CWE-125— Out-of-bounds Read
The product reads data past the end, or before the beginning, of the intended buffer.— MITRE CWE catalog
8,186 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-125page 124 of 164
- CVE-2024-43082MEDIUMCVSS 5.5EG 5.52024-11-13
In onActivityResult of EditUserPhotoController.java, there is a possible cross-user media read due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is no…
- CVE-2024-43110HIGHCVSS 8.8EG 8.42024-09-05
The ctl_request_sense function could expose up to three bytes of the kernel heap to userspace. Malicious software running in a guest VM that exposes virtio_scsi can exploit the vulnerabilities to achieve code execution on the host in the …
- CVE-2024-43424HIGHCVSS 7.5EG 7.52024-10-25
Sharp and Toshiba Tec MFPs improperly process HTTP request headers, resulting in an Out-of-bounds Read vulnerability. Crafted HTTP requests may cause affected products crashed.
- CVE-2024-43449MEDIUMCVSS 6.8EG 6.82024-11-12
Windows USB Video Class System Driver Elevation of Privilege Vulnerability
- CVE-2024-43508MEDIUMCVSS 5.5EG 5.52024-10-08
Windows Graphics Component Information Disclosure Vulnerability
- CVE-2024-43534MEDIUMCVSS 6.5EG 6.52024-10-08
Windows Graphics Component Information Disclosure Vulnerability
- CVE-2024-43537MEDIUMCVSS 6.5EG 6.52024-10-08
Windows Mobile Broadband Driver Denial of Service Vulnerability
- CVE-2024-43538MEDIUMCVSS 6.5EG 6.52024-10-08
Windows Mobile Broadband Driver Denial of Service Vulnerability
- CVE-2024-43540MEDIUMCVSS 6.5EG 6.52024-10-08
Windows Mobile Broadband Driver Denial of Service Vulnerability
- CVE-2024-43542MEDIUMCVSS 6.5EG 6.52024-10-08
Windows Mobile Broadband Driver Denial of Service Vulnerability
- CVE-2024-43555MEDIUMCVSS 6.5EG 6.52024-10-08
Windows Mobile Broadband Driver Denial of Service Vulnerability
- CVE-2024-43557MEDIUMCVSS 6.5EG 6.52024-10-08
Windows Mobile Broadband Driver Denial of Service Vulnerability
- CVE-2024-43558MEDIUMCVSS 6.5EG 6.52024-10-08
Windows Mobile Broadband Driver Denial of Service Vulnerability
- CVE-2024-43561MEDIUMCVSS 6.5EG 6.52024-10-08
Windows Mobile Broadband Driver Denial of Service Vulnerability
- CVE-2024-43562HIGHCVSS 7.5EG 7.52024-10-08
Windows Network Address Translation (NAT) Denial of Service Vulnerability
- CVE-2024-43565HIGHCVSS 7.5EG 7.52024-10-08
Windows Network Address Translation (NAT) Denial of Service Vulnerability
- CVE-2024-43634MEDIUMCVSS 6.8EG 6.82024-11-12
Windows USB Video Class System Driver Elevation of Privilege Vulnerability
- CVE-2024-43637MEDIUMCVSS 6.8EG 6.82024-11-12
Windows USB Video Class System Driver Elevation of Privilege Vulnerability
- CVE-2024-43638MEDIUMCVSS 6.8EG 6.82024-11-12
Windows USB Video Class System Driver Elevation of Privilege Vulnerability
- CVE-2024-43643MEDIUMCVSS 6.8EG 6.82024-11-12
Windows USB Video Class System Driver Elevation of Privilege Vulnerability
- CVE-2024-43644HIGHCVSS 7.8EG 7.82024-11-12
Windows Client-Side Caching Elevation of Privilege Vulnerability
- CVE-2024-43877HIGHCVSS 7.1EG 7.12024-08-21
In the Linux kernel, the following vulnerability has been resolved: media: pci: ivtv: Add check for DMA map result In case DMA fails, 'dma->SG_length' is 0. This value is later used to access 'dma->SGarray[dma->SG_length - 1]', which wil…
- CVE-2024-43878HIGHCVSS 7.1EG 7.12024-08-21
In the Linux kernel, the following vulnerability has been resolved: xfrm: Fix input error path memory access When there is a misconfiguration of input state slow path KASAN report error. Fix this error. west login: [ 52.987278] eth1: r…
- CVE-2024-44134MEDIUMCVSS 5.5EG 5.52024-09-17
This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sequoia 15. An app may be able to read sensitive location information.
- CVE-2024-44161MEDIUMCVSS 5.5EG 5.52024-09-17
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Sequoia 15, macOS Sonoma 14.7, macOS Ventura 13.7. Processing a maliciously crafted texture may lead to unexpected app termination.
- CVE-2024-44199HIGHCVSS 7.1EG 7.12025-03-21
An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Sonoma 14.6. An app may be able to cause unexpected system termination or read kernel memory.
- CVE-2024-44236MEDIUMCVSS 5.5EG 6.52024-10-28
An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in macOS Sequoia 15.1, macOS Sonoma 14.7.1, macOS Ventura 13.7.1. Processing a maliciously crafted file may lead to unexpected app termination.
