor-Red Hat, Inc.
Product-Red Hat Enterprise Linux 8.8 Extended Update SupportRed Hat Enterprise Linux 9Red Hat Enterprise Linux 8.2 Telecommunications Update ServiceRed Hat Enterprise Linux 7Red Hat Enterprise Linux 6Red Hat Enterprise Linux 9.2 Extended Update SupportRed Hat Enterprise Linux 8.4 Update Services for SAP SolutionsRed Hat Enterprise Linux 8Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update SupportRed Hat Enterprise Linux 10Red Hat Enterprise Linux 8.6 Extended Update SupportRed Hat Enterprise Linux 8.4 Telecommunications Update ServiceRed Hat Enterprise Linux 9.0 Extended Update SupportRed Hat Enterprise Linux 8.2 Advanced Update SupportRed Hat Enterprise Linux 6 Extended Lifecycle Support - EXTENSIONRed Hat Enterprise Linux 8.2 Update Services for SAP Solutions
CWE ID-CWE-126
Buffer Over-read
CVE-2019-11036
Matching Score-6
Assigner-PHP Group
ShareView Details
Matching Score-6
Assigner-PHP Group
CVSS Score-4.8||MEDIUM
EPSS-7.03% / 93.40%
||
7 Day CHG+0.19%
Published-03 May, 2019 | 19:28
Updated-16 Sep, 2024 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Heap over-read in PHP EXIF extension

When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.29, 7.2.x below 7.2.18 and 7.3.x below 7.3.5 can be caused to read past allocated buffer in exif_process_IFD_TAG function. This may lead to information disclosure or crash.

Action-Not Available
Vendor-Debian GNU/LinuxRed Hat, Inc.The PHP GroupCanonical Ltd.openSUSEFedora Project
Product-ubuntu_linuxphpdebian_linuxsoftware_collectionsfedoraleapPHP
CWE ID-CWE-126
Buffer Over-read
CWE ID-CWE-125
Out-of-bounds Read
CVE-2026-44185
Matching Score-6
Assigner-Apache Software Foundation
ShareView Details
Matching Score-6
Assigner-Apache Software Foundation
CVSS Score-7.3||HIGH
EPSS-0.60% / 44.30%
||
7 Day CHG+0.15%
Published-08 Jun, 2026 | 15:22
Updated-02 Jul, 2026 | 12:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache HTTP Server: Stack Buffer Over-Read in mod_ssl OCSP `send_request`

Buffer Over-read vulnerability in Apache HTTP Server via outbound OCSP requests to an attacker controlled OCSP server This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67. Users are recommended to upgrade to version 2.4.68, which fixes the issue.

Action-Not Available
Vendor-Red Hat, Inc.The Apache Software Foundation
Product-http_serverApache HTTP ServerRed Hat Enterprise Linux 9Red Hat Enterprise Linux 7Red Hat Enterprise Linux 6Red Hat Enterprise Linux 8Red Hat Enterprise Linux AppStream (v. 10)Red Hat Hardened Images
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-126
Buffer Over-read
CVE-2026-28364
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.9||HIGH
EPSS-0.21% / 11.24%
||
7 Day CHG+0.03%
Published-27 Feb, 2026 | 03:54
Updated-30 Jun, 2026 | 12:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In OCaml before 4.14.3 and 5.x before 5.4.1, a buffer over-read in Marshal deserialization (runtime/intern.c) enables remote code execution through a multi-phase attack chain. The vulnerability stems from missing bounds validation in the readblock() function, which performs unbounded memcpy() operations using attacker-controlled lengths from crafted Marshal data.

Action-Not Available
Vendor-ocamlOCamlRed Hat, Inc.
Product-ocamlOCamlRed Hat Enterprise Linux 7Red Hat Hardened ImagesRed Hat Enterprise Linux 9Red Hat Enterprise Linux 10Red Hat Enterprise Linux 8Red Hat Enterprise Linux 6
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-126
Buffer Over-read
CVE-2017-7668
Matching Score-6
Assigner-Apache Software Foundation
ShareView Details
Matching Score-6
Assigner-Apache Software Foundation
CVSS Score-7.5||HIGH
EPSS-57.47% / 98.96%
||
7 Day CHG~0.00%
Published-20 Jun, 2017 | 01:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The HTTP strict parsing changes added in Apache httpd 2.2.32 and 2.4.24 introduced a bug in token list parsing, which allows ap_find_token() to search past the end of its input string. By maliciously crafting a sequence of request headers, an attacker may be able to cause a segmentation fault, or to force ap_find_token() to return an incorrect value.

Action-Not Available
Vendor-Apple Inc.Oracle CorporationThe Apache Software FoundationRed Hat, Inc.Debian GNU/LinuxNetApp, Inc.
Product-enterprise_linux_eusdebian_linuxenterprise_linux_serverenterprise_linux_workstationmac_os_xenterprise_linux_server_tusenterprise_linux_desktopclustered_data_ontapsecure_global_desktopenterprise_linux_server_ausoncommand_unified_managerstoragegridhttp_serverApache HTTP Server
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-126
Buffer Over-read
CVE-2026-11787
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-0.18% / 7.41%
||
7 Day CHG-0.03%
Published-09 Jun, 2026 | 13:02
Updated-30 Jun, 2026 | 09:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
389-ds-base: 389-ds-base: heap buffer over-read in ldap_utf8prev() via str2simple filter parsing

A flaw was found in 389 Directory Server. The ldap_utf8prev() function reads bytes before the start of a buffer without bounds checking, causing a heap buffer over-read in string filter parsing that may influence internal filter processing behavior.

Action-Not Available
Vendor-Red Hat, Inc.
Product-directory_server389_directory_serverenterprise_linuxRed Hat Directory Server 11Red Hat Directory Server 13Red Hat Enterprise Linux 7Red Hat Enterprise Linux 9Red Hat Enterprise Linux 6Red Hat Enterprise Linux 10Red Hat Enterprise Linux 8Red Hat Directory Server 12
CWE ID-CWE-126
Buffer Over-read
CVE-2024-31082
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-7.3||HIGH
EPSS-0.34% / 25.77%
||
7 Day CHG~0.00%
Published-04 Apr, 2024 | 13:48
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Xorg-x11-server: heap buffer overread/data leakage in procappledricreatepixmap

A heap-based buffer over-read vulnerability was found in the X.org server's ProcAppleDRICreatePixmap() function. This issue occurs when byte-swapped length values are used in replies, potentially leading to memory leakage and segmentation faults, particularly when triggered by a client with a different endianness. This vulnerability could be exploited by an attacker to cause the X server to read heap memory values and then transmit them back to the client until encountering an unmapped page, resulting in a crash. Despite the attacker's inability to control the specific memory copied into the replies, the small length values typically stored in a 32-bit integer can result in significant attempted out-of-bounds reads.

