CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Related To CWE-125

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2023-22485 125 2023-01-24 2023-01-24
0.0
None ??? ??? ??? ??? ??? ???
cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. In versions prior 0.29.0.gfm.7, a crafted markdown document can trigger an out-of-bounds read in the `validate_protocol` function. We believe this bug is harmless in practice, because the out-of-bounds read accesses `malloc` metadata without causing any visible damage.This vulnerability has been patched in 0.29.0.gfm.7.
2 CVE-2023-21614 125 Bypass 2023-01-18 2023-01-26
0.0
None ??? ??? ??? ??? ??? ???
Adobe Acrobat Reader versions 22.003.20282 (and earlier), 22.003.20281 (and earlier) and 20.005.30418 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
3 CVE-2023-21613 125 Bypass 2023-01-18 2023-01-26
0.0
None ??? ??? ??? ??? ??? ???
Adobe Acrobat Reader versions 22.003.20282 (and earlier), 22.003.20281 (and earlier) and 20.005.30418 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
4 CVE-2023-21603 125 Bypass 2023-01-18 2023-01-25
0.0
None ??? ??? ??? ??? ??? ???
Adobe Dimension version 3.4.6 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
5 CVE-2023-21599 125 Bypass 2023-01-13 2023-01-23
0.0
None ??? ??? ??? ??? ??? ???
Adobe InCopy versions 18.0 (and earlier), 17.4 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
6 CVE-2023-21592 125 Bypass 2023-01-13 2023-01-23
0.0
None ??? ??? ??? ??? ??? ???
Adobe InDesign version 18.0 (and earlier), 17.4 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
7 CVE-2023-21591 125 Bypass 2023-01-13 2023-01-23
0.0
None ??? ??? ??? ??? ??? ???
Adobe InDesign version 18.0 (and earlier), 17.4 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
8 CVE-2023-21585 125 Bypass 2023-01-18 2023-01-26
0.0
None ??? ??? ??? ??? ??? ???
Adobe Acrobat Reader versions 22.003.20282 (and earlier), 22.003.20281 (and earlier) and 20.005.30418 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
9 CVE-2023-21581 125 Bypass 2023-01-18 2023-01-26
0.0
None ??? ??? ??? ??? ??? ???
Adobe Acrobat Reader versions 22.003.20282 (and earlier), 22.003.20281 (and earlier) and 20.005.30418 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
10 CVE-2023-0049 125 2023-01-04 2023-01-12
0.0
None ??? ??? ??? ??? ??? ???
Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.1143.
11 CVE-2022-47943 125 2022-12-23 2023-01-23
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in ksmbd in the Linux kernel 5.15 through 5.19 before 5.19.2. There is an out-of-bounds read and OOPS for SMB2_WRITE, when there is a large length in the zero DataOffset case.
12 CVE-2022-47940 125 2022-12-23 2022-12-30
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in ksmbd in the Linux kernel 5.15 through 5.18 before 5.18.18. fs/ksmbd/smb2pdu.c lacks length validation in the non-padding case in smb2_write.
13 CVE-2022-47938 125 2022-12-23 2023-01-23
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in ksmbd in the Linux kernel 5.15 through 5.19 before 5.19.2. fs/ksmbd/smb2misc.c has an out-of-bounds read and OOPS for SMB2_TREE_CONNECT.
14 CVE-2022-47881 125 2023-01-18 2023-01-25
0.0
None ??? ??? ??? ??? ??? ???
Foxit PDF Reader and PDF Editor 11.2.1.53537 and earlier has an Out-of-Bounds Read vulnerability.
15 CVE-2022-47630 125 +Info 2023-01-16 2023-01-24
0.0
None ??? ??? ??? ??? ??? ???
Trusted Firmware-A through 2.8 has an out-of-bounds read in the X.509 parser for parsing boot certificates. This affects downstream use of get_ext and auth_nvctr. Attackers might be able to trigger dangerous read side effects or obtain sensitive information about microarchitectural state.
16 CVE-2022-47520 125 2022-12-18 2023-01-13
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in the Linux kernel before 6.0.11. Missing offset validation in drivers/net/wireless/microchip/wilc1000/hif.c in the WILC1000 wireless driver can trigger an out-of-bounds read when parsing a Robust Security Network (RSN) information element from a Netlink packet.
17 CVE-2022-46741 125 2022-12-07 2022-12-09
0.0
None ??? ??? ??? ??? ??? ???
Out-of-bounds read in gather_tree in PaddlePaddle before 2.4.
18 CVE-2022-46360 125 Exec Code +Info 2023-01-03 2023-01-10
0.0
None ??? ??? ??? ??? ??? ???
Out-of-bounds read vulnerability in V-SFT v6.1.7.0 and earlier and TELLUS v4.0.12.0 and earlier allows a local attacker to obtain the information and/or execute arbitrary code by having a user to open a specially crafted image file.
19 CVE-2022-46349 125 Exec Code 2022-12-13 2022-12-15
0.0
None ??? ??? ??? ??? ??? ???
