Total
4676 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-3643 | 1 Sox Project | 1 Sox | 2023-02-05 | 6.4 MEDIUM | 9.1 CRITICAL |
A flaw was found in sox 14.4.1. The lsx_adpcm_init function within libsox leads to a global-buffer-overflow. This flaw allows an attacker to input a malicious file, leading to the disclosure of sensitive information. | |||||
CVE-2017-11358 | 2 Debian, Sound Exchange Project | 2 Debian Linux, Sound Exchange | 2023-02-05 | 4.3 MEDIUM | 5.5 MEDIUM |
The read_samples function in hcom.c in Sound eXchange (SoX) 14.4.2 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted hcom file. | |||||
CVE-2018-3838 | 2 Debian, Libsdl | 2 Debian Linux, Sdl Image | 2023-02-04 | 4.3 MEDIUM | 6.5 MEDIUM |
An exploitable information vulnerability exists in the XCF image rendering functionality of Simple DirectMedia Layer SDL2_image-2.0.2. A specially crafted XCF image can cause an out-of-bounds read on the heap, resulting in information disclosure. An attacker can display a specially crafted image to trigger this vulnerability. | |||||
CVE-2020-6806 | 2 Canonical, Mozilla | 4 Ubuntu Linux, Firefox, Firefox Esr and 1 more | 2023-02-03 | 6.8 MEDIUM | 8.8 HIGH |
By carefully crafting promise resolutions, it was possible to cause an out-of-bounds read off the end of an array resized during script execution. This could have led to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.6, Firefox < 74, Firefox < ESR68.6, and Firefox ESR < 68.6. | |||||
CVE-2019-16091 | 2 Canonical, Symonics | 2 Ubuntu Linux, Libmysofa | 2023-02-03 | 5.0 MEDIUM | 7.5 HIGH |
Symonics libmysofa 0.7 has an out-of-bounds read in directblockRead in hdf/fractalhead.c. | |||||
CVE-2019-16094 | 2 Canonical, Symonics | 2 Ubuntu Linux, Libmysofa | 2023-02-03 | 5.0 MEDIUM | 7.5 HIGH |
Symonics libmysofa 0.7 has an invalid read in readOHDRHeaderMessageDataLayout in hdf/dataobject.c. | |||||
CVE-2019-16095 | 2 Canonical, Symonics | 2 Ubuntu Linux, Libmysofa | 2023-02-03 | 5.0 MEDIUM | 7.5 HIGH |
Symonics libmysofa 0.7 has an invalid read in getDimension in hrtf/reader.c. | |||||
CVE-2021-3598 | 3 Debian, Openexr, Redhat | 3 Debian Linux, Openexr, Enterprise Linux | 2023-02-03 | 2.1 LOW | 5.5 MEDIUM |
There's a flaw in OpenEXR's ImfDeepScanLineInputFile functionality in versions prior to 3.0.5. An attacker who is able to submit a crafted file to an application linked with OpenEXR could cause an out-of-bounds read. The greatest risk from this flaw is to application availability. | |||||
CVE-2021-3605 | 3 Debian, Openexr, Redhat | 3 Debian Linux, Openexr, Enterprise Linux | 2023-02-03 | 4.3 MEDIUM | 5.5 MEDIUM |
There's a flaw in OpenEXR's rleUncompress functionality in versions prior to 3.0.5. An attacker who is able to submit a crafted file to an application linked with OpenEXR could cause an out-of-bounds read. The greatest risk from this flaw is to application availability. | |||||
CVE-2023-23933 | 2023-02-03 | N/A | N/A | ||
OpenSearch Anomaly Detection identifies atypical data and receives automatic notifications. There is an issue with the application of document and field level restrictions in the Anomaly Detection plugin, where users with the Anomaly Detector role can read aggregated numerical data (e.g. averages, sums) of fields that are otherwise restricted to them. This issue only affects authenticated users who were previously granted read access to the indexes containing the restricted fields. This issue has been patched in versions 1.3.8 and 2.6.0. There are no known workarounds for this issue. | |||||
CVE-2022-45313 | 1 Mikrotik | 1 Routeros | 2023-02-03 | N/A | 8.8 HIGH |
Mikrotik RouterOs before stable v7.5 was discovered to contain an out-of-bounds read in the hotspot process. This vulnerability allows attackers to execute arbitrary code via a crafted nova message. | |||||
CVE-2022-45315 | 1 Mikrotik | 1 Routeros | 2023-02-03 | N/A | 9.8 CRITICAL |
Mikrotik RouterOs before stable v7.6 was discovered to contain an out-of-bounds read in the snmp process. This vulnerability allows attackers to execute arbitrary code via a crafted packet. | |||||
CVE-2023-0396 | 1 Zephyrproject | 1 Zephyr | 2023-02-03 | N/A | 6.8 MEDIUM |
A malicious / defective bluetooth controller can cause buffer overreads in the most functions that process HCI command responses. | |||||
CVE-2021-28116 | 3 Debian, Fedoraproject, Squid-cache | 3 Debian Linux, Fedora, Squid | 2023-02-03 | 4.3 MEDIUM | 5.3 MEDIUM |
Squid through 4.14 and 5.x through 5.0.5, in some configurations, allows information disclosure because of an out-of-bounds read in WCCP protocol data. This can be leveraged as part of a chain for remote code execution as nobody. | |||||
CVE-2019-18390 | 4 Debian, Opensuse, Redhat and 1 more | 4 Debian Linux, Leap, Enterprise Linux and 1 more | 2023-02-03 | 3.6 LOW | 7.1 HIGH |
An out-of-bounds read in the vrend_blit_need_swizzle function in vrend_renderer.c in virglrenderer through 0.8.0 allows guest OS users to cause a denial of service via VIRGL_CCMD_BLIT commands. | |||||
CVE-2019-10129 | 1 Postgresql | 1 Postgresql | 2023-02-03 | 4.0 MEDIUM | 6.5 MEDIUM |
A vulnerability was found in postgresql versions 11.x prior to 11.3. Using a purpose-crafted insert to a partitioned table, an attacker can read arbitrary bytes of server memory. In the default configuration, any user can create a partitioned table suitable for this attack. (Exploit prerequisites are the same as for CVE-2018-1052). | |||||
CVE-2020-12674 | 4 Canonical, Debian, Dovecot and 1 more | 4 Ubuntu Linux, Debian Linux, Dovecot and 1 more | 2023-02-03 | 5.0 MEDIUM | 7.5 HIGH |
In Dovecot before 2.3.11.3, sending a specially formatted RPA request will crash the auth service because a length of zero is mishandled. | |||||
CVE-2020-12673 | 4 Canonical, Debian, Dovecot and 1 more | 4 Ubuntu Linux, Debian Linux, Dovecot and 1 more | 2023-02-03 | 5.0 MEDIUM | 7.5 HIGH |
In Dovecot before 2.3.11.3, sending a specially formatted NTLM request will crash the auth service because of an out-of-bounds read. | |||||
CVE-2022-1304 | 3 E2fsprogs Project, Fedoraproject, Redhat | 3 E2fsprogs, Fedora, Enterprise Linux | 2023-02-02 | 6.8 MEDIUM | 7.8 HIGH |
An out-of-bounds read/write vulnerability was found in e2fsprogs. This issue leads to a segmentation fault and possibly arbitrary code execution via a specially crafted filesystem. | |||||
CVE-2022-46344 | 3 Fedoraproject, Redhat, X.org | 3 Fedora, Enterprise Linux, X Server | 2023-02-02 | N/A | 8.8 HIGH |
A vulnerability was found in X.Org. The issue occurs because the handler for the XIChangeProperty request has a length-validation issue, resulting in out-of-bounds memory reads and potential information disclosure. This flaw can lead to local privilege elevation on systems where the X server runs privileged and remote code execution for ssh X forwarding sessions. |