CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2024-53150 – ALSA: usb-audio: Fix out of bounds reads when finding clock sources
https://notcve.org/view.php?id=CVE-2024-53150
24 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix out of bounds reads when finding clock sources The current USB-audio driver code doesn't check bLength of each descriptor at traversing for clock descriptors. In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix out of bounds reads when finding clock sources The current USB-audio driver code doesn't check bLength of... • https://git.kernel.org/stable/c/a632bdcb359fd8145e86486ff8612da98e239acd •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-11614 – Dpdk: denial of service from malicious guest on hypervisors using dpdk vhost library
https://notcve.org/view.php?id=CVE-2024-11614
18 Dec 2024 — An out-of-bounds read vulnerability was found in DPDK's Vhost library checksum offload feature. This issue enables an untrusted or compromised guest to crash the hypervisor's vSwitch by forging Virtio descriptors to cause out-of-bounds reads. ... Issues addressed include a denial of service vulnerability. • https://access.redhat.com/security/cve/CVE-2024-11614 • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47602 – GHSL-2024-250: Streamer NULL-pointer dereferences and out-of-bounds reads in Matroska/WebM demuxer
https://notcve.org/view.php?id=CVE-2024-47602
11 Dec 2024 — GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference vulnerability has been discovered in the gst_matroska_demux_add_wvpk_header function within matroska-demux.c. This function does not properly check the validity of the stream->codec_priv pointer in the following code. If stream->codec_priv is NULL, the call to GST_READ_UINT16_LE will attempt to dereference a null pointer, leading to a crash of the application. ... An attacker c... • https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8057.patch • CWE-125: Out-of-bounds Read CWE-476: NULL Pointer Dereference •
CVSS: 10.0EPSS: 0%CPEs: 7EXPL: 0CVE-2017-17772 – Multiple buffer overread vulnerabilities in WLAN
https://notcve.org/view.php?id=CVE-2017-17772
26 Nov 2024 — In multiple functions that process 802.11 frames, out-of-bounds reads can occur due to insufficient validation. • https://docs.qualcomm.com/product/publicresources/securitybulletin/may-2018-bulletin.html • CWE-126: Buffer Over-read •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-9371
https://notcve.org/view.php?id=CVE-2018-9371
19 Nov 2024 — In the Mediatek Preloader, there are out of bounds reads and writes due to an exposed interface that allows arbitrary peripheral memory mapping with insufficient blacklisting/whitelisting. This could lead to local elevation of privilege, given physical access to the device with no additional execution privileges needed. • https://source.android.com/security/bulletin/2018-06-01 • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVSS: 5.9EPSS: 0%CPEs: 4EXPL: 0CVE-2024-9143 – Low-level invalid GF(2^m) parameters lead to OOB memory access
https://notcve.org/view.php?id=CVE-2024-9143
16 Oct 2024 — Issue summary: Use of the low-level GF(2^m) elliptic curve APIs with untrusted explicit values for the field polynomial can lead to out-of-bounds memory reads or writes. ... Applications working with "exotic" explicit binary (GF(2^m)) curve parameters, that make it possible to represent invalid field polynomials with a zero constant term, via the above or similar APIs, may terminate abruptly as a result of reading or writing outside of array bounds. Remote co... • https://github.com/openssl/openssl/commit/72ae83ad214d2eef262461365a1975707f862712 • CWE-787: Out-of-bounds Write •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2022-48805 – net: usb: ax88179_178a: Fix out-of-bounds accesses in RX fixup
https://notcve.org/view.php?id=CVE-2022-48805
16 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: net: usb: ax88179_178a: Fix out-of-bounds accesses in RX fixup ax88179_rx_fixup() contains several out-of-bounds accesses that can be triggered by a malicious (or defective) USB device, in particular: - The metadata array (hdr_off..hdr_off+2*pkt_cnt) can be out of bounds, causing OOB reads and (on big-endian systems) OOB endianness flips. In the Linux kernel, the followin... • https://git.kernel.org/stable/c/e2ca90c276e1fc410d7cd3c1a4eee245ec902a20 •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-3855
https://notcve.org/view.php?id=CVE-2024-3855
16 Apr 2024 — In certain cases the JIT incorrectly optimized MSubstr operations, which led to out-of-bounds reads. • https://bugzilla.mozilla.org/show_bug.cgi?id=1885828 • CWE-125: Out-of-bounds Read •
CVSS: 8.8EPSS: 0%CPEs: 36EXPL: 0CVE-2024-3854 – Mozilla: Out-of-bounds-read after mis-optimized switch statement
https://notcve.org/view.php?id=CVE-2024-3854
16 Apr 2024 — In some code patterns the JIT incorrectly optimized switch statements and generated code with out-of-bounds-reads. ... The Mozilla Foundation Security Advisory describes this flaw as: In some code patterns the JIT incorrectly optimized switch statements and generated code with out-of-bounds-reads. • https://bugzilla.mozilla.org/show_bug.cgi?id=1884552 • CWE-125: Out-of-bounds Read •
CVSS: 7.3EPSS: 0%CPEs: 17EXPL: 0CVE-2024-31082 – Xorg-x11-server: heap buffer overread/data leakage in procappledricreatepixmap
https://notcve.org/view.php?id=CVE-2024-31082
04 Apr 2024 — Despite the attacker's inability to control the specific memory copied into the replies, the small length values typically stored in a 32-bit integer can result in significant attempted out-of-bounds reads. • http://www.openwall.com/lists/oss-security/2024/04/03/13 • CWE-126: Buffer Over-read •