Total
5677 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2019-2021 | 1 Google | 1 Android | 2023-12-10 | 7.1 HIGH | 6.5 MEDIUM |
In rw_t3t_act_handle_ndef_detect_rsp of rw_t3t.cc, there is a possible out-of-bound read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9Android ID: A-120428041 | |||||
CVE-2018-4203 | 1 Apple | 4 Iphone Os, Mac Os X, Tvos and 1 more | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
An out-of-bounds read was addressed with improved bounds checking. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5. | |||||
CVE-2019-15926 | 3 Canonical, Debian, Linux | 3 Ubuntu Linux, Debian Linux, Linux Kernel | 2023-12-10 | 9.4 HIGH | 9.1 CRITICAL |
An issue was discovered in the Linux kernel before 5.2.3. Out of bounds access exists in the functions ath6kl_wmi_pstream_timeout_event_rx and ath6kl_wmi_cac_event_rx in the file drivers/net/wireless/ath/ath6kl/wmi.c. | |||||
CVE-2019-11007 | 4 Canonical, Debian, Graphicsmagick and 1 more | 5 Ubuntu Linux, Debian Linux, Graphicsmagick and 2 more | 2023-12-10 | 5.8 MEDIUM | 8.1 HIGH |
In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer over-read in the ReadMNGImage function of coders/png.c, which allows attackers to cause a denial of service or information disclosure via an image colormap. | |||||
CVE-2019-11373 | 2 Fedoraproject, Mediaarea | 2 Fedora, Mediainfo | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
An out-of-bounds read in File__Analyze::Get_L8 in File__Analyze_Buffer.cpp in MediaInfoLib in MediaArea MediaInfo 18.12 leads to a crash. | |||||
CVE-2019-13297 | 4 Canonical, Debian, Imagemagick and 1 more | 4 Ubuntu Linux, Debian Linux, Imagemagick and 1 more | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read at MagickCore/threshold.c in AdaptiveThresholdImage because a height of zero is mishandled. | |||||
CVE-2019-7778 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Mac Os X and 1 more | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | |||||
CVE-2019-15531 | 3 Debian, Fedoraproject, Gnu | 3 Debian Linux, Fedora, Libextractor | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
GNU Libextractor through 1.9 has a heap-based buffer over-read in the function EXTRACTOR_dvi_extract_method in plugins/dvi_extractor.c. | |||||
CVE-2015-9382 | 2 Debian, Freetype | 2 Debian Linux, Freetype | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
FreeType before 2.6.1 has a buffer over-read in skip_comment in psaux/psobjs.c because ps_parser_skip_PS_token is mishandled in an FT_New_Memory_Face operation. | |||||
CVE-2019-1153 | 1 Microsoft | 9 Office, Windows 10, Windows 7 and 6 more | 2023-12-10 | 2.1 LOW | 5.5 MEDIUM |
An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory, aka 'Microsoft Graphics Component Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1078, CVE-2019-1148. | |||||
CVE-2018-6136 | 1 Google | 1 Chrome | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
Missing type check in V8 in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. | |||||
CVE-2019-11835 | 2 Cjson Project, Oracle | 2 Cjson, Timesten In-memory Database | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
cJSON before 1.7.11 allows out-of-bounds access, related to multiline comments. | |||||
CVE-2019-12957 | 2 Fedoraproject, Glyphandcog | 2 Fedora, Xpdfreader | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
In Xpdf 4.01.01, a buffer over-read could be triggered in FoFiType1C::convertToType1 in fofi/FoFiType1C.cc when the index number is larger than the charset array bounds. It can, for example, be triggered by sending a crafted PDF document to the pdftops tool. It allows an attacker to use a crafted pdf file to cause Denial of Service or an information leak, or possibly have unspecified other impact. | |||||
CVE-2017-7771 | 2 Mozilla, Sil | 2 Firefox, Graphite2 | 2023-12-10 | 5.8 MEDIUM | 8.1 HIGH |
Out-of-bounds read in Graphite2 Library in Firefox before 54 in graphite2::Pass::readPass function. | |||||
CVE-2019-15666 | 3 Debian, Linux, Opensuse | 3 Debian Linux, Linux Kernel, Leap | 2023-12-10 | 4.9 MEDIUM | 4.4 MEDIUM |
An issue was discovered in the Linux kernel before 5.0.19. There is an out-of-bounds array access in __xfrm_policy_unlink, which will cause denial of service, because verify_newpolicy_info in net/xfrm/xfrm_user.c mishandles directory validation. | |||||
CVE-2013-2807 | 1 Rockwellautomation | 1 Rslinx Enterprise | 2023-12-10 | 7.8 HIGH | 7.5 HIGH |
Rockwell Automation RSLinx Enterprise Software (LogReceiver.exe) CPR9, CPR9-SR1, CPR9-SR2, CPR9-SR3, CPR9-SR4, CPR9-SR5, CPR9-SR5.1, and CPR9-SR6 does not handle input correctly and results in a logic error if it calculates an incorrect value for the “Total Record Size” field. By sending a datagram to the service over Port 4444/UDP with the “Record Data Size” field modified to a specifically oversized value, the service will calculate an undersized value for the “Total Record Size” that will cause an out-of-bounds read access violation that leads to a service crash. The service can be recovered with a manual reboot. The patches and details pertaining to these vulnerabilities can be found at the following Rockwell Automation Security Advisory link (login is required): https://rockwellautomation.custhelp.com/app/answers/detail/a_id/537599 | |||||
CVE-2019-14369 | 2 Debian, Exiv2 | 2 Debian Linux, Exiv2 | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
Exiv2::PngImage::readMetadata() in pngimage.cpp in Exiv2 0.27.99.0 allows attackers to cause a denial of service (heap-based buffer over-read) via a crafted image file. | |||||
CVE-2019-3956 | 1 Dameware | 1 Remote Mini Control | 2023-12-10 | 5.8 MEDIUM | 7.4 HIGH |
Dameware Remote Mini Control version 12.1.0.34 and prior contains an unauthenticated remote buffer over-read due to the server not properly validating CltDHPubKeyLen during key negotiation, which could crash the application or leak sensitive information. | |||||
CVE-2019-7127 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Mac Os X and 1 more | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010.20098 and earlier, 2017.011.30127 and earlier version, and 2015.006.30482 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure . | |||||
CVE-2018-18089 | 1 Intel | 1 Graphics Driver | 2023-12-10 | 2.1 LOW | 5.5 MEDIUM |
Multiple out of bounds read in igdkm64.sys in Intel(R) Graphics Driver for Windows* before versions 10.18.x.5059 (aka 15.33.x.5059), 10.18.x.5057 (aka 15.36.x.5057), 20.19.x.5063 (aka 15.40.x.5063) 21.20.x.5064 (aka 15.45.x.5064) and 24.20.100.6373 may allow an authenticated user to potentially enable information disclosure via local access. |