CWE-125— Out-of-bounds Read
The product reads data past the end, or before the beginning, of the intended buffer.— MITRE CWE catalog
8,186 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-125page 112 of 164
- CVE-2024-1669HIGHCVSS 8.8EG 6.52024-02-21
Out of bounds memory access in Blink in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
- CVE-2024-1847HIGHCVSS 7.8EG 7.82024-02-28
Heap-based Buffer Overflow, Memory Corruption, Out-Of-Bounds Read, Out-Of-Bounds Write, Stack-based Buffer Overflow, Type Confusion, Uninitialized Variable, Use-After-Free vulnerabilities exist in the file reading procedure in eDrawings fr…
- CVE-2024-1848HIGHCVSS 7.8EG 7.82024-03-22
Heap-based Buffer Overflow, Memory Corruption, Out-Of-Bounds Read, Out-Of-Bounds Write, Stack-based Buffer Overflow, Type Confusion, Uninitialized Variable, Use-After-Free vulnerabilities exist in the file reading procedure in SOLIDWORKS D…
- CVE-2024-1869HIGHCVSS 7.5EG 7.52024-03-01
Certain HP DesignJet print products are potentially vulnerable to information disclosure related to accessing memory out-of-bounds when using the general-purpose gateway (GGW) over port 9220.
- CVE-2024-20022MEDIUMCVSS 6.7EG 6.72024-03-04
In lk, there is a possible escalation of privilege due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS0852…
- CVE-2024-20038LOWCVSS 3.4EG 3.42024-03-04
In pq, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS0849593…
- CVE-2024-20041MEDIUMCVSS 4.4EG 4.42024-04-01
In da, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541746; …
- CVE-2024-20045LOWCVSS 2.3EG 2.32024-04-01
In audio, there is a possible out of bounds read due to an incorrect calculation of buffer size. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patc…
- CVE-2024-20055MEDIUMCVSS 6.3EG 6.32024-04-01
In imgsys, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is needed for exploitation Patch ID: ALPS0851869…
- CVE-2024-20058MEDIUMCVSS 4.4EG 4.42024-05-06
In keyInstall, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08…
- CVE-2024-20071MEDIUMCVSS 4.4EG 6.62024-06-03
In wlan driver, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: WC…
- CVE-2024-20084MEDIUMCVSS 4.4EG 4.42024-09-02
In power, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS0894421…
- CVE-2024-20085MEDIUMCVSS 4.4EG 4.42024-09-02
In power, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS0894420…
- CVE-2024-20088MEDIUMCVSS 4.4EG 4.42024-09-02
In keyinstall, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08…
- CVE-2024-20091MEDIUMCVSS 4.4EG 4.42024-10-07
In vdec, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09028313…
- CVE-2024-20093MEDIUMCVSS 4.4EG 4.42024-10-07
In vdec, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09028313…
- CVE-2024-20095MEDIUMCVSS 4.4EG 4.42024-10-07
In m4u, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08996894;…
- CVE-2024-20096MEDIUMCVSS 4.4EG 4.42024-10-07
In m4u, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08996900;…
- CVE-2024-20097MEDIUMCVSS 4.4EG 4.42024-10-07
In vdec, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09028313…
- CVE-2024-20102MEDIUMCVSS 4.9EG 4.92024-10-07
In wlan driver, there is a possible out of bounds read due to improper input validation. This could lead to remote information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: A…
- CVE-2024-20107MEDIUMCVSS 6.2EG 6.22024-11-04
In da, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS091…
- CVE-2024-20112MEDIUMCVSS 4.4EG 4.42024-11-04
In isp, there is a possible out of bounds read due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09071481; Issue ID…
- CVE-2024-20116MEDIUMCVSS 4.4EG 4.42024-12-02
In cmdq, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09057438…
- CVE-2024-20117MEDIUMCVSS 4.4EG 4.42024-11-04
In vdec, there is a possible out of bounds read due to improper structure design. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09008…
- CVE-2024-20122MEDIUMCVSS 4.4EG 4.42024-11-04
