← Back
CWE-126

446 CVEs • Abstraction: Variant

Buffer Over-read

The product reads from a buffer using buffer access mechanisms such as indexes or pointers that reference memory locations after the targeted buffer.

JSON object

Loading...

CVEs (446)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2025-21176
1Microsoft
3.net
.net FrameworkVisual Studio 2017
May 6, 2025
Jan 14, 2025
N/A· v4
8.8 HIGH· v3
N/A· v2
.NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability
CVE-2024-45559
1Qualcomm
23Qam8255p Firmware
Qam8295p FirmwareQam8620p Firmware+20 more
Jan 13, 2025
Jan 6, 2025
N/A· v4
5.5 MEDIUM· v3
N/A· v2
Transient DOS can occur when GVM sends a specific message type to the Vdev-FastRPC backend.
CVE-2024-45558
1Qualcomm
182Ar8035 Firmware
Csr8811 FirmwareFastconnect 6700 Firmware+179 more
Aug 11, 2025
Jan 6, 2025
N/A· v4
7.5 HIGH· v3
N/A· v2
Transient DOS can occur when the driver parses the per STA profile IE and tries to access the EXTN element ID without checking the IE length.
CVE-2024-45548
1Qualcomm
10Fastconnect 6900 Firmware
Fastconnect 7800 FirmwareQcc2073 Firmware+7 more
Jan 13, 2025
Jan 6, 2025
N/A· v4
7.8 HIGH· v3
N/A· v2
Memory corruption while processing FIPS encryption or decryption validation functionality IOCTL call.
CVE-2024-45546
1Qualcomm
10Fastconnect 6900 Firmware
Fastconnect 7800 FirmwareQcc2073 Firmware+7 more
Jan 13, 2025
Jan 6, 2025
N/A· v4
7.8 HIGH· v3
N/A· v2
Memory corruption while processing FIPS encryption or decryption IOCTL call invoked from user-space.
CVE-2024-43063
1Qualcomm
17Qam8255p Firmware
Qam8295p FirmwareQam8650p Firmware+14 more
Jan 10, 2025
Jan 6, 2025
N/A· v4
5.5 MEDIUM· v3
N/A· v2
information disclosure while invoking the mailbox read API.
CVE-2024-33067
1Qualcomm
76Ar8035 Firmware
C V2x 9150 FirmwareCsrb31024 Firmware+73 more
Aug 11, 2025
Jan 6, 2025
N/A· v4
5.5 MEDIUM· v3
N/A· v2
Information disclosure while invoking callback function of sound model driver from ADSP for every valid opcode received from sound model driver.
CVE-2024-33061
1Qualcomm
9Qcs8550 Firmware
Sw5100 FirmwareSw5100p Firmware+6 more
Jan 10, 2025
Jan 6, 2025
N/A· v4
5.5 MEDIUM· v3
N/A· v2
Information disclosure while processing IOCTL call made for releasing a trusted VM process release or opening a channel without initializing the process.
CVE-2024-23366
1Qualcomm
17Qam8255p Firmware
Qam8295p FirmwareQam8650p Firmware+14 more
Jan 10, 2025
Jan 6, 2025
N/A· v4
5.5 MEDIUM· v3
N/A· v2
Information Disclosure while invoking the mailbox write API when message received from user is larger than mailbox size.
CVE-2024-49088
1Microsoft
15Windows 10 1507
Windows 10 1607Windows 10 1809+12 more
Jan 8, 2025
Dec 12, 2024
N/A· v4
7.8 HIGH· v3
N/A· v2
Windows Common Log File System Driver Elevation of Privilege Vulnerability
CVE-2024-33056
1Qualcomm
323205 Mobile Platform Firmware
315 5g Iot Modem Firmware9205 Lte Modem Firmware+320 more
Dec 12, 2024
Dec 2, 2024
N/A· v4
7.8 HIGH· v3
N/A· v2
Memory corruption when allocating and accessing an entry in an SMEM partition continuously.
CVE-2024-33037
1Qualcomm
50C V2x 9150 Firmware
Fastconnect 6800 FirmwareFastconnect 6900 Firmware+47 more
Dec 11, 2024
Dec 2, 2024
N/A· v4
6.1 MEDIUM· v3
N/A· v2
Information disclosure as NPU firmware can send invalid IPC message to NPU driver as the driver doesn`t validate the IPC message received from the firmware.
CVE-2024-42333
1Zabbix
1Zabbix
Nov 3, 2025
Nov 27, 2024
N/A· v4
2.7 LOW· v3
N/A· v2
The researcher is showing that it is possible to leak a small amount of Zabbix Server memory using an out of bounds read in src/libs/zbxmedia/email.c
CVE-2018-5852
1Qualcomm
23Mdm9206 Firmware
Mdm9607 FirmwareMdm9640 Firmware+20 more
Jan 9, 2025
Nov 26, 2024
N/A· v4
7.8 HIGH· v3
N/A· v2
An unsigned integer underflow vulnerability in IPA driver result into a buffer over-read while reading NAT entry using debugfs command 'cat /sys/kernel/debug/ipa/ip4_nat'
CVE-2017-17772
1Qualcomm
7Sd 450 Firmware
Sd 625 FirmwareSd 820 Firmware+4 more
Jan 9, 2025
Nov 26, 2024
N/A· v4
9.8 CRITICAL· v3
N/A· v2
In multiple functions that process 802.11 frames, out-of-bounds reads can occur due to insufficient validation.
CVE-2024-11596
1Wireshark
1Wireshark
May 7, 2025
Nov 21, 2024
N/A· v4
5.5 MEDIUM· v3
N/A· v2
ECMP dissector crash in Wireshark 4.4.0 to 4.4.1 and 4.2.0 to 4.2.8 allows denial of service via packet injection or crafted capture file
CVE-2024-49031
1Microsoft
3365 Apps
OfficeOffice Long Term Servicing Channel
Nov 18, 2024
Nov 12, 2024
N/A· v4
7.8 HIGH· v3
N/A· v2
Microsoft Office Graphics Remote Code Execution Vulnerability
CVE-2024-9843
1Ivanti
1Secure Access Client
Jan 17, 2025
Nov 12, 2024
N/A· v4
5.5 MEDIUM· v3
N/A· v2
A buffer over-read in Ivanti Secure Access Client before 22.7R4 allows a local unauthenticated attacker to cause a denial of service.
CVE-2024-38405
1Qualcomm
98Ar8035 Firmware
Fastconnect 6700 FirmwareFastconnect 6900 Firmware+95 more
Nov 7, 2024
Nov 4, 2024
N/A· v4
6.5 MEDIUM· v3
N/A· v2
Transient DOS while processing the CU information from RNR IE.
CVE-2024-38403
1Qualcomm
77Ar8035 Firmware
Fastconnect 6900 FirmwareFastconnect 7800 Firmware+74 more
Nov 7, 2024
Nov 4, 2024
N/A· v4
6.5 MEDIUM· v3
N/A· v2
Transient DOS while parsing BTM ML IE when per STA profile is not included.