Action-Not Available
Vendor-Red Hat, Inc.
Product-Red Hat Enterprise Linux 10Red Hat Enterprise Linux 9Red Hat Enterprise Linux 7Red Hat Enterprise Linux 6Red Hat Enterprise Linux 8
CWE ID-CWE-126
Buffer Over-read
CVE-2026-6238
Matching Score-4
Assigner-GNU C Library
ShareView Details
Matching Score-4
Assigner-GNU C Library
CVSS Score-6.5||MEDIUM
EPSS-0.31% / 22.90%
||
7 Day CHG~0.00%
Published-28 Apr, 2026 | 16:43
Updated-19 Jun, 2026 | 21:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Buffer overread in ns_printrrf with corrupted RDATA field

The deprecated functions ns_printrrf, ns_printrr and fp_nquery in the GNU C Library version 2.0.1 to version 2.43 fail to validate the RDATA content against the RDATA length in a DNS response when processing A6, CERT, LOC, TKEY or TSIG records, which may allow an attacker to craft a DNS response, causing a target application to crash or read uninitialized memory. These functions are for application debugging only and hence not in the path of code executed by the DNS resolver. Further, they have been deprecated since version 2.34 and should not be used by any new applications. Applications should consider porting away from these interfaces since they may be removed in future versions.

Action-Not Available
Vendor-The GNU C LibraryGNU
Product-glibcglibc
CWE ID-CWE-126
Buffer Over-read
CVE-2024-21458
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.21% / 11.61%
||
7 Day CHG~0.00%
Published-01 Jul, 2024 | 14:17
Updated-01 Aug, 2024 | 22:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Buffer Over-read in WLAN HOST

Information disclosure while handling SA query action frame.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qcn5024_firmwareqam8255p_firmwareqcn9070qca8337qam8650pqfw7124ipq8173_firmwareqam8775pqcf8001qamsrv1mqcn6224_firmwareqcn5124qca4024_firmwareqca8082qcn9072qca8386immersive_home_318_platform_firmwareipq8078aipq5028_firmwareqca6595au_firmwareipq6000qcn5152_firmwareqca0000_firmwareqca6584au_firmwareqcn9000_firmwareipq9554qamsrv1hqca6554a_firmwareimmersive_home_216_platformipq8076aimmersive_home_316_platformimmersive_home_316_platform_firmwareqamsrv1h_firmwareqca8386_firmwareqcn6024_firmwareqca8084_firmwareimmersive_home_318_platformipq8074aqcn6412qcn5124_firmwareqca8082_firmwaresa9000p_firmwareqca6574au_firmwareqcn5122_firmwareqcn5164_firmwareqcn6422_firmwareqca6595auqca8081_firmwareqcn6023_firmwareqfw7114sa7255psdx55_firmwareipq5010qca6564au_firmwareqca6584ausa8620p_firmwaresnapdragon_x65_5g_modem-rf_system_firmwareipq8078a_firmwareqcn9274qca6678aq_firmwaresnapdragon_x72_5g_modem-rf_systemsa8775p_firmwareipq8174ipq5028qca6698aqqcn5052qca0000qcf8001_firmwareipq6010qcn6112_firmwareqcn9074srv1hqca8085sa7775p_firmwaresdx65mwcd9340qcn6132qcn6224sa8255p_firmwaresnapdragon_x75_5g_modem-rf_systemqca8081qcf8000qca6698aq_firmwareipq8071aqcn6023sa7775psdx65m_firmwareipq5312ipq8071a_firmwaresnapdragon_auto_5g_modem-rf_gen_2immersive_home_3210_platformqca8085_firmwareipq5300qam8775p_firmwareqca9888_firmwareqcn6122qca6696_firmwaresa8255psa8770p_firmwaresnapdragon_auto_5g_modem-rf_gen_2_firmwareipq9008_firmwareipq9570qcn5154_firmwarear8035csr8811qcc710_firmwareqcn9100_firmwareipq5010_firmwareipq8074a_firmwareqcn5022_firmwareimmersive_home_216_platform_firmwaresa8770pqca8337_firmwareqcn9000ipq8072aqcf8000_firmwareqca6554aipq8076a_firmwareqca6595ipq8078qca6564auqca8084ipq8173ipq9008qcn5164immersive_home_326_platform_firmwareqcn6122_firmwareqca6574qcn6402_firmwarecsr8811_firmwareqcn6274qcn6422ipq9554_firmwaresnapdragon_x72_5g_modem-rf_system_firmwareqcn5154qca8075_firmwareqca6574aqcn5024qca9889qcn6132_firmwareqca9888qcn5052_firmwareqcn9274_firmwareqcc2076_firmwareipq8070a_firmwareqfw7114_firmwareqcc2073_firmwareipq6018_firmwareipq8076_firmwaresa8650pqca6574_firmwaresa9000pwcd9340_firmwareqcn6112ipq8076qca6574a_firmwareqcn5152ipq6028sa8775pqcn9024ipq9574_firmwareimmersive_home_3210_platform_firmwareipq5302fastconnect_7800qcn9100qcn6274_firmwareqca6678aqsnapdragon_x65_5g_modem-rf_systemipq5300_firmwareipq8078_firmwareipq9570_firmwareqcn9070_firmwaresa8650p_firmwaresnapdragon_x75_5g_modem-rf_system_firmwaresrv1h_firmwareipq6028_firmwareipq8072a_firmwareqcn6432_firmwareipq5312_firmwareqca6574auqca9889_firmwareipq9574qcn5122qcn9024_firmwareipq8174_firmwaresa7255p_firmwarefastconnect_7800_firmwaresa8620pqcn6412_firmwareipq5332_firmwareipq5332ipq5302_firmwareimmersive_home_326_platformqamsrv1m_firmwareipq6018qcn5022srv1m_firmwareqam8650p_firmwareqcc710ipq6010_firmwareimmersive_home_214_platformqca6595_firmwareqca6696immersive_home_214_platform_firmwareqca4024sdx55qca8075qcn6402qcn9022_firmwareqcn6024qcn9022qcc2076ipq8070aqcn9072_firmwareipq6000_firmwaresrv1mqcn9074_firmwareqfw7124_firmwareqam8255pqcc2073qcn6432ar8035_firmwareSnapdragonqcn5024_firmwareqam8255p_firmwareqca8337_firmwareqcf8000_firmwareipq8076a_firmwareipq8173_firmwareqcn6224_firmwareqca4024_firmwareimmersive_home_326_platform_firmwareqcn6122_firmwareqcn6402_firmwareimmersive_home_318_platform_firmwarecsr8811_firmwareipq5028_firmwareqca6595au_firmwareipq9554_firmwaresnapdragon_x72_5g_modem-rf_system_firmwareqca8075_firmwareqcn5152_firmwareqca0000_firmwareqcn6132_firmwareqca6584au_firmwareqcn9000_firmwareqcn5052_firmwareqcn9274_firmwareqcc2076_firmwareipq8070a_firmwareqca6554a_firmwareqfw7114_firmwareqcn6024_firmwareqca8386_firmwareqcc2073_firmwareimmersive_home_316_platform_firmwareqamsrv1h_firmwareipq6018_firmwareipq8076_firmwareqca6574_firmwareqca8084_firmwarewcd9340_firmwareqcn5124_firmwareqca8082_firmwaresa9000p_firmwareqca6574a_firmwareqca6574au_firmwareqcn5122_firmwareqcn5164_firmwareqcn6422_firmwaresdx55_firmwareqca8081_firmwareqcn6023_firmwareipq9574_firmwareimmersive_home_3210_platform_firmwareqca6564au_firmwaresa8620p_firmwaresnapdragon_x65_5g_modem-rf_system_firmwareipq8078a_firmwareqca6678aq_firmwareqcn6274_firmwaresa8775p_firmwareipq5300_firmwareipq8078_firmwareipq9570_firmwareqcn9070_firmwaresa8650p_firmwaresnapdragon_x75_5g_modem-rf_system_firmwareqcf8001_firmwaresrv1h_firmwareipq6028_firmwareipq8072a_firmwareqcn6112_firmwareqcn6432_firmwareipq5312_firmwareqca9889_firmwaresa7775p_firmwareqcn9024_firmwareipq8174_firmwaresa7255p_firmwarefastconnect_7800_firmwaresa8255p_firmwareqcn6412_firmwareipq5332_firmwareipq5302_firmwareqca6698aq_firmwareqamsrv1m_firmwaresdx65m_firmwaresrv1m_firmwareipq8071a_firmwareqam8650p_firmwaresa8770p_firmwareqca8085_firmwareqam8775p_firmwareqca9888_firmwaresnapdragon_auto_5g_modem-rf_gen_2_firmwareipq6010_firmwareqca6696_firmwareqca6595_firmwareipq9008_firmwareqcn5154_firmwareimmersive_home_214_platform_firmwareqcc710_firmwareqcn9100_firmwareqcn9022_firmwareipq5010_firmwareipq8074a_firmwareqcn9072_firmwareipq6000_firmwareqcn9074_firmwareqcn5022_firmwareqfw7124_firmwareimmersive_home_216_platform_firmwarear8035_firmware
CWE ID-CWE-126
Buffer Over-read
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-21457
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.21% / 11.61%
||
7 Day CHG~0.00%
Published-01 Jul, 2024 | 14:17
Updated-01 Aug, 2024 | 22:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Buffer Over-read in WLAN Host Communication

INformation disclosure while handling Multi-link IE in beacon frame.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qcn5024_firmwareqam8255p_firmwareqcn9070qca8337qam8650pqfw7124ipq8173_firmwareqam8775pqcf8001qamsrv1mqcn6224_firmwareqcn5124qca4024_firmwareqca8082qcn9072qca8386immersive_home_318_platform_firmwareipq8078aipq5028_firmwareqca6595au_firmwareipq6000qcn5152_firmwareqca0000_firmwareqca6584au_firmwareqcn9000_firmwareipq9554qamsrv1hqca6554a_firmwareimmersive_home_216_platformipq8076aimmersive_home_316_platformimmersive_home_316_platform_firmwareqamsrv1h_firmwareqca8386_firmwareqcn6024_firmwareqca8084_firmwareimmersive_home_318_platformipq8074aqcn6412qcn5124_firmwareqca8082_firmwaresa9000p_firmwareqca6574au_firmwareqcn5122_firmwareqcn5164_firmwareqcn6422_firmwareqca6595auqca8081_firmwareqcn6023_firmwareqfw7114sa7255psdx55_firmwareipq5010qca6564au_firmwareqca6584ausa8620p_firmwaresnapdragon_x65_5g_modem-rf_system_firmwareipq8078a_firmwareqcn9274qca6678aq_firmwaresnapdragon_x72_5g_modem-rf_systemsa8775p_firmwareipq8174ipq5028qca6698aqqcn5052qca0000qcf8001_firmwareipq6010qcn6112_firmwareqcn9074srv1hqca8085sa7775p_firmwaresdx65mwcd9340qcn6132qcn6224sa8255p_firmwaresnapdragon_x75_5g_modem-rf_systemqca8081qcf8000qca6698aq_firmwareipq8071aqcn6023sa7775psdx65m_firmwareipq5312ipq8071a_firmwaresnapdragon_auto_5g_modem-rf_gen_2immersive_home_3210_platformqca8085_firmwareipq5300qam8775p_firmwareqca9888_firmwareqcn6122qca6696_firmwaresa8255psa8770p_firmwaresnapdragon_auto_5g_modem-rf_gen_2_firmwareipq9008_firmwareipq9570qcn5154_firmwarear8035csr8811qcc710_firmwareqcn9100_firmwareipq5010_firmwareipq8074a_firmwareqcn5022_firmwareimmersive_home_216_platform_firmwaresa8770pqca8337_firmwareqcn9000ipq8072aqcf8000_firmwareqca6554aipq8076a_firmwareqca6595ipq8078qca6564auqca8084ipq8173ipq9008qcn5164immersive_home_326_platform_firmwareqcn6122_firmwareqca6574qcn6402_firmwarecsr8811_firmwareqcn6274qcn6422ipq9554_firmwaresnapdragon_x72_5g_modem-rf_system_firmwareqcn5154qca8075_firmwareqca6574aqcn5024qca9889qcn6132_firmwareqca9888qcn5052_firmwareqcn9274_firmwareqcc2076_firmwareipq8070a_firmwareqfw7114_firmwareqcc2073_firmwareipq6018_firmwareipq8076_firmwaresa8650pqca6574_firmwaresa9000pwcd9340_firmwareqcn6112ipq8076qca6574a_firmwareqcn5152ipq6028sa8775pqcn9024ipq9574_firmwareimmersive_home_3210_platform_firmwareipq5302fastconnect_7800qcn9100qcn6274_firmwareqca6678aqsnapdragon_x65_5g_modem-rf_systemipq5300_firmwareipq8078_firmwareipq9570_firmwareqcn9070_firmwaresa8650p_firmwaresnapdragon_x75_5g_modem-rf_system_firmwaresrv1h_firmwareipq6028_firmwareipq8072a_firmwareqcn6432_firmwareipq5312_firmwareqca6574auqca9889_firmwareipq9574qcn5122qcn9024_firmwareipq8174_firmwaresa7255p_firmwarefastconnect_7800_firmwaresa8620pqcn6412_firmwareipq5332_firmwareipq5332ipq5302_firmwareimmersive_home_326_platformqamsrv1m_firmwareipq6018qcn5022srv1m_firmwareqam8650p_firmwareqcc710ipq6010_firmwareimmersive_home_214_platformqca6595_firmwareqca6696immersive_home_214_platform_firmwareqca4024sdx55qca8075qcn6402qcn9022_firmwareqcn6024qcn9022qcc2076ipq8070aqcn9072_firmwareipq6000_firmwaresrv1mqcn9074_firmwareqfw7124_firmwareqam8255pqcc2073qcn6432ar8035_firmwareSnapdragonqcn5024_firmwareqam8255p_firmwareqca8337_firmwareqcf8000_firmwareipq8076a_firmwareipq8173_firmwareqcn6224_firmwareqca4024_firmwareimmersive_home_326_platform_firmwareqcn6122_firmwareqcn6402_firmwareimmersive_home_318_platform_firmwarecsr8811_firmwareipq5028_firmwareqca6595au_firmwareipq9554_firmwaresnapdragon_x72_5g_modem-rf_system_firmwareqca8075_firmwareqcn5152_firmwareqca0000_firmwareqcn6132_firmwareqca6584au_firmwareqcn9000_firmwareqcn5052_firmwareqcn9274_firmwareqcc2076_firmwareipq8070a_firmwareqca6554a_firmwareqfw7114_firmwareqcn6024_firmwareqca8386_firmwareqcc2073_firmwareimmersive_home_316_platform_firmwareqamsrv1h_firmwareipq6018_firmwareipq8076_firmwareqca6574_firmwareqca8084_firmwarewcd9340_firmwareqcn5124_firmwareqca8082_firmwaresa9000p_firmwareqca6574a_firmwareqca6574au_firmwareqcn5122_firmwareqcn5164_firmwareqcn6422_firmwaresdx55_firmwareqca8081_firmwareqcn6023_firmwareipq9574_firmwareimmersive_home_3210_platform_firmwareqca6564au_firmwaresa8620p_firmwaresnapdragon_x65_5g_modem-rf_system_firmwareipq8078a_firmwareqca6678aq_firmwareqcn6274_firmwaresa8775p_firmwareipq5300_firmwareipq8078_firmwareipq9570_firmwareqcn9070_firmwaresa8650p_firmwaresnapdragon_x75_5g_modem-rf_system_firmwareqcf8001_firmwaresrv1h_firmwareipq6028_firmwareipq8072a_firmwareqcn6112_firmwareqcn6432_firmwareipq5312_firmwareqca9889_firmwaresa7775p_firmwareqcn9024_firmwareipq8174_firmwaresa7255p_firmwarefastconnect_7800_firmwaresa8255p_firmwareqcn6412_firmwareipq5332_firmwareipq5302_firmwareqca6698aq_firmwareqamsrv1m_firmwaresdx65m_firmwaresrv1m_firmwareipq8071a_firmwareqam8650p_firmwaresa8770p_firmwareqca8085_firmwareqam8775p_firmwareqca9888_firmwaresnapdragon_auto_5g_modem-rf_gen_2_firmwareipq6010_firmwareqca6696_firmwareqca6595_firmwareipq9008_firmwareqcn5154_firmwareimmersive_home_214_platform_firmwareqcc710_firmwareqcn9100_firmwareqcn9022_firmwareipq5010_firmwareipq8074a_firmwareqcn9072_firmwareipq6000_firmwareqcn9074_firmwareqcn5022_firmwareqfw7124_firmwareimmersive_home_216_platform_firmwarear8035_firmware
CWE ID-CWE-126
Buffer Over-read
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-21467
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.26% / 17.66%
||
7 Day CHG~0.00%
Published-05 Aug, 2024 | 14:21
Updated-26 Nov, 2024 | 15:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Buffer Over-read in WLAN Host Communication

