VYPR

CWE-125

Out-of-bounds Read

BaseDraft

Description

The product reads data past the end, or before the beginning, of the intended buffer.

Hierarchy (View 1000)

Parents

Related attack patterns (CAPEC)

CAPEC-540

CVEs mapped to this weakness (2,466)

page 21 of 124
  • CVE-2026-20751HigMay 12, 2026
    risk 0.54cvss epss 0.00

    Out-of-bounds read for the Intel(R) Data Center Graphics Driver for VMware ESXi software before version 2.0.2 within Ring 1: Device Drivers may allow a denial of service. System software adversary with a privileged user combined with a low complexity attack may enable data…

  • CVE-2025-12056HigNov 19, 2025
    risk 0.54cvss epss 0.00

    Out-of-bounds Read in Shelly Pro 3EM (before v1.4.4) allows Overread Buffers.

  • CVE-2018-12827HigAug 29, 2018
    risk 0.54cvss 7.5epss 0.32

    Adobe Flash Player 30.0.0.134 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.

  • CVE-2018-1303HigMar 26, 2018
    risk 0.54cvss 7.5epss 0.71

    A specially crafted HTTP request header could have crashed the Apache HTTP Server prior to version 2.4.30 due to an out of bound read while preparing data to be cached in shared memory. It could be used as a Denial of Service attack against users of mod_cache_socache. The…

  • CVE-2018-7182HigMar 6, 2018
    risk 0.54cvss 7.5epss 0.30

    The ctl_getitem method in ntpd in ntp-4.2.8p6 before 4.2.8p11 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mode 6 packet with a ntpd instance from 4.2.8p6 through 4.2.8p10.

  • CVE-2017-13875HigDec 25, 2017
    risk 0.54cvss 7.8epss 0.04

    An issue was discovered in certain Apple products. macOS before 10.13.2 is affected. The issue involves the "Intel Graphics Driver" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (out-of-bounds read) via a crafted…

  • CVE-2017-16642HigNov 7, 2017
    risk 0.54cvss 7.5epss 0.26

    In PHP before 5.6.32, 7.x before 7.0.25, and 7.1.x before 7.1.11, an error in the date extension's timelib_meridian handling of 'front of' and 'back of' directives could be used by attackers able to supply date strings to leak information from the interpreter, related to…

  • CVE-2016-9050HigJan 26, 2017
    risk 0.54cvss 8.2epss 0.03

    An exploitable out-of-bounds read vulnerability exists in the client message-parsing functionality of Aerospike Database Server 3.10.0.3. A specially crafted packet can cause an out-of-bounds read resulting in disclosure of memory within the process, the same vulnerability can…

  • CVE-2016-1823HigMay 20, 2016
    risk 0.54cvss 7.8epss 0.05

    The IOHIDDevice::handleReportWithTime function in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (out-of-bounds read and memory corruption)…

  • CVE-2015-8397HigJan 12, 2016
    risk 0.54cvss 8.2epss 0.04

    The JPEGLSCodec::DecodeExtent function in MediaStorageAndFileFormat/gdcmJPEGLSCodec.cxx in Grassroots DICOM (aka GDCM) before 2.6.2 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (application crash) via an embedded…

  • CVE-2026-54413HigJun 14, 2026
    risk 0.53cvss 8.2epss 0.00

    driftregion iso14229 through 0.9.0 contains an integer underflow and downstream out-of-bounds read in the Handle_0x27_SecurityAccess() function in iso14229.c that allows a remote unauthenticated attacker to crash a UDS server and potentially read memory past the receive buffer…

  • CVE-2026-54412HigJun 14, 2026
    risk 0.53cvss 8.2epss 0.00

    LiamBindle MQTT-C through version 1.1.6 contains a heap-based out-of-bounds read and integer underflow in the mqtt_unpack_publish_response() function in src/mqtt.c that allows a remote unauthenticated attacker controlling an MQTT broker - or able to inject MQTT traffic into an…

  • CVE-2026-44822HigJun 9, 2026
    risk 0.53cvss 8.2epss 0.01

    Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information over a network.

  • CVE-2026-11111HigJun 4, 2026
    risk 0.53cvss 8.1epss 0.00

    Out of bounds read in ANGLE in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2026-11015HigJun 4, 2026
    risk 0.53cvss 8.1epss 0.00

    Out of bounds read in WebGPU in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2026-10930HigJun 4, 2026
    risk 0.53cvss 8.1epss 0.00

    Out of bounds read in ANGLE in Google Chrome on Mac prior to 149.0.7827.53 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-45615HigMay 29, 2026
    risk 0.53cvss 8.2epss 0.00

    mouse07410/asn1c is an ASN.1 compiler. In 1.4 and earlier, a memory safety vulnerability was identified in the OER decoding skeleton files generated by asn1c (specifically INTEGER_oer.c). When parsing a maliciously crafted, zero-length OER payload for a variable-length,…

  • CVE-2026-48132HigMay 26, 2026
    risk 0.53cvss 8.1epss 0.02

    The Security Gateway does not correctly validate a length value in certain IKE packets when NAT-T is used (4500/UDP). As a result, a specially crafted or malformed packet can cause the VPN processing service to terminate unexpectedly, leading to denial of service (temporary…

  • CVE-2026-41071HigMay 22, 2026
    risk 0.53cvss 8.1epss 0.00

    libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and prior, a crafted HEIF sequence file where the saiz box declares more samples than actually exist in the track's chunk table causes a heap-buffer-overflow (out-of-bounds read) in the…

  • CVE-2026-8092HigMay 7, 2026
    risk 0.53cvss 8.1epss 0.00

    Memory safety bugs present in Firefox ESR 115.35.1, Firefox ESR 140.10.1 and Firefox 150.0.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was…