Vulnerabilities (CVE)

Filtered by CWE-126
Total 200 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-33056 2024-12-02 N/A 8.4 HIGH
Memory corruption when allocating and accessing an entry in an SMEM partition continuously.
CVE-2024-33037 2024-12-02 N/A 6.1 MEDIUM
Information disclosure as NPU firmware can send invalid IPC message to NPU driver as the driver doesn`t validate the IPC message received from the firmware.
CVE-2024-42333 2024-11-27 N/A 2.7 LOW
The researcher is showing that it is possible to leak a small amount of Zabbix Server memory using an out of bounds read in src/libs/zbxmedia/email.c
CVE-2024-33012 1 Qualcomm 498 Ar8035, Ar8035 Firmware, Ar9380 and 495 more 2024-11-26 N/A 7.5 HIGH
Transient DOS while parsing the multiple MBSSID IEs from the beacon, when the tag length is non-zero value but with end of beacon.
CVE-2024-33013 1 Qualcomm 340 Ar8035, Ar8035 Firmware, Csr8811 and 337 more 2024-11-26 N/A 7.5 HIGH
Transient DOS when driver accesses the ML IE memory and offset value is incremented beyond ML IE length.
CVE-2024-33011 1 Qualcomm 498 Ar8035, Ar8035 Firmware, Ar9380 and 495 more 2024-11-26 N/A 7.5 HIGH
Transient DOS while parsing the MBSSID IE from the beacons, when the MBSSID IE length is zero.
CVE-2024-21479 1 Qualcomm 190 Ar8035, Ar8035 Firmware, Fastconnect 6700 and 187 more 2024-11-26 N/A 7.5 HIGH
Transient DOS during music playback of ALAC content.
CVE-2024-21467 1 Qualcomm 258 Csr8811, Csr8811 Firmware, Fastconnect 6800 and 255 more 2024-11-26 N/A 6.5 MEDIUM
Information disclosure while handling beacon probe frame during scan entry generation in client side.
CVE-2024-23353 1 Qualcomm 498 205 Mobile Platform, 205 Mobile Platform Firmware, 215 Mobile Platform and 495 more 2024-11-26 N/A 7.5 HIGH
Transient DOS while decoding attach reject message received by UE, when IEI is set to ESM_IEI.
CVE-2024-21459 1 Qualcomm 350 Ar8035, Ar8035 Firmware, Ar9380 and 347 more 2024-11-26 N/A 6.5 MEDIUM
Information disclosure while handling beacon or probe response frame in STA.
CVE-2018-5852 2024-11-26 N/A 8.4 HIGH
An unsigned integer underflow vulnerability in IPA driver result into a buffer over-read while reading NAT entry using debugfs command 'cat /sys/kernel/debug/ipa/ip4_nat'
CVE-2017-17772 2024-11-26 N/A 9.8 CRITICAL
In multiple functions that process 802.11 frames, out-of-bounds reads can occur due to insufficient validation.
CVE-2024-11596 2024-11-21 N/A 7.8 HIGH
ECMP dissector crash in Wireshark 4.4.0 to 4.4.1 and 4.2.0 to 4.2.8 allows denial of service via packet injection or crafted capture file
CVE-2024-7347 1 F5 2 Nginx Open Source, Nginx Plus 2024-11-21 N/A 4.7 MEDIUM
NGINX Open Source and NGINX Plus have a vulnerability in the ngx_http_mp4_module, which might allow an attacker to over-read NGINX worker memory resulting in its termination, using a specially crafted mp4 file. The issue only affects NGINX if it is built with the ngx_http_mp4_module and the mp4 directive is used in the configuration file. Additionally, the attack is possible only if an attacker can trigger the processing of a specially crafted mp4 file with the ngx_http_mp4_module.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
CVE-2024-3077 2024-11-21 N/A 6.8 MEDIUM
An malicious BLE device can crash BLE victim device by sending malformed gatt packet
CVE-2024-38373 1 Amazon 1 Freertos-plus-tcp 2024-11-21 N/A 9.6 CRITICAL
FreeRTOS-Plus-TCP is a lightweight TCP/IP stack for FreeRTOS. FreeRTOS-Plus-TCP versions 4.0.0 through 4.1.0 contain a buffer over-read issue in the DNS Response Parser when parsing domain names in a DNS response. A carefully crafted DNS response with domain name length value greater than the actual domain name length, could cause the parser to read beyond the DNS response buffer. This issue affects applications using DNS functionality of the FreeRTOS-Plus-TCP stack. Applications that do not use DNS functionality are not affected, even when the DNS functionality is enabled. This vulnerability has been patched in version 4.1.1.
CVE-2024-38071 1 Microsoft 6 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 3 more 2024-11-21 N/A 7.5 HIGH
Windows Remote Desktop Licensing Service Denial of Service Vulnerability
CVE-2024-31082 2024-11-21 N/A 7.3 HIGH
A heap-based buffer over-read vulnerability was found in the X.org server's ProcAppleDRICreatePixmap() function. This issue occurs when byte-swapped length values are used in replies, potentially leading to memory leakage and segmentation faults, particularly when triggered by a client with a different endianness. This vulnerability could be exploited by an attacker to cause the X server to read heap memory values and then transmit them back to the client until encountering an unmapped page, resulting in a crash. Despite the attacker's inability to control the specific memory copied into the replies, the small length values typically stored in a 32-bit integer can result in significant attempted out-of-bounds reads.
CVE-2024-31081 2024-11-21 N/A 7.3 HIGH
A heap-based buffer over-read vulnerability was found in the X.org server's ProcXIPassiveGrabDevice() function. This issue occurs when byte-swapped length values are used in replies, potentially leading to memory leakage and segmentation faults, particularly when triggered by a client with a different endianness. This vulnerability could be exploited by an attacker to cause the X server to read heap memory values and then transmit them back to the client until encountering an unmapped page, resulting in a crash. Despite the attacker's inability to control the specific memory copied into the replies, the small length values typically stored in a 32-bit integer can result in significant attempted out-of-bounds reads.
CVE-2024-31080 2024-11-21 N/A 7.3 HIGH
A heap-based buffer over-read vulnerability was found in the X.org server's ProcXIGetSelectedEvents() function. This issue occurs when byte-swapped length values are used in replies, potentially leading to memory leakage and segmentation faults, particularly when triggered by a client with a different endianness. This vulnerability could be exploited by an attacker to cause the X server to read heap memory values and then transmit them back to the client until encountering an unmapped page, resulting in a crash. Despite the attacker's inability to control the specific memory copied into the replies, the small length values typically stored in a 32-bit integer can result in significant attempted out-of-bounds reads.