Vulnerabilities (CVE)

Filtered by CWE-125
Total 5717 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-21343 1 Microsoft 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more 2024-04-11 N/A 7.5 HIGH
Windows Network Address Translation (NAT) Denial of Service Vulnerability
CVE-2024-21314 1 Microsoft 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more 2024-04-11 N/A 6.5 MEDIUM
Microsoft Message Queuing Information Disclosure Vulnerability
CVE-2024-21311 1 Microsoft 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more 2024-04-11 N/A 5.5 MEDIUM
Windows Cryptographic Services Information Disclosure Vulnerability
CVE-2024-20691 1 Microsoft 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more 2024-04-11 N/A 4.7 MEDIUM
Windows Themes Information Disclosure Vulnerability
CVE-2024-20687 1 Microsoft 11 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 8 more 2024-04-11 N/A 7.5 HIGH
Microsoft AllJoyn API Denial of Service Vulnerability
CVE-2024-20660 1 Microsoft 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more 2024-04-11 N/A 6.5 MEDIUM
Microsoft Message Queuing Information Disclosure Vulnerability
CVE-2024-20658 1 Microsoft 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more 2024-04-11 N/A 7.8 HIGH
Microsoft Virtual Hard Disk Elevation of Privilege Vulnerability
CVE-2024-20653 1 Microsoft 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more 2024-04-11 N/A 7.8 HIGH
Microsoft Common Log File System Elevation of Privilege Vulnerability
CVE-2024-20771 2024-04-11 N/A 5.5 MEDIUM
Bridge versions 13.0.6, 14.0.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2024-20797 2024-04-11 N/A 7.8 HIGH
Animate versions 23.0.4, 24.0.1 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2024-20798 2024-04-11 N/A 5.5 MEDIUM
Illustrator versions 28.3, 27.9.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2024-20796 2024-04-11 N/A 5.5 MEDIUM
Animate versions 23.0.4, 24.0.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2023-39986 1 Hitachi 1 Eh-view 2024-04-11 N/A 5.5 MEDIUM
** UNSUPPORTED WHEN ASSIGNED ** Out-of-bounds Read vulnerability in Hitachi EH-VIEW (Designer) allows local attackers to potentially disclose information on affected EH-VIEW installations. User interaction is required to exploit the vulnerabilities in that the user must open a malicious file. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
CVE-2023-34256 3 Debian, Linux, Suse 3 Debian Linux, Linux Kernel, Linux Enterprise 2024-04-11 N/A 5.5 MEDIUM
An issue was discovered in the Linux kernel before 6.3.3. There is an out-of-bounds read in crc16 in lib/crc16.c when called from fs/ext4/super.c because ext4_group_desc_csum does not properly check an offset. NOTE: this is disputed by third parties because the kernel is not intended to defend against attackers with the stated "When modifying the block device while it is mounted by the filesystem" access.
CVE-2023-29417 1 Bzip3 Project 1 Bzip3 2024-04-11 N/A 6.5 MEDIUM
An issue was discovered in libbzip3.a in bzip3 1.2.2. There is a bz3_decompress out-of-bounds read in certain situations where buffers passed to bzip3 do not contain enough space to be filled with decompressed data. NOTE: the vendor's perspective is that the observed behavior can only occur for a contract violation, and thus the report is invalid.
CVE-2022-24198 1 Itextpdf 1 Itext 2024-04-11 4.3 MEDIUM 6.5 MEDIUM
iText v7.1.17 was discovered to contain an out-of-bounds exception via the component ARCFOUREncryption.encryptARCFOUR, which allows attackers to cause a Denial of Service (DoS) via a crafted PDF file. NOTE: Vendor does not view this as a vulnerability and has not found it to be exploitable.
CVE-2020-36325 1 Jansson Project 1 Jansson 2024-04-11 5.0 MEDIUM 7.5 HIGH
An issue was discovered in Jansson through 2.13.1. Due to a parsing error in json_loads, there's an out-of-bounds read-access bug. NOTE: the vendor reports that this only occurs when a programmer fails to follow the API specification
CVE-2020-17360 1 Readytalk 1 Avian 2024-04-11 6.8 MEDIUM 7.8 HIGH
An issue was discovered in ReadyTalk Avian 1.2.0. The vm::arrayCopy method defined in classpath-common.h contains multiple boundary checks that are performed to prevent out-of-bounds memory read/write. However, two of these boundary checks contain an integer overflow that leads to a bypass of these checks, and out-of-bounds read/write. NOTE: This vulnerability only affects products that are no longer supported by the maintainer
CVE-2019-17401 1 Liblnk Project 1 Liblnk 2024-04-11 2.1 LOW 3.3 LOW
libyal liblnk 20191006 has a heap-based buffer over-read in the network_share_name_offset>20 code block of liblnk_location_information_read_data in liblnk_location_information.c, a different issue than CVE-2019-17264. NOTE: the vendor has disputed this as described in the GitHub issue
CVE-2019-17264 1 Liblnk Project 1 Liblnk 2024-04-11 2.1 LOW 3.3 LOW
In libyal liblnk before 20191006, liblnk_location_information_read_data in liblnk_location_information.c has a heap-based buffer over-read because an incorrect variable name is used for a certain offset. NOTE: the vendor has disputed this as described in the GitHub issue