Search
Total
521 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-9021 | 5 Canonical, Debian, Netapp and 2 more | 5 Ubuntu Linux, Debian Linux, Storage Automation Store and 2 more | 2019-06-18 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. A heap-based buffer over-read in PHAR reading functions in the PHAR extension may allow an attacker to read allocated or unallocated memory past the actual data when trying to parse the file name, a different vulnerability than CVE-2018-20783. This is related to phar_detect_phar_fname_ext in ext/phar/phar.c. | |||||
| CVE-2018-6350 | 1 Whatsapp | 1 Whatsapp | 2019-06-18 | 7.5 HIGH | 9.8 CRITICAL |
| An out-of-bounds read was possible in WhatsApp due to incorrect parsing of RTP extension headers. This issue affects WhatsApp for Android prior to 2.18.276, WhatsApp Business for Android prior to 2.18.99, WhatsApp for iOS prior to 2.18.100.6, WhatsApp Business for iOS prior to 2.18.100.2, and WhatsApp for Windows Phone prior to 2.18.224. | |||||
| CVE-2018-11955 | 1 Qualcomm | 96 Mdm9150, Mdm9150 Firmware, Mdm9206 and 93 more | 2019-06-18 | 7.5 HIGH | 9.8 CRITICAL |
| Lack of check on length of reason-code fetched from payload may lead driver access the memory not allocated to the frame and results in out of bound read in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCA6174A, QCA6574AU, QCA9377, QCA9379, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 600, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 650/52, SD 665, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDM439, SDM660, SDX20, SDX24 | |||||
| CVE-2018-13911 | 1 Qualcomm | 92 Mdm9150, Mdm9150 Firmware, Mdm9206 and 89 more | 2019-06-18 | 10.0 HIGH | 9.8 CRITICAL |
| Out of bounds memory read and access may lead to unexpected behavior in GNSS XTRA Parser in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9615, MDM9635M, MDM9640, MDM9650, MDM9655, MSM8909W, MSM8996AU, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 650/52, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM439, SDM630, SDM660, SDX20, Snapdragon_High_Med_2016, SXR1130 | |||||
| CVE-2018-11953 | 1 Qualcomm | 60 Mdm9150, Mdm9150 Firmware, Mdm9206 and 57 more | 2019-05-29 | 10.0 HIGH | 9.8 CRITICAL |
| While processing ssid IE length from remote AP, possible out-of-bounds access may occur due to crafted ssid IE length in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCA6174A, QCA6574AU, QCA9377, QCA9379, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 650/52, SD 820, SD 820A, SDM439, SDX20 | |||||
| CVE-2018-11937 | 1 Qualcomm | 60 Mdm9150, Mdm9150 Firmware, Mdm9206 and 57 more | 2019-05-29 | 10.0 HIGH | 9.8 CRITICAL |
| Lack of input validation before copying can lead to a buffer over read in WLAN function in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA6574AU, QCS605, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 636, SD 675, SD 712 / SD 710 / SD 670, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM630, SDM660, SDX20, SDX24, SM7150 | |||||
| CVE-2018-12910 | 5 Canonical, Debian, Gnome and 2 more | 9 Ubuntu Linux, Debian Linux, Libsoup and 6 more | 2019-05-08 | 7.5 HIGH | 9.8 CRITICAL |
| The get_cookies function in soup-cookie-jar.c in libsoup 2.63.2 allows attackers to have unspecified impact via an empty hostname. | |||||
| CVE-2019-11766 | 2 Debian, Dhcpcd Project | 2 Debian Linux, Dhcpcd | 2019-05-07 | 7.5 HIGH | 9.8 CRITICAL |
