Vulnerabilities (CVE)

Filtered by CWE-125
Total 4289 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-13987 4 Contiki-os, Open-iscsi Project, Siemens and 1 more 11 Contiki, Open-iscsi, Sentron 3va Com100 and 8 more 2022-08-06 5.0 MEDIUM 7.5 HIGH
An issue was discovered in Contiki through 3.0. An Out-of-Bounds Read vulnerability exists in the uIP TCP/IP Stack component when calculating the checksums for IP packets in upper_layer_chksum in net/ipv4/uip.c.
CVE-2021-3712 7 Debian, Mcafee, Netapp and 4 more 32 Debian Linux, Epolicy Orchestrator, Clustered Data Ontap and 29 more 2022-08-06 5.8 MEDIUM 7.4 HIGH
ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which contains a buffer holding the string data and a field holding the buffer length. This contrasts with normal C strings which are repesented as a buffer for the string data which is terminated with a NUL (0) byte. Although not a strict requirement, ASN.1 strings that are parsed using OpenSSL's own "d2i" functions (and other similar parsing functions) as well as any string whose value has been set with the ASN1_STRING_set() function will additionally NUL terminate the byte array in the ASN1_STRING structure. However, it is possible for applications to directly construct valid ASN1_STRING structures which do not NUL terminate the byte array by directly setting the "data" and "length" fields in the ASN1_STRING array. This can also happen by using the ASN1_STRING_set0() function. Numerous OpenSSL functions that print ASN.1 data have been found to assume that the ASN1_STRING byte array will be NUL terminated, even though this is not guaranteed for strings that have been directly constructed. Where an application requests an ASN.1 structure to be printed, and where that ASN.1 structure contains ASN1_STRINGs that have been directly constructed by the application without NUL terminating the "data" field, then a read buffer overrun can occur. The same thing can also occur during name constraints processing of certificates (for example if a certificate has been directly constructed by the application instead of loading it via the OpenSSL parsing functions, and the certificate contains non NUL terminated ASN1_STRING structures). It can also occur in the X509_get1_email(), X509_REQ_get1_email() and X509_get1_ocsp() functions. If a malicious actor can cause an application to directly construct an ASN1_STRING and then process it through one of the affected OpenSSL functions then this issue could be hit. This might result in a crash (causing a Denial of Service attack). It could also result in the disclosure of private memory contents (such as private keys, or sensitive plaintext). Fixed in OpenSSL 1.1.1l (Affected 1.1.1-1.1.1k). Fixed in OpenSSL 1.0.2za (Affected 1.0.2-1.0.2y).
CVE-2021-41556 1 Squirrel-lang 1 Squirrel 2022-08-05 N/A 10.0 CRITICAL
sqclass.cpp in Squirrel through 2.2.5 and 3.x through 3.1 allows an out-of-bounds read (in the core interpreter) that can lead to Code Execution. If a victim executes an attacker-controlled squirrel script, it is possible for the attacker to break out of the squirrel script sandbox even if all dangerous functionality such as File System functions has been disabled. An attacker might abuse this bug to target (for example) Cloud services that allow customization via SquirrelScripts, or distribute malware through video games that embed a Squirrel Engine.
CVE-2021-20275 2 Debian, Privoxy 2 Debian Linux, Privoxy 2022-08-05 5.0 MEDIUM 7.5 HIGH
A flaw was found in privoxy before 3.0.32. A invalid read of size two may occur in chunked_body_is_complete() leading to denial of service.
CVE-2021-1404 1 Clamav 1 Clamav 2022-08-05 5.0 MEDIUM 7.5 HIGH
A vulnerability in the PDF parsing module in Clam AntiVirus (ClamAV) Software versions 0.103.0 and 0.103.1 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to improper buffer size tracking that may result in a heap buffer over-read. An attacker could exploit this vulnerability by sending a crafted PDF file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process to crash, resulting in a denial of service condition.
CVE-2020-27736 1 Siemens 6 Nucleus Net, Nucleus Readystart V3, Nucleus Readystart V4 and 3 more 2022-08-05 5.8 MEDIUM 6.5 MEDIUM
A vulnerability has been identified in Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.3), Nucleus ReadyStart V4 (All versions < V4.1.0), Nucleus Source Code (Versions including affected DNS modules), SIMOTICS CONNECT 400 (All versions < V0.5.0.0). The DNS domain name label parsing functionality does not properly validate the null-terminated name in DNS-responses. The parsing of malformed responses could result in a read past the end of an allocated structure. An attacker with a privileged position in the network could leverage this vulnerability to cause a denial-of-service condition or leak the read memory.
