CWE-126
AllowedBuffer Over-read
Abstraction: Variant · Status: Draft
The product reads from a buffer using buffer access mechanisms such as indexes or pointers that reference memory locations after the targeted buffer.
853 vulnerabilities reference this CWE, most recent first.
GHSA-8JJV-CW3Q-WM8P
Vulnerability from github – Published: 2026-07-14 18:32 – Updated: 2026-07-14 18:32Buffer over-read in Windows Print Spooler Components allows an authorized attacker to disclose information locally.
{
"affected": [],
"aliases": [
"CVE-2026-50383"
],
"database_specific": {
"cwe_ids": [
"CWE-126"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-07-14T18:17:39Z",
"severity": "MODERATE"
},
"details": "Buffer over-read in Windows Print Spooler Components allows an authorized attacker to disclose information locally.",
"id": "GHSA-8jjv-cw3q-wm8p",
"modified": "2026-07-14T18:32:19Z",
"published": "2026-07-14T18:32:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-50383"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-50383"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-8PW2-CHG7-6HCP
Vulnerability from github – Published: 2025-11-04 06:31 – Updated: 2025-11-04 06:31Information disclosure while registering commands from clients with diag through diagHal.
{
"affected": [],
"aliases": [
"CVE-2025-27064"
],
"database_specific": {
"cwe_ids": [
"CWE-126"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-11-04T04:15:37Z",
"severity": "MODERATE"
},
"details": "Information disclosure while registering commands from clients with diag through diagHal.",
"id": "GHSA-8pw2-chg7-6hcp",
"modified": "2025-11-04T06:31:11Z",
"published": "2025-11-04T06:31:10Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-27064"
},
{
"type": "WEB",
"url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/november-2025-bulletin.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-8VJ8-FFQW-4WCQ
Vulnerability from github – Published: 2023-07-04 06:30 – Updated: 2024-04-04 05:22Memory Corruption in Data Modem while processing DMA buffer release event about CFR data.
{
"affected": [],
"aliases": [
"CVE-2023-28541"
],
"database_specific": {
"cwe_ids": [
"CWE-125",
"CWE-126"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-07-04T05:15:10Z",
"severity": "HIGH"
},
"details": "Memory Corruption in Data Modem while processing DMA buffer release event about CFR data.",
"id": "GHSA-8vj8-ffqw-4wcq",
"modified": "2024-04-04T05:22:57Z",
"published": "2023-07-04T06:30:15Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28541"
},
{
"type": "WEB",
"url": "https://www.qualcomm.com/company/product-security/bulletins/july-2023-bulletin"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-8WGX-9672-JJ5J
Vulnerability from github – Published: 2025-04-08 18:34 – Updated: 2025-04-08 18:34Buffer over-read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.
{
"affected": [],
"aliases": [
"CVE-2025-26664"
],
"database_specific": {
"cwe_ids": [
"CWE-126"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-04-08T18:15:49Z",
"severity": "MODERATE"
},
"details": "Buffer over-read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.",
"id": "GHSA-8wgx-9672-jj5j",
"modified": "2025-04-08T18:34:46Z",
"published": "2025-04-08T18:34:46Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-26664"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26664"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-8WHP-GRC8-H7WP
Vulnerability from github – Published: 2026-04-14 18:30 – Updated: 2026-04-14 18:30Microsoft Local Security Authority Subsystem Service Information Disclosure Vulnerability
{
"affected": [],
"aliases": [
"CVE-2026-26155"
],
"database_specific": {
"cwe_ids": [
"CWE-126"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-04-14T18:16:47Z",
"severity": "MODERATE"
},
"details": "Microsoft Local Security Authority Subsystem Service Information Disclosure Vulnerability",
"id": "GHSA-8whp-grc8-h7wp",
"modified": "2026-04-14T18:30:37Z",
"published": "2026-04-14T18:30:37Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26155"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26155"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-8WPV-9RM8-HJ6H
Vulnerability from github – Published: 2026-06-09 18:30 – Updated: 2026-06-09 18:30Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally.
{
"affected": [],
"aliases": [
"CVE-2026-45460"
],
"database_specific": {
"cwe_ids": [
"CWE-126"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-09T17:17:20Z",
"severity": "MODERATE"
},
"details": "Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally.",
"id": "GHSA-8wpv-9rm8-hj6h",
"modified": "2026-06-09T18:30:48Z",
"published": "2026-06-09T18:30:48Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45460"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45460"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-94J2-CR8P-M92X
Vulnerability from github – Published: 2025-09-24 18:30 – Updated: 2025-09-24 18:30Transient DOS while processing power control requests with invalid antenna or stream values.
{
"affected": [],
"aliases": [
"CVE-2025-47328"
],
"database_specific": {
"cwe_ids": [
"CWE-126"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-09-24T16:15:37Z",
"severity": "HIGH"
},
"details": "Transient DOS while processing power control requests with invalid antenna or stream values.",
"id": "GHSA-94j2-cr8p-m92x",
"modified": "2025-09-24T18:30:30Z",
"published": "2025-09-24T18:30:30Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47328"
},
{
"type": "WEB",
"url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/september-2025-bulletin.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-94M6-5Q5F-R8G8
Vulnerability from github – Published: 2025-06-03 06:31 – Updated: 2025-06-03 06:31Transient DOS while processing the tone measurement response buffer when the response buffer is out of range.
{
"affected": [],
"aliases": [
"CVE-2025-27029"
],
"database_specific": {
"cwe_ids": [
"CWE-126"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-06-03T06:15:26Z",
"severity": "HIGH"
},
"details": "Transient DOS while processing the tone measurement response buffer when the response buffer is out of range.",
"id": "GHSA-94m6-5q5f-r8g8",
"modified": "2025-06-03T06:31:15Z",
"published": "2025-06-03T06:31:15Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-27029"
},
{
"type": "WEB",
"url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/june-2025-bulletin.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-9526-Q7C5-6PC6
Vulnerability from github – Published: 2022-05-18 00:00 – Updated: 2022-05-27 00:01Buffer Over-read in GitHub repository vim/vim prior to 8.2.
{
"affected": [],
"aliases": [
"CVE-2022-1769"
],
"database_specific": {
"cwe_ids": [
"CWE-125",
"CWE-126"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-05-17T17:15:00Z",
"severity": "HIGH"
},
"details": "Buffer Over-read in GitHub repository vim/vim prior to 8.2.",
"id": "GHSA-9526-q7c5-6pc6",
"modified": "2022-05-27T00:01:39Z",
"published": "2022-05-18T00:00:36Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1769"
},
{
"type": "WEB",
"url": "https://github.com/vim/vim/commit/4748c4bd64610cf943a431d215bb1aad51f8d0b4"
},
{
"type": "WEB",
"url": "https://huntr.dev/bounties/522076b2-96cb-4df6-a504-e6e2f64c171c"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BFAZTAT5CZC2R6KYDYA2HBAVEDSIX6MW"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IUPOLEX5GXC733HL4EFYMHFU7NISJJZG"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QKIX5HYKWXWG6QBCPPTPQ53GNOFHSAIS"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202305-16"
},
{
"type": "WEB",
"url": "https://support.apple.com/kb/HT213488"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2022/Oct/28"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2022/Oct/41"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-986V-GC7P-69FC
Vulnerability from github – Published: 2024-12-12 03:33 – Updated: 2024-12-12 03:33Windows Common Log File System Driver Elevation of Privilege Vulnerability
{
"affected": [],
"aliases": [
"CVE-2024-49088"
],
"database_specific": {
"cwe_ids": [
"CWE-126"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-12-12T02:04:33Z",
"severity": "HIGH"
},
"details": "Windows Common Log File System Driver Elevation of Privilege Vulnerability",
"id": "GHSA-986v-gc7p-69fc",
"modified": "2024-12-12T03:33:04Z",
"published": "2024-12-12T03:33:04Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-49088"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49088"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.