In vdec, there is a possible out of bounds read due to improper structure design. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09008…
- CVE-2024-20123MEDIUMCVSS 4.4EG 4.42024-11-04
In vdec, there is a possible out of bounds read due to improper structure design. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09008…
- CVE-2024-20124MEDIUMCVSS 4.4EG 4.42024-11-04
In vdec, there is a possible out of bounds read due to improper structure design. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09008…
- CVE-2024-20127HIGHCVSS 7.5EG 7.52024-12-02
In Telephony, there is a possible out of bounds read due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS…
- CVE-2024-20128HIGHCVSS 7.5EG 7.52024-12-02
In Telephony, there is a possible out of bounds read due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS…
- CVE-2024-20129HIGHCVSS 7.5EG 7.52024-12-02
In Telephony, there is a possible out of bounds read due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS…
- CVE-2024-20136MEDIUMCVSS 6.2EG 6.22024-12-02
In da, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS091…
- CVE-2024-20138HIGHCVSS 7.5EG 7.52024-12-02
In wlan driver, there is a possible out of bound read due to improper input validation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch…
- CVE-2024-20290HIGHCVSS 7.5EG 7.52024-02-07
A vulnerability in the OLE2 file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to an incorrect check for end-of-stri…
- CVE-2024-20505MEDIUMCVSS 4.0EG 4.02024-09-04
A vulnerability in the PDF parsing module of Clam AntiVirus (ClamAV) versions 1.4.0, 1.3.2 and prior versions, all 1.2.x versions, 1.0.6 and prior versions, all 0.105.x versions, all 0.104.x versions, and 0.103.11 and all prior versions co…
- CVE-2024-20653HIGHCVSS 7.8EG 7.82024-01-09
Microsoft Common Log File System Elevation of Privilege Vulnerability
- CVE-2024-20658HIGHCVSS 7.8EG 7.82024-01-09
Microsoft Virtual Hard Disk Elevation of Privilege Vulnerability
- CVE-2024-20660MEDIUMCVSS 6.5EG 6.52024-01-09
Microsoft Message Queuing Information Disclosure Vulnerability
- CVE-2024-20687HIGHCVSS 7.5EG 7.52024-01-09
Microsoft AllJoyn API Denial of Service Vulnerability
- CVE-2024-20691MEDIUMCVSS 4.7EG 4.72024-01-09
Windows Themes Information Disclosure Vulnerability
- CVE-2024-20710MEDIUMCVSS 5.5EG 5.52024-01-10
Adobe Substance 3D Stager versions 2.1.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. E…
- CVE-2024-20711MEDIUMCVSS 5.5EG 5.52024-01-10
Adobe Substance 3D Stager versions 2.1.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. E…
- CVE-2024-20712MEDIUMCVSS 5.5EG 5.52024-01-10
Adobe Substance 3D Stager versions 2.1.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. E…
- CVE-2024-20713MEDIUMCVSS 5.5EG 5.52024-01-10
Adobe Substance 3D Stager versions 2.1.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. E…
- CVE-2024-20714MEDIUMCVSS 5.5EG 5.52024-01-10
Adobe Substance 3D Stager versions 2.1.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. E…
- CVE-2024-20715MEDIUMCVSS 5.5EG 5.52024-01-10
Adobe Substance 3D Stager versions 2.1.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. E…
- CVE-2024-20722MEDIUMCVSS 5.5EG 5.52024-02-15
Substance3D - Painter versions 9.1.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Explo…
- CVE-2024-20724MEDIUMCVSS 5.5EG 5.52024-02-15
Substance3D - Painter versions 9.1.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Explo…
- CVE-2024-20725MEDIUMCVSS 5.5EG 5.52024-02-15
Substance3D - Painter versions 9.1.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Explo…
- CVE-2024-20735MEDIUMCVSS 5.5EG 5.52024-02-15
Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such …
- CVE-2024-20736MEDIUMCVSS 5.5EG 5.52024-02-15
Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such …
Map vulnerabilities like CWE-125 to your infrastructure
EchelonGraph correlates every CVE — across CWE-125 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →