Total
6546 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-12816 | 1 Adobe | 1 Digital Editions | 2018-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Adobe Digital Editions versions 4.5.8 and below have an out of bounds read vulnerability. Successful exploitation could lead to information disclosure. | |||||
| CVE-2018-17292 | 1 Webassembly Virtual Machine Project | 1 Webassembly Virtual Machine | 2018-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in WAVM before 2018-09-16. The loadModule function in Include/Inline/CLI.h lacks checking of the file length before a file magic comparison, allowing attackers to cause a Denial of Service (application crash caused by out-of-bounds read) by crafting a file that has fewer than 4 bytes. | |||||
| CVE-2017-8817 | 2 Debian, Haxx | 3 Debian Linux, Curl, Libcurl | 2018-11-13 | 7.5 HIGH | 9.8 CRITICAL |
| The FTP wildcard function in curl and libcurl before 7.57.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) or possibly have unspecified other impact via a string that ends with an '[' character. | |||||
| CVE-2018-11278 | 1 Google | 1 Android | 2018-11-09 | 6.6 MEDIUM | 7.1 HIGH |
| In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Venus HW searches for start code when decoding input bit stream buffers. If start code is not found in entire buffer, there is over-fetch beyond allocation length. This leads to page fault. | |||||
| CVE-2017-15825 | 1 Google | 1 Android | 2018-11-09 | 4.6 MEDIUM | 7.8 HIGH |
| In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while processing a gpt update, an out of bounds memory access may potentially occur. | |||||
| CVE-2017-15844 | 1 Google | 1 Android | 2018-11-09 | 2.1 LOW | 5.5 MEDIUM |
| In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while processing the function for writing device values into flash, uninitialized memory can be written to flash. | |||||
| CVE-2018-11297 | 1 Google | 1 Android | 2018-11-09 | 7.2 HIGH | 7.8 HIGH |
| In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, a buffer over-read can occur In the WMA NDP event handler functions due to lack of validation of input value event_info which is received from FW. | |||||
| CVE-2018-11293 | 1 Google | 1 Android | 2018-11-09 | 3.3 LOW | 5.7 MEDIUM |
| In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, in wma_ndp_confirm_event_handler and wma_ndp_indication_event_handler, ndp_cfg len and num_ndp_app_info is from fw. If they are not checked, it may cause buffer over-read once the value is too large. | |||||
| CVE-2018-11898 | 1 Google | 1 Android | 2018-11-09 | 7.2 HIGH | 7.8 HIGH |
| In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while processing start bss request from upper layer, out of bounds read occurs if ssid length is greater than maximum. | |||||
| CVE-2017-12618 | 1 Apache | 1 Portable Runtime Utility | 2018-10-31 | 1.9 LOW | 4.7 MEDIUM |
| Apache Portable Runtime Utility (APR-util) 1.6.0 and prior fail to validate the integrity of SDBM database files used by apr_sdbm*() functions, resulting in a possible out of bound read access. A local user with write access to the database can make a program or process using these functions crash, and cause a denial of service. | |||||
| CVE-2017-18198 | 1 Gnu | 1 Libcdio | 2018-10-31 | 6.8 MEDIUM | 8.8 HIGH |
| print_iso9660_recurse in iso-info.c in GNU libcdio before 1.0.0 allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted iso file. | |||||
| CVE-2014-9844 | 5 Canonical, Imagemagick, Opensuse and 2 more | 10 Ubuntu Linux, Imagemagick, Opensuse and 7 more | 2018-10-30 | 4.3 MEDIUM | 5.5 MEDIUM |
| The ReadRLEImage function in coders/rle.c in ImageMagick 6.8.9.9 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted image file. | |||||
| CVE-2014-9657 | 7 Canonical, Debian, Fedoraproject and 4 more | 12 Ubuntu Linux, Debian Linux, Fedora and 9 more | 2018-10-30 | 7.5 HIGH | N/A |
| The tt_face_load_hdmx function in truetype/ttpload.c in FreeType before 2.5.4 does not establish a minimum record size, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted TrueType font. | |||||
| CVE-2014-9669 | 7 Canonical, Debian, Fedoraproject and 4 more | 12 Ubuntu Linux, Debian Linux, Fedora and 9 more | 2018-10-30 | 6.8 MEDIUM | N/A |
| Multiple integer overflows in sfnt/ttcmap.c in FreeType before 2.5.4 allow remote attackers to cause a denial of service (out-of-bounds read or memory corruption) or possibly have unspecified other impact via a crafted cmap SFNT table. | |||||
| CVE-2016-6905 | 2 Libgd, Opensuse | 3 Libgd, Leap, Opensuse | 2018-10-30 | 4.3 MEDIUM | 6.5 MEDIUM |
| The read_image_tga function in gd_tga.c in the GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA image. | |||||
| CVE-2016-3634 | 1 Libtiff | 1 Libtiff | 2018-10-30 | 5.0 MEDIUM | 7.5 HIGH |
| The tagCompare function in tif_dirinfo.c in the thumbnail tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via vectors related to field_tag matching. | |||||
| CVE-2016-3633 | 1 Libtiff | 1 Libtiff | 2018-10-30 | 5.0 MEDIUM | 7.5 HIGH |
| The setrow function in the thumbnail tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via vectors related to the src variable. | |||||
| CVE-2016-6132 | 3 Debian, Libgd, Opensuse | 3 Debian Linux, Libgd, Leap | 2018-10-30 | 4.3 MEDIUM | 6.5 MEDIUM |
| The gdImageCreateFromTgaCtx function in the GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA file. | |||||
| CVE-2016-7643 | 1 Apple | 3 Iphone Os, Mac Os X, Watchos | 2018-10-30 | 5.8 MEDIUM | 8.1 HIGH |
| An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "ImageIO" component. It allows remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read and application crash) via a crafted web site. | |||||
| CVE-2016-3625 | 1 Libtiff | 1 Libtiff | 2018-10-30 | 4.3 MEDIUM | 6.5 MEDIUM |
| tif_read.c in the tiff2bw tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TIFF image. | |||||