Common Weakness Enumeration

CWE-126

Allowed

Buffer Over-read

Abstraction: Variant · Status: Draft

The product reads from a buffer using buffer access mechanisms such as indexes or pointers that reference memory locations after the targeted buffer.

855 vulnerabilities reference this CWE, most recent first.

GHSA-2QX5-723M-Q6MC

Vulnerability from github – Published: 2022-12-06 09:30 – Updated: 2022-12-07 18:30
VLAI
Details

In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-42757"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-125",
      "CWE-126"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-12-06T07:15:00Z",
    "severity": "LOW"
  },
  "details": "In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services.",
  "id": "GHSA-2qx5-723m-q6mc",
  "modified": "2022-12-07T18:30:27Z",
  "published": "2022-12-06T09:30:24Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42757"
    },
    {
      "type": "WEB",
      "url": "https://www.unisoc.com/en_us/secy/announcementDetail/1599588060988411006"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-2RW9-G27F-PPP3

Vulnerability from github – Published: 2024-08-13 18:31 – Updated: 2024-08-13 18:31
VLAI
Details

Windows Hyper-V Elevation of Privilege Vulnerability

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-38127"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-126"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-08-13T18:15:14Z",
    "severity": "HIGH"
  },
  "details": "Windows Hyper-V Elevation of Privilege Vulnerability",
  "id": "GHSA-2rw9-g27f-ppp3",
  "modified": "2024-08-13T18:31:16Z",
  "published": "2024-08-13T18:31:16Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-38127"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38127"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-2WW8-PJ73-GX5X

Vulnerability from github – Published: 2024-08-05 15:30 – Updated: 2024-08-05 15:30
VLAI
Details

Information disclosure while handling beacon probe frame during scan entry generation in client side.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-21467"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-125",
      "CWE-126"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-08-05T15:15:45Z",
    "severity": "MODERATE"
  },
  "details": "Information disclosure while handling beacon probe frame during scan entry generation in client side.",
  "id": "GHSA-2ww8-pj73-gx5x",
  "modified": "2024-08-05T15:30:53Z",
  "published": "2024-08-05T15:30:53Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-21467"
    },
    {
      "type": "WEB",
      "url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/august-2024-bulletin.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-2XV6-3VP8-PP7J

Vulnerability from github – Published: 2024-09-02 12:30 – Updated: 2024-09-02 12:30
VLAI
Details

Transient DOS when registration accept OTA is received with incorrect ciphering key data IE in Modem.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-23358"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-126"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-09-02T12:15:14Z",
    "severity": "HIGH"
  },
  "details": "Transient DOS when registration accept OTA is received with incorrect ciphering key data IE in Modem.",
  "id": "GHSA-2xv6-3vp8-pp7j",
  "modified": "2024-09-02T12:30:44Z",
  "published": "2024-09-02T12:30:44Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-23358"
    },
    {
      "type": "WEB",
      "url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/september-2024-bulletin.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-32X5-WJVF-4C65

Vulnerability from github – Published: 2026-07-14 18:32 – Updated: 2026-07-14 18:32
VLAI
Details

Buffer over-read in Windows RDP allows an unauthorized attacker to disclose information over a network.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-50445"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-126"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-07-14T18:17:48Z",
    "severity": "MODERATE"
  },
  "details": "Buffer over-read in Windows RDP allows an unauthorized attacker to disclose information over a network.",
  "id": "GHSA-32x5-wjvf-4c65",
  "modified": "2026-07-14T18:32:24Z",
  "published": "2026-07-14T18:32:24Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-50445"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-50445"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-33M7-2R3H-JGFX

Vulnerability from github – Published: 2025-03-11 18:32 – Updated: 2025-03-11 18:32
VLAI
Details

Buffer over-read in Windows NTFS allows an unauthorized attacker to disclose information locally.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-24992"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-126"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-03-11T17:16:35Z",
    "severity": "MODERATE"
  },
  "details": "Buffer over-read in Windows NTFS allows an unauthorized attacker to disclose information locally.",
  "id": "GHSA-33m7-2r3h-jgfx",
  "modified": "2025-03-11T18:32:18Z",
  "published": "2025-03-11T18:32:18Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24992"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24992"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-35QW-H594-MG3J

Vulnerability from github – Published: 2024-05-06 15:30 – Updated: 2024-05-06 15:30
VLAI
Details

Information disclosure while parsing dts header atom in Video.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-43527"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-125",
      "CWE-126"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-05-06T15:15:20Z",
    "severity": "MODERATE"
  },
  "details": "Information disclosure while parsing dts header atom in Video.",
  "id": "GHSA-35qw-h594-mg3j",
  "modified": "2024-05-06T15:30:39Z",
  "published": "2024-05-06T15:30:39Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-43527"
    },
    {
      "type": "WEB",
      "url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/may-2024-bulletin.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-35WH-Q52W-78VQ

Vulnerability from github – Published: 2023-08-08 18:30 – Updated: 2024-04-04 06:42
VLAI
Details

Microsoft Message Queuing Denial of Service Vulnerability

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-38172"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-126"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-08-08T18:15:22Z",
    "severity": "HIGH"
  },
  "details": "Microsoft Message Queuing Denial of Service Vulnerability",
  "id": "GHSA-35wh-q52w-78vq",
  "modified": "2024-04-04T06:42:41Z",
  "published": "2023-08-08T18:30:37Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-38172"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38172"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-367P-MRPH-MGH2

Vulnerability from github – Published: 2023-09-05 09:30 – Updated: 2024-04-04 07:26
VLAI
Details

Information disclosure in Automotive multimedia due to buffer over-read.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-33220"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-125",
      "CWE-126"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-09-05T07:15:11Z",
    "severity": "MODERATE"
  },
  "details": "Information disclosure in Automotive multimedia due to buffer over-read.",
  "id": "GHSA-367p-mrph-mgh2",
  "modified": "2024-04-04T07:26:30Z",
  "published": "2023-09-05T09:30:18Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-33220"
    },
    {
      "type": "WEB",
      "url": "https://www.qualcomm.com/company/product-security/bulletins/september-2023-bulletin"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-36W4-5GPX-JW2F

Vulnerability from github – Published: 2024-08-05 15:30 – Updated: 2024-08-05 15:30
VLAI
Details

Transient DOS while parsing the BSS parameter change count or MLD capabilities fields of the ML IE.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-33025"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-125",
      "CWE-126"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-08-05T15:15:52Z",
    "severity": "HIGH"
  },
  "details": "Transient DOS while parsing the BSS parameter change count or MLD capabilities fields of the ML IE.",
  "id": "GHSA-36w4-5gpx-jw2f",
  "modified": "2024-08-05T15:30:53Z",
  "published": "2024-08-05T15:30:53Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-33025"
    },
    {
      "type": "WEB",
      "url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/august-2024-bulletin.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

No mitigation information available for this CWE.

No CAPEC attack patterns related to this CWE.