CVE-2018-25012 4 Debian, Netapp, Redhat and 1 more 4 Debian Linux, Ontap Select Deploy Administration Utility, Enterprise Linux and 1 more 2022-08-05 6.4 MEDIUM 9.1 CRITICAL
A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in GetLE24().
CVE-2018-25013 4 Debian, Netapp, Redhat and 1 more 4 Debian Linux, Ontap Select Deploy Administration Utility, Enterprise Linux and 1 more 2022-08-05 6.4 MEDIUM 9.1 CRITICAL
A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in ShiftBytes().
CVE-2018-25010 5 Apple, Debian, Netapp and 2 more 6 Ipad Os, Iphone Os, Debian Linux and 3 more 2022-08-05 6.4 MEDIUM 9.1 CRITICAL
A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in ApplyFilter().
CVE-2018-25009 4 Debian, Netapp, Redhat and 1 more 4 Debian Linux, Ontap Select Deploy Administration Utility, Enterprise Linux and 1 more 2022-08-05 6.4 MEDIUM 9.1 CRITICAL
A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in GetLE16().
CVE-2020-27824 4 Debian, Fedoraproject, Redhat and 1 more 4 Debian Linux, Fedora, Enterprise Linux and 1 more 2022-08-05 4.3 MEDIUM 5.5 MEDIUM
A flaw was found in OpenJPEG’s encoder in the opj_dwt_calc_explicit_stepsizes() function. This flaw allows an attacker who can supply crafted input to decomposition levels to cause a buffer overflow. The highest threat from this vulnerability is to system availability.
CVE-2022-33881 1 Autodesk 10 Autocad, Autocad Advance Steel, Autocad Architecture and 7 more 2022-08-05 N/A 7.8 HIGH
Parsing a maliciously crafted PRT file can force Autodesk AutoCAD 2023 to read beyond allocated boundaries. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.
CVE-2015-2325 4 Mariadb, Opensuse, Pcre and 1 more 4 Mariadb, Opensuse, Pcre and 1 more 2022-08-05 6.8 MEDIUM 7.8 HIGH
The compile_branch function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code, cause a denial of service (out-of-bounds heap read and crash), or possibly have other unspecified impact via a regular expression with a group containing a forward reference repeated a large number of times within a repeated outer group that has a zero minimum quantifier.
CVE-2021-32029 2 Postgresql, Redhat 2 Postgresql, Jboss Enterprise Application Platform 2022-08-05 4.0 MEDIUM 6.5 MEDIUM
A flaw was found in postgresql. Using an UPDATE ... RETURNING command on a purpose-crafted table, an authenticated database user could read arbitrary bytes of server memory. The highest threat from this vulnerability is to data confidentiality.
CVE-2022-35234 2 Microsoft, Trendmicro 2 Windows, Security 2022-08-05 N/A 7.1 HIGH
Trend Micro Security 2021 and 2022 (Consumer) is vulnerable to an Out-Of-Bounds Read Information Disclosure Vulnerability that could allow an attacker to read sensitive information from other memory locations and cause a crash on an affected machine.
CVE-2022-26436 2 Google, Mediatek 5 Android, Mt6855, Mt6879 and 2 more 2022-08-05 N/A 4.4 MEDIUM
In emi mpu, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07023666; Issue ID: ALPS07023666.
CVE-2022-21790 2 Google, Mediatek 6 Android, Mt6833, Mt6853 and 3 more 2022-08-05 N/A 4.4 MEDIUM
In camera isp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06479306; Issue ID: ALPS06479306.
CVE-2022-21791 2 Google, Mediatek 7 Android, Mt6833, Mt6853 and 4 more 2022-08-05 N/A 4.4 MEDIUM
In camera isp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06478059; Issue ID: ALPS06478059.
CVE-2022-2581 1 Vim 1 Vim 2022-08-04 N/A 7.8 HIGH
Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.0104.
CVE-2022-35926 2022-08-04 N/A N/A
Contiki-NG is an open-source, cross-platform operating system for IoT devices. Because of insufficient validation of IPv6 neighbor discovery options in Contiki-NG, attackers can send neighbor solicitation packets that trigger an out-of-bounds read. The problem exists in the module os/net/ipv6/uip-nd6.c, where memory read operations from the main packet buffer, <code>uip_buf</code>, are not checked if they go out of bounds. In particular, this problem can occur when attempting to read the 2-byte option header and the Source Link-Layer Address Option (SLLAO). This attack requires ipv6 be enabled for the network. The problem has been patched in the develop branch of Contiki-NG. The upcoming 4.8 release of Contiki-NG will include the patch.Users unable to upgrade may apply the patch in Contiki-NG PR #1654.