VYPR

CWE-125

Out-of-bounds Read

BaseDraft

Description

The product reads data past the end, or before the beginning, of the intended buffer.

Hierarchy (View 1000)

Parents

Related attack patterns (CAPEC)

CAPEC-540

CVEs mapped to this weakness (2,466)

page 110 of 124
  • CVE-2026-56370lowApr 14, 2026
    risk 0.07cvss epss 0.00

    When the `connected-components:*` define specifies an invalid index and out of bound operation will result in an access violation.

  • CVE-2024-32482LowApr 23, 2024
    risk 0.07cvss 2.2epss 0.00

    The Tillitis TKey signer device application is an ed25519 signing tool. A vulnerability has been found that makes it possible to disclose portions of the TKey’s data in RAM over the USB interface. To exploit the vulnerability an attacker needs to use a custom client…

  • CVE-2018-7254HigFeb 19, 2018
    risk 0.04cvss 7.8epss 0.10

    The ParseCaffHeaderConfig function of the cli/caff.c file of WavPack 5.1.0 allows a remote attacker to cause a denial-of-service (global buffer over-read), or possibly trigger a buffer overflow or incorrect memory allocation, via a maliciously crafted CAF file.

  • CVE-2004-1940Dec 31, 2004
    risk 0.03cvss epss 0.04

    sipclient.cpp in KPhone 4.0.1 and earlier allows remote attackers to cause a denial of service (crash) via a STUN response packet with a large attrLen value that causes an out-of-bounds read.

  • CVE-2009-2523Nov 11, 2009
    risk 0.02cvss epss 0.26

    The License Logging Server (llssrv.exe) in Microsoft Windows 2000 SP4 allows remote attackers to execute arbitrary code via an RPC message containing a string without a null terminator, which triggers a heap-based buffer overflow in the LlsrLicenseRequestW method, aka "License…

  • CVE-2018-8139HigMay 9, 2018
    risk 0.01cvss 7.5epss 0.67

    A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka "Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-0945,…

  • CVE-2007-3847Aug 23, 2007
    risk 0.01cvss epss 0.13

    The date handling code in modules/proxy/proxy_util.c (mod_proxy) in Apache 2.3.0, when using a threaded MPM, allows remote origin servers to cause a denial of service (caching forward proxy process crash) via crafted date headers that trigger a buffer over-read.

  • CVE-2004-0112Nov 23, 2004
    risk 0.01cvss epss 0.10

    The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake…

  • CVE-2026-54500Jun 19, 2026
    risk 0.00cvss epss

    ### Summary `Oj.load` in `:object` mode reads uninitialized stack memory (and, for long keys, reads out of bounds) when parsing a JSON object whose key is 254 bytes or longer. The interned bytes can surface to the caller, disclosing process stack memory. ### Details In…

  • CVE-2026-55093Jun 18, 2026
    risk 0.00cvss epss

    - **Component:** `tract-nnef` (`nnef/src/tensors.rs::read_tensor`) + `tract-data` (`data/src/tensor.rs`) - **Affected versions:** `< 0.21.16`, `0.22.0`–`0.22.2`, `0.23.0`–`0.23.1` — the dense `DatLoader` path was unguarded across all three release lines; patched in 0.21.16…

  • CVE-2026-12568Jun 17, 2026
    risk 0.00cvss epss 0.00

    The postman_download module uses the workspace name field from the Postman API to construct the local directory path without sanitization. If a malicious workspace has a name containing path traversal characters, pathlib resolves the path outside the intended output directory,…

  • CVE-2026-33817Apr 6, 2026
    risk 0.00cvss epss

    Rejected reason: CVE confirmed to be a false positive

  • CVE-2026-33669Mar 26, 2026
    risk 0.00cvss epss 0.01

    SiYuan is a personal knowledge management system. Prior to version 3.6.2, document IDs were retrieved via the /api/file/readDir interface, and then the /api/block/getChildBlocks interface was used to view the content of all documents. Version 3.6.2 patches the issue.

  • CVE-2026-33183Mar 26, 2026
    risk 0.00cvss epss 0.01

    Saloon is a PHP library that gives users tools to build API integrations and SDKs. Prior to version 4.0.0, fixture names were used to build file paths under the configured fixture directory without validation. A name containing path segments (e.g. ../traversal or…

  • CVE-2026-32320Mar 12, 2026
    risk 0.00cvss epss 0.00

    Ella Core is a 5G core designed for private networks. Prior to 1.5.1, Ella Core panics when processing a PathSwitchRequest containing UE Security Capabilities with zero-length NR encryption or integrity protection algorithm bitstrings, resulting in a denial of service. An…

  • CVE-2026-32319Mar 12, 2026
    risk 0.00cvss epss 0.00

    Ella Core is a 5G core designed for private networks. Prior to 1.5.1, Ella Core panics when processing a malformed integrity protected NGAP/NAS message with a length under 7 bytes. An attacker able to send crafted NAS messages to Ella Core can crash the process, causing service…

  • CVE-2026-30935Mar 9, 2026
    risk 0.00cvss epss 0.00

    ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16, BilateralBlurImage contains a heap buffer over-read caused by an incorrect conversion. When processing a crafted image with the -bilateral-blur operation an…

  • CVE-2026-28693Mar 9, 2026
    risk 0.00cvss epss 0.00

    ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, an integer overflow in DIB coder can result in out of bounds read or write. This vulnerability is fixed in 7.1.2-16 and 6.9.13-41.

  • CVE-2026-28692Mar 9, 2026
    risk 0.00cvss epss 0.00

    ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, MAT decoder uses 32-bit arithmetic due to incorrect parenthesization resulting in a heap over-read. This vulnerability is fixed in 7.1.2-16…

  • CVE-2026-27798Feb 25, 2026
    risk 0.00cvss epss 0.00

    ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap buffer over-read vulnerability occurs when processing an image with small dimension using the `-wavelet-denoise` operator. Versions…