A vulnerability has been identified in Parasolid V33.1 (All versions < V33.1.264), Parasolid V34.0 (All versions < V34.0.252), Parasolid V34.1 (All versions < V34.1.242), Parasolid V35.0 (All versions < V35.0.170). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted X_B files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-19384)
20 CVE-2022-46344 125 Exec Code 2022-12-14 2022-12-27
0.0
None ??? ??? ??? ??? ??? ???
A vulnerability was found in X.Org. This security flaw occurs because the handler for the XIChangeProperty request has a length-validation issues, resulting in out-of-bounds memory reads and potential information disclosure. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions.
21 CVE-2022-46320 125 2022-12-20 2022-12-24
0.0
None ??? ??? ??? ??? ??? ???
The kernel module has an out-of-bounds read vulnerability. Successful exploitation of this vulnerability may cause memory overwriting.
22 CVE-2022-46317 125 2022-12-20 2022-12-24
0.0
None ??? ??? ??? ??? ??? ???
The power consumption module has an out-of-bounds read vulnerability. Successful exploitation of this vulnerability may affect system availability.
23 CVE-2022-46149 125 2022-11-30 2022-12-10
0.0
None ??? ??? ??? ??? ??? ???
Cap'n Proto is a data interchange format and remote procedure call (RPC) system. Cap'n Proro prior to versions 0.7.1, 0.8.1, 0.9.2, and 0.10.3, as well as versions of Cap'n Proto's Rust implementation prior to 0.13.7, 0.14.11, and 0.15.2 are vulnerable to out-of-bounds read due to logic error handling list-of-list. This issue may lead someone to remotely segfault a peer by sending it a malicious message, if the victim performs certain actions on a list-of-pointer type. Exfiltration of memory is possible if the victim performs additional certain actions on a list-of-pointer type. To be vulnerable, an application must perform a specific sequence of actions, described in the GitHub Security Advisory. The bug is present in inlined code, therefore the fix will require rebuilding dependent applications. Cap'n Proto has C++ fixes available in versions 0.7.1, 0.8.1, 0.9.2, and 0.10.3. The `capnp` Rust crate has fixes available in versions 0.13.7, 0.14.11, and 0.15.2.
24 CVE-2022-45909 125 2022-11-26 2022-12-13
0.0
None ??? ??? ??? ??? ??? ???
drachtio-server before 0.8.19 has a heap-based buffer over-read via a long Request-URI in an INVITE request.
25 CVE-2022-45484 125 Exec Code 2022-12-13 2022-12-20
0.0
None ??? ??? ??? ??? ??? ???
A vulnerability has been identified in JT2Go (All versions), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.8), Teamcenter Visualization V13.3 (All versions >= V13.3.0.8), Teamcenter Visualization V14.0 (All versions < V14.0.0.4), Teamcenter Visualization V14.0 (All versions >= V14.0.0.4), Teamcenter Visualization V14.1 (All versions < V14.1.0.6). The CCITT_G4Decode.dll contains an out of bounds read vulnerability when parsing a RAS file. An attacker can leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-19056)
26 CVE-2022-45315 125 Exec Code 2022-12-05 2022-12-07
0.0
None ??? ??? ??? ??? ??? ???
Mikrotik RouterOs before stable v7.6 was discovered to contain an out-of-bounds read in the snmp process. This vulnerability allows attackers to execute arbitrary code via a crafted packet.
27 CVE-2022-45313 125 Exec Code 2022-12-05 2022-12-07
0.0
None ??? ??? ??? ??? ??? ???
Mikrotik RouterOs before stable v7.5 was discovered to contain an out-of-bounds read in the hotspot process. This vulnerability allows attackers to execute arbitrary code via a crafted nova message.
28 CVE-2022-44940 125 2022-12-19 2022-12-27
0.0
None ??? ??? ??? ??? ??? ???
Patchelf v0.9 was discovered to contain an out-of-bounds read via the function modifyRPath at src/patchelf.cc.
29 CVE-2022-44648 125 Exec Code +Info 2022-12-12 2022-12-13
0.0
None ??? ??? ??? ??? ??? ???
An Out-of-bounds read vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to disclose sensitive information on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is similar to, but not the same as CVE-2022-44647.
30 CVE-2022-44647 125 Exec Code +Info 2022-12-12 2022-12-13
0.0
None ??? ??? ??? ??? ??? ???
An Out-of-bounds read vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to disclose sensitive information on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is similar to, but not the same as CVE-2022-44648.
31 CVE-2022-44502 125 Bypass 2022-12-16 2022-12-21
0.0
None ??? ??? ??? ??? ??? ???
Adobe Illustrator versions 26.5.1 (and earlier), and 27.0 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
32 CVE-2022-44500 125 Bypass 2022-12-16 2022-12-21
0.0
None ??? ??? ??? ??? ??? ???
