Buffer Over-read

The product reads from a buffer using buffer access mechanisms such as indexes or pointers that reference memory locations after the targeted buffer.

CVEs (446)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2023-33065 1Qualcomm 101Aqt1000 Firmware Ar8035 FirmwareC V2x 9150 Firmware+98 more Aug 11, 2025 Feb 6, 2024 N/A· v4 7.1 HIGH· v3 N/A· v2 Information disclosure in Audio while accessing AVCS services from ADSP payload.
CVE-2023-33064 1Qualcomm 88Aqt1000 Firmware Ar8035 FirmwareC V2x 9150 Firmware+85 more Aug 11, 2025 Feb 6, 2024 N/A· v4 5.5 MEDIUM· v3 N/A· v2 Transient DOS in Audio when invoking callback function of ASM driver.
CVE-2023-33060 1Qualcomm 45Ar8035 Firmware Fastconnect 6700 FirmwareFastconnect 6900 Firmware+42 more Nov 21, 2024 Feb 6, 2024 N/A· v4 5.5 MEDIUM· v3 N/A· v2 Transient DOS in Core when DDR memory check is called while DDR is not initialized.
CVE-2023-33058 1Qualcomm 45Ar8035 Firmware Fastconnect 6700 FirmwareFastconnect 6900 Firmware+42 more Nov 21, 2024 Feb 6, 2024 N/A· v4 9.1 CRITICAL· v3 N/A· v2 Information disclosure in Modem while processing SIB5.
CVE-2023-6992 1Cloudflare 1Zlib Nov 21, 2024 Jan 4, 2024 N/A· v4 5.5 MEDIUM· v3 N/A· v2 Cloudflare version of zlib library was found to be vulnerable to memory corruption issues affecting the deflation algorithm implementation (deflate.c). The issues resulted from improper input validation and heap-based bu...Show more Cloudflare version of zlib library was found to be vulnerable to memory corruption issues affecting the deflation algorithm implementation (deflate.c). The issues resulted from improper input validation and heap-based buffer overflow. A local attacker could exploit the problem during compression using a crafted malicious file potentially leading to denial of service of the software. Patches: The issue has been patched in commit 8352d10 https://github.com/cloudflare/zlib/commit/8352d108c05db1bdc5ac3bdf834dad641694c13c . The upstream repository is not affected. Show less
CVE-2023-43512 1Qualcomm 1Qcn7606 Firmware Nov 21, 2024 Jan 2, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 Transient DOS while parsing GATT service data when the total amount of memory that is required by the multiple services is greater than the actual size of the services buffer.
CVE-2023-33116 1Qualcomm 102Ar8035 Firmware Ar9380 FirmwareCsr8811 Firmware+99 more Nov 21, 2024 Jan 2, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 Transient DOS while parsing ieee80211_parse_mscs_ie in WIN WLAN driver.
CVE-2023-33112 1Qualcomm 122Ar8035 Firmware Csra6620 FirmwareCsra6640 Firmware+119 more Aug 11, 2025 Jan 2, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 Transient DOS when WLAN firmware receives "reassoc response" frame including RIC_DATA element.
CVE-2023-33062 1Qualcomm 284315 5g Iot Modem Firmware Aqt1000 FirmwareAr8031 Firmware+281 more Aug 11, 2025 Jan 2, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 Transient DOS in WLAN Firmware while parsing a BTM request.
CVE-2023-33040 1Qualcomm 139315 5g Iot Modem Firmware Aqt1000 FirmwareAr8035 Firmware+136 more Nov 21, 2024 Jan 2, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 Transient DOS in Data Modem during DTLS handshake.
CVE-2023-35643 1Microsoft 4Windows Server 2012 Windows Server 2016Windows Server 2019+1 more Nov 21, 2024 Dec 12, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 DHCP Server Service Information Disclosure Vulnerability
CVE-2023-35638 1Microsoft 4Windows Server 2012 Windows Server 2016Windows Server 2019+1 more Nov 21, 2024 Dec 12, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 DHCP Server Service Denial of Service Vulnerability
CVE-2023-33098 1Qualcomm 257315 5g Iot Modem Firmware Aqt1000 FirmwareAr8031 Firmware+254 more Aug 11, 2025 Dec 5, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 Transient DOS while parsing WPA IES, when it is passed with length more than expected size.
CVE-2023-33097 1Qualcomm 121Ar8035 Firmware Csr8811 FirmwareFastconnect 6900 Firmware+118 more Nov 21, 2024 Dec 5, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 Transient DOS in WLAN Firmware while processing a FTMR frame.
CVE-2023-33081 1Qualcomm 148Aqt1000 Firmware Ar8035 FirmwareCsr8811 Firmware+145 more Nov 21, 2024 Dec 5, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 Transient DOS while converting TWT (Target Wake Time) frame parameters in the OTA broadcast.
CVE-2023-33080 1Qualcomm 365315 5g Iot Modem Firmware 8098 Firmware8998 Firmware+362 more Aug 11, 2025 Dec 5, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 Transient DOS while parsing a vender specific IE (Information Element) of reassociation response management frame.
CVE-2023-49285 1Squid Cache 1Squid Nov 21, 2024 Dec 4, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a Buffer Overread bug Squid is vulnerable to a Denial of Service attack against Squid HTTP Message processing. This bug is fixed by Squid...Show more Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a Buffer Overread bug Squid is vulnerable to a Denial of Service attack against Squid HTTP Message processing. This bug is fixed by Squid version 6.5. Users are advised to upgrade. There are no known workarounds for this vulnerability.Show less
CVE-2023-36397 1Microsoft 13Windows 10 1507 Windows 10 1607Windows 10 1809+10 more Nov 21, 2024 Nov 14, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability
CVE-2023-36392 1Microsoft 4Windows Server 2012 Windows Server 2016Windows Server 2019+1 more Nov 21, 2024 Nov 14, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 DHCP Server Service Denial of Service Vulnerability
CVE-2023-43574 1Lenovo 111Ideacentre 3 07ada05 Firmware Ideacentre 3 07imb05 FirmwareIdeacentre 5 14acn6 Firmware+108 more Nov 21, 2024 Nov 8, 2023 N/A· v4 4.4 MEDIUM· v3 N/A· v2 A buffer over-read was reported in the LEMALLDriversConnectedEventHook module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to disclose sensitive information.

Previous 1...131415...23 Next