Total
6546 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-11727 | 1 Libfsntfs Project | 1 Libfsntfs | 2024-08-05 | 1.9 LOW | 5.5 MEDIUM |
| The libfsntfs_attribute_read_from_mft function in libfsntfs_attribute.c in libfsntfs through 2018-04-20 allows remote attackers to cause an information disclosure (heap-based buffer over-read) via a crafted ntfs file. NOTE: the vendor has disputed this as described in libyal/libfsntfs issue 8 on GitHub | |||||
| CVE-2018-11728 | 1 Libfsntfs Project | 1 Libfsntfs | 2024-08-05 | 1.9 LOW | 5.5 MEDIUM |
| The libfsntfs_reparse_point_values_read_data function in libfsntfs_reparse_point_values.c in libfsntfs through 2018-04-20 allows remote attackers to cause an information disclosure (heap-based buffer over-read) via a crafted ntfs file. NOTE: the vendor has disputed this as described in libyal/libfsntfs issue 8 on GitHub | |||||
| CVE-2018-11210 | 1 Tinyxml2 Project | 1 Tinyxml2 | 2024-08-05 | 7.5 HIGH | 9.8 CRITICAL |
| TinyXML2 6.2.0 has a heap-based buffer over-read in the XMLDocument::Parse function in libtinyxml2.so. NOTE: The tinyxml2 developers have determined that the reported overflow is due to improper use of the library and not a vulnerability in tinyxml2 | |||||
| CVE-2018-8754 | 2 Debian, Libevt Project | 2 Debian Linux, Libevt | 2024-08-05 | 2.1 LOW | 5.5 MEDIUM |
| The libevt_record_values_read_event() function in libevt_record_values.c in libevt before 2018-03-17 does not properly check for out-of-bounds values of user SID data size, strings size, or data size. NOTE: the vendor has disputed this as described in libyal/libevt issue 5 on GitHub | |||||
| CVE-2019-17264 | 1 Liblnk Project | 1 Liblnk | 2024-08-05 | 2.1 LOW | 3.3 LOW |
| In libyal liblnk before 20191006, liblnk_location_information_read_data in liblnk_location_information.c has a heap-based buffer over-read because an incorrect variable name is used for a certain offset. NOTE: the vendor has disputed this as described in the GitHub issue | |||||
| CVE-2019-17401 | 1 Liblnk Project | 1 Liblnk | 2024-08-05 | 2.1 LOW | 3.3 LOW |
| libyal liblnk 20191006 has a heap-based buffer over-read in the network_share_name_offset>20 code block of liblnk_location_information_read_data in liblnk_location_information.c, a different issue than CVE-2019-17264. NOTE: the vendor has disputed this as described in the GitHub issue | |||||
| CVE-2019-17263 | 1 Libfwsi Project | 1 Libfwsi | 2024-08-05 | 2.1 LOW | 3.3 LOW |
| In libyal libfwsi before 20191006, libfwsi_extension_block_copy_from_byte_stream in libfwsi_extension_block.c has a heap-based buffer over-read because rejection of an unsupported size only considers values less than 6, even though values of 6 and 7 are also unsupported. NOTE: the vendor has disputed this as described in the GitHub issue | |||||
| CVE-2020-36325 | 1 Jansson Project | 1 Jansson | 2024-08-04 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Jansson through 2.13.1. Due to a parsing error in json_loads, there's an out-of-bounds read-access bug. NOTE: the vendor reports that this only occurs when a programmer fails to follow the API specification | |||||
| CVE-2020-17360 | 1 Readytalk | 1 Avian | 2024-08-04 | 6.8 MEDIUM | 7.8 HIGH |
| An issue was discovered in ReadyTalk Avian 1.2.0. The vm::arrayCopy method defined in classpath-common.h contains multiple boundary checks that are performed to prevent out-of-bounds memory read/write. However, two of these boundary checks contain an integer overflow that leads to a bypass of these checks, and out-of-bounds read/write. NOTE: This vulnerability only affects products that are no longer supported by the maintainer | |||||
| CVE-2022-34037 | 1 Caddyserver | 1 Caddy | 2024-08-03 | N/A | 7.5 HIGH |
