Search Results (527 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-59609 1 Qualcomm 375 5g Fixed Wireless Access Platform, 5g Fixed Wireless Access Platform Firmware, Ar8035 and 372 more 2026-06-02 5.5 Medium
Information Disclosure when processing advertisement frames with malformed MBSSID elements of insufficient length.
CVE-2009-2495 1 Microsoft 3 Visual C\+\+, Visual Studio, Visual Studio .net 2026-05-27 6.5 Medium
The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold and SP1, and Visual C++ 2005 SP1 and 2008 Gold and SP1 does not properly enforce string termination, which allows remote attackers to obtain sensitive information via a crafted HTML document with an ATL (1) component or (2) control that triggers a buffer over-read, related to ATL headers and buffer allocation, aka "ATL Null String Vulnerability."
CVE-2026-42627 1 Arm 1 Armnn 2026-05-26 6.2 Medium
In Arm ArmNN through 2026-03-27, an integer overflow in TensorShape::GetNumElements() in armnn/Tensor.cpp allows a crafted TFLite model file to bypass buffer size validation and trigger a heap-based buffer over-read during model optimization. The overflow occurs when multiplying tensor dimensions using 32-bit unsigned arithmetic without overflow detection, causing GetNumBytes() to return an understated allocation size. During Optimize()->InferOutputShapes(), the BatchToSpaceNdLayer reads beyond the allocated buffer.
CVE-2024-38250 1 Microsoft 26 365 Copilot, Office, Office Long Term Servicing Channel and 23 more 2026-05-22 7.8 High
Windows Graphics Component Elevation of Privilege Vulnerability
CVE-2015-8325 4 Canonical, Debian, Openbsd and 1 more 6 Ubuntu Core, Ubuntu Linux, Ubuntu Touch and 3 more 2026-05-22 7.8 High
The do_setup_env function in session.c in sshd in OpenSSH through 7.2p2, when the UseLogin feature is enabled and PAM is configured to read .pam_environment files in user home directories, allows local users to gain privileges by triggering a crafted environment for the /bin/login program, as demonstrated by an LD_PRELOAD environment variable.
CVE-2026-6575 1 Postgresql 1 Postgresql 2026-05-18 4.3 Medium
Buffer over-read in PostgreSQL function pg_restore_attribute_stats() accepts array values of unmatched length, which causes query planning to read past end of one array. This allows a table maintainer to infer memory values past that array end. Within major version 18, minor versions before PostgreSQL 18.4 are affected. Versions before PostgreSQL 18 are unaffected.
CVE-2026-37532 2 Automotivelinux, Linuxfoundation 2 Agl-service-can-low-level, Automotive Grade Linux 2026-05-15 7.1 High
AGL agl-service-can-low-level thru 17.1.12 contains a heap buffer over-read in the isotp-c library. In isotp_continue_receive (receive.c:87-89), the payload_length for a Single Frame is extracted from a 4-bit nibble in the CAN frame data, yielding values 0-15. However, a standard CAN frame is only 8 bytes, with payload starting at data[1] (7 bytes available). When payload_length exceeds the available data (e.g., nibble=15 but only 7 payload bytes exist), memcpy(message.payload, &data[1], payload_length) reads up to 8 bytes past the end of the data buffer.
CVE-2026-8463 1 Leont 2 Crypt::argon2, Crypt\ 2026-05-14 5.3 Medium
Crypt::Argon2 versions from 0.017 before 0.031 for Perl perform a heap out-of-bounds read in argon2_verify on empty encoded input. The auto-detect form of argon2_verify passes encoded_len - 1 as the length argument to memchr without checking that encoded_len is non-zero. When the encoded string is empty, the size_t subtraction underflows to SIZE_MAX and memchr scans adjacent heap memory looking for a '$' separator byte. A caller that invokes argon2_verify against a stored hash that may legitimately be empty (for example a placeholder row or a NULL column materialised as an empty string) reads out-of-bounds heap memory, which can crash the process or leak the position of an adjacent '$' byte into subsequent parsing.
CVE-2026-42934 1 F5 2 Nginx Open Source, Nginx Plus 2026-05-13 4.8 Medium
NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_charset_module module. When charset, source_charset, and charset_map and proxy_pass with disabled buffering ("off") directives are configured, unauthenticated attackers can send requests that with conditions beyond the attackers' control to cause a heap buffer over-read in the NGINX worker process, leading to limited disclosure of memory or a restart.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
CVE-2025-4386 1 Medtronic 2 Mycarelink Monitor 24950, Mycarelink Monitor 24952 2026-05-07 6.8 Medium
Medtronic MyCareLink Patient Monitor has an internal serial interface, which allows an attacker with physical access to access a login prompt via a UART terminal.​
CVE-2025-47401 1 Qualcomm 491 Ar8035, Ar8035 Firmware, Cologne and 488 more 2026-05-06 6.5 Medium
Transient DOS when processing target power rate tables during channel configuration.
CVE-2025-47403 1 Qualcomm 515 Ar8035, Ar8035 Firmware, Cologne and 512 more 2026-05-06 6.5 Medium
Transient DOS when processing a malformed Fast Transition response frame with an invalid header structure during wireless roaming.
CVE-2025-47406 1 Qualcomm 63 Cologne, Cologne Firmware, Fastconnect 6700 and 60 more 2026-05-06 6.1 Medium
Information Disclosure while processing IOCTL handler callbacks without verifying buffer size.
CVE-2026-34059 1 Apache 1 Http Server 2026-05-04 7.5 High
Buffer Over-read vulnerability in Apache HTTP Server. This issue affects Apache HTTP Server: through 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue.
CVE-2026-6532 1 Wireshark 1 Wireshark 2026-05-01 5.5 Medium
Kismet protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service
CVE-2026-5772 1 Wolfssl 1 Wolfssl 2026-04-29 5.3 Medium
A 1-byte stack buffer over-read was identified in the MatchDomainName function (src/internal.c) during wildcard hostname validation when the LEFT_MOST_WILDCARD_ONLY flag is active. If a wildcard * exhausts the entire hostname string, the function reads one byte past the buffer without a bounds check, which could cause a crash.
CVE-2026-41898 1 Rust-openssl Project 1 Rust-openssl 2026-04-28 9.8 Critical
rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.24 to before 0.10.78, the FFI trampolines behind SslContextBuilder::set_psk_client_callback, set_psk_server_callback, set_cookie_generate_cb, and set_stateless_cookie_generate_cb forwarded the user closure's returned usize directly to OpenSSL without checking it against the &mut [u8] that was handed to the closure. This can lead to buffer overflows and other unintended consequences. This vulnerability is fixed in 0.10.78.
CVE-2026-26155 1 Microsoft 25 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 22 more 2026-04-24 6.5 Medium
Microsoft Local Security Authority Subsystem Service Information Disclosure Vulnerability
CVE-2026-0930 2 Wolfssh, Wolfssl 2 Wolfssh, Wolfssh 2026-04-24 4.3 Medium
Potential read out of bounds case with wolfSSHd on Windows while handling a terminal resize request. An authenticated user could trigger the out of bounds read after establishing a connection which would leak the adjacent stack memory to the pseudo-console output.
CVE-2026-26169 1 Microsoft 25 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 22 more 2026-04-24 6.1 Medium
Buffer over-read in Windows Kernel Memory allows an authorized attacker to disclose information locally.