Filtered by CWE-125
Total 8024 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-49099 1 Microsoft 9 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 6 more 2025-05-13 4.3 Medium
Windows Wireless Wide Area Network Service (WwanSvc) Information Disclosure Vulnerability
CVE-2024-49098 1 Microsoft 9 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 6 more 2025-05-13 4.3 Medium
Windows Wireless Wide Area Network Service (WwanSvc) Information Disclosure Vulnerability
CVE-2024-49092 1 Microsoft 9 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 6 more 2025-05-13 6.8 Medium
Windows Mobile Broadband Driver Elevation of Privilege Vulnerability
CVE-2024-39720 1 Ollama 1 Ollama 2025-05-13 8.2 High
An issue was discovered in Ollama before 0.1.46. An attacker can use two HTTP requests to upload a malformed GGUF file containing just 4 bytes starting with the GGUF custom magic header. By leveraging a custom Modelfile that includes a FROM statement pointing to the attacker-controlled blob file, the attacker can crash the application through the CreateModel route, leading to a segmentation fault (signal SIGSEGV: segmentation violation).
CVE-2024-12055 1 Ollama 1 Ollama 2025-05-13 7.5 High
A vulnerability in Ollama versions <=0.3.14 allows a malicious user to create a customized gguf model file that can be uploaded to the public Ollama server. When the server processes this malicious model, it crashes, leading to a Denial of Service (DoS) attack. The root cause of the issue is an out-of-bounds read in the gguf.go file.
CVE-2025-4098 2025-05-12 N/A
Horner Automation Cscape version 10.0 (10.0.415.2) SP1 is vulnerable to an out-of-bounds read vulnerability that could allow an attacker to disclose information and execute arbitrary code on affected installations of Cscape.
CVE-2025-4082 1 Mozilla 2 Firefox, Thunderbird 2025-05-09 5.9 Medium
Modification of specific WebGL shader attributes could trigger an out-of-bounds read, which, when chained with other vulnerabilities, could be used to escalate privileges. *This bug only affects Thunderbird for macOS. Other versions of Thunderbird are unaffected.* This vulnerability affects Firefox < 138, Firefox ESR < 128.10, Firefox ESR < 115.23, Thunderbird < 138, and Thunderbird < 128.10.
CVE-2025-4087 2 Mozilla, Redhat 8 Firefox, Thunderbird, Enterprise Linux and 5 more 2025-05-09 6.5 Medium
A vulnerability was identified in Thunderbird where XPath parsing could trigger undefined behavior due to missing null checks during attribute access. This could lead to out-of-bounds read access and potentially, memory corruption. This vulnerability affects Firefox < 138, Firefox ESR < 128.10, Thunderbird < 138, and Thunderbird < 128.10.
CVE-2025-46591 1 Huawei 1 Harmonyos 2025-05-09 6.2 Medium
Out-of-bounds data read vulnerability in the authorization module Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2024-45568 1 Qualcomm 26 Fastconnect 6900, Fastconnect 6900 Firmware, Fastconnect 7800 and 23 more 2025-05-09 6.7 Medium
Memory corruption due to improper bounds check while command handling in camera-kernel driver.
CVE-2024-49846 1 Qualcomm 62 Ar8035, Ar8035 Firmware, Fastconnect 7800 and 59 more 2025-05-09 8.2 High
Memory corruption while decoding of OTA messages from T3448 IE.
CVE-2024-49847 1 Qualcomm 94 Ar8035, Ar8035 Firmware, Fastconnect 7800 and 91 more 2025-05-09 7.5 High
Transient DOS while processing of a registration acceptance OTA due to incorrect ciphering key data IE.
CVE-2025-21459 1 Qualcomm 248 Ar8035, Ar8035 Firmware, Fastconnect 6700 and 245 more 2025-05-09 7.5 High
Transient DOS while parsing per STA profile in ML IE.
CVE-2025-21475 1 Qualcomm 80 Aqt1000, Aqt1000 Firmware, Fastconnect 6200 and 77 more 2025-05-09 7.8 High
Memory corruption while processing escape code, when DisplayId is passed with large unsigned value.
CVE-2024-21311 1 Microsoft 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more 2025-05-09 5.5 Medium
Windows Cryptographic Services Information Disclosure Vulnerability
CVE-2024-24923 1 Siemens 1 Simcenter Femap 2025-05-09 7.8 High
A vulnerability has been identified in Simcenter Femap (All versions < V2401.0000), Simcenter Femap (All versions < V2306.0001). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted Catia MODEL files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-22055)
CVE-2024-23802 1 Siemens 1 Tecnomatix Plant Simulation 2025-05-09 7.8 High
A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0012), Tecnomatix Plant Simulation V2302 (All versions < V2302.0006). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted SPP files. This could allow an attacker to execute code in the context of the current process.
CVE-2022-25736 1 Qualcomm 486 Aqt1000, Aqt1000 Firmware, Ar8031 and 483 more 2025-05-09 7.5 High
Denial of service in WLAN due to out-of-bound read happens while processing VHT action frame in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
CVE-2022-25719 1 Qualcomm 236 Apq8009, Apq8009 Firmware, Apq8009w and 233 more 2025-05-09 8.2 High
Information disclosure in WLAN due to improper length check while processing authentication handshake in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
CVE-2022-43043 1 Gpac 1 Gpac 2025-05-09 5.5 Medium
GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a segmentation violation via the function BD_CheckSFTimeOffset at /bifs/field_decode.c.