CWE-125— Out-of-bounds Read
7,810 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-125page 67 of 157
- CVE-2021-3947MEDIUMCVSS 5.5EG 5.52022-02-18
A stack-buffer-overflow was found in QEMU in the NVME component. The flaw lies in nvme_changed_nslist() where a malicious guest controlling certain input can read out of bounds memory. A malicious user could use this flaw leading to disclo…
- CVE-2021-39637MEDIUMCVSS 4.4EG 4.42021-12-15
In CreateDeviceInfo of trusty_remote_provisioning_context.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction …
- CVE-2021-39657MEDIUMCVSS 4.4EG 4.42021-12-15
In ufshcd_eh_device_reset_handler of ufshcd.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed fo…
- CVE-2021-39664MEDIUMCVSS 5.5EG 5.52022-02-11
In LoadedPackage::Load of LoadedArsc.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure when parsing an APK file with no additional execution privileges needed. User i…
- CVE-2021-39666MEDIUMCVSS 5.5EG 5.52022-02-11
In extract of MediaMetricsItem.h, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for e…
- CVE-2021-39677HIGHCVSS 7.5EG 7.52022-02-11
In startVideoStream() there is a possibility of an OOB Read in the heap, when the camera buffer is ‘zero’ in size.Product: AndroidVersions: Android-11Android ID: A-205097028
- CVE-2021-39687MEDIUMCVSS 5.5EG 5.52022-02-11
In HandleTransactionIoEvent of actuator_driver.cc, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is no…
- CVE-2021-39688MEDIUMCVSS 5.5EG 5.52022-02-11
In TBD of TBD, there is a possible out of bounds read due to TBD. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: And…
- CVE-2021-39711MEDIUMCVSS 4.4EG 4.42022-03-16
In bpf_prog_test_run_skb of test_run.c, there is a possible out of bounds read due to Incorrect Size Value. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploit…
- CVE-2021-39717MEDIUMCVSS 4.4EG 4.42022-03-16
In iaxxx_btp_write_words of iaxxx-btp.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for e…
- CVE-2021-39722MEDIUMCVSS 4.4EG 4.42022-03-16
In ProtocolStkProactiveCommandAdapter::Init of protocolstkadapter.cpp, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User i…
- CVE-2021-39724MEDIUMCVSS 4.4EG 4.42022-03-16
In TuningProviderBase::GetTuningTreeSet of tuning_provider_base.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interac…
- CVE-2021-39726HIGHCVSS 7.5EG 7.52022-03-16
In cd_ParseMsg of cd_codec.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for expl…
- CVE-2021-39730MEDIUMCVSS 4.4EG 4.42022-03-16
In TBD of TBD, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidV…
- CVE-2021-39762HIGHCVSS 7.5EG 7.52022-03-30
In tremolo, there is a possible out of bounds read due to an integer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: Androi…
- CVE-2021-39774MEDIUMCVSS 5.5EG 5.52022-03-30
In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: Android…
- CVE-2021-39803MEDIUMCVSS 6.5EG 6.52022-04-12
In ~Impl of C2AllocatorIon.cpp, there is a possible out of bounds read due to a use after free. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Pr…
- CVE-2021-39805MEDIUMCVSS 6.5EG 6.52022-04-12
In l2cble_process_sig_cmd of l2c_ble.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure through Bluetooth with no additional execution privileges needed. User interact…
- CVE-2021-39809HIGHCVSS 7.5EG 7.52022-04-12
In avrc_ctrl_pars_vendor_rsp of avrc_pars_ct.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not…
- CVE-2021-39821HIGHCVSS 7.8EG 7.82021-09-29
Adobe InDesign versions 16.3 (and earlier), and 16.3.1 (and earlier) are affected by an out-of-bounds read vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires …
- CVE-2021-39833LOWCVSS 3.3EG 3.32021-09-29
Adobe Framemaker versions 2019 Update 8 (and earlier) and 2020 Release Update 2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerabil…
- CVE-2021-39834LOWCVSS 3.3EG 3.32021-09-29
Adobe Framemaker versions 2019 Update 8 (and earlier) and 2020 Release Update 2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerabil…
- CVE-2021-39844LOWCVSS 3.3EG 3.32021-09-29
Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of arbitrary memory information in the…
- CVE-2021-39858LOWCVSS 3.3EG 3.32021-09-29
Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of arbitrary memory information in the…
- CVE-2021-39861MEDIUMCVSS 5.5EG 5.52021-09-29
Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of arbitrary memory information in the…
- CVE-2021-39862LOWCVSS 3.3EG 3.32021-09-29
Adobe Framemaker versions 2019 Update 8 (and earlier) and 2020 Release Update 2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerabil…
- CVE-2021-39865LOWCVSS 3.3EG 3.32021-09-29
Adobe Framemaker versions 2019 Update 8 (and earlier) and 2020 Release Update 2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerabil…
- CVE-2021-39974HIGHCVSS 7.5EG 7.52022-01-03
There is an Out-of-bounds read in Smartphones.Successful exploitation of this vulnerability may affect service confidentiality.
- CVE-2021-3998HIGHCVSS 7.5EG 7.52022-08-24
A flaw was found in glibc. The realpath() function can mistakenly return an unexpected value, potentially leading to information leakage and disclosure of sensitive data.
- CVE-2021-39984HIGHCVSS 7.5EG 7.52022-01-03
Huawei idap module has a Out-of-bounds Read vulnerability.Successful exploitation of this vulnerability may cause Denial of Service.
