Vulnerabilities (CVE)

Filtered by CWE-125
Total 5645 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-48554 2 Debian, File Project 2 Debian Linux, File 2024-03-04 N/A 5.5 MEDIUM
File before 5.43 has an stack-based buffer over-read in file_copystr in funcs.c. NOTE: "File" is the name of an Open Source project.
CVE-2023-25176 2024-03-04 N/A 2.9 LOW
in OpenHarmony v3.2.4 and prior versions allow a local attacker cause information leak through out-of-bounds Read.
CVE-2023-49602 2024-03-04 N/A 2.9 LOW
in OpenHarmony v3.2.4 and prior versions allow a local attacker cause apps crash through type confusion.
CVE-2023-42538 1 Samsung 1 Android 2024-03-04 N/A 9.8 CRITICAL
An improper input validation in saped_rec_silence in libsaped prior to SMR Nov-2023 Release 1 allows local attackers to cause out-of-bounds read and write.
CVE-2023-42537 1 Samsung 1 Android 2024-03-04 N/A 9.8 CRITICAL
An improper input validation in get_head_crc in libsaped prior to SMR Nov-2023 Release 1 allows local attackers to cause out-of-bounds read and write.
CVE-2023-42536 1 Samsung 1 Android 2024-03-04 N/A 9.8 CRITICAL
An improper input validation in saped_dec in libsaped prior to SMR Nov-2023 Release 1 allows local attackers to cause out-of-bounds read and write.
CVE-2023-7242 2024-03-01 N/A 8.2 HIGH
Industrial Control Systems Network Protocol Parsers (ICSNPP) - Ethercat Zeek Plugin versions d78dda6 and prior are vulnerable to out-of-bounds read during the process of analyzing a specific Ethercat packet. This could allow an attacker to crash the Zeek process and leak some information in memory.
CVE-2024-1453 2024-03-01 N/A 7.8 HIGH
In Sante DICOM Viewer Pro versions 14.0.3 and prior, a user must open a malicious DICOM file, which could allow a local attacker to disclose information or execute arbitrary code.
CVE-2023-44346 2024-02-29 N/A 5.5 MEDIUM
Adobe InDesign versions ID18.5 (and earlier) and ID17.4.2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2024-1847 2024-02-29 N/A 7.8 HIGH
Heap-based Buffer Overflow, Memory Corruption, Out-Of-Bounds Read, Out-Of-Bounds Write, Stack-based Buffer Overflow, Type Confusion, Uninitialized Variable, Use-After-Free vulnerabilities exist in the file reading procedure in eDrawings from Release SOLIDWORKS 2023 through Release SOLIDWORKS 2024. These vulnerabilities could allow an attacker to execute arbitrary code while opening a specially crafted CATPART, DWG, DXF, IPT, JT, SAT, SLDDRW, SLDPRT, STL, STP, X_B or X_T file.
CVE-2023-44344 2024-02-29 N/A 5.5 MEDIUM
Adobe InDesign versions ID18.5 (and earlier) and ID17.4.2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2023-44343 2024-02-29 N/A 5.5 MEDIUM
Adobe InDesign versions ID18.5 (and earlier) and ID17.4.2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2023-44342 2024-02-29 N/A 5.5 MEDIUM
Adobe InDesign versions ID18.5 (and earlier) and ID17.4.2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2022-27406 2 Fedoraproject, Freetype 2 Fedora, Freetype 2024-02-29 5.0 MEDIUM 7.5 HIGH
FreeType commit 22a0cccb4d9d002f33c1ba7a4b36812c7d4f46b5 was discovered to contain a segmentation violation via the function FT_Request_Size.
CVE-2022-27405 2 Fedoraproject, Freetype 2 Fedora, Freetype 2024-02-29 5.0 MEDIUM 7.5 HIGH
FreeType commit 53dfdcd8198d2b3201a23c4bad9190519ba918db was discovered to contain a segmentation violation via the function FNT_Size_Request.
CVE-2023-33080 1 Qualcomm 732 315 5g Iot Modem, 315 5g Iot Modem Firmware, 8098 and 729 more 2024-02-28 N/A 7.5 HIGH
Transient DOS while parsing a vender specific IE (Information Element) of reassociation response management frame.
CVE-2023-49285 1 Squid-cache 1 Squid 2024-02-28 N/A 7.5 HIGH
Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a Buffer Overread bug Squid is vulnerable to a Denial of Service attack against Squid HTTP Message processing. This bug is fixed by Squid version 6.5. Users are advised to upgrade. There are no known workarounds for this vulnerability.
CVE-2024-20747 2024-02-28 N/A 5.5 MEDIUM
Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2023-47993 1 Freeimage Project 1 Freeimage 2024-02-28 N/A 6.5 MEDIUM
A Buffer out-of-bound read vulnerability in Exif.cpp::ReadInt32 in FreeImage 3.18.0 allows attackers to cause a denial-of-service.
CVE-2024-23440 2024-02-28 N/A 6.3 MEDIUM
Vba32 Antivirus v3.36.0 is vulnerable to an Arbitrary Memory Read vulnerability. The 0x22200B IOCTL code of the Vba32m64.sys driver allows to read up to 0x802 of memory from ar arbitrary user-supplied pointer.