Search
Total
1785 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-18194 | 1 Linuxsampler | 1 Libgig | 2018-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in libgig 4.1.0. There is a heap-based buffer over-read in DLS::Region::GetSample() in DLS.cpp. | |||||
| CVE-2018-18196 | 1 Linuxsampler | 1 Libgig | 2018-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in libgig 4.1.0. There is a heap-based buffer over-read in RIFF::List::GetListTypeString in RIFF.cpp. | |||||
| CVE-2018-12818 | 1 Adobe | 1 Digital Editions | 2018-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Adobe Digital Editions versions 4.5.8 and below have an out of bounds read vulnerability. Successful exploitation could lead to information disclosure. | |||||
| CVE-2018-12819 | 1 Adobe | 1 Digital Editions | 2018-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Adobe Digital Editions versions 4.5.8 and below have an out of bounds read vulnerability. Successful exploitation could lead to information disclosure. | |||||
| CVE-2018-12820 | 1 Adobe | 1 Digital Editions | 2018-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Adobe Digital Editions versions 4.5.8 and below have an out of bounds read vulnerability. Successful exploitation could lead to information disclosure. | |||||
| CVE-2018-12821 | 1 Adobe | 1 Digital Editions | 2018-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Adobe Digital Editions versions 4.5.8 and below have an out of bounds read vulnerability. Successful exploitation could lead to information disclosure. | |||||
| CVE-2018-12816 | 1 Adobe | 1 Digital Editions | 2018-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Adobe Digital Editions versions 4.5.8 and below have an out of bounds read vulnerability. Successful exploitation could lead to information disclosure. | |||||
| CVE-2018-9503 | 1 Google | 1 Android | 2018-11-20 | 7.8 HIGH | 7.5 HIGH |
| In rfc_process_mx_message of rfc_ts_frames.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 Android ID: A-80432928 | |||||
| CVE-2018-6034 | 3 Debian, Google, Redhat | 5 Debian Linux, Chrome, Enterprise Linux Desktop and 2 more | 2018-11-13 | 5.8 MEDIUM | 8.1 HIGH |
| Insufficient data validation in WebGL in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. | |||||
