CWE-126
Buffer Over-read
Description
The product reads from a buffer using buffer access mechanisms such as indexes or pointers that reference memory locations after the targeted buffer.
Hierarchy (View 1000)
CVEs mapped to this weakness (65)
page 4 of 4| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-27798 | 0.00 | — | 0.00 | Feb 25, 2026 | ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap buffer over-read vulnerability occurs when processing an image with small dimension using the `-wavelet-denoise` operator. Versions… | |||
| CVE-2023-53159 | 0.00 | — | 0.00 | Jul 28, 2025 | The openssl crate before 0.10.55 for Rust allows an out-of-bounds read via an empty string to X509VerifyParamRef::set_host. | |||
| CVE-2025-21176 | 0.00 | — | 0.02 | Jan 14, 2025 | .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability | |||
| CVE-2020-8244 | — | 0.00 | — | 0.02 | Aug 30, 2020 | A buffer over-read vulnerability exists in bl <4.0.3, <3.0.1, <2.2.1, and <1.2.3 which could allow an attacker to supply user input (even typed) that if it ends up in consume() argument and can become negative, the BufferList state can be corrupted, tricking it into exposing… | ||
| CVE-2019-5432 | — | 0.00 | — | 0.02 | May 6, 2019 | A specifically malformed MQTT Subscribe packet crashes MQTT Brokers using the mqtt-packet module versions < 3.5.1, 4.0.0 - 4.1.3, 5.0.0 - 5.6.1, 6.0.0 - 6.1.2 for decoding. |
- CVE-2026-27798Feb 25, 2026risk 0.00cvss —epss 0.00
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap buffer over-read vulnerability occurs when processing an image with small dimension using the `-wavelet-denoise` operator. Versions…
- CVE-2023-53159Jul 28, 2025risk 0.00cvss —epss 0.00
The openssl crate before 0.10.55 for Rust allows an out-of-bounds read via an empty string to X509VerifyParamRef::set_host.
- CVE-2025-21176Jan 14, 2025risk 0.00cvss —epss 0.02
.NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability
- CVE-2020-8244Aug 30, 2020risk 0.00cvss —epss 0.02
A buffer over-read vulnerability exists in bl <4.0.3, <3.0.1, <2.2.1, and <1.2.3 which could allow an attacker to supply user input (even typed) that if it ends up in consume() argument and can become negative, the BufferList state can be corrupted, tricking it into exposing…
- CVE-2019-5432May 6, 2019risk 0.00cvss —epss 0.02
A specifically malformed MQTT Subscribe packet crashes MQTT Brokers using the mqtt-packet module versions < 3.5.1, 4.0.0 - 4.1.3, 5.0.0 - 5.6.1, 6.0.0 - 6.1.2 for decoding.