- CVE-2021-39995MEDIUMCVSS 6.5EG 6.52021-11-29
Some Huawei products use the OpenHpi software for hardware management. A function that parses data returned by OpenHpi contains an out-of-bounds read vulnerability that could lead to a denial of service. Affected product versions include: …
- CVE-2021-40019CRITICALCVSS 9.1EG 9.12022-09-16
Out-of-bounds heap read vulnerability in the HW_KEYMASTER module. Successful exploitation of this vulnerability may cause out-of-bounds access.
- CVE-2021-40020HIGHCVSS 7.5EG 7.52022-01-10
There is an Out-of-bounds array read vulnerability in the security storage module in smartphones. Successful exploitation of this vulnerability may affect service confidentiality.
- CVE-2021-40050CRITICALCVSS 9.8EG 9.82022-03-10
There is an out-of-bounds read vulnerability in the IFAA module. Successful exploitation of this vulnerability may cause stack overflow.
- CVE-2021-40154MEDIUMCVSS 6.1EG 6.12021-12-01
NXP LPC55S69 devices before A3 have a buffer over-read via a crafted wlength value in a GET Descriptor Configuration request during use of USB In-System Programming (ISP) mode. This discloses protected flash memory.
- CVE-2021-40155HIGHCVSS 7.8EG 7.82021-09-15
A maliciously crafted DWG file in Autodesk Navisworks 2019, 2020, 2021, 2022 can be forced to read beyond allocated boundaries when parsing the DWG files. This vulnerability can be exploited to execute arbitrary code.
- CVE-2021-40158HIGHCVSS 7.8EG 7.82022-01-25
A maliciously crafted JT file in Autodesk Inventor 2022, 2021, 2020, 2019 and AutoCAD 2022 may be forced to read beyond allocated boundaries when parsing the JT file. This vulnerability in conjunction with other vulnerabilities could lead …
- CVE-2021-40160HIGHCVSS 7.8EG 7.82021-12-23
PDFTron prior to 9.0.7 version may be forced to read beyond allocated boundaries when parsing a maliciously crafted PDF file. This vulnerability can be exploited to execute arbitrary code.
- CVE-2021-40162HIGHCVSS 7.8EG 7.82022-10-07
A maliciously crafted TIF, PICT, TGA, or RLC files in Autodesk Image Processing component may be forced to read beyond allocated boundaries when parsing the TIFF, PICT, TGA, or RLC files. This vulnerability may be exploited to execute arbi…
- CVE-2021-40167HIGHCVSS 7.8EG 7.82022-01-25
A malicious crafted dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by read access violation. This vulnerability in conjunction with other vulnerabilities could lead to code…
- CVE-2021-4034HIGHCVSS 7.8EG 9.0⚠ KEV2022-01-28
A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current ve…
- CVE-2021-40400HIGHCVSS 7.5EG 7.52022-04-14
An out-of-bounds read vulnerability exists in the RS-274X aperture macro outline primitive functionality of Gerbv 2.7.0 and dev (commit b5f1eacd) and the forked version of Gerbv (commit d7f42a9a). A specially-crafted Gerber file can lead t…
- CVE-2021-40402HIGHCVSS 7.5EG 7.52022-04-14
An out-of-bounds read vulnerability exists in the RS-274X aperture macro multiple outline primitives functionality of Gerbv 2.7.0 and dev (commit b5f1eacd), and Gerbv forked 2.7.1 and 2.8.0. A specially-crafted Gerber file can lead to info…
- CVE-2021-40424MEDIUMCVSS 6.5EG 6.52022-04-14
An out-of-bounds read vulnerability exists in the IOCTL GetProcessCommand and B_03 of Webroot Secure Anywhere 21.4. A specially-crafted executable can lead to denial of service. An attacker can issue an ioctl to trigger this vulnerability.…
- CVE-2021-40425MEDIUMCVSS 6.5EG 6.52022-04-14
An out-of-bounds read vulnerability exists in the IOCTL GetProcessCommand and B_03 of Webroot Secure Anywhere 21.4. A specially-crafted executable can lead to denial of service. An attacker can issue an ioctl to trigger this vulnerability.…
- CVE-2021-4048CRITICALCVSS 9.1EG 9.12021-12-08
An out-of-bounds read flaw was found in the CLARRV, DLARRV, SLARRV, and ZLARRV functions in lapack through version 3.10.0, as also used in OpenBLAS before version 0.3.18. Specially crafted inputs passed to these functions could cause an ap…
- CVE-2021-40516HIGHCVSS 7.5EG 7.52021-09-05
WeeChat before 3.2.1 allows remote attackers to cause a denial of service (crash) via a crafted WebSocket frame that trigger an out-of-bounds read in plugins/relay/relay-websocket.c in the Relay plugin.
- CVE-2021-40606MEDIUMCVSS 5.5EG 5.52022-06-28
The gf_bs_write_data function in GPAC 1.0.1 allows attackers to cause a denial of service via a crafted file in the MP4Box command.
- CVE-2021-40697LOWCVSS 3.3EG 3.32021-09-29
Adobe Framemaker versions 2019 Update 8 (and earlier) and 2020 Release Update 2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerabil…
- CVE-2021-40716MEDIUMCVSS 5.5EG 5.52021-09-29
XMP Toolkit SDK versions 2021.07 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploit…
Map vulnerabilities like CWE-125 to your infrastructure
EchelonGraph correlates every CVE — across CWE-125 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →