CWE-126
AllowedBuffer Over-read
Abstraction: Variant · Status: Draft
The product reads from a buffer using buffer access mechanisms such as indexes or pointers that reference memory locations after the targeted buffer.
855 vulnerabilities reference this CWE, most recent first.
GHSA-86FG-3XM6-CMJ3
Vulnerability from github – Published: 2025-10-14 18:30 – Updated: 2025-10-14 18:30Buffer over-read in Storport.sys Driver allows an authorized attacker to elevate privileges locally.
{
"affected": [],
"aliases": [
"CVE-2025-59192"
],
"database_specific": {
"cwe_ids": [
"CWE-126"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-10-14T17:15:58Z",
"severity": "HIGH"
},
"details": "Buffer over-read in Storport.sys Driver allows an authorized attacker to elevate privileges locally.",
"id": "GHSA-86fg-3xm6-cmj3",
"modified": "2025-10-14T18:30:33Z",
"published": "2025-10-14T18:30:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59192"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59192"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-86P8-QV4V-VV9R
Vulnerability from github – Published: 2024-04-09 18:30 – Updated: 2024-04-09 18:30Windows Remote Access Connection Manager Information Disclosure Vulnerability
{
"affected": [],
"aliases": [
"CVE-2024-28901"
],
"database_specific": {
"cwe_ids": [
"CWE-125",
"CWE-126"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-04-09T17:15:48Z",
"severity": "MODERATE"
},
"details": "Windows Remote Access Connection Manager Information Disclosure Vulnerability",
"id": "GHSA-86p8-qv4v-vv9r",
"modified": "2024-04-09T18:30:26Z",
"published": "2024-04-09T18:30:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-28901"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28901"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-88CQ-675J-RM8V
Vulnerability from github – Published: 2024-05-06 15:30 – Updated: 2024-05-06 15:30Transient DOS while parsing a protected 802.11az Fine Time Measurement (FTM) frame.
{
"affected": [],
"aliases": [
"CVE-2024-21477"
],
"database_specific": {
"cwe_ids": [
"CWE-125",
"CWE-126"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-05-06T15:15:22Z",
"severity": "HIGH"
},
"details": "Transient DOS while parsing a protected 802.11az Fine Time Measurement (FTM) frame.",
"id": "GHSA-88cq-675j-rm8v",
"modified": "2024-05-06T15:30:39Z",
"published": "2024-05-06T15:30:39Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-21477"
},
{
"type": "WEB",
"url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/may-2024-bulletin.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-8943-R5M9-8C43
Vulnerability from github – Published: 2026-07-14 18:32 – Updated: 2026-07-14 18:32Buffer over-read in Windows NTFS allows an authorized attacker to disclose information locally.
{
"affected": [],
"aliases": [
"CVE-2026-50341"
],
"database_specific": {
"cwe_ids": [
"CWE-126"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-07-14T18:17:33Z",
"severity": "MODERATE"
},
"details": "Buffer over-read in Windows NTFS allows an authorized attacker to disclose information locally.",
"id": "GHSA-8943-r5m9-8c43",
"modified": "2026-07-14T18:32:16Z",
"published": "2026-07-14T18:32:16Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-50341"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-50341"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-8956-F28W-H25C
Vulnerability from github – Published: 2026-07-06 21:30 – Updated: 2026-07-06 21:30Memory Corruption when allocating memory with sizes that exceed the maximum allowed value.
{
"affected": [],
"aliases": [
"CVE-2026-21379"
],
"database_specific": {
"cwe_ids": [
"CWE-126"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-07-06T21:16:53Z",
"severity": "HIGH"
},
"details": "Memory Corruption when allocating memory with sizes that exceed the maximum allowed value.",
"id": "GHSA-8956-f28w-h25c",
"modified": "2026-07-06T21:30:42Z",
"published": "2026-07-06T21:30:42Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-21379"
},
{
"type": "WEB",
"url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/july-2026-bulletin.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-89H6-3V24-5CWV
Vulnerability from github – Published: 2026-07-14 18:32 – Updated: 2026-07-14 18:32Buffer over-read in SQL Server allows an authorized attacker to disclose information over a network.
{
"affected": [],
"aliases": [
"CVE-2026-50468"
],
"database_specific": {
"cwe_ids": [
"CWE-126"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-07-14T18:17:52Z",
"severity": "MODERATE"
},
"details": "Buffer over-read in SQL Server allows an authorized attacker to disclose information over a network.",
"id": "GHSA-89h6-3v24-5cwv",
"modified": "2026-07-14T18:32:25Z",
"published": "2026-07-14T18:32:25Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-50468"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-50468"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-89PP-MPRF-P328
Vulnerability from github – Published: 2025-04-08 18:34 – Updated: 2025-04-08 18:34Buffer over-read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.
{
"affected": [],
"aliases": [
"CVE-2025-26676"
],
"database_specific": {
"cwe_ids": [
"CWE-126"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-04-08T18:15:52Z",
"severity": "MODERATE"
},
"details": "Buffer over-read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.",
"id": "GHSA-89pp-mprf-p328",
"modified": "2025-04-08T18:34:47Z",
"published": "2025-04-08T18:34:47Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-26676"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26676"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-8CRF-388W-629M
Vulnerability from github – Published: 2025-06-03 06:31 – Updated: 2025-06-03 06:31Transient DOS while processing the EHT operation IE in the received beacon frame.
{
"affected": [],
"aliases": [
"CVE-2025-21463"
],
"database_specific": {
"cwe_ids": [
"CWE-126"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-06-03T06:15:25Z",
"severity": "HIGH"
},
"details": "Transient DOS while processing the EHT operation IE in the received beacon frame.",
"id": "GHSA-8crf-388w-629m",
"modified": "2025-06-03T06:31:14Z",
"published": "2025-06-03T06:31:14Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-21463"
},
{
"type": "WEB",
"url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/june-2025-bulletin.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-8FC7-45X6-26P6
Vulnerability from github – Published: 2025-11-11 18:30 – Updated: 2025-11-11 18:30Buffer over-read in Windows TDX.sys allows an authorized attacker to elevate privileges locally.
{
"affected": [],
"aliases": [
"CVE-2025-60720"
],
"database_specific": {
"cwe_ids": [
"CWE-126"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-11-11T18:15:40Z",
"severity": "HIGH"
},
"details": "Buffer over-read in Windows TDX.sys allows an authorized attacker to elevate privileges locally.",
"id": "GHSA-8fc7-45x6-26p6",
"modified": "2025-11-11T18:30:21Z",
"published": "2025-11-11T18:30:21Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-60720"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-60720"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-8G89-49X9-PQR8
Vulnerability from github – Published: 2024-04-09 18:30 – Updated: 2024-04-09 18:30Windows Remote Access Connection Manager Information Disclosure Vulnerability
{
"affected": [],
"aliases": [
"CVE-2024-28902"
],
"database_specific": {
"cwe_ids": [
"CWE-125",
"CWE-126"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-04-09T17:15:48Z",
"severity": "MODERATE"
},
"details": "Windows Remote Access Connection Manager Information Disclosure Vulnerability",
"id": "GHSA-8g89-49x9-pqr8",
"modified": "2024-04-09T18:30:26Z",
"published": "2024-04-09T18:30:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-28902"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28902"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.