Information disclosure while handling beacon probe frame during scan entry generation in client side.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qam8255p_firmwareipq8173_firmwareqca6431_firmwareqcf8001qam8775pqamsrv1mqcn5124qca4024_firmwareimmersive_home_318_platform_firmwareipq8078aipq5028_firmwareqca6595au_firmwaresnapdragon_865\+_5g_mobile_platform_\(sm8250-ab\)_firmwareqca6554a_firmwareqcn6024_firmwareqca8386_firmwareipq8076aimmersive_home_316_platform_firmwareqca8084_firmwareqcn6412qcn5164_firmwareqca6574au_firmwareqcn6422_firmwareqca8081_firmwareipq8078a_firmwareqca6678aq_firmwareipq5028sa4155p_firmwareqca6698aqqcf8001_firmwareqca0000ipq6010sdx65msa7775p_firmwareqcn6432snapdragon_870_5g_mobile_platform_\(sm8250-ac\)qcn6132sw5100qca6436sa6155pqcf8000qca6698aq_firmwareipq5312snapdragon_auto_5g_modem-rf_gen_2_firmwareqcn6122sa8255pqca9888_firmwareqam8775p_firmwareqca6431qca6696_firmwareipq9008_firmwareqcn5154_firmwarewsa8830_firmwarewcn3988sa8195p_firmwaresnapdragon_865_5g_mobile_platform_firmwarefastconnect_6800_firmwareqcn5022_firmwareimmersive_home_216_platform_firmwaresa8770pwcd9380_firmwareipq8072asw5100pipq8076a_firmwaresnapdragon_w5\+_gen_1_wearable_platformqca8084qca6564auipq8078ipq8173ipq9008qcn5164snapdragon_870_5g_mobile_platform_\(sm8250-ac\)_firmwareqca6574qcn6402_firmwarecsr8811_firmwarewcd9380ipq9554_firmwareqcn5024wcn3980qcn5052_firmwareqcn9274_firmwareqcc2073_firmwareipq6018_firmwarewsa8815qcn6112qca6426_firmwareipq6028qcn9024ipq9574_firmwarewcn3980_firmwareimmersive_home_3210_platform_firmwareipq5302qca6421_firmwaresnapdragon_x65_5g_modem-rf_systemqca6678aqsa8650p_firmwareipq8078_firmwarefastconnect_6900snapdragon_865\+_5g_mobile_platform_\(sm8250-ab\)fastconnect_6900_firmwareqcn9024_firmwaresa7255p_firmwareipq8174_firmwaresa8620pqcn6412_firmwaresw5100p_firmwareipq5332ipq5302_firmwareqamsrv1m_firmwareimmersive_home_326_platformipq6018immersive_home_214_platformqca6595_firmwareqca6391_firmwaresa4150p_firmwareimmersive_home_214_platform_firmwareqca4024sdx55qcn6402sa8155psrv1mqam8255psa4155pqcn5024_firmwarewsa8830qcn9070qam8650psnapdragon_865_5g_mobile_platformqcn9072qca8082qca8386ipq6000qcn5152_firmwareqca0000_firmwareqca6426qca6584au_firmwareqcn9000_firmwareqamsrv1hipq9554wcd9385_firmwareimmersive_home_216_platformimmersive_home_316_platformqamsrv1h_firmwareipq8074aimmersive_home_318_platformqcn5124_firmwaresa9000p_firmwaresnapdragon_x55_5g_modem-rf_systemqca8082_firmwaresdx55_firmwaresa7255pqcn5122_firmwareqca6595auqcn6023_firmwareqca6436_firmwaresnapdragon_w5\+_gen_1_wearable_platform_firmwareipq5010qca6564au_firmwaresa8620p_firmwaresa6155p_firmwareqca6584ausnapdragon_x65_5g_modem-rf_system_firmwareqcn9274sa8775p_firmwareipq8174qcn5052qcn6112_firmwarewcn3988_firmwareqcn9074srv1hqca8085qca6421sa8195pwsa8810_firmwaresa8255p_firmwareqca8081snapdragon_auto_5g_modem-rf_gen_2qcn6023sdx65m_firmwaresa7775pipq8071aipq8071a_firmwareimmersive_home_3210_platformwcd9385sa8770p_firmwareqca8085_firmwareipq5300ipq9570csr8811qcn9100_firmwareipq5010_firmwarewsa8815_firmwareipq8074a_firmwarewsa8835_firmwaresa4150pqcn9000qcf8000_firmwareqca6554afastconnect_6800qca6595immersive_home_326_platform_firmwarewsa8835qcn6122_firmwareqcn6422qcn5154qca8075_firmwareqca6574aqca9889qcn6132_firmwareqca9888qcc2076_firmwareipq8070a_firmwareipq8076_firmwaresa8650psa9000pqca6574_firmwareipq8076qca6175asa8775pqcn5152qca6574a_firmwaresnapdragon_x55_5g_modem-rf_system_firmwareqca6391fastconnect_7800qcn9100ipq5300_firmwareipq9570_firmwareqcn9070_firmwaresrv1h_firmwareipq8072a_firmwareipq6028_firmwareqcn6432_firmwareipq5312_firmwareqca6574ausa8155p_firmwareqca9889_firmwareqcn5122ipq9574fastconnect_7800_firmwarewsa8810ipq5332_firmwaresrv1m_firmwareqcn5022qam8650p_firmwareipq6010_firmwareqca6696qcn9022_firmwareqca8075qcn9022qcn6024qcc2076ipq8070aqcn9072_firmwareipq6000_firmwaresw5100_firmwareqcn9074_firmwareqcc2073qca6175a_firmwareSnapdragonqcn5024_firmwareqam8255p_firmwarewcd9380_firmwareqcf8000_firmwareipq8076a_firmwareipq8173_firmwareqca6431_firmwareqca4024_firmwareimmersive_home_326_platform_firmwareqcn6122_firmwareqcn6402_firmwareimmersive_home_318_platform_firmwarecsr8811_firmwareipq5028_firmwareqca6595au_firmwareipq9554_firmwareqca8075_firmwareqcn5152_firmwareqca0000_firmwareqcn6132_firmwareqca6584au_firmwareqcn9000_firmwareqcn5052_firmwareqcn9274_firmwareqcc2076_firmwareipq8070a_firmwareqca6554a_firmwarewcd9385_firmwareqcn6024_firmwareqca8386_firmwareqcc2073_firmwareimmersive_home_316_platform_firmwareqamsrv1h_firmwareipq6018_firmwareipq8076_firmwareqca6574_firmwareqca8084_firmwareqcn5124_firmwareqca6426_firmwareqca8082_firmwaresa9000p_firmwareqca6574a_firmwareqca6574au_firmwareqcn5122_firmwareqcn5164_firmwareqcn6422_firmwaresdx55_firmwareqca8081_firmwareqcn6023_firmwareipq9574_firmwarewcn3980_firmwaresnapdragon_x55_5g_modem-rf_system_firmwareimmersive_home_3210_platform_firmwareqca6436_firmwareqca6421_firmwareqca6564au_firmwaresa8620p_firmwaresa6155p_firmwaresnapdragon_x65_5g_modem-rf_system_firmwareipq8078a_firmwareqca6678aq_firmwaresa8775p_firmwareipq5300_firmwareipq8078_firmwaresa4155p_firmwareipq9570_firmwareqcn9070_firmwaresa8650p_firmwareqcf8001_firmwarefastconnect_6900_firmwaresrv1h_firmwareipq6028_firmwareipq8072a_firmwareqcn6112_firmwarewcn3988_firmwareqcn6432_firmwareipq5312_firmwareqca9889_firmwaresa8155p_firmwaresa7775p_firmwareqcn9024_firmwareipq8174_firmwaresa7255p_firmwarewsa8810_firmwarefastconnect_7800_firmwaresa8255p_firmwareqcn6412_firmwaresw5100p_firmwareipq5332_firmwareipq5302_firmwareqca6698aq_firmwareqamsrv1m_firmwaresdx65m_firmwaresrv1m_firmwareipq8071a_firmwareqam8650p_firmwaresa8770p_firmwareqca8085_firmwareqam8775p_firmwareqca9888_firmwaresnapdragon_auto_5g_modem-rf_gen_2_firmwareipq6010_firmwareqca6696_firmwareqca6595_firmwareipq9008_firmwareqca6391_firmwareqcn5154_firmwareimmersive_home_214_platform_firmwaresa4150p_firmwareqcn9100_firmwareqcn9022_firmwarewsa8830_firmwareipq5010_firmwareipq8074a_firmwarewsa8815_firmwarewsa8835_firmwareqcn9072_firmwareipq6000_firmwaresa8195p_firmwaresnapdragon_865_5g_mobile_platform_firmwaresw5100_firmwareqcn9074_firmwarefastconnect_6800_firmwareqcn5022_firmwareimmersive_home_216_platform_firmwareqca6175a_firmware
CWE ID-CWE-126
Buffer Over-read
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-21459
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.26% / 17.66%
||
7 Day CHG~0.00%
Published-05 Aug, 2024 | 14:21
Updated-15 Aug, 2025 | 20:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Buffer Over-read in WLAN HOST