| dhcp6.c in dhcpcd before 6.11.7 and 7.x before 7.2.2 has a buffer over-read in the D6_OPTION_PD_EXCLUDE feature. | |||||
| CVE-2017-7774 | 2 Mozilla, Sil | 2 Firefox, Graphite2 | 2019-04-15 | 6.4 MEDIUM | 9.1 CRITICAL |
| Out-of-bounds read in Graphite2 Library in Firefox before 54 in graphite2::Silf::readGraphite function. | |||||
| CVE-2019-3860 | 4 Debian, Libssh2, Netapp and 1 more | 4 Debian Linux, Libssh2, Ontap Select Deploy Administration Utility and 1 more | 2019-04-15 | 6.4 MEDIUM | 9.1 CRITICAL |
| An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SFTP packets with empty payloads are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory. | |||||
| CVE-2019-3862 | 5 Debian, Fedoraproject, Libssh2 and 2 more | 5 Debian Linux, Fedora, Libssh2 and 2 more | 2019-04-15 | 6.4 MEDIUM | 9.1 CRITICAL |
| An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit status message and no payload are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory. | |||||
| CVE-2019-3858 | 5 Debian, Fedoraproject, Libssh2 and 2 more | 5 Debian Linux, Fedora, Libssh2 and 2 more | 2019-04-15 | 6.4 MEDIUM | 9.1 CRITICAL |
| An out of bounds read flaw was discovered in libssh2 before 1.8.1 when a specially crafted SFTP packet is received from the server. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory. | |||||
| CVE-2019-3861 | 4 Debian, Libssh2, Netapp and 1 more | 4 Debian Linux, Libssh2, Ontap Select Deploy Administration Utility and 1 more | 2019-04-15 | 6.4 MEDIUM | 9.1 CRITICAL |
| An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SSH packets with a padding length value greater than the packet length are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory. | |||||
| CVE-2018-10243 | 1 Oisf | 1 Libhtp | 2019-04-08 | 7.5 HIGH | 9.8 CRITICAL |
| htp_parse_authorization_digest in htp_parsers.c in LibHTP 0.5.26 allows remote attackers to cause a heap-based buffer over-read via an authorization digest header. | |||||
| CVE-2018-13006 | 3 Canonical, Debian, Gpac | 3 Ubuntu Linux, Debian Linux, Gpac | 2019-03-29 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in MP4Box in GPAC 0.7.1. There is a heap-based buffer over-read in the isomedia/box_dump.c function hdlr_dump. | |||||
| CVE-2018-13005 | 3 Canonical, Debian, Gpac | 3 Ubuntu Linux, Debian Linux, Gpac | 2019-03-29 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in MP4Box in GPAC 0.7.1. The function urn_Read in isomedia/box_code_base.c has a heap-based buffer over-read. | |||||
| CVE-2018-1999010 | 2 Debian, Ffmpeg | 2 Debian Linux, Ffmpeg | 2019-03-27 | 7.5 HIGH | 9.8 CRITICAL |
| FFmpeg before commit cced03dd667a5df6df8fd40d8de0bff477ee02e8 contains multiple out of array access vulnerabilities in the mms protocol that can result in attackers accessing out of bound data. This attack appear to be exploitable via network connectivity. This vulnerability appears to have been fixed in cced03dd667a5df6df8fd40d8de0bff477ee02e8 and later. | |||||
| CVE-2019-9748 | 1 Tinysvcmdns Project | 1 Tinysvcmdns | 2019-03-15 | 9.4 HIGH | 9.1 CRITICAL |
| In tinysvcmdns through 2018-01-16, an mDNS server processing a crafted packet can perform arbitrary data read operations up to 16383 bytes from the start of the buffer. This can lead to a segmentation fault in uncompress_nlabel in mdns.c and a crash of the server (depending on the memory protection of the CPU and the operating system), or disclosure of memory content via error messages or a server response. NOTE: the product's web site states "This project is un-maintained, and has been since 2013. ... There are known vulnerabilities ... You are advised to NOT use this library for any new projects / products." | |||||
| CVE-2019-9037 | 1 Matio Project | 1 Matio | 2019-02-27 | 6.4 MEDIUM | 9.1 CRITICAL |
| An issue was discovered in libmatio.a in matio (aka MAT File I/O Library) 1.5.13. There is a buffer over-read in the function Mat_VarPrint() in mat.c. | |||||
| CVE-2019-9035 | 1 Matio Project | 1 Matio | 2019-02-27 | 6.4 MEDIUM | 9.1 CRITICAL |
| An issue was discovered in libmatio.a in matio (aka MAT File I/O Library) 1.5.13. There is a stack-based buffer over-read in the function ReadNextStructField() in mat5.c. | |||||
| CVE-2019-9034 | 1 Matio Project | 1 Matio | 2019-02-27 | 6.4 MEDIUM | 9.1 CRITICAL |
| An issue was discovered in libmatio.a in matio (aka MAT File I/O Library) 1.5.13. There is a stack-based buffer over-read for a memcpy in the function ReadNextCell() in mat5.c. | |||||
| CVE-2019-9033 | 1 Matio Project | 1 Matio | 2019-02-27 | 6.4 MEDIUM | 9.1 CRITICAL |
| An issue was discovered in libmatio.a in matio (aka MAT File I/O Library) 1.5.13. There is a stack-based buffer over-read for the "Rank and Dimension" feature in the function ReadNextCell() in mat5.c. | |||||
| CVE-2019-9030 | 1 Matio Project | 1 Matio | 2019-02-27 | 6.4 MEDIUM | 9.1 CRITICAL |
| An issue was discovered in libmatio.a in matio (aka MAT File I/O Library) 1.5.13. There is a stack-based buffer over-read in Mat_VarReadNextInfo5() in mat5.c. | |||||
| CVE-2019-9028 | 1 Matio Project | 1 Matio | 2019-02-25 | 6.4 MEDIUM | 9.1 CRITICAL |
| An issue was discovered in libmatio.a in matio (aka MAT File I/O Library) 1.5.13. There is a stack-based buffer over-read in the function InflateDimensions() in inflate.c when called from ReadNextCell in mat5.c. | |||||
| CVE-2018-18504 | 2 Canonical, Mozilla | 2 Ubuntu Linux, Firefox | 2019-02-07 | 7.5 HIGH | 9.8 CRITICAL |
| A crash and out-of-bounds read can occur when the buffer of a texture client is freed while it is still in use during graphic operations. This results is a potentially exploitable crash and the possibility of reading from the memory of the freed buffers. This vulnerability affects Firefox < 65. | |||||
| CVE-2018-18933 | 1 Foxitsoftware | 2 Foxit Reader, U3d | 2019-01-30 | 6.4 MEDIUM | 9.1 CRITICAL |
| The u3d plugin 9.3.0.10809 (aka plugins\U3DBrowser.fpi) in FoxitReader.exe in Foxit Reader 9.3.0.10826 allows remote attackers to cause a denial of service (out-of-bounds read) or obtain sensitive information via a U3D sample because of a "Read Access Violation near NULL starting at FoxitReader!safe_vsnprintf+0x00000000002c4330" issue. | |||||
| CVE-2019-6246 | 1 Svgpp | 1 Svgpp | 2019-01-30 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in SVG++ (aka svgpp) 1.2.3. After calling the gil::get_color function in Generic Image Library in Boost, the return code is used as an address, leading to an Access Violation because of an out-of-bounds read. | |||||
| CVE-2019-6443 | 1 Ntpsec | 1 Ntpsec | 2019-01-22 | 6.4 MEDIUM | 9.1 CRITICAL |
| An issue was discovered in NTPsec before 1.1.3. Because of a bug in ctl_getitem, there is a stack-based buffer over-read in read_sysvars in ntp_control.c in ntpd. | |||||
| CVE-2019-6444 | 1 Ntpsec | 1 Ntpsec | 2019-01-22 | 6.4 MEDIUM | 9.1 CRITICAL |
| An issue was discovered in NTPsec before 1.1.3. process_control() in ntp_control.c has a stack-based buffer over-read because attacker-controlled data is dereferenced by ntohl() in ntpd. | |||||
| CVE-2018-4169 | 1 Apple | 1 Mac Os X | 2019-01-17 | 10.0 HIGH | 9.8 CRITICAL |
| In macOS High Sierra before 10.13.3, Security Update 2018-001 Sierra, and Security Update 2018-001 El Capitan, an out-of-bounds read was addressed with improved input validation. | |||||
| CVE-2018-17983 | 1 Mercurial | 1 Mercurial | 2018-12-13 | 6.4 MEDIUM | 9.1 CRITICAL |
| cext/manifest.c in Mercurial before 4.7.2 has an out-of-bounds read during parsing of a malformed manifest entry. | |||||
| CVE-2018-18765 | 1 Cesanta | 1 Mongoose | 2018-12-07 | 6.4 MEDIUM | 9.1 CRITICAL |
| An exploitable arbitrary memory read vulnerability exists in the MQTT packet-parsing functionality of Cesanta Mongoose 6.13. It is a heap-based buffer over-read in mg_mqtt_next_subscribe_topic. A specially crafted MQTT SUBSCRIBE packet can cause an arbitrary out-of-bounds memory read potentially resulting in information disclosure and denial of service. An attacker needs to send a specially crafted MQTT packet over the network to trigger this vulnerability. | |||||
| CVE-2018-18764 | 1 Cesanta | 1 Mongoose | 2018-12-07 | 6.4 MEDIUM | 9.1 CRITICAL |
| An exploitable arbitrary memory read vulnerability exists in the MQTT packet-parsing functionality of Cesanta Mongoose 6.13. It is a heap-based buffer over-read in a parse_mqtt getu16 call. A specially crafted MQTT SUBSCRIBE packet can cause an arbitrary out-of-bounds memory read potentially resulting in information disclosure and denial of service. An attacker needs to send a specially crafted MQTT packet over the network to trigger this vulnerability. | |||||
| CVE-2018-17072 | 1 Json\+\+ Project | 1 Json\+\+ | 2018-11-30 | 7.5 HIGH | 9.8 CRITICAL |
| JSON++ through 2016-06-15 has a buffer over-read in yyparse() in json.y. | |||||
| CVE-2017-8817 | 2 Debian, Haxx | 3 Debian Linux, Curl, Libcurl | 2018-11-13 | 7.5 HIGH | 9.8 CRITICAL |
| The FTP wildcard function in curl and libcurl before 7.57.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) or possibly have unspecified other impact via a string that ends with an '[' character. | |||||
| CVE-2018-13867 | 1 Hdfgroup | 1 Hdf5 | 2018-08-28 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the HDF HDF5 1.8.20 library. There is an out of bounds read in the function H5F__accum_read in H5Faccum.c. | |||||
| CVE-2017-5897 | 1 Linux | 1 Linux Kernel | 2018-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| The ip6gre_err function in net/ipv6/ip6_gre.c in the Linux kernel allows remote attackers to have unspecified impact via vectors involving GRE flags in an IPv6 packet, which trigger an out-of-bounds access. | |||||
| CVE-2018-13011 | 1 Gopro | 1 Gpmf-parser | 2018-08-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in gpmf-parser 1.1.2. There is a heap-based buffer over-read in GPMF_parser.c in the function GPMF_Validate. | |||||
| CVE-2018-13008 | 1 Gopro | 1 Gpmf-parser | 2018-08-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in gpmf-parser 1.1.2. There is a heap-based buffer over-read in GPMF_parser.c in the function GPMF_Next, related to certain checks for a positive nest_level. | |||||
| CVE-2018-13009 | 1 Gopro | 1 Gpmf-parser | 2018-08-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in gpmf-parser 1.1.2. There is a heap-based buffer over-read in GPMF_parser.c in the function GPMF_Next, related to certain checks for GPMF_KEY_END and nest_level (conditional on a buffer_size_longs check). | |||||
| CVE-2018-13007 | 1 Gopro | 1 Gpmf-parser | 2018-08-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in gpmf-parser 1.1.2. There is a heap-based buffer over-read in GPMF_parser.c in the function GPMF_Next, related to certain checks for GPMF_KEY_END and nest_level (not conditional on a buffer_size_longs check). | |||||
| CVE-2016-9555 | 1 Linux | 1 Linux Kernel | 2018-08-13 | 10.0 HIGH | 9.8 CRITICAL |
| The sctp_sf_ootb function in net/sctp/sm_statefuns.c in the Linux kernel before 4.8.8 lacks chunk-length checking for the first chunk, which allows remote attackers to cause a denial of service (out-of-bounds slab access) or possibly have unspecified other impact via crafted SCTP data. | |||||
| CVE-2017-7778 | 3 Debian, Mozilla, Sil | 5 Debian Linux, Firefox, Firefox Esr and 2 more | 2018-08-13 | 7.5 HIGH | 9.8 CRITICAL |
| A number of security vulnerabilities in the Graphite 2 library including out-of-bounds reads, buffer overflow reads and writes, and the use of uninitialized memory. These issues were addressed in Graphite 2 version 1.3.10. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2. | |||||
| CVE-2017-5465 | 3 Debian, Mozilla, Redhat | 10 Debian Linux, Firefox, Firefox Esr and 7 more | 2018-08-07 | 6.4 MEDIUM | 9.1 CRITICAL |
| An out-of-bounds read while processing SVG content in "ConvolvePixel". This results in a crash and also allows for otherwise inaccessible memory being copied into SVG graphic content, which could then displayed. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53. | |||||
| CVE-2017-5446 | 3 Debian, Mozilla, Redhat | 10 Debian Linux, Firefox, Firefox Esr and 7 more | 2018-08-07 | 7.5 HIGH | 9.8 CRITICAL |
| An out-of-bounds read when an HTTP/2 connection to a servers sends "DATA" frames with incorrect data content. This leads to a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53. | |||||
| CVE-2017-7753 | 3 Debian, Mozilla, Redhat | 10 Debian Linux, Firefox, Firefox Esr and 7 more | 2018-08-03 | 6.4 MEDIUM | 9.1 CRITICAL |
| An out-of-bounds read occurs when applying style rules to pseudo-elements, such as ::first-line, using cached style data. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55. | |||||
| CVE-2017-7758 | 3 Debian, Mozilla, Redhat | 9 Debian Linux, Firefox, Firefox Esr and 6 more | 2018-08-03 | 6.4 MEDIUM | 9.1 CRITICAL |
| An out-of-bounds read vulnerability with the Opus encoder when the number of channels in an audio stream changes while the encoder is in use. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2. | |||||
| CVE-2018-11547 | 1 Md4c Project | 1 Md4c | 2018-06-29 | 7.5 HIGH | 9.8 CRITICAL |
| md_is_link_reference_definition_helper in md4c 0.2.5 has a heap-based buffer over-read because md_is_link_label mishandles loop termination. | |||||
| CVE-2018-11546 | 1 Md4c Project | 1 Md4c | 2018-06-29 | 7.5 HIGH | 9.8 CRITICAL |
| md4c 0.2.5 has a heap-based buffer over-read because md_is_named_entity_contents has an off-by-one error. | |||||
| CVE-2018-11576 | 1 Miniupnp Project | 1 Ngiflib | 2018-06-28 | 7.5 HIGH | 9.8 CRITICAL |
| ngiflib.c in MiniUPnP ngiflib 0.4 has a heap-based buffer over-read in GifIndexToTrueColor. | |||||