Vulnerabilities (CVE)

Filtered by CWE-125
Total 7184 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-29739 1 Google 1 Android 2025-06-17 N/A 5.5 MEDIUM
In tmu_get_temp_lut of tmu.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2024-29738 1 Google 1 Android 2025-06-17 N/A 5.5 MEDIUM
In gov_init, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2024-27231 1 Google 1 Android 2025-06-17 N/A 5.9 MEDIUM
In tmu_get_tr_stats of tmu.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2024-25201 1 Espruino 1 Espruino 2025-06-17 N/A 7.5 HIGH
Espruino 2v20 (commit fcc9ba4) was discovered to contain an Out-of-bounds Read via jsvStringIteratorPrintfCallback at src/jsvar.c.
CVE-2024-28756 1 Solaredge 1 Mysolaredge 2025-06-17 N/A 5.9 MEDIUM
The SolarEdge mySolarEdge application before 2.20.1 for Android has a certificate verification issue that allows a Machine-in-the-middle (MitM) attacker to read and alter all network traffic between the application and the server.
CVE-2025-32914 2025-06-17 N/A 7.4 HIGH
A flaw was found in libsoup, where the soup_multipart_new_from_message() function is vulnerable to an out-of-bounds read. This flaw allows a malicious HTTP client to induce the libsoup server to read out of bounds.
CVE-2025-32906 2025-06-17 N/A 7.5 HIGH
A flaw was found in libsoup, where the soup_headers_parse_request() function may be vulnerable to an out-of-bound read. This flaw allows a malicious user to use a specially crafted HTTP request to crash the HTTP server.
CVE-2024-33781 1 Csiro 1 Multi-protocol Spdz 2025-06-16 N/A 7.5 HIGH
MP-SPDZ v0.3.8 was discovered to contain a stack overflow via the function octetStream::get_bytes in /Tools/octetStream.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted message.
CVE-2025-47104 3 Adobe, Apple, Microsoft 3 Indesign, Macos, Windows 2025-06-16 N/A 5.5 MEDIUM
InDesign Desktop versions ID20.2, ID19.5.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2025-47105 3 Adobe, Apple, Microsoft 3 Indesign, Macos, Windows 2025-06-16 N/A 5.5 MEDIUM
InDesign Desktop versions ID20.2, ID19.5.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2023-42865 1 Apple 5 Ipados, Iphone Os, Macos and 2 more 2025-06-16 N/A 6.5 MEDIUM
An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Ventura 13.3, tvOS 16.4, iOS 16.4 and iPadOS 16.4, watchOS 9.4. Processing an image may result in disclosure of process memory.
CVE-2023-32880 2 Google, Mediatek 22 Android, Mt6762, Mt6765 and 19 more 2025-06-16 N/A 4.4 MEDIUM
In battery, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08308070; Issue ID: ALPS08308076.
CVE-2023-32875 2 Google, Mediatek 58 Android, Mt6580, Mt6731 and 55 more 2025-06-16 N/A 4.4 MEDIUM
In keyInstall, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08308607; Issue ID: ALPS08304217.
CVE-2025-47816 1 Gnu 1 Pspp 2025-06-16 N/A 2.9 LOW
libpspp-core.a in GNU PSPP through 2.0.1 allows attackers to cause an spvxml-helpers.c spvxml_parse_attributes out-of-bounds read, related to extra content at the end of a document.
CVE-2023-53154 1 Cjson Project 1 Cjson 2025-06-16 N/A 2.9 LOW
parse_string in cJSON before 1.7.18 has a heap-based buffer over-read via {"1":1, with no trailing newline if cJSON_ParseWithLength is called.
CVE-2025-24311 2025-06-16 N/A 8.4 HIGH
An out-of-bounds read vulnerability exists in the cv_send_blockdata functionality of Dell ControlVault3 prior to 5.15.10.14 and Dell ControlVault3 Plus prior to 6.2.26.36. A specially crafted ControlVault API call can lead to an information leak. An attacker can issue an API call to trigger this vulnerability.
CVE-2025-2884 2025-06-13 N/A 6.6 MEDIUM
TCG TPM2.0 Reference implementation's CryptHmacSign helper function is vulnerable to Out-of-Bounds read due to the lack of validation the signature scheme with the signature key's algorithm. See Errata Revision 1.83 and advisory TCGVRT0009 for TCG standard TPM2.0
CVE-2024-34251 1 Bytecodealliance 1 Webassembly Micro Runtime 2025-06-13 N/A 7.5 HIGH
An out-of-bound memory read vulnerability was discovered in Bytecode Alliance wasm-micro-runtime v2.0.0 which allows a remote attacker to cause a denial of service via the "block_type_get_arity" function in core/iwasm/interpreter/wasm.h.
CVE-2025-5918 2025-06-12 N/A 3.9 LOW
A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.
CVE-2025-33060 2025-06-12 N/A 5.5 MEDIUM
Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.