Total
5678 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2019-9241 | 1 Google | 1 Android | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-121036603 | |||||
CVE-2020-6614 | 2 Gnu, Opensuse | 3 Libredwg, Backports Sle, Leap | 2023-12-10 | 5.8 MEDIUM | 8.1 HIGH |
GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in bfr_read in decode.c. | |||||
CVE-2020-9272 | 3 Opensuse, Proftpd, Siemens | 7 Backports Sle, Leap, Proftpd and 4 more | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
ProFTPD 1.3.7 has an out-of-bounds (OOB) read vulnerability in mod_cap via the cap_text.c cap_to_text function. | |||||
CVE-2020-6624 | 1 Jhead Project | 1 Jhead | 2023-12-10 | 5.8 MEDIUM | 7.1 HIGH |
jhead through 3.04 has a heap-based buffer over-read in process_DQT in jpgqguess.c. | |||||
CVE-2015-2326 | 4 Mariadb, Opensuse, Pcre and 1 more | 4 Mariadb, Opensuse, Pcre and 1 more | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
The pcre_compile2 function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code and cause a denial of service (out-of-bounds read) via regular expression with a group containing both a forward referencing subroutine call and a recursive back reference, as demonstrated by "((?+1)(\1))/". | |||||
CVE-2019-20199 | 1 Ezxml Project | 1 Ezxml | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxml_decode, while parsing a crafted XML file, performs incorrect memory handling, leading to NULL pointer dereference while running strlen() on a NULL pointer. | |||||
CVE-2019-9390 | 1 Google | 1 Android | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-117551475 | |||||
CVE-2019-17040 | 1 Rsyslog | 1 Rsyslog | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
contrib/pmdb2diag/pmdb2diag.c in Rsyslog v8.1908.0 allows out-of-bounds access because the level length is mishandled. | |||||
CVE-2019-13753 | 5 Canonical, Debian, Fedoraproject and 2 more | 8 Ubuntu Linux, Debian Linux, Fedora and 5 more | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
Out of bounds read in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. | |||||
CVE-2020-3826 | 1 Apple | 7 Icloud, Ipados, Iphone Os and 4 more | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, macOS Catalina 10.15.3, tvOS 13.3.1, watchOS 6.1.2, iTunes for Windows 12.10.4, iCloud for Windows 11.0, iCloud for Windows 7.17. Processing a maliciously crafted image may lead to arbitrary code execution. | |||||
CVE-2012-4428 | 4 Canonical, Debian, Fedoraproject and 1 more | 4 Ubuntu Linux, Debian Linux, Fedora and 1 more | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
openslp: SLPIntersectStringList()' Function has a DoS vulnerability | |||||
CVE-2019-9232 | 5 Canonical, Debian, Fedoraproject and 2 more | 5 Ubuntu Linux, Debian Linux, Fedora and 2 more | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
In libvpx, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-122675483 | |||||
CVE-2020-1893 | 1 Facebook | 1 Hhvm | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
Insufficient boundary checks when decoding JSON in TryParse reads out of bounds memory, potentially leading to DOS. This issue affects HHVM 4.45.0, 4.44.0, 4.43.0, 4.42.0, 4.41.0, 4.40.0, 4.39.0, versions between 4.33.0 and 4.38.0 (inclusive), versions between 4.9.0 and 4.32.0 (inclusive), and versions prior to 4.8.7. | |||||
CVE-2020-6625 | 1 Jhead Project | 1 Jhead | 2023-12-10 | 5.8 MEDIUM | 7.1 HIGH |
jhead through 3.04 has a heap-based buffer over-read in Get32s when called from ProcessGpsInfo in gpsinfo.c. | |||||
CVE-2020-0038 | 1 Google | 1 Android | 2023-12-10 | 7.8 HIGH | 7.5 HIGH |
In rw_i93_sm_update_ndef of rw_i93.cc, there is a possible read of uninitialized data due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-143109193 | |||||
CVE-2020-9428 | 4 Debian, Fedoraproject, Opensuse and 1 more | 4 Debian Linux, Fedora, Leap and 1 more | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14, the EAP dissector could crash. This was addressed in epan/dissectors/packet-eap.c by using more careful sscanf parsing. | |||||
CVE-2015-7507 | 1 Netsurf-browser | 1 Libnsbmp | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
libnsbmp.c in Libnsbmp 0.1.2 allows context-dependent attackers to cause a denial of service (out-of-bounds read) via a crafted color table to the (1) bmp_decode_rgb or (2) bmp_decode_rle function. | |||||
CVE-2019-19221 | 4 Canonical, Debian, Fedoraproject and 1 more | 4 Ubuntu Linux, Debian Linux, Fedora and 1 more | 2023-12-10 | 2.1 LOW | 5.5 MEDIUM |
In Libarchive 3.4.0, archive_wstring_append_from_mbs in archive_string.c has an out-of-bounds read because of an incorrect mbrtowc or mbtowc call. For example, bsdtar crashes via a crafted archive. | |||||
CVE-2020-3870 | 1 Apple | 5 Ipados, Iphone Os, Mac Os X and 2 more | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, macOS Catalina 10.15.3, tvOS 13.3.1, watchOS 6.1.2. Processing a maliciously crafted image may lead to arbitrary code execution. | |||||
CVE-2019-1465 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1466, CVE-2019-1467. |