Reddit NetSec

CVE Database V5

AlienVault OTX General

Reddit InfoSec News

Exploit-DB RSS Feed

ThreatFox MISP Feed

CIRCL OSINT Feed

AlienVault OTX Vulnerabilities

AlienVault OTX Malware

An out-of-bounds read vulnerability exists in the cv_send_blockdata 
functionality of Dell ControlVault3 prior to 5.15.10.14 and Dell ControlVault3 Plus prior to 6.2.26.36. A specially crafted 
ControlVault API call can lead to an information leak. An attacker can 
issue an API call to trigger this vulnerability.

CVE-2025-24311 is a high-severity out-of-bounds read vulnerability (CWE-125) affecting the Broadcom BCM5820X component, specifically within the Dell ControlVault3 and ControlVault3 Plus products. The vulnerability resides in the cv_send_blockdata functionality, where a specially crafted API call to the ControlVault interface can trigger an out-of-bounds read condition. This flaw allows an attacker with limited privileges (local access with low privileges) to cause an information leak by reading memory outside the intended buffer boundaries. The vulnerability does not require user interaction but does require local access and some level of privilege, as indicated by the CVSS vector (AV:L/AC:L/PR:L/UI:N). The scope is changed (S:C), meaning the vulnerability can affect resources beyond the initially vulnerable component, potentially impacting confidentiality (C:H) and availability (A:H), but not integrity (I:N). The vulnerability is present in versions prior to Dell ControlVault3 5.15.10.14 and ControlVault3 Plus 6.2.26.36. No known exploits are currently in the wild, and no patches have been linked yet. The Dell ControlVault3 is a security subsystem embedded in Dell devices, often used for cryptographic operations and secure key storage, leveraging the Broadcom BCM5820X chip. An attacker exploiting this vulnerability could leak sensitive information from the secure enclave or memory regions, potentially exposing cryptographic keys or other confidential data, and could also cause denial of service conditions due to the out-of-bounds read impacting availability. The vulnerability's exploitation requires local access, which limits remote exploitation but remains critical in environments where attackers can gain local foothold or where multi-user systems are deployed. Given the strategic role of ControlVault in device security, this vulnerability poses a significant risk to the confidentiality and availability of protected data on affected Dell hardware.

Detailed information about CVE-2025-24311: CWE-125 Out-of-bounds Read in Broadcom BCM5820X affecting Broadcom BCM5820X. Get real-time updates, technical details

CVE-2025-24311: CWE-125 Out-of-bounds Read in Broadcom BCM5820X - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-24311: CWE-125 Out-of-bounds Read in Broadcom BCM5820X

Libtpms is a library that targets the integration of TPM functionality into hypervisors, primarily into Qemu. Libtpms, which is derived from the TPM 2.0 reference implementation code published by the Trusted Computing Group, is prone to a potential out of bounds (OOB) read vulnerability. The vulnerability occurs in the ‘CryptHmacSign’ function with an inconsistent pairing of the signKey and signScheme parameters, where the signKey is ALG_KEYEDHASH key and inScheme is an ECC or RSA scheme. The reported vulnerability is in the ‘CryptHmacSign’ function, which is defined in the "Part 4: Supporting Routines – Code" document, section "7.151 - /tpm/src/crypt/CryptUtil.c ". This vulnerability can be triggered from user-mode applications by sending malicious commands to a TPM 2.0/vTPM (swtpm) whose firmware is based on an affected TCG reference implementation. The effect on libtpms is that it will cause an abort due to the detection of the out-of-bounds access, thus for example making a vTPM (swtpm) unavailable to a VM. This vulnerability is fixed in 0.7.12, 0.8.10, 0.9.7, and 0.10.1.

CVE-2025-49133 is an out-of-bounds (OOB) read vulnerability identified in the libtpms library, which is used to integrate TPM (Trusted Platform Module) functionality into hypervisors, notably QEMU. Libtpms is derived from the TPM 2.0 reference implementation by the Trusted Computing Group (TCG). The vulnerability specifically arises in the CryptHmacSign function, located in the CryptUtil.c source file, when there is an inconsistent pairing between the signKey and signScheme parameters. The flaw occurs if the signKey is of type ALG_KEYEDHASH while the signScheme is an ECC or RSA scheme. This mismatch leads to an out-of-bounds read condition. The vulnerability can be triggered by user-mode applications that send crafted commands to a TPM 2.0 or virtual TPM (vTPM) instance, such as swtpm, which is based on the affected TCG reference implementation. When exploited, the out-of-bounds read causes the libtpms process to abort, resulting in the unavailability of the vTPM device to the virtual machine relying on it. This effectively causes a denial-of-service (DoS) condition for the VM's TPM functionality. The vulnerability affects specific versions of libtpms: 0.7.11, 0.8.9, 0.9.6, and 0.10.0. It has been addressed in subsequent patches in versions 0.7.12, 0.8.10, 0.9.7, and 0.10.1. The CVSS 3.1 base score is 5.9 (medium severity), reflecting a local attack vector requiring low privileges and user interaction, with no impact on confidentiality or integrity but a high impact on availability. There are no known exploits in the wild at the time of publication.

Detailed information about CVE-2025-49133: CWE-125: Out-of-bounds Read in stefanberger libtpms affecting stefanberger libtpms. Get real-time updates, technical 

CVE-2025-49133: CWE-125: Out-of-bounds Read in stefanberger libtpms - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-49133: CWE-125: Out-of-bounds Read in stefanberger libtpms

Acrobat Reader versions 24.001.30235, 20.005.30763, 25.001.20521 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2025-47112 is an out-of-bounds read vulnerability (CWE-125) affecting multiple versions of Adobe Acrobat Reader, specifically versions 24.001.30235, 20.005.30763, 25.001.20521, and earlier. This vulnerability allows an attacker to read memory beyond the intended buffer boundaries, potentially leading to the disclosure of sensitive information stored in memory. Such information could include cryptographic keys, user credentials, or other sensitive data that resides in the process memory space. The vulnerability can be leveraged to bypass security mitigations like Address Space Layout Randomization (ASLR), which is designed to prevent attackers from reliably predicting memory addresses. Exploitation requires user interaction, specifically that the victim opens a maliciously crafted PDF file using the vulnerable Acrobat Reader version. The attack vector is local (AV:L), meaning the attacker must have the ability to deliver the malicious file to the victim, but no privileges are required (PR:N). The attack complexity is low (AC:L), and the vulnerability does not affect integrity or availability, only confidentiality (C:H/I:N/A:N). There are no known exploits in the wild at the time of publication, and no patches have been linked yet. The CVSS v3.1 base score is 5.5, indicating a medium severity level. This vulnerability is significant because Acrobat Reader is widely used across enterprises and individuals, and PDF files are a common vector for delivering malicious content. The ability to bypass ASLR can facilitate further exploitation chains, increasing the risk of more severe attacks if combined with other vulnerabilities.

Detailed information about CVE-2025-47112: Out-of-bounds Read (CWE-125) in Adobe Acrobat Reader affecting Adobe Acrobat Reader. Get real-time updates, technical

CVE-2025-47112: Out-of-bounds Read (CWE-125) in Adobe Acrobat Reader - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-47112: Out-of-bounds Read (CWE-125) in Adobe Acrobat Reader

CVE-2025-43578 is an out-of-bounds read vulnerability (CWE-125) affecting multiple versions of Adobe Acrobat Reader, including versions 24.001.30235, 20.005.30763, 25.001.20521, and earlier. This vulnerability allows an attacker to read memory outside the intended buffer boundaries, potentially disclosing sensitive information stored in memory. Such information disclosure can aid attackers in bypassing security mitigations like Address Space Layout Randomization (ASLR), which is designed to prevent exploitation of memory corruption vulnerabilities by randomizing memory addresses. The exploitation requires user interaction, specifically the victim opening a crafted malicious PDF file. The vulnerability does not allow direct code execution or system compromise but can be leveraged as a stepping stone in a multi-stage attack chain. The CVSS v3.1 base score is 5.5 (medium severity), reflecting that the attack vector is local (requires user interaction), with low attack complexity, no privileges required, and impacts confidentiality but not integrity or availability. No known exploits are currently reported in the wild, and no patches have been linked yet, indicating that mitigation may rely on vendor updates or workarounds once available. Given the widespread use of Adobe Acrobat Reader in enterprise and consumer environments, this vulnerability poses a moderate risk, especially in environments where users frequently open PDF documents from untrusted sources.

Detailed information about CVE-2025-43578: Out-of-bounds Read (CWE-125) in Adobe Acrobat Reader affecting Adobe Acrobat Reader. Get real-time updates, technical

CVE-2025-43578: Out-of-bounds Read (CWE-125) in Adobe Acrobat Reader - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-43578: Out-of-bounds Read (CWE-125) in Adobe Acrobat Reader

A flaw was found in glibc. The realpath() function can mistakenly return an unexpected value, potentially leading to information leakage and disclosure of sensitive data.

CVE-2021-3998 is a high-severity vulnerability identified in the GNU C Library (glibc), specifically affecting versions 2.33 and above. The flaw resides in the realpath() function, which is designed to resolve all symbolic links, extra '/' characters, and references to /./ and /../ in the path to produce a canonicalized absolute pathname. Due to an out-of-bounds read condition (classified under CWE-125), realpath() can return unexpected values, potentially leaking sensitive information from memory. This vulnerability arises because the function may read beyond the intended buffer boundaries when processing certain malformed input paths, leading to disclosure of data that should remain confidential. The vulnerability does not require any privileges (PR:N), user interaction (UI:N), or authentication, and can be exploited remotely over the network (AV:N) without any complexity (AC:L). The impact is limited to confidentiality, with no effect on integrity or availability. No known exploits have been reported in the wild to date, but the high CVSS score of 7.5 reflects the significant risk posed by this flaw, especially in environments where glibc is widely used. Since glibc is a core component of most Linux distributions, this vulnerability potentially affects a broad range of applications and services that rely on it for path resolution, including web servers, network services, and system utilities. The flaw could be leveraged by attackers to extract sensitive information from memory, which might include cryptographic keys, passwords, or other confidential data, depending on the context of the vulnerable application’s memory layout. Given the fundamental nature of glibc in Linux systems, the vulnerability has a wide scope and could impact many systems if exploited.

Detailed information about CVE-2021-3998: CWE-125 - Out-of-bounds Read in glibc affecting n/a glibc. Get real-time updates, technical details, and mitigation st

CVE-2021-3998: CWE-125 - Out-of-bounds Read in glibc - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2021-3998: CWE-125 - Out-of-bounds Read in glibc

An out of bounds read was discovered in systemd-journald in the way it parses log messages that terminate with a colon ':'. A local attacker can use this flaw to disclose process memory data. Versions from v221 to v239 are vulnerable.

CVE-2018-16866 is a medium-severity vulnerability affecting the systemd project, specifically the systemd-journald component responsible for logging on Linux systems. The flaw is an out-of-bounds read (CWE-125) that occurs during the parsing of log messages that end with a colon ':'. This parsing error allows a local attacker to read portions of process memory that should not be accessible, resulting in an information disclosure vulnerability (CWE-200). The affected versions of systemd range from v221 to v239. Exploitation requires local access to the system, as the attacker must be able to submit crafted log messages to systemd-journald. There is no requirement for user interaction or elevated privileges, and the vulnerability does not impact integrity or availability, only confidentiality. The CVSS v3.0 base score is 4.3, reflecting a medium severity level with an attack vector of adjacent (local) access, low attack complexity, no privileges required, and no user interaction. No known public exploits have been reported in the wild, and no official patches are linked in the provided data, though it is likely that later systemd versions have addressed this issue. The vulnerability is rooted in improper bounds checking during log message parsing, which can lead to reading unintended memory areas and leaking sensitive information such as process data or potentially credentials stored in memory buffers. Since systemd is a core component of many Linux distributions, this vulnerability affects a wide range of systems, particularly servers and workstations running vulnerable versions of systemd-journald. The impact is limited to local attackers with access to the system, but the information disclosed could aid in further attacks or privilege escalation if combined with other vulnerabilities or misconfigurations.

Detailed information about CVE-2018-16866: CWE-125 in The systemd Project systemd affecting The systemd Project systemd. Get real-time updates, technical detail

CVE-2018-16866: CWE-125 in The systemd Project systemd - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2018-16866: CWE-125 in The systemd Project systemd

Netskope was made aware of a security vulnerability in Netskope Endpoint DLP’s Content Control Driver where a double-fetch issue leads to heap overflow. The vulnerability arises from the fact that the NumberOfBytes argument to ExAllocatePoolWithTag, and the Length argument for RtlCopyMemory, both independently dereference their value from the user supplied input buffer inside the EpdlpSetUsbAction function, known as a double-fetch. If this length value grows to a higher value in between these two calls, it will result in the RtlCopyMemory call copying user-supplied memory contents outside the range of the allocated buffer, resulting in a heap overflow. A malicious attacker will need admin privileges to exploit the issue.
This issue affects Endpoint DLP version below R119.

CVE-2024-11616 is a medium-severity security vulnerability affecting Netskope Inc.'s Endpoint Data Loss Prevention (DLP) product, specifically versions below R119 (notably version 118.0.0). The vulnerability is classified as a CWE-125 Out-of-bounds Read caused by a double-fetch issue within the Content Control Driver component. The root cause lies in the EpdlpSetUsbAction function, where two critical parameters—NumberOfBytes for ExAllocatePoolWithTag and Length for RtlCopyMemory—are independently dereferenced from the same user-supplied input buffer. Because these values are fetched twice without synchronization, an attacker with administrative privileges can manipulate the length value between the two fetches. This manipulation can cause RtlCopyMemory to copy data beyond the allocated heap buffer, resulting in a heap overflow condition. Heap overflows can lead to memory corruption, potentially allowing attackers to execute arbitrary code, cause denial of service, or escalate privileges within the system. However, exploitation requires high privileges (admin) and no user interaction, with a high attack complexity and no network vector, as indicated by the CVSS 4.0 vector (AV:L/AC:H/PR:H/UI:N). There are no known exploits in the wild at the time of publication (December 19, 2024), and no official patches have been linked yet. The vulnerability affects the confidentiality, integrity, and availability of systems running vulnerable versions of Netskope Endpoint DLP, particularly in environments where USB device control is enforced via the EpdlpSetUsbAction function.

Detailed information about CVE-2024-11616: CWE-125 Out-of-bounds Read in Netskope Inc. Endpoint DLP affecting Netskope Inc. Endpoint DLP. Get real-time updates,

CVE-2024-11616: CWE-125 Out-of-bounds Read in Netskope Inc. Endpoint DLP - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2024-11616: CWE-125 Out-of-bounds Read in Netskope Inc. Endpoint DLP

Adobe Audition version 24.0 (and earlier) and 23.6.1 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2023-47050 is an out-of-bounds read vulnerability (CWE-125) affecting Adobe Audition versions 24.0 and earlier, as well as 23.6.1 and earlier. The flaw occurs during the parsing of a specially crafted file, where the software reads beyond the allocated memory buffer. This memory corruption can be exploited by an attacker to execute arbitrary code within the security context of the current user. Successful exploitation requires user interaction, specifically the victim opening a maliciously crafted audio file in Adobe Audition. The vulnerability does not require prior authentication or elevated privileges, but the attacker must convince the user to open the file. The CVSS 3.1 base score is 5.5 (medium severity), with the vector AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N indicating local attack vector, low attack complexity, no privileges required, user interaction required, unchanged scope, high impact on confidentiality, and no impact on integrity or availability. No known exploits are currently reported in the wild, and no patches have been linked yet. This vulnerability poses a risk primarily to users who handle untrusted audio files in Adobe Audition, potentially leading to unauthorized disclosure of sensitive information or further code execution capabilities if chained with other vulnerabilities.

Detailed information about CVE-2023-47050: Out-of-bounds Read (CWE-125) in Adobe Audition affecting Adobe Audition. Get real-time updates, technical details, an

CVE-2023-47050: Out-of-bounds Read (CWE-125) in Adobe Audition - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2023-47050: Out-of-bounds Read (CWE-125) in Adobe Audition

InDesign Desktop versions ID20.2, ID19.5.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2025-47105 is an out-of-bounds read vulnerability (CWE-125) affecting Adobe InDesign Desktop versions ID20.2, ID19.5.3, and earlier. This vulnerability arises when the software improperly handles memory boundaries, allowing an attacker to read memory locations outside the intended buffer. The consequence of this flaw is the potential disclosure of sensitive memory contents, which could include sensitive data or pointers that aid in bypassing security mitigations such as Address Space Layout Randomization (ASLR). Exploitation requires user interaction, specifically the victim opening a maliciously crafted InDesign file. The vulnerability does not allow direct code execution or modification of data but can be leveraged as a stepping stone in a multi-stage attack by revealing memory layout information. The CVSS v3.1 base score is 5.5 (medium severity), with the vector indicating local attack vector (AV:L), low attack complexity (AC:L), no privileges required (PR:N), user interaction required (UI:R), unchanged scope (S:U), high confidentiality impact (C:H), no integrity impact (I:N), and no availability impact (A:N). There are no known exploits in the wild at the time of publication, and no patches have been linked yet. This vulnerability specifically targets Adobe InDesign Desktop, a widely used desktop publishing software in creative industries and marketing sectors.

Detailed information about CVE-2025-47105: Out-of-bounds Read (CWE-125) in Adobe InDesign Desktop affecting Adobe InDesign Desktop. Get real-time updates, techn

CVE-2025-47105: Out-of-bounds Read (CWE-125) in Adobe InDesign Desktop - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-47105: Out-of-bounds Read (CWE-125) in Adobe InDesign Desktop

CVE-2025-47104 is an out-of-bounds read vulnerability (CWE-125) affecting Adobe InDesign Desktop versions ID20.2, ID19.5.3, and earlier. This vulnerability arises when the software improperly handles memory bounds during processing of certain input data, leading to the potential disclosure of sensitive memory contents. An attacker can exploit this flaw by crafting a malicious InDesign file that, when opened by a user, triggers the out-of-bounds read. The vulnerability does not directly allow code execution or system compromise but can be leveraged to bypass security mitigations such as Address Space Layout Randomization (ASLR) by revealing memory layout information. This can facilitate subsequent exploitation chains. Exploitation requires user interaction, specifically opening a malicious file, and no privileges or authentication are needed. The CVSS v3.1 base score is 5.5 (medium severity), reflecting a local attack vector with low complexity, no privileges required, but requiring user interaction. The impact is primarily on confidentiality, with no direct impact on integrity or availability. Currently, there are no known exploits in the wild and no patches publicly available at the time of this report. Given Adobe InDesign's widespread use in creative industries, publishing, and marketing sectors, this vulnerability poses a risk of sensitive information leakage that could aid attackers in further targeted attacks.

Detailed information about CVE-2025-47104: Out-of-bounds Read (CWE-125) in Adobe InDesign Desktop affecting Adobe InDesign Desktop. Get real-time updates, techn

Title	Severity	Type	Source	Date

Threats Tagged 'cwe-125'

Filter Threats

Threats Tagged 'cwe-125'