Loading...
Loading...
436 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
BACnet Stack before 1.3.2 has a decode function APDU buffer over-read in bacapp_decode_application_data in bacapp.c.
The openssl crate before 0.10.55 for Rust allows an out-of-bounds read via an empty string to X509VerifyParamRef::set_host.
In wolfSSL prior to 5.6.6, if callback functions are enabled (via the WOLFSSL_CALLBACKS flag), then a malicious TLS client or network attacker can trigger a buffer over-read on the heap of 5 bytes (WOLFSSL_CALLBACKS is only intended for de…
Cloudflare version of zlib library was found to be vulnerable to memory corruption issues affecting the deflation algorithm implementation (deflate.c). The issues resulted from improper input validation and heap-based buffer overflow. A lo…
ECMP dissector crash in Wireshark 4.4.0 to 4.4.1 and 4.2.0 to 4.2.8 allows denial of service via packet injection or crafted capture file
A CWE-126 “Buffer Over-read” was discovered affecting the 130.8005 TCP/IP Gateway running firmware version 12h. The information disclosure can be triggered by leveraging a memory leak affecting the web server. A remote unauthenticated …
A buffer overread can occur in the CPC application when operating in full duplex SPI upon receiving an invalid packet over the SPI interface.
A vulnerability in the OLE2 file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to an incorrect check for end-of-stri…
Windows Kernel Information Disclosure Vulnerability
Information Disclosure while parsing beacon frame in STA.
INformation disclosure while handling Multi-link IE in beacon frame.
Information disclosure while handling SA query action frame.
Information disclosure while handling beacon or probe response frame in STA.
Transient DOS while loading the TA ELF file.
Memory corruption while processing key blob passed by the user.
Information disclosure while handling beacon probe frame during scan entry generation in client side.
Transient DOS while parsing a protected 802.11az Fine Time Measurement (FTM) frame.
Transient DOS during music playback of ALAC content.
Transient DOS while decoding attach reject message received by UE, when IEI is set to ESM_IEI.
Transient DOS when registration accept OTA is received with incorrect ciphering key data IE in Modem.
Information disclosure while decoding Tracking Area Update Accept or Attach Accept message received from network.
Transient DOS while processing an improperly formatted Fine Time Measurement (FTM) management frame.
Transient DOS when processing the non-transmitted BSSID profile sub-elements present within the MBSSID Information Element (IE) of a beacon frame that is received from over-the-air (OTA).
Information Disclosure while invoking the mailbox write API when message received from user is larger than mailbox size.
Windows Cloud Files Mini Filter Driver Information Disclosure Vulnerability
Windows Kernel Elevation of Privilege Vulnerability
Windows USB Print Driver Elevation of Privilege Vulnerability
Windows Remote Access Connection Manager Information Disclosure Vulnerability
Windows Remote Access Connection Manager Information Disclosure Vulnerability
Windows Remote Access Connection Manager Information Disclosure Vulnerability
Windows Remote Access Connection Manager Information Disclosure Vulnerability
Windows Remote Access Connection Manager Information Disclosure Vulnerability
Windows Remote Access Connection Manager Information Disclosure Vulnerability
Windows Remote Access Connection Manager Information Disclosure Vulnerability
Windows Remote Access Connection Manager Elevation of Privilege Vulnerability
An malicious BLE device can crash BLE victim device by sending malformed gatt packet
A heap-based buffer over-read vulnerability was found in the X.org server's ProcXIGetSelectedEvents() function. This issue occurs when byte-swapped length values are used in replies, potentially leading to memory leakage and segmentation f…
A heap-based buffer over-read vulnerability was found in the X.org server's ProcXIPassiveGrabDevice() function. This issue occurs when byte-swapped length values are used in replies, potentially leading to memory leakage and segmentation f…
A heap-based buffer over-read vulnerability was found in the X.org server's ProcAppleDRICreatePixmap() function. This issue occurs when byte-swapped length values are used in replies, potentially leading to memory leakage and segmentation …
Transient DOS while parsing the MBSSID IE from the beacons, when the MBSSID IE length is zero.
Transient DOS while parsing the multiple MBSSID IEs from the beacon, when the tag length is non-zero value but with end of beacon.
Transient DOS when driver accesses the ML IE memory and offset value is incremented beyond ML IE length.
Transient DOS while parsing ESP IE from beacon/probe response frame.
Transient DOS while parsing SCAN RNR IE when bytes received from AP is such that the size of the last param of IE is less than neighbor report.
Transient DOS while parsing the received TID-to-link mapping element of the TID-to-link mapping action frame.
Transient DOS while parsing the received TID-to-link mapping action frame.
Transient DOS while processing TID-to-link mapping IE elements.
Transient DOS while parsing the BSS parameter change count or MLD capabilities fields of the ML IE.
Transient DOS while parsing probe response and assoc response frame when received frame length is less than max size of timestamp.
Information disclosure as NPU firmware can send invalid IPC message to NPU driver as the driver doesn`t validate the IPC message received from the firmware.
EchelonGraph correlates every CVE — across CWE-126 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →