Total
6546 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-14053 | 1 Qualcomm | 82 Apq8009, Apq8009 Firmware, Apq8053 and 79 more | 2020-06-03 | 3.6 LOW | 7.1 HIGH |
| When attempting to create a new XFRM policy, a stack out-of-bounds read will occur if the user provides a template where the mode is set to a value that does not resolve to a valid XFRM mode in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8053, APQ8096AU, APQ8098, IPQ4019, IPQ8074, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8905, MSM8909W, MSM8917, MSM8953, MSM8996AU, QCA4531, QCN7605, QCS605, QM215, SA415M, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM845, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR2130 | |||||
| CVE-2011-1192 | 2 Google, Linux | 2 Chrome, Linux Kernel | 2020-06-02 | 5.0 MEDIUM | N/A |
| Google Chrome before 10.0.648.127 on Linux does not properly handle Unicode ranges, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. | |||||
| CVE-2016-10198 | 1 Gstreamer Project | 1 Gstreamer | 2020-05-30 | 4.3 MEDIUM | 5.5 MEDIUM |
| The gst_aac_parse_sink_setcaps function in gst/audioparsers/gstaacparse.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (invalid memory read and crash) via a crafted audio file. | |||||
| CVE-2017-5840 | 1 Gstreamer Project | 1 Gstreamer | 2020-05-30 | 5.0 MEDIUM | 7.5 HIGH |
| The qtdemux_parse_samples function in gst/isomp4/qtdemux.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (out-of-bounds heap read) via vectors involving the current stts index. | |||||
| CVE-2017-5846 | 1 Gstreamer Project | 1 Gstreamer | 2020-05-30 | 4.3 MEDIUM | 5.5 MEDIUM |
| The gst_asf_demux_process_ext_stream_props function in gst/asfdemux/gstasfdemux.c in gst-plugins-ugly in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (invalid memory read and crash) via vectors related to the number of languages in a video file. | |||||
| CVE-2011-1445 | 1 Google | 1 Chrome | 2020-05-22 | 6.8 MEDIUM | N/A |
| Google Chrome before 11.0.696.57 does not properly handle SVG documents, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. | |||||
| CVE-2011-1455 | 1 Google | 1 Chrome | 2020-05-22 | 6.8 MEDIUM | N/A |
| Google Chrome before 11.0.696.57 does not properly handle PDF documents with multipart encoding, which allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted document. | |||||
| CVE-2019-20011 | 2 Gnu, Opensuse | 3 Libredwg, Backports Sle, Leap | 2020-05-22 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in GNU LibreDWG 0.92. There is a heap-based buffer over-read in decode_R13_R2000 in decode.c. | |||||
| CVE-2020-0100 | 1 Google | 1 Android | 2020-05-18 | 2.1 LOW | 5.5 MEDIUM |
| In onTransact of IHDCP.cpp, there is a possible out of bounds read due to incorrect error handling. This could lead to local information disclosure of data from a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-8.0Android ID: A-150156584 | |||||
| CVE-2020-5833 | 1 Symantec | 1 Endpoint Protection Manager | 2020-05-14 | 2.1 LOW | 3.3 LOW |
| Symantec Endpoint Protection Manager, prior to 14.3, may be susceptible to an out of bounds vulnerability, which is a type of issue that results in an existing application reading memory outside of the bounds of the memory that had been allocated to the program. | |||||
| CVE-2018-16847 | 2 Canonical, Qemu | 2 Ubuntu Linux, Qemu | 2020-05-14 | 4.6 MEDIUM | 7.8 HIGH |
| An OOB heap buffer r/w access issue was found in the NVM Express Controller emulation in QEMU. It could occur in nvme_cmb_ops routines in nvme device. A guest user/process could use this flaw to crash the QEMU process resulting in DoS or potentially run arbitrary code with privileges of the QEMU process. | |||||
| CVE-2019-19927 | 2 Linux, Opensuse | 2 Linux Kernel, Leap | 2020-05-14 | 3.6 LOW | 6.0 MEDIUM |
| In the Linux kernel 5.0.0-rc7 (as distributed in ubuntu/linux.git on kernel.ubuntu.com), mounting a crafted f2fs filesystem image and performing some operations can lead to slab-out-of-bounds read access in ttm_put_pages in drivers/gpu/drm/ttm/ttm_page_alloc.c. This is related to the vmwgfx or ttm module. | |||||
| CVE-2018-20124 | 2 Canonical, Qemu | 2 Ubuntu Linux, Qemu | 2020-05-12 | 2.1 LOW | 5.5 MEDIUM |
| hw/rdma/rdma_backend.c in QEMU allows guest OS users to trigger out-of-bounds access via a PvrdmaSqWqe ring element with a large num_sge value. | |||||
| CVE-2020-12018 | 1 Advantech | 1 Webaccess | 2020-05-11 | 5.0 MEDIUM | 7.5 HIGH |
| Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. An out-of-bounds vulnerability exists that may allow access to unauthorized data. | |||||
| CVE-2018-21233 | 1 Google | 1 Tensorflow | 2020-05-08 | 4.3 MEDIUM | 6.5 MEDIUM |
| TensorFlow before 1.7.0 has an integer overflow that causes an out-of-bounds read, possibly causing disclosure of the contents of process memory. This occurs in the DecodeBmp feature of the BMP decoder in core/kernels/decode_bmp_op.cc. | |||||
| CVE-2011-3234 | 2 Apple, Google | 4 Iphone Os, Itunes, Safari and 1 more | 2020-05-08 | 5.0 MEDIUM | N/A |
| Google Chrome before 14.0.835.163 does not properly handle boxes, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. | |||||
| CVE-2020-11940 | 1 Ntop | 1 Ndpi | 2020-05-06 | 5.0 MEDIUM | 7.5 HIGH |
| In nDPI through 3.2 Stable, an out-of-bounds read in concat_hash_string in ssh.c can be exploited by a network-positioned attacker that can send malformed SSH protocol messages on a network segment monitored by nDPI's library. | |||||
| CVE-2019-15090 | 3 Canonical, Linux, Opensuse | 3 Ubuntu Linux, Linux Kernel, Leap | 2020-05-05 | 4.6 MEDIUM | 6.7 MEDIUM |
| An issue was discovered in drivers/scsi/qedi/qedi_dbg.c in the Linux kernel before 5.1.12. In the qedi_dbg_* family of functions, there is an out-of-bounds read. | |||||
| CVE-2020-8876 | 1 Parallels | 1 Parallels Desktop | 2020-05-04 | 2.1 LOW | 5.5 MEDIUM |
| This vulnerability allows local attackers to disclose information on affected installations of Parallels Desktop 15.1.2-47123. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the IOCTL handler. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the kernel. Was ZDI-CAN-10029. | |||||
| CVE-2020-8872 | 1 Parallels | 1 Parallels Desktop | 2020-05-04 | 2.1 LOW | 4.4 MEDIUM |
| This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 15.1.1-47117. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the xHCI component. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the hypervisor. Was ZDI-CAN-9428. | |||||