CWE-126— Buffer Over-read

Information disclosure may occur while decoding the RTP packet with improper header length for number of contributing sources.

Information disclosure may occur while decoding the RTP packet with invalid header extension from network.

Information disclosure may occur while processing goodbye RTCP packet from network.

Information disclosure when an invalid RTCP packet is received during a VoLTE/VoWiFi IMS call.

libarchive through 3.7.7 has a heap-based buffer over-read in header_gnu_longlink in archive_read_support_format_tar.c via a TAR archive because it mishandles truncation in the middle of a GNU long linkname.

NGINX Open Source and NGINX Plus have a vulnerability in the ngx_http_mp4_module, which might allow an attacker to over-read NGINX worker memory resulting in its termination, using a specially crafted mp4 file. The issue only affects NGINX…

A flaw was found in the freeimage library. Processing a crafted image can cause a buffer over-read of 1 byte in the read_iptc_profile function in the Source/Metadata/IPTC.cpp file because the size of the profile is not being sanitized, cau…

A buffer over-read in Ivanti Secure Access Client before 22.7R4 allows a local unauthenticated attacker to cause a denial of service.

A missing validation check in FreeRTOS-Plus-TCP's ICMPv6 packet processing code can lead to an out-of-bounds read when receiving ICMPv6 packets of certain message types which are smaller than the expected size. These issues only affect ap…

A missing validation check in FreeRTOS-Plus-TCP's IPv6 packet processing code can lead to an out-of-bounds read when receiving a IPv6 packet with incorrect payload lengths in the packet header. This issue only affects applications using I…

pcap_ether_aton() is an auxiliary function in libpcap, it takes a string argument and returns a fixed-size allocated buffer. The string argument must be a well-formed MAC-48 address in one of the supported formats, but this requirement ha…

Insufficient argument validation in OpenVPN 2.7_alpha1 through 2.7_rc1 allows an attacker to trigger a heap buffer over-read when parsing IP addresses

A weakness has been identified in QuickJS up to eb2c89087def1829ed99630cb14b549d7a98408c. This affects the function js_array_buffer_slice of the file quickjs.c. This manipulation causes buffer over-read. The attack is restricted to local e…

.NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability

Buffer over-read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.

Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability

Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability

Memory corruption while processing escape code in API.

Information disclosure while decoding this RTP packet Payload when UE receives the RTP packet from the network.

Memory corruption occurs while connecting a STA to an AP and initiating an ADD TS request from the AP to establish a TSpec session.

Memory corruption occurs while connecting a STA to an AP and initiating an ADD TS request.

Transient DOS while connecting STA to AP and initiating ADD TS request from AP to establish TSpec session.

Transient DOS may occur while parsing EHT operation IE or EHT capability IE.

Transient DOS may occur while parsing extended IE in beacon.

Transient DOS may occur when processing vendor-specific information elements while parsing a WLAN frame for BTM requests.

Transient DOS may occur while parsing SSID in action frames.

Transient DOS may occur while processing malformed length field in SSID IEs.

Transient DOS while processing received beacon frame.

Information disclosure while opening a fastrpc session when domain is not sanitized.

Transient DOS while parsing per STA profile in ML IE.

Transient DOS while processing the EHT operation IE in the received beacon frame.

Memory corruption while processing escape code, when DisplayId is passed with large unsigned value.

Information disclosure when UE receives the RTP packet from the network, while decoding and reassembling the fragments from RTP packet.

Information disclosure while decoding RTP packet received by UE from the network, when payload length mentioned is greater than the available buffer length.

Information disclosure while decoding this RTP packet headers received by UE from the network when the padding bit is set.

Buffer over-read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.

Buffer over-read in Windows NTFS allows an unauthorized attacker to disclose information locally.

Buffer over-read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.

Buffer over-read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.

Buffer over-read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.

Transient DOS while processing the tone measurement response buffer when the response buffer is out of range.

information disclosure while invoking calibration data from user space to update firmware size.

Information disclosure while running video usecase having rogue firmware.

Information disclosure when Video engine escape input data is less than expected minimum size.

Transient DOS while processing video packets received from video firmware.

Information disclosure while processing batch command execution in Video driver.

Transient DOS while processing IOCTL call for image encoding.

Memory corruption during the image encoding process.

Transient DOS while handling beacon frames with invalid IE header length.

Information disclosure while registering commands from clients with diag through diagHal.