Information disclosure while handling beacon or probe response frame in STA.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qcn5124ipq6000_firmwareqamsrv1mqamsrv1hqcn5152_firmwaresrv1h_firmwareqca6431ar8035_firmwaresa8620pipq6028_firmwarewcd9380qcn6132_firmwareqcn6412sd865_5g_firmwareimmersive_home_318_platformipq5332qca6426_firmwaresnapdragon_x65_5g_modem-rf_system_firmwarevideo_collaboration_vc3_platformqcn5154qca6436_firmwareqcn9100_firmwareqcn9000_firmwareipq9570qcn9074qcf8000_firmwareqcc710_firmwareqca6595au_firmwarewcd9370_firmwareimmersive_home_318_platform_firmwareqca4024_firmwareipq5300_firmwaresa7255par9380_firmwareqca6175aqcn6422_firmwareqca9984qca0000ipq8076a_firmwareqfw7114_firmwarear8035snapdragon_auto_5g_modem-rf_gen_2qcn6402qam8650psnapdragon_865\+_5g_mobile_platform_\(sm8250-ab\)qcn6432qcn5164_firmwareipq9554_firmwareqca7500_firmwareipq8068ipq8064_firmwareipq8074asa6155pqcs410_firmwareipq8071a_firmwarewsa8830ipq9008_firmwareqca8075ipq8174qcn6122qca6595ausa8775psrv1mipq8076aipq8078a_firmwareqca9898srv1m_firmwarewcn3988_firmwaresa8650p_firmwareqcs610qca6595snapdragon_x72_5g_modem-rf_system_firmwareqcn5022_firmwarevideo_collaboration_vc1_platformsw5100psxr2130_firmwareqca8337_firmwaresnapdragon_865_5g_mobile_platformqca8084_firmwareipq8072awcd9385qca6426qcn6274_firmwaresnapdragon_xr2_5g_platformimmersive_home_214_platformqcf8001_firmwareimmersive_home_326_platformqca6574au_firmwareipq8064sa6155p_firmwaresa6145p_firmwareqca6678aqqca6175a_firmwareqcn9072_firmwareqca0000_firmwareipq6028qcn6023qca9992sdx65m_firmwareipq5028_firmwaresa4155psa8255pipq8076_firmwaresdx65mqca9980sd865_5gsa8150p_firmwareipq5300qca9886_firmwarefastconnect_6900ipq8173_firmwareqcn6274ipq8070aqca8085ipq8065sa9000pqcn6132qcn5164qcn6024srv1hsa8255p_firmwareqca6421qca6564auqamsrv1m_firmwareqcn5124_firmwareqcn9024_firmwareqcn9274_firmwarewcd9340sa8155pqca6574a_firmwarecsr8811sa8770pipq5312qca9980_firmwarevideo_collaboration_vc1_platform_firmwaresa6150p_firmwareqca9994_firmwareqcn6422qcn5022qca6696_firmwareqca6421_firmwaresa4150p_firmwareqcs410qca8082qcn6224_firmwareqcn9070fastconnect_7800_firmwareqcn9070_firmwareqcn6402_firmwareipq6000qcn5024_firmwareqca8386_firmwareipq5332_firmwareipq6018snapdragon_870_5g_mobile_platform_\(sm8250-ac\)_firmwarewsa8810_firmwaresa8150pqca6391qcc2076qcn6023_firmwareqca7500ipq9574_firmwareqca6431_firmwarewsa8835_firmwarewcd9370fastconnect_6800_firmwareqam8255p_firmwareipq4029ipq9570_firmwareipq6010wcd9385_firmwaresa4150pipq5010_firmwarewcd9340_firmwarewsa8830_firmwareqca6436qamsrv1h_firmwaresa8195p_firmwarear9380wsa8810ipq4019snapdragon_x65_5g_modem-rf_systemqca9992_firmwareqcn5122_firmwareqcn9074_firmwareqcc2073_firmwareipq8078qca6678aq_firmwareqam8295p_firmwareqcn5052qca6391_firmwareqcn5024wcn3950_firmwareimmersive_home_3210_platform_firmwarewcd9341wsa8815_firmwareipq8065_firmwareqca9898_firmwareqcs610_firmwareqcn6432_firmwareqam8775p_firmwareipq8070a_firmwaresnapdragon_870_5g_mobile_platform_\(sm8250-ac\)sdx55_firmwareipq5302sa8155p_firmwareqcn9022snapdragon_w5\+_gen_1_wearable_platform_firmwareqca9990snapdragon_x75_5g_modem-rf_system_firmwareqca8084ipq9554sa4155p_firmwarewsa8835sa8650psa7775pqfw7124_firmwareqca9880snapdragon_xr2_5g_platform_firmwaresxr2130sa7255p_firmwareipq8072a_firmwareqcn6122_firmwarewcn3988qca9888_firmwareqcn5154_firmwareqca8082_firmwareqca6595_firmwaresnapdragon_w5\+_gen_1_wearable_platformsa7775p_firmwareqca9984_firmwareqca9985_firmwareqfw7124wcn3980_firmwaresnapdragon_x55_5g_modem-rf_systemsa8145pipq5312_firmwarewcd9380_firmwaresw5100_firmwareqcn5052_firmwareipq8078aqam8295pqca9985immersive_home_3210_platformsa9000p_firmwareqcn6224qfw7114qca6698aq_firmwareipq8174_firmwaresnapdragon_auto_5g_modem-rfqca9889_firmwareqcn9072qca6584au_firmwareqcc710qca6554aqcn6412_firmwareqca9880_firmwareipq8173ipq5302_firmwareqca6564au_firmwareqca9886qcc2073sa6145pwcn3950qcn6024_firmwaresa8295p_firmwareqca8081_firmwareipq8078_firmwareqcn9024sa8195pqca8085_firmwareqcn5122fastconnect_7800qca9994sa8620p_firmwaresw5100snapdragon_auto_4g_modemsa6150pipq5010qca6574auqca6696wsa8815sw5100p_firmwareqam8255pimmersive_home_326_platform_firmwareqcf8001qca6574snapdragon_865_5g_mobile_platform_firmwareqca6554a_firmwareqcn9274ipq4028qam8775pcsrb31024qca8075_firmwareqcn5152ipq9008qca9889ipq8074a_firmwareipq9574qcn6112snapdragon_x72_5g_modem-rf_systemqcn9022_firmwareqca6698aqipq8076qam8650p_firmwareqcc2076_firmwareipq5028qca6574_firmwarevideo_collaboration_vc3_platform_firmwareimmersive_home_214_platform_firmwaresnapdragon_auto_4g_modem_firmwareipq6018_firmwareqca8386qca6574asnapdragon_x55_5g_modem-rf_system_firmwareimmersive_home_316_platformcsrb31024_firmwarefastconnect_6800qca6584auqcn6112_firmwareqca9888immersive_home_316_platform_firmwareqcn9100ipq4029_firmwareipq4028_firmwarewcn3980sdx55sa8295pipq8071aimmersive_home_216_platformsnapdragon_auto_5g_modem-rf_gen_2_firmwarefastconnect_6900_firmwareqcf8000snapdragon_x75_5g_modem-rf_systemqca4024qca8337ipq8068_firmwaresa8145p_firmwaresa8770p_firmwaresa8775p_firmwareqca8081immersive_home_216_platform_firmwaresnapdragon_865\+_5g_mobile_platform_\(sm8250-ab\)_firmwarewcd9341_firmwarecsr8811_firmwareipq4019_firmwareqca9990_firmwaresnapdragon_auto_5g_modem-rf_firmwareqcn9000ipq6010_firmwareSnapdragonqcn5024_firmwareqam8255p_firmwaresa6150p_firmwaresa8145p_firmwareipq4028_firmwareipq8173_firmwareqca6431_firmwareqcn6224_firmwareqca4024_firmwareqca9880_firmwareimmersive_home_318_platform_firmwarewcn3950_firmwareipq5028_firmwaresa8150p_firmwareqca6595au_firmwaresnapdragon_auto_4g_modem_firmwareqcn5152_firmwareqca0000_firmwareqca6584au_firmwareqcn9000_firmwareqca9984_firmwareqca6554a_firmwarequalcomm_video_collaboration_vc3_platform_firmwarewcd9385_firmwareqcn6024_firmwareqca8386_firmwareimmersive_home_316_platform_firmwareqamsrv1h_firmwareqca8084_firmwareqcn5124_firmwareqam8295p_firmwareqca8082_firmwaresa9000p_firmwareqca6574au_firmwareqcn5122_firmwareqcn5164_firmwareqcn6422_firmwaresdx55_firmwareqca8081_firmwareqcn6023_firmwareqca6436_firmwareqca6564au_firmwaresa8620p_firmwaresa6155p_firmwaresnapdragon_auto_5g_modem-rf_firmwaresnapdragon_x65_5g_modem-rf_system_firmwareipq8078a_firmwareqca6678aq_firmwaresa8775p_firmwareipq4029_firmwaresa4155p_firmwareqcf8001_firmwareqcn6112_firmwarewcn3988_firmwaresa6145p_firmwaresa7775p_firmwarewsa8810_firmwaresa8255p_firmwareqca6698aq_firmwaresdx65m_firmwareipq8071a_firmwaresa8770p_firmwareqca8085_firmwareqam8775p_firmwareipq8068_firmwareqca9888_firmwaresnapdragon_auto_5g_modem-rf_gen_2_firmwareqca6696_firmwaresxr2130_firmwareipq9008_firmwareqcn5154_firmwareqca9898_firmwareqcc710_firmwareqcn9100_firmwarewsa8830_firmwareqca9992_firmwaresd865_5g_firmwareipq5010_firmwareipq8074a_firmwarewsa8815_firmwarewsa8835_firmwaresa8195p_firmwaresnapdragon_865_5g_mobile_platform_firmwarefastconnect_6800_firmwareqcn5022_firmwaresa8295p_firmwareimmersive_home_216_platform_firmwarequalcomm_video_collaboration_vc1_platform_firmwareqca9985_firmwareqca8337_firmwarewcd9380_firmwareqca7500_firmwareqca9980_firmwareqcf8000_firmwareipq8076a_firmwarear9380_firmwareimmersive_home_326_platform_firmwareqcn6122_firmwareipq8065_firmwareqcn6402_firmwarecsr8811_firmwareipq9554_firmwaresnapdragon_x72_5g_modem-rf_system_firmwareqca8075_firmwareipq4019_firmwareqcn6132_firmwareqca9994_firmwareqcn5052_firmwareqcn9274_firmwareqcc2076_firmwareipq8070a_firmwareqfw7114_firmwareqcc2073_firmwareipq6018_firmwareipq8076_firmwareqca6574_firmwarewcd9340_firmwaresnapdragon_xr2_5g_platform_firmwareqca6426_firmwareqca6574a_firmwareipq9574_firmwarewcn3980_firmwaresnapdragon_x55_5g_modem-rf_system_firmwareimmersive_home_3210_platform_firmwareipq8064_firmwareqca6421_firmwareqcn6274_firmwarecsrb31024_firmwareipq5300_firmwareipq8078_firmwareipq9570_firmwareqcn9070_firmwaresa8650p_firmwaresnapdragon_x75_5g_modem-rf_system_firmwarefastconnect_6900_firmwaresrv1h_firmwareipq6028_firmwareipq8072a_firmwareqcn6432_firmwareipq5312_firmwareqca9889_firmwaresa8155p_firmwareqcn9024_firmwareipq8174_firmwaresa7255p_firmwarewcd9341_firmwarefastconnect_7800_firmwareqcn6412_firmwaresw5100p_firmwareipq5332_firmwareqcs610_firmwareipq5302_firmwareqamsrv1m_firmwaresrv1m_firmwareqca9886_firmwareqam8650p_firmwareipq6010_firmwareqca6595_firmwareqca6391_firmwareimmersive_home_214_platform_firmwaresa4150p_firmwarewcd9370_firmwareqcn9022_firmwareqca9990_firmwareqcn9072_firmwareipq6000_firmwaresw5100_firmwareqcn9074_firmwareqcs410_firmwareqfw7124_firmwareqca6175a_firmwarear8035_firmware
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-126
Buffer Over-read
CVE-2024-21456
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.27% / 19.09%
||
7 Day CHG~0.00%
Published-01 Jul, 2024 | 14:17
Updated-21 Aug, 2024 | 14:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Buffer Over-read in WLAN HOST

Information Disclosure while parsing beacon frame in STA.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qam8255p_firmwareqca8337_firmwareqca6554aqca8337qam8650pqfw7124qca6595qca6564auqam8775pqamsrv1mar8035_firmwareqcn6224_firmwareqca6574srv1l_firmwareqcn6274qca6595au_firmwaresnapdragon_x72_5g_modem-rf_system_firmwareqca6574aqca6584au_firmwareqfw7114_firmwareqcc2076_firmwareqamsrv1hqca6554a_firmwareqcc2073_firmwaresa8650pqamsrv1h_firmwaresa9000pqca6574_firmwarewcd9340_firmwaresa9000p_firmwareqca6574a_firmwaresa8775pqca6574au_firmwaresa7255pqca6595auqca8081_firmwareqfw7114fastconnect_7800qca6564au_firmwareqca6584auqca6678aq_firmwaresnapdragon_x72_5g_modem-rf_systemqcn6274_firmwaresa8775p_firmwareqca6678aqsa8650p_firmwareqca6698aqsnapdragon_x75_5g_modem-rf_system_firmwaresrv1h_firmwareqca6574ausrv1hsrv1lsa7775p_firmwarewcd9340sa7255p_firmwareqcn6224fastconnect_7800_firmwaresa8255p_firmwaresnapdragon_x75_5g_modem-rf_systemqca8081qca6698aq_firmwaresnapdragon_auto_5g_modem-rf_gen_2sa7775pqamsrv1m_firmwareqam8620psrv1m_firmwareqam8650p_firmwaresa8770p_firmwaresnapdragon_auto_5g_modem-rf_gen_2_firmwareqam8775p_firmwaresa8255pqcc710qca6696_firmwareqca6595_firmwareqca6696ar8035qcc710_firmwareqcc2076srv1mqam8620p_firmwareqfw7124_firmwareqam8255pqcc2073sa8770pSnapdragonqam8255p_firmwareqca6564au_firmwaresa8620p_firmwareqca8337_firmwareqca6678aq_firmwareqcn6274_firmwaresa8775p_firmwaresa8650p_firmwaresnapdragon_x75_5g_modem-rf_system_firmwaresrv1h_firmwareqcn6224_firmwaresa7775p_firmwaresa7255p_firmwaresrv1l_firmwarefastconnect_7800_firmwareqca6595au_firmwaresnapdragon_x72_5g_modem-rf_system_firmwaresa8255p_firmwareqca6698aq_firmwareqamsrv1m_firmwaresrv1m_firmwareqam8650p_firmwaresa8770p_firmwaresnapdragon_auto_5g_modem-rf_gen_2_firmwareqam8775p_firmwareqca6584au_firmwareqca6696_firmwareqca6595_firmwareqfw7114_firmwareqcc2076_firmwareqca6554a_firmwareqcc2073_firmwareqamsrv1h_firmwareqca6574_firmwarewcd9340_firmwareqcc710_firmwaresa9000p_firmwareqca6574a_firmwareqca6574au_firmwareqca8081_firmwareqam8620p_firmwareqfw7124_firmwarear8035_firmware
CWE ID-CWE-126
Buffer Over-read
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-43537
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.21% / 11.61%
||
7 Day CHG~0.00%
Published-03 Jun, 2024 | 10:05
Updated-11 Aug, 2025 | 15:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Buffer Over-read in WLAN Host