| An out-of-bounds read in the rewrite function at /modules/caddyhttp/rewrite/rewrite.go in Caddy v2.5.1 allows attackers to cause a Denial of Service (DoS) via a crafted URI. Note: This has been disputed as a bug, not a security vulnerability, in the Caddy web server that emerged when an administrator's bad configuration containing a malformed request URI caused the server to return an empty reply instead of a valid HTTP response to the client. | |||||
| CVE-2022-24198 | 1 Itextpdf | 1 Itext | 2024-08-03 | 4.3 MEDIUM | 6.5 MEDIUM |
| iText v7.1.17 was discovered to contain an out-of-bounds exception via the component ARCFOUREncryption.encryptARCFOUR, which allows attackers to cause a Denial of Service (DoS) via a crafted PDF file. NOTE: Vendor does not view this as a vulnerability and has not found it to be exploitable. | |||||
| CVE-2024-34140 | 1 Adobe | 1 Bridge | 2024-08-02 | N/A | 5.5 MEDIUM |
| Bridge versions 14.0.4, 13.0.7, 14.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2023-39986 | 1 Hitachi | 1 Eh-view | 2024-08-02 | N/A | 5.5 MEDIUM |
| ** UNSUPPORTED WHEN ASSIGNED ** Out-of-bounds Read vulnerability in Hitachi EH-VIEW (Designer) allows local attackers to potentially disclose information on affected EH-VIEW installations. User interaction is required to exploit the vulnerabilities in that the user must open a malicious file. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2023-29417 | 1 Bzip3 Project | 1 Bzip3 | 2024-08-02 | N/A | 6.5 MEDIUM |
| An issue was discovered in libbzip3.a in bzip3 1.2.2. There is a bz3_decompress out-of-bounds read in certain situations where buffers passed to bzip3 do not contain enough space to be filled with decompressed data. NOTE: the vendor's perspective is that the observed behavior can only occur for a contract violation, and thus the report is invalid. | |||||
| CVE-2024-38481 | 1 Dell | 1 Emc Idrac Service Module | 2024-08-02 | N/A | 4.4 MEDIUM |
| Dell iDRAC Service Module version 5.3.0.0 and prior, contain a Out of bound Read Vulnerability. A privileged local attacker could execute arbitrary code potentially resulting in a denial of service event. | |||||
| CVE-2024-27802 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2024-08-01 | N/A | 7.8 HIGH |
| An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Ventura 13.6.7, macOS Monterey 12.7.5, iOS 16.7.8 and iPadOS 16.7.8, tvOS 17.5, visionOS 1.2, iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution. | |||||
| CVE-2019-1148 | 1 Microsoft | 9 Office, Windows 10, Windows 7 and 6 more | 2024-08-01 | 2.1 LOW | 5.5 MEDIUM |
| An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The update addresses the vulnerability by correcting the way in which the Windows Graphics Component handles objects in memory. | |||||
| CVE-2024-5560 | 1 Schneider-electric | 7 Sage 1410, Sage 1430, Sage 1450 and 4 more | 2024-07-25 | N/A | 7.5 HIGH |
| CWE-125: Out-of-bounds Read vulnerability exists that could cause denial of service of the device’s web interface when an attacker sends a specially crafted HTTP request. | |||||
| CVE-2022-48866 | 1 Linux | 1 Linux Kernel | 2024-07-23 | N/A | 7.1 HIGH |
| In the Linux kernel, the following vulnerability has been resolved: HID: hid-thrustmaster: fix OOB read in thrustmaster_interrupts Syzbot reported an slab-out-of-bounds Read in thrustmaster_probe() bug. The root case is in missing validation check of actual number of endpoints. Code should not blindly access usb_host_interface::endpoint array, since it may contain less endpoints than code expects. Fix it by adding missing validaion check and print an error if number of endpoints do not match expected number | |||||
| CVE-2024-20753 | 3 Adobe, Apple, Microsoft | 3 Photoshop, Macos, Windows | 2024-07-22 | N/A | 7.8 HIGH |
| Photoshop Desktop versions 24.7.3, 25.7 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||