Total
5677 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-17283 | 1 Huawei | 12 Dp300, Dp300 Firmware, Rp200 and 9 more | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
| Huawei DP300 V500R002C00, RP200 V500R002C00, V600R006C00, TE30 V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C01, V100R001C10, V500R002C00, V600R006C00 have an out-of-bound read vulnerability. A remote attacker send specially crafted Session Initiation Protocol (SIP) messages to the affected products. Due to insufficient input validation, successful exploit will cause some services abnormal. | |||||
| CVE-2018-11592 | 1 Espruino | 1 Espruino | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
| Espruino before 1.98 allows attackers to cause a denial of service (application crash) with a user crafted input file via an Out-of-bounds Read during syntax parsing in which certain height validation is missing in libs/graphics/jswrap_graphics.c. | |||||
| CVE-2018-12910 | 5 Canonical, Debian, Gnome and 2 more | 9 Ubuntu Linux, Debian Linux, Libsoup and 6 more | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| The get_cookies function in soup-cookie-jar.c in libsoup 2.63.2 allows attackers to have unspecified impact via an empty hostname. | |||||
| CVE-2018-11697 | 1 Sass-lang | 1 Libsass | 2023-12-10 | 5.8 MEDIUM | 8.1 HIGH |
| An issue was discovered in LibSass through 3.5.4. An out-of-bounds read of a memory region was found in the function Sass::Prelexer::exactly() which could be leveraged by an attacker to disclose information or manipulated to read from unmapped memory causing a denial of service. | |||||
| CVE-2018-13868 | 1 Hdfgroup | 1 Hdf5 | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the HDF HDF5 1.8.20 library. There is a heap-based buffer over-read in the function H5O_fill_old_decode in H5Ofill.c. | |||||
| CVE-2018-7439 | 2 Debian, Freexl Project | 2 Debian Linux, Freexl | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in FreeXL before 1.0.5. There is a heap-based buffer over-read in the function read_mini_biff_next_record. | |||||
| CVE-2018-10549 | 4 Canonical, Debian, Netapp and 1 more | 4 Ubuntu Linux, Debian Linux, Storage Automation Store and 1 more | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. exif_read_data in ext/exif/exif.c has an out-of-bounds read for crafted JPEG data because exif_iif_add_value mishandles the case of a MakerNote that lacks a final '\0' character. | |||||
| CVE-2018-4963 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Mac Os X and 1 more | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | |||||
| CVE-2017-12378 | 2 Clamav, Debian | 2 Clamav, Debian Linux | 2023-12-10 | 7.1 HIGH | 5.5 MEDIUM |
| ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper input validation checking mechanisms of .tar (Tape Archive) files sent to an affected device. A successful exploit could cause a checksum buffer over-read condition when ClamAV scans the malicious .tar file, potentially allowing the attacker to cause a DoS condition on the affected device. | |||||
| CVE-2018-4979 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Mac Os X and 1 more | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
| Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Security Bypass vulnerability. Successful exploitation could lead to information disclosure. | |||||
| CVE-2018-1000301 | 5 Canonical, Debian, Haxx and 2 more | 9 Ubuntu Linux, Debian Linux, Curl and 6 more | 2023-12-10 | 6.4 MEDIUM | 9.1 CRITICAL |
| curl version curl 7.20.0 to and including curl 7.59.0 contains a CWE-126: Buffer Over-read vulnerability in denial of service that can result in curl can be tricked into reading data beyond the end of a heap based buffer used to store downloaded RTSP content.. This vulnerability appears to have been fixed in curl < 7.20.0 and curl >= 7.60.0. | |||||
| CVE-2017-14910 | 1 Qualcomm | 42 Mdm9206, Mdm9206 Firmware, Mdm9607 and 39 more | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
| In Snapdragon Automobile, Snapdragon IoT and Snapdragon Mobile MDM9206 MDM9607, MDM9650, S820A, S820Am, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 820, SD 835, and SD 845, a buffer overread is possible if there are no newlines in an input file. | |||||
| CVE-2017-14457 | 1 Ethereum | 1 Ethereum Virtual Machine | 2023-12-10 | 6.4 MEDIUM | 8.2 HIGH |
| An exploitable information leak/denial of service vulnerability exists in the libevm (Ethereum Virtual Machine) `create2` opcode handler of CPP-Ethereum. A specially crafted smart contract code can cause an out-of-bounds read leading to memory disclosure or denial of service. An attacker can create/send malicious a smart contract to trigger this vulnerability. | |||||
| CVE-2018-3745 | 1 Atob Project | 1 Atob | 2023-12-10 | 6.4 MEDIUM | 9.1 CRITICAL |
| atob 2.0.3 and earlier allocates uninitialized Buffers when number is passed in input on Node.js 4.x and below. | |||||
| CVE-2018-4955 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Mac Os X and 1 more | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | |||||
| CVE-2018-11381 | 1 Radare | 1 Radare2 | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
| The string_scan_range() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted binary file. | |||||
| CVE-2017-17306 | 1 Huawei | 2 Vns-l21, Vns-l21 Firmware | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
| Some Huawei Smartphones with software of VNS-L21AUTC555B141, VNS-L21C10B160, VNS-L21C66B160, VNS-L21C703B140 have an array out-of-bounds read vulnerability. Due to the lack verification of array, an attacker tricks a user into installing a malicious application, and the application can exploit the vulnerability and make attacker to read out of bounds of array and possibly cause the device abnormal. | |||||
| CVE-2018-1303 | 4 Apache, Canonical, Debian and 1 more | 7 Http Server, Ubuntu Linux, Debian Linux and 4 more | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| A specially crafted HTTP request header could have crashed the Apache HTTP Server prior to version 2.4.30 due to an out of bound read while preparing data to be cached in shared memory. It could be used as a Denial of Service attack against users of mod_cache_socache. The vulnerability is considered as low risk since mod_cache_socache is not widely used, mod_cache_disk is not concerned by this vulnerability. | |||||
| CVE-2018-11740 | 1 Sleuthkit | 1 The Sleuth Kit | 2023-12-10 | 5.8 MEDIUM | 8.1 HIGH |
| An issue was discovered in libtskbase.a in The Sleuth Kit (TSK) from release 4.0.2 through to 4.6.1. An out-of-bounds read of a memory region was found in the function tsk_UTF16toUTF8 in tsk/base/tsk_unicode.c which could be leveraged by an attacker to disclose information or manipulated to read from unmapped memory causing a denial of service attack. | |||||
| CVE-2018-7182 | 3 Canonical, Netapp, Ntp | 3 Ubuntu Linux, Element Software, Ntp | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| The ctl_getitem method in ntpd in ntp-4.2.8p6 before 4.2.8p11 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mode 6 packet with a ntpd instance from 4.2.8p6 through 4.2.8p10. | |||||