Buffer Over-read

The product reads from a buffer using buffer access mechanisms such as indexes or pointers that reference memory locations after the targeted buffer.

CVEs (446)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2022-33287 1Qualcomm 399205 Lte Modem Firmware 9206 Lte Modem Firmware9207 Lte Modem Firmware+36 more Nov 21, 2024 Apr 13, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 Information disclosure in Modem due to buffer over-read while getting length of Unfragmented headers in an IPv6 packet.
CVE-2022-33258 1Qualcomm 12Mdm8207 Firmware Mdm9205 FirmwareMdm9206 Firmware+9 more Nov 21, 2024 Apr 13, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 Information disclosure due to buffer over-read in modem while reading configuration parameters.
CVE-2022-33228 1Qualcomm 12Mdm8207 Firmware Mdm9205 FirmwareMdm9206 Firmware+9 more Nov 21, 2024 Apr 13, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 Information disclosure sue to buffer over-read in modem while processing ipv6 packet with hop-by-hop or destination option in header.
CVE-2022-33222 1Qualcomm 13Mdm8207 Firmware Mdm9205 FirmwareMdm9206 Firmware+10 more Nov 21, 2024 Apr 13, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 Information disclosure due to buffer over-read while parsing DNS response packets in Modem.
CVE-2022-25747 1Qualcomm 12Mdm8207 Firmware Mdm9205 FirmwareMdm9206 Firmware+9 more Nov 21, 2024 Apr 13, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 Information disclosure in modem due to improper input validation during parsing of upcoming CoAP message
CVE-2022-25730 1Qualcomm 27Mdm8207 Firmware Mdm9205 FirmwareMdm9206 Firmware+24 more Nov 21, 2024 Apr 13, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 Information disclosure in modem due to improper check of IP type while processing DNS server query
CVE-2022-25726 1Qualcomm 26Mdm8207 Firmware Mdm9205 FirmwareMdm9206 Firmware+23 more Nov 21, 2024 Apr 13, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 Information disclosure in modem data due to array out of bound access while handling the incoming DNS response packet
CVE-2023-24513 1Arista 1Cloudeos Nov 21, 2024 Apr 12, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 On affected platforms running Arista CloudEOS an issue in the Software Forwarding Engine (Sfe) can lead to a potential denial of service attack by sending malformed packets to the switch. This causes a leak of packet buf...Show more On affected platforms running Arista CloudEOS an issue in the Software Forwarding Engine (Sfe) can lead to a potential denial of service attack by sending malformed packets to the switch. This causes a leak of packet buffers and if enough malformed packets are received, the switch may eventually stop forwarding traffic.Show less
CVE-2023-28267 1Microsoft 14Remote Desktop Client Windows 10 1507Windows 10 1607+11 more Jul 7, 2025 Apr 11, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Remote Desktop Protocol Client Information Disclosure Vulnerability
CVE-2023-28266 1Microsoft 13Windows 10 1507 Windows 10 1607Windows 10 1809+10 more Nov 21, 2024 Apr 11, 2023 N/A· v4 5.5 MEDIUM· v3 N/A· v2 Windows Common Log File System Driver Information Disclosure Vulnerability
CVE-2023-24883 1Microsoft 12Windows 10 1507 Windows 10 1607Windows 10 1809+9 more Nov 21, 2024 Apr 11, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability
CVE-2023-20112 1Cisco 31Business 150ax Firmware Business 151axm FirmwareCatalyst 9105ax Firmware+28 more Nov 21, 2024 Mar 23, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 A vulnerability in Cisco access point (AP) software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient validati...Show more A vulnerability in Cisco access point (AP) software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient validation of certain parameters within 802.11 frames. An attacker could exploit this vulnerability by sending a wireless 802.11 association request frame with crafted parameters to an affected device. A successful exploit could allow the attacker to cause an unexpected reload of an affected device, resulting in a DoS condition.Show less
CVE-2023-24870 1Microsoft 12Windows 10 1507 Windows 10 1607Windows 10 1809+9 more Nov 21, 2024 Mar 14, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability
CVE-2023-24858 1Microsoft 12Windows 10 Windows 10 1607Windows 10 1809+9 more Nov 21, 2024 Mar 14, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability
CVE-2023-24857 1Microsoft 12Windows 10 Windows 10 1607Windows 10 1809+9 more Nov 21, 2024 Mar 14, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability
CVE-2022-40535 1Qualcomm 71Csr8811 Firmware Ipq8070a FirmwareIpq8071a Firmware+68 more Nov 21, 2024 Mar 10, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 Transient DOS due to buffer over-read in WLAN while sending a packet to device.
CVE-2022-33309 1Qualcomm 65Csr8811 Firmware Ipq5010 FirmwareIpq5018 Firmware+62 more Nov 21, 2024 Mar 10, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 Transient DOS due to buffer over-read in WLAN Firmware while parsing secure FTMR frame with size lesser than 39 Bytes.
CVE-2023-21820 1Microsoft 13Windows 10 Windows 10 1607Windows 10 1809+10 more Nov 21, 2024 Feb 14, 2023 N/A· v4 7.4 HIGH· v3 N/A· v2 Windows Distributed File System (DFS) Remote Code Execution Vulnerability
CVE-2023-21813 1Microsoft 13Windows 10 Windows 10 1607Windows 10 1809+10 more Nov 21, 2024 Feb 14, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 Windows Secure Channel Denial of Service Vulnerability
CVE-2023-21811 1Microsoft 13Windows 10 Windows 10 1607Windows 10 1809+10 more Nov 21, 2024 Feb 14, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 Windows iSCSI Service Denial of Service Vulnerability

Previous 1...171819...23 Next