- CVE-2024-44237MEDIUMCVSS 5.5EG 6.52024-10-28
An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in macOS Sequoia 15.1, macOS Sonoma 14.7.1, macOS Ventura 13.7.1. Processing a maliciously crafted file may lead to unexpected app termination.
- CVE-2024-44246MEDIUMCVSS 5.3EG 4.32024-12-12
The issue was addressed with improved routing of Safari-originated requests. This issue is fixed in Safari 18.2, iOS 18.2 and iPadOS 18.2, iPadOS 17.7.3, macOS Sequoia 15.2. On a device with Private Relay enabled, adding a website to the S…
- CVE-2024-44279MEDIUMCVSS 5.5EG 6.52024-10-28
An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Sequoia 15.1, macOS Sonoma 14.7.1, macOS Ventura 13.7.1. Parsing a file may lead to disclosure of user information.
- CVE-2024-44281MEDIUMCVSS 5.5EG 5.52024-10-28
An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Sequoia 15.1, macOS Sonoma 14.7.1, macOS Ventura 13.7.1. Parsing a file may lead to disclosure of user information.
- CVE-2024-44282MEDIUMCVSS 5.5EG 6.52024-10-28
An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 17.7.1 and iPadOS 17.7.1, iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1, macOS Sonoma 14.7.1, macOS Ventura 13.7.1, tvOS 18.1, visionOS 2.1, watc…
- CVE-2024-44283MEDIUMCVSS 5.5EG 6.52024-10-28
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Sequoia 15.1, macOS Sonoma 14.7.1, macOS Ventura 13.7.1. Parsing a maliciously crafted file may lead to an unexpected app termination.
- CVE-2024-44460HIGHCVSS 7.5EG 7.52024-09-12
An invalid read size in Nanomq v0.21.9 allows attackers to cause a Denial of Service (DoS).
- CVE-2024-44910HIGHCVSS 7.5EG 7.52024-09-27
NASA CryptoLib v1.3.0 was discovered to contain an Out-of-Bounds read via the AOS subsystem (crypto_aos.c).
- CVE-2024-44911HIGHCVSS 7.5EG 7.52024-09-27
NASA CryptoLib v1.3.0 was discovered to contain an Out-of-Bounds read via the TC subsystem (crypto_tc.c).
- CVE-2024-44912HIGHCVSS 7.5EG 7.52024-09-27
NASA CryptoLib v1.3.0 was discovered to contain an Out-of-Bounds read via the TM subsystem (crypto_tm.c).
- CVE-2024-44993HIGHCVSS 7.1EG 7.12024-09-04
In the Linux kernel, the following vulnerability has been resolved: drm/v3d: Fix out-of-bounds read in `v3d_csd_job_run()` When enabling UBSAN on Raspberry Pi 5, we get the following warning: [ 387.894977] UBSAN: array-index-out-of-bou…
- CVE-2024-45070MEDIUMCVSS 5.5EG 5.52025-01-07
in OpenHarmony v4.1.2 and prior versions allow a local attacker cause information leak through out-of-bounds Read.
- CVE-2024-45111MEDIUMCVSS 5.5EG 5.52024-09-13
Illustrator versions 28.6, 27.9.5 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploita…
- CVE-2024-45145MEDIUMCVSS 5.5EG 5.52024-10-09
Lightroom Desktop versions 7.4.1, 13.5, 12.5.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as A…
- CVE-2024-45147MEDIUMCVSS 5.5EG 5.52024-11-12
Bridge versions 13.0.9, 14.1.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitatio…
- CVE-2024-45182MEDIUMCVSS 5.5EG 5.52024-09-12
An issue was discovered in WibuKey64.sys in WIBU-SYSTEMS WibuKey before v6.70 and fixed in v.6.70 An improper bounds check allows specially crafted packets to cause an arbitrary address read, resulting in Denial of Service.
- CVE-2024-45463HIGHCVSS 7.8EG 7.82024-10-08
A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Tecnomatix Plant Sim…
- CVE-2024-45464HIGHCVSS 7.8EG 7.82024-10-08
A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Tecnomatix Plant Sim…
- CVE-2024-45465HIGHCVSS 7.8EG 7.82024-10-08
A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Tecnomatix Plant Sim…
- CVE-2024-45466HIGHCVSS 7.8EG 7.82024-10-08
A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Tecnomatix Plant Sim…
- CVE-2024-45520HIGHCVSS 7.5EG 7.52024-12-01
WithSecure Atlant (formerly F-Secure Atlant) 1.0.35-1 allows a remote Denial of Service because of memory corruption during scanning of a PE32 file.
- CVE-2024-45546HIGHCVSS 7.8EG 7.82025-01-06
Memory corruption while processing FIPS encryption or decryption IOCTL call invoked from user-space.
- CVE-2024-45548HIGHCVSS 7.8EG 7.82025-01-06
Memory corruption while processing FIPS encryption or decryption validation functionality IOCTL call.
Map vulnerabilities like CWE-125 to your infrastructure
EchelonGraph correlates every CVE — across CWE-125 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →