Skip to main content

CWE-127

Buffer Under-read

5 CVEs Avg CVSS 6.7 MITRE
0
CRITICAL
3
HIGH
1
MEDIUM
1
LOW
0
POC
0
KEV

Monthly

CVE-2026-45683 Go LOW PATCH GHSA Monitor

Kernel memory disclosure in OpenTelemetry eBPF Instrumentation (OBI) versions prior to 0.9.0 allows a local authenticated process to exfiltrate arbitrary kernel memory into the OBI telemetry pipeline by supplying a crafted kernel-space pointer to the Java TLS ioctl kprobe. The BPF probe hooks do_vfs_ioctl and incorrectly uses bpf_probe_read - which can dereference any memory address, kernel or user - instead of the boundary-enforcing bpf_probe_read_user, causing the kernel bytes to be emitted via bpf_ringbuf_output into downstream telemetry. Publicly available exploit code exists (PoC published in the GitHub security advisory); no confirmed active exploitation (CISA KEV) has been identified at time of analysis.

Information Disclosure Java
NVD GitHub
CVSS 3.1
3.8
EPSS
0.0%
CVE-2026-5928 HIGH PATCH This Week

Out-of-bounds read in GNU C Library (glibc) versions 2.1.1 through 2.43 during wide character pushback operations can cause application crashes and potential information disclosure. The ungetwc() function incorrectly operates on the regular character buffer instead of the wide-stream buffer due to an implementation bug in _IO_wdefault_pbackfail, leading to reads before allocated memory regions. While CVSS rates this 7.5 High with network vector, EPSS exploitation probability is extremely low (0.02%, 5th percentile), reflecting the highly specialized conditions required: applications must use ungetwc() with character encodings having single-byte/multi-byte overlaps (not standard Unicode sets). No active exploitation confirmed (not in CISA KEV), no public exploit code identified at time of analysis.

Denial Of Service Glibc
NVD VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-32050 MEDIUM PATCH This Month

A flaw was found in libsoup. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Buffer Overflow
NVD
CVSS 3.1
5.9
EPSS
0.9%
CVE-2024-10395 HIGH PATCH This Month

No proper validation of the length of user input in http_server_get_content_type_from_extension. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Zephyr
NVD GitHub
CVSS 3.1
8.6
EPSS
0.3%
CVE-2020-5360 HIGH PATCH This Week

Dell BSAFE Micro Edition Suite, versions prior to 4.5, are vulnerable to a Buffer Under-Read Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Dell Bsafe Micro Edition Suite Database Http Server +2
NVD
CVSS 3.1
7.5
EPSS
2.2%
EPSS 0% CVSS 3.8
LOW PATCH Monitor

Kernel memory disclosure in OpenTelemetry eBPF Instrumentation (OBI) versions prior to 0.9.0 allows a local authenticated process to exfiltrate arbitrary kernel memory into the OBI telemetry pipeline by supplying a crafted kernel-space pointer to the Java TLS ioctl kprobe. The BPF probe hooks do_vfs_ioctl and incorrectly uses bpf_probe_read - which can dereference any memory address, kernel or user - instead of the boundary-enforcing bpf_probe_read_user, causing the kernel bytes to be emitted via bpf_ringbuf_output into downstream telemetry. Publicly available exploit code exists (PoC published in the GitHub security advisory); no confirmed active exploitation (CISA KEV) has been identified at time of analysis.

Information Disclosure Java
NVD GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Out-of-bounds read in GNU C Library (glibc) versions 2.1.1 through 2.43 during wide character pushback operations can cause application crashes and potential information disclosure. The ungetwc() function incorrectly operates on the regular character buffer instead of the wide-stream buffer due to an implementation bug in _IO_wdefault_pbackfail, leading to reads before allocated memory regions. While CVSS rates this 7.5 High with network vector, EPSS exploitation probability is extremely low (0.02%, 5th percentile), reflecting the highly specialized conditions required: applications must use ungetwc() with character encodings having single-byte/multi-byte overlaps (not standard Unicode sets). No active exploitation confirmed (not in CISA KEV), no public exploit code identified at time of analysis.

Denial Of Service Glibc
NVD VulDB
EPSS 1% CVSS 5.9
MEDIUM PATCH This Month

A flaw was found in libsoup. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Buffer Overflow
NVD
EPSS 0% CVSS 8.6
HIGH PATCH This Month

No proper validation of the length of user input in http_server_get_content_type_from_extension. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Zephyr
NVD GitHub
EPSS 2% CVSS 7.5
HIGH PATCH This Week

Dell BSAFE Micro Edition Suite, versions prior to 4.5, are vulnerable to a Buffer Under-Read Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Dell Bsafe Micro Edition Suite +4
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy