Vulnerabilities (CVE)

Filtered by CWE-125
Total 6380 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-6443 2024-10-04 N/A 6.3 MEDIUM
In utf8_trunc in zephyr/lib/utils/utf8.c, last_byte_p can point to one byte before the string pointer if the string is empty.
CVE-2024-41595 2024-10-04 N/A 8.0 HIGH
DrayTek Vigor310 devices through 4.3.2.6 allow a remote attacker to change settings or cause a denial of service via .cgi pages because of missing bounds checks on read and write operations.
CVE-2023-38666 1 Axiosys 1 Bento4 2024-10-03 N/A 5.5 MEDIUM
Bento4 v1.6.0-639 was discovered to contain a segmentation violation via the AP4_Processor::ProcessFragments function in mp4encrypt.
CVE-2024-6876 1 Codesys 1 Oscat Basic Library 2024-10-01 N/A 4.4 MEDIUM
Out-of-Bounds read vulnerability in OSCAT Basic Library allows an local, unprivileged attacker to access limited internal data of the PLC which may lead to a crash of the affected service.
CVE-2024-39434 2 Google, Unisoc 10 Android, S8000, T606 and 7 more 2024-09-30 N/A 4.4 MEDIUM
In drm service, there is a possible out of bounds read due to a missing bounds check. This could lead to local denial of service with System execution privileges needed.
CVE-2023-51456 2024-09-30 N/A 6.8 MEDIUM
A Improper Input Validation issue affecting the v2_sdk_service running on a set of DJI drone devices on the port 10000 could allow an attacker to trigger an out-of-bound read/write into the process memory through a crafted payload due to a missing input sanity check in the v2_pack_array_to_msg function implemented in the libv2_sdk.so library imported by the v2_sdk_service binary implementing the service, potentially leading to a memory information leak or an arbitrary code execution. Affected models are Mavic 3 Pro until v01.01.0300, Mavic 3 until v01.00.1200, Mavic 3 Classic until v01.00.0500, Mavic 3 Enterprise until v07.01.10.03, Matrice 300 until v57.00.01.00, Matrice M30 until v07.01.0022 and Mini 3 Pro until v01.00.0620.
CVE-2023-39984 1 Hitachi 1 Eh-view 2024-09-27 N/A 7.8 HIGH
** UNSUPPORTED WHEN ASSIGNED ** Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Hitachi EH-VIEW (KeypadDesigner) allows local attackers to potentially disclose information and execute arbitray code on affected EH-VIEW installations. User interaction is required to exploit the vulnerabilities in that the user must open a malicious file. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
CVE-2024-36981 1 Openplcproject 1 Openplc V3 Firmware 2024-09-26 N/A 7.5 HIGH
An out-of-bounds read vulnerability exists in the OpenPLC Runtime EtherNet/IP PCCC parser functionality of OpenPLC_v3 b4702061dc14d1024856f71b4543298d77007b88. A specially crafted network request can lead to denial of service. An attacker can send a series of EtherNet/IP requests to trigger this vulnerability.This is the final instance of the incorrect comparison.
CVE-2024-36980 1 Openplcproject 1 Openplc V3 Firmware 2024-09-26 N/A 7.5 HIGH
An out-of-bounds read vulnerability exists in the OpenPLC Runtime EtherNet/IP PCCC parser functionality of OpenPLC_v3 b4702061dc14d1024856f71b4543298d77007b88. A specially crafted network request can lead to denial of service. An attacker can send a series of EtherNet/IP requests to trigger this vulnerability.This is the first instance of the incorrect comparison.
CVE-2024-44161 1 Apple 1 Macos 2024-09-26 N/A 5.5 MEDIUM
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Ventura 13.7, macOS Sonoma 14.7, macOS Sequoia 15. Processing a maliciously crafted texture may lead to unexpected app termination.
CVE-2024-46731 1 Linux 1 Linux Kernel 2024-09-26 N/A 7.1 HIGH
In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: fix the Out-of-bounds read warning using index i - 1U may beyond element index for mc_data[] when i = 0.
CVE-2023-6387 1 Silabs 1 Gecko Software Development Kit 2024-09-25 N/A 7.5 HIGH
A potential buffer overflow exists in the Bluetooth LE HCI CPC sample application in the Gecko SDK which may result in a denial of service or remote code execution
CVE-2023-51395 2024-09-25 N/A 8.8 HIGH
The vulnerability described by CVE-2023-0972 has been additionally discovered in Silicon Labs Z-Wave end devices. This vulnerability may allow an unauthenticated attacker within Z-Wave range to overflow a stack buffer, leading to arbitrary code execution.
CVE-2023-4280 1 Silabs 1 Gecko Software Development Kit 2024-09-25 N/A 9.8 CRITICAL
An unvalidated input in Silicon Labs TrustZone implementation in v4.3.x and earlier of the Gecko SDK allows an attacker to access the trusted region of memory from the untrusted region.
CVE-2023-4020 1 Silabs 1 Gecko Software Development Kit 2024-09-25 N/A 9.1 CRITICAL
An unvalidated input in a library function responsible for communicating between secure and non-secure memory in Silicon Labs TrustZone implementation allows reading/writing of memory in the secure region of memory from the non-secure region of memory.
CVE-2023-3487 1 Silabs 1 Gecko Bootloader 2024-09-25 N/A 7.8 HIGH
An integer overflow in Silicon Labs Gecko Bootloader version 4.3.1 and earlier allows unbounded memory access when reading from or writing to storage slots.
CVE-2023-3110 1 Silabs 1 Unify Software Development Kit 2024-09-25 N/A 8.8 HIGH
Description: A vulnerability in SiLabs Unify Gateway 1.3.1 and earlier allows an unauthenticated attacker within Z-Wave range to overflow a stack buffer, leading to arbitrary code execution.
CVE-2023-0972 1 Silabs 1 Z\/ip Gateway Sdk 2024-09-25 N/A 8.8 HIGH
Description: A vulnerability in SiLabs Z/IP Gateway 7.18.01 and earlier allows an unauthenticated attacker within Z-Wave range to overflow a stack buffer, leading to arbitrary code execution.
CVE-2023-0970 1 Silabs 1 Z\/ip Gateway Sdk 2024-09-25 N/A 6.8 MEDIUM
Multiple buffer overflow vulnerabilities in SiLabs Z/IP Gateway SDK version 7.18.01 and earlier allow an attacker with invasive physical access to a Z-Wave controller device to overwrite global memory and potentially execute arbitrary code.
CVE-2023-0969 1 Silabs 1 Z\/ip Gateway Sdk 2024-09-25 N/A 3.5 LOW
A vulnerability in SiLabs Z/IP Gateway 7.18.01 and earlier allows an authenticated attacker within Z-Wave range to manipulate an array pointer to disclose the contents of global memory.