Information disclosure while handling T2LM Action Frame in WLAN Host.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qcm8550_firmwareimmersive_home_214qca8386_firmwarewsa8845_firmwarewsa8832ipq9574qca8082_firmwareqcc2076_firmwareqcn9000_firmwareqca6595qcn9022immersive_home_216ipq6028_firmwareqca8081_firmwarear8035_firmwareqca6696qcn5022_firmwarewsa8830_firmwarewcd9340_firmwareipq5028_firmwarewcd9395_firmwareqcn6024qca4024_firmwareqca0000_firmwareqcc2073_firmwareqcc710_firmwareipq8076ipq9008qca6564auipq6018_firmwareqcn6023ipq9008_firmwareqcn9074qcn5124_firmwarewsa8832_firmwareqca8337_firmwareqca8337qca9888wcd9395ipq6000qcn9013ipq8173ipq8072a_firmwareipq8078aqca6574au_firmwareipq8078a_firmwareipq6010_firmwareqca6574auwcd9390wsa8845h_firmwareqcn6112_firmwareflight_rb5_5gqcn9100_firmwareqcn5122ipq5028qca8085_firmwareqcn9070_firmwareqca6554aqcn6024_firmwareqcn9022_firmwareipq5010_firmwareqcn6132ipq6018qca6584auqcn6274_firmwareqcn9000ssg2115pqcc710qcn6132_firmwareqfw7114_firmwareqca4024qca6595_firmwareqcs7230fastconnect_7800_firmwarefastconnect_6900immersive_home_214_firmwareimmersive_home_326_firmwareqcn5052qfw7114ipq8070awcd9385_firmwareipq9574_firmwarefastconnect_6900_firmwarerobotics_rb5_firmwarewcd9380sxr2230pipq8074a_firmwareipq8076aqcn5164snapdragon_x65_5g_modem-rfimmersive_home_3210qca8075_firmwareqcf8000wsa8845qcn5052_firmwareqca6564au_firmwarecsr8811_firmwaresxr1230pqca8075video_collaboration_vc5_platform_firmwareqca8085ipq6010sdx65m_firmwareqca6595auwsa8840qcs8550_firmwaresnapdragon_8_gen_2_mobile_firmwareqfw7124_firmwarewcd9385qcn9012ipq8070a_firmwareqcn9070qca8084_firmwareqca8084qcs7230_firmwaresxr1230p_firmwarewcd9390_firmwaresnapdragon_8_gen_2_mobileqcn5024sdx65msdx55_firmwareimmersive_home_326ipq8071a_firmwareqcc2076flight_rb5_5g_firmwaressg2125pqca6554a_firmwareqca6574aipq9570snapdragon_8\+_gen_2_mobileipq6028snapdragon_x65_5g_modem-rf_firmwarewcd9340qcn9100qcs8250_firmwarerobotics_rb5qcn6122_firmwareqcn5154_firmwareqcn9013_firmwarevideo_collaboration_vc5_platformsm8550p_firmwareqcm8550qcn5122_firmwareqcn9274ipq8076_firmwareqca6584au_firmwareipq8076a_firmwareqcn5152_firmwareqca6574qcn6274qcn9024qfw7124ipq9570_firmwareqca6391_firmwareqca0000qca6595au_firmwareqrb5165n_firmwaresxr2230p_firmwarewsa8835wsa8840_firmwareqca6696_firmwareqcn9024_firmwarewsa8845hwcd9380_firmwareqca8082qca6574_firmwareqca8081qcn5124snapdragon_ar2_gen_1_firmwarewsa8830sm8550pqcf8000_firmwareqcn5152snapdragon_x75_5g_modem-rfqcn9074_firmwareipq8174immersive_home_318_firmwareqcn6122ipq8174_firmwareqcc2073ar8035ipq8072aqca6574a_firmwareqcn9072_firmwaresdx55qca9888_firmwareimmersive_home_216_firmwareipq8074aimmersive_home_3210_firmwareqca9889immersive_home_316qcn5024_firmwareqca8386qca6391immersive_home_318ipq5010ipq8071aqcn6224ipq8173_firmwareqcn6112qcn9012_firmwareqcn9274_firmwaressg2125p_firmwareqrb5165nqcs8550ipq6000_firmwarefastconnect_7800snapdragon_8\+_gen_2_mobile_firmwareipq8078_firmwareqca9889_firmwaresnapdragon_ar2_gen_1immersive_home_316_firmwareqcn5154qcn6023_firmwareqcn5164_firmwaresnapdragon_x75_5g_modem-rf_firmwaressg2115p_firmwarewsa8835_firmwarecsr8811ipq8078qcn5022qcs8250qcn9072qcn6224_firmwareSnapdragon
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-126
Buffer Over-read
CVE-2026-24028
Matching Score-4
Assigner-Open-Xchange
ShareView Details
Matching Score-4
Assigner-Open-Xchange
CVSS Score-5.3||MEDIUM
EPSS-1.03% / 59.45%
||
7 Day CHG~0.00%
Published-31 Mar, 2026 | 11:57
Updated-14 Apr, 2026 | 16:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Out-of-bounds read when parsing DNS packets via Lua

