Total
5601 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2019-17401 | 1 Liblnk Project | 1 Liblnk | 2024-03-21 | 2.1 LOW | 3.3 LOW |
libyal liblnk 20191006 has a heap-based buffer over-read in the network_share_name_offset>20 code block of liblnk_location_information_read_data in liblnk_location_information.c, a different issue than CVE-2019-17264. NOTE: the vendor has disputed this as described in the GitHub issue | |||||
CVE-2019-17264 | 1 Liblnk Project | 1 Liblnk | 2024-03-21 | 2.1 LOW | 3.3 LOW |
In libyal liblnk before 20191006, liblnk_location_information_read_data in liblnk_location_information.c has a heap-based buffer over-read because an incorrect variable name is used for a certain offset. NOTE: the vendor has disputed this as described in the GitHub issue | |||||
CVE-2019-17263 | 1 Libfwsi Project | 1 Libfwsi | 2024-03-21 | 2.1 LOW | 3.3 LOW |
In libyal libfwsi before 20191006, libfwsi_extension_block_copy_from_byte_stream in libfwsi_extension_block.c has a heap-based buffer over-read because rejection of an unsupported size only considers values less than 6, even though values of 6 and 7 are also unsupported. NOTE: the vendor has disputed this as described in the GitHub issue | |||||
CVE-2018-8754 | 2 Debian, Libevt Project | 2 Debian Linux, Libevt | 2024-03-21 | 2.1 LOW | 5.5 MEDIUM |
The libevt_record_values_read_event() function in libevt_record_values.c in libevt before 2018-03-17 does not properly check for out-of-bounds values of user SID data size, strings size, or data size. NOTE: the vendor has disputed this as described in libyal/libevt issue 5 on GitHub | |||||
CVE-2018-15161 | 1 Libesedb Project | 1 Libesedb | 2024-03-21 | 4.3 MEDIUM | 6.5 MEDIUM |
The libesedb_key_append_data function in libesedb_key.c in libesedb through 2018-04-01 allows remote attackers to cause a heap-based buffer over-read via a crafted esedb file. NOTE: the vendor has disputed this as described in the GitHub issue comments | |||||
CVE-2018-15160 | 1 Libesedb Project | 1 Libesedb | 2024-03-21 | 4.3 MEDIUM | 6.5 MEDIUM |
The libesedb_catalog_definition_read function in libesedb_catalog_definition.c in libesedb through 2018-04-01 allows remote attackers to cause a heap-based buffer over-read via a crafted esedb file. NOTE: the vendor has disputed this as described in the GitHub issue comments | |||||
CVE-2018-15159 | 1 Libesedb Project | 1 Libesedb | 2024-03-21 | 4.3 MEDIUM | 6.5 MEDIUM |
The libesedb_page_read_tags function in libesedb_page.c in libesedb through 2018-04-01 allows remote attackers to cause a heap-based buffer over-read via a crafted esedb file. NOTE: the vendor has disputed this as described in the GitHub issue comments | |||||
CVE-2018-15158 | 1 Libesedb Project | 1 Libesedb | 2024-03-21 | 4.3 MEDIUM | 6.5 MEDIUM |
The libesedb_page_read_values function in libesedb_page.c in libesedb through 2018-04-01 allows remote attackers to cause a heap-based buffer over-read via a crafted esedb file. NOTE: the vendor has disputed this as described in the GitHub issue comments | |||||
CVE-2018-15157 | 1 Libfsclfs Project | 1 Libfsclfs | 2024-03-21 | 4.3 MEDIUM | 6.5 MEDIUM |
The libfsclfs_block_read function in libfsclfs_block.c in libfsclfs before 2018-07-25 allows remote attackers to cause a heap-based buffer over-read via a crafted clfs file. NOTE: the vendor has disputed this as described in the GitHub issue comments | |||||
CVE-2018-12098 | 1 Liblnk Project | 1 Liblnk | 2024-03-21 | 1.9 LOW | 5.5 MEDIUM |
The liblnk_data_block_read function in liblnk_data_block.c in liblnk through 2018-04-19 allows remote attackers to cause an information disclosure (heap-based buffer over-read) via a crafted lnk file. NOTE: the vendor has disputed this as described in libyal/liblnk issue 33 on GitHub | |||||
CVE-2018-12097 | 1 Liblnk Project | 1 Liblnk | 2024-03-21 | 1.9 LOW | 5.5 MEDIUM |
The liblnk_location_information_read_data function in liblnk_location_information.c in liblnk through 2018-04-19 allows remote attackers to cause an information disclosure (heap-based buffer over-read) via a crafted lnk file. NOTE: the vendor has disputed this as described in libyal/liblnk issue 33 on GitHub | |||||
CVE-2018-12096 | 1 Liblnk Project | 1 Liblnk | 2024-03-21 | 1.9 LOW | 5.5 MEDIUM |
The liblnk_data_string_get_utf8_string_size function in liblnk_data_string.c in liblnk through 2018-04-19 allows remote attackers to cause an information disclosure (heap-based buffer over-read) via a crafted lnk file. NOTE: the vendor has disputed this as described in libyal/liblnk issue 33 on GitHub | |||||
CVE-2018-11731 | 1 Libfsntfs Project | 1 Libfsntfs | 2024-03-21 | 1.9 LOW | 5.5 MEDIUM |
The libfsntfs_mft_entry_read_attributes function in libfsntfs_mft_entry.c in libfsntfs through 2018-04-20 allows remote attackers to cause an information disclosure (heap-based buffer over-read) via a crafted ntfs file. NOTE: the vendor has disputed this as described in libyal/libfsntfs issue 8 on GitHub | |||||
CVE-2018-11729 | 1 Libfsntfs Project | 1 Libfsntfs | 2024-03-21 | 1.9 LOW | 5.5 MEDIUM |
The libfsntfs_mft_entry_read_header function in libfsntfs_mft_entry.c in libfsntfs through 2018-04-20 allows remote attackers to cause an information disclosure (heap-based buffer over-read) via a crafted ntfs file. NOTE: the vendor has disputed this as described in libyal/libfsntfs issue 8 on GitHub | |||||
CVE-2018-11728 | 1 Libfsntfs Project | 1 Libfsntfs | 2024-03-21 | 1.9 LOW | 5.5 MEDIUM |
The libfsntfs_reparse_point_values_read_data function in libfsntfs_reparse_point_values.c in libfsntfs through 2018-04-20 allows remote attackers to cause an information disclosure (heap-based buffer over-read) via a crafted ntfs file. NOTE: the vendor has disputed this as described in libyal/libfsntfs issue 8 on GitHub | |||||
CVE-2018-11727 | 1 Libfsntfs Project | 1 Libfsntfs | 2024-03-21 | 1.9 LOW | 5.5 MEDIUM |
The libfsntfs_attribute_read_from_mft function in libfsntfs_attribute.c in libfsntfs through 2018-04-20 allows remote attackers to cause an information disclosure (heap-based buffer over-read) via a crafted ntfs file. NOTE: the vendor has disputed this as described in libyal/libfsntfs issue 8 on GitHub | |||||
CVE-2018-11723 | 1 Libpff Project | 1 Libpff | 2024-03-21 | 1.9 LOW | 5.5 MEDIUM |
The libpff_name_to_id_map_entry_read function in libpff_name_to_id_map.c in libyal libpff through 2018-04-28 allows remote attackers to cause an information disclosure (heap-based buffer over-read) via a crafted pff file. NOTE: the vendor has disputed this as described in libyal/libpff issue 66 on GitHub | |||||
CVE-2018-11210 | 1 Tinyxml2 Project | 1 Tinyxml2 | 2024-03-21 | 7.5 HIGH | 9.8 CRITICAL |
TinyXML2 6.2.0 has a heap-based buffer over-read in the XMLDocument::Parse function in libtinyxml2.so. NOTE: The tinyxml2 developers have determined that the reported overflow is due to improper use of the library and not a vulnerability in tinyxml2 | |||||
CVE-2017-6363 | 1 Libgd | 1 Libgd | 2024-03-21 | 5.8 MEDIUM | 8.1 HIGH |
In the GD Graphics Library (aka LibGD) through 2.2.5, there is a heap-based buffer over-read in tiffWriter in gd_tiff.c. NOTE: the vendor says "In my opinion this issue should not have a CVE, since the GD and GD2 formats are documented to be 'obsolete, and should only be used for development and testing purposes.' | |||||
CVE-2014-3180 | 2 Google, Linux | 2 Chrome Os, Linux Kernel | 2024-03-21 | 6.4 MEDIUM | 9.1 CRITICAL |
In kernel/compat.c in the Linux kernel before 3.17, as used in Google Chrome OS and other products, there is a possible out-of-bounds read. restart_syscall uses uninitialized data when restarting compat_sys_nanosleep. NOTE: this is disputed because the code path is unreachable |