Adobe Illustrator versions 26.5.1 (and earlier), and 27.0 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
33 CVE-2022-44499 125 Bypass 2022-12-16 2022-12-21
0.0
None ??? ??? ??? ??? ??? ???
Adobe Illustrator versions 26.5.1 (and earlier), and 27.0 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
34 CVE-2022-44498 125 Bypass 2022-12-16 2022-12-21
0.0
None ??? ??? ??? ??? ??? ???
Adobe Illustrator versions 26.5.1 (and earlier), and 27.0 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
35 CVE-2022-44446 125 DoS 2023-01-04 2023-01-10
0.0
None ??? ??? ??? ??? ??? ???
In wlan driver, there is a possible missing bounds check. This could lead to local denial of service in wlan services.
36 CVE-2022-44445 125 DoS 2023-01-04 2023-01-10
0.0
None ??? ??? ??? ??? ??? ???
In wlan driver, there is a possible missing bounds check. This could lead to local denial of service in wlan services.
37 CVE-2022-44443 125 DoS 2023-01-04 2023-01-10
0.0
None ??? ??? ??? ??? ??? ???
In wlan driver, there is a possible missing bounds check. This could lead to local denial of service in wlan services.
38 CVE-2022-44442 125 DoS 2023-01-04 2023-01-10
0.0
None ??? ??? ??? ??? ??? ???
In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services.
39 CVE-2022-44441 125 DoS 2023-01-04 2023-01-10
0.0
None ??? ??? ??? ??? ??? ???
In wlan driver, there is a possible missing bounds check. This could lead to local denial of service in wlan services.
40 CVE-2022-44440 125 DoS 2023-01-04 2023-01-10
0.0
None ??? ??? ??? ??? ??? ???
In wlan driver, there is a possible missing bounds check. This could lead to local denial of service in wlan services.
41 CVE-2022-44311 125 DoS 2022-11-08 2022-11-09
0.0
None ??? ??? ??? ??? ??? ???
html2xhtml v1.3 was discovered to contain an Out-Of-Bounds read in the function static void elm_close(tree_node_t *nodo) at procesador.c. This vulnerability allows attackers to access sensitive files or cause a Denial of Service (DoS) via a crafted html file.
42 CVE-2022-44081 125 2022-10-31 2022-11-01
0.0
None ??? ??? ??? ??? ??? ???
Lodepng v20220717 was discovered to contain a segmentation fault via the function pngdetail.
43 CVE-2022-43995 125 2022-11-02 2022-12-06
0.0
None ??? ??? ??? ??? ??? ???
Sudo 1.8.0 through 1.9.12, with the crypt() password backend, contains a plugins/sudoers/auth/passwd.c array-out-of-bounds error that can result in a heap-based buffer over-read. This can be triggered by arbitrary local users with access to Sudo by entering a password of seven characters or fewer. The impact could vary depending on the system libraries, compiler, and processor architecture.
44 CVE-2022-43596 125 +Info 2022-12-22 2022-12-30
0.0
None ??? ??? ??? ??? ??? ???
An information disclosure vulnerability exists in the IFFOutput channel interleaving functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to leaked heap data. An attacker can provide malicious input to trigger this vulnerability.
45 CVE-2022-43592 125 +Info 2022-12-22 2022-12-28
0.0
None ??? ??? ??? ??? ??? ???
An information disclosure vulnerability exists in the DPXOutput::close() functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to leaked heap data. An attacker can provide malicious input to trigger this vulnerability.
46 CVE-2022-43359 125 2022-11-07 2022-11-08
0.0
None ??? ??? ??? ??? ??? ???
Gifdec commit 1dcbae19363597314f6623010cc80abad4e47f7c was discovered to contain an out-of-bounds read in the function read_image_data. This vulnerability is triggered when parsing a crafted Gif file.
47 CVE-2022-43282 125 2022-10-28 2022-11-01
0.0
None ??? ??? ??? ??? ??? ???
wasm-interp v1.0.29 was discovered to contain an out-of-bounds read via the component OnReturnCallIndirectExpr->GetReturnCallDropKeepCount.
48 CVE-2022-43280 125 2022-10-28 2022-11-01
0.0
None ??? ??? ??? ??? ??? ???
wasm-interp v1.0.29 was discovered to contain an out-of-bounds read via the component OnReturnCallExpr->GetReturnCallDropKeepCount.
49 CVE-2022-42946 125 Exec Code 2022-12-19 2022-12-28
0.0
None ??? ??? ??? ??? ??? ???
Parsing a maliciously crafted X_B and PRT file can force Autodesk Maya 2023 to read beyond allocated buffer. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.
50 CVE-2022-42905 125 2022-11-07 2023-01-20
0.0
None ??? ??? ??? ??? ??? ???
In wolfSSL before 5.5.2, if callback functions are enabled (via the WOLFSSL_CALLBACKS flag), then a malicious TLS 1.3 client or network attacker can trigger a buffer over-read on the heap of 5 bytes. (WOLFSSL_CALLBACKS is only intended for debugging.)
Total number of vulnerabilities : 4554   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.