An attacker might be able to trigger an out-of-bounds read by sending a crafted DNS response packet, when custom Lua code uses newDNSPacketOverlay to parse DNS packets. The out-of-bounds read might trigger a crash, leading to a denial of service, or access unrelated memory, leading to potential information disclosure.

Action-Not Available
Vendor-powerdnsPowerDNS
Product-dnsdistDNSdist
CWE ID-CWE-126
Buffer Over-read
CVE-2026-2394
Matching Score-4
Assigner-Real-Time Innovations, Inc.
ShareView Details
Matching Score-4
Assigner-Real-Time Innovations, Inc.
CVSS Score-6.3||MEDIUM
EPSS-0.16% / 5.35%
||
7 Day CHG~0.00%
Published-01 Apr, 2026 | 00:52
Updated-17 Jun, 2026 | 18:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Buffer Over-read vulnerability in RTI Connext Professional (Core Libraries) allows Overread Buffers.

Buffer Over-read vulnerability in RTI Connext Professional (Core Libraries) allows Overread Buffers.This issue affects Connext Professional: from 7.4.0 before 7.7.0, from 7.0.0 before 7.3.1.1, from 6.1.0 before 6.1.2.34, from 6.0.0 before 6.0.*, from 5.3.0 before 5.3.*, from 4.3x before 5.2.*.

Action-Not Available
Vendor-rtiRTI
Product-connext_professionalConnext Professional
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-126
Buffer Over-read
CVE-2023-24513
Matching Score-4
Assigner-Arista Networks, Inc.
ShareView Details
Matching Score-4
Assigner-Arista Networks, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.68% / 47.97%
||
7 Day CHG~0.00%
Published-12 Apr, 2023 | 00:00
Updated-07 Feb, 2025 | 15:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
On affected platforms running Arista CloudEOS a size check bypass issue in the Software Forwarding Engine (Sfe) may allow buffer over reads in later code. Additionally, depending on configured options this may cause a recomputation of the TCP checksum ...

On affected platforms running Arista CloudEOS an issue in the Software Forwarding Engine (Sfe) can lead to a potential denial of service attack by sending malformed packets to the switch. This causes a leak of packet buffers and if enough malformed packets are received, the switch may eventually stop forwarding traffic.

Action-Not Available
Vendor-amazonequinixGoogle LLCArista Networks, Inc.Microsoft Corporation
Product-azure_marketplacegoogle_cloud_platform_marketplacecloudeosnetwork_edgeaws_marketplacedca-200-veosEOS
CWE ID-CWE-126
Buffer Over-read
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-55091
Matching Score-4
Assigner-Eclipse Foundation
ShareView Details
Matching Score-4
Assigner-Eclipse Foundation
CVSS Score-6.9||MEDIUM
EPSS-0.34% / 25.57%
||
7 Day CHG~0.00%
Published-16 Oct, 2025 | 07:56
Updated-21 Oct, 2025 | 17:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Potential out of bound read in _nx_ip_packet_receive()

In NetX Duo before 6.4.4, the networking support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in _nx_ip_packet_receive() function when received an Ethernet with type set as IP but no IP data.

Action-Not Available
Vendor-Eclipse Foundation AISBL
Product-threadx_netx_duoNetX Duo
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-126
Buffer Over-read
CVE-2025-55090
Matching Score-4
Assigner-Eclipse Foundation
ShareView Details
Matching Score-4
Assigner-Eclipse Foundation
CVSS Score-6.9||MEDIUM
EPSS-0.34% / 25.57%
||
7 Day CHG~0.00%
Published-16 Oct, 2025 | 06:43
Updated-21 Oct, 2025 | 17:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Potential out of bound read issue in _nx_ipv4_packet_receive() in NetX Duo

In NetX Duo before 6.4.4, the networking support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in _nx_ipv4_packet_receive() function when received an Ethernet frame with less than 4 bytes of IP packet.

Action-Not Available
Vendor-Eclipse Foundation AISBL
Product-threadx_netx_duoNetX Duo
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-126
Buffer Over-read
CVE-2020-8244
Matching Score-4
Assigner-HackerOne
ShareView Details
Matching Score-4
Assigner-HackerOne
CVSS Score-6.5||MEDIUM
EPSS-2.12% / 79.65%
||
7 Day CHG~0.00%
Published-30 Aug, 2020 | 13:43
Updated-04 Aug, 2024 | 09:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A buffer over-read vulnerability exists in bl <4.0.3, <3.0.1, <2.2.1, and <1.2.3 which could allow an attacker to supply user input (even typed) that if it ends up in consume() argument and can become negative, the BufferList state can be corrupted, tricking it into exposing uninitialized memory via regular .slice() calls.

Action-Not Available
Vendor-bufferlist_projectn/aDebian GNU/Linux
Product-debian_linuxbufferlistbl
CWE ID-CWE-126
Buffer Over-read
CWE ID-CWE-125
Out-of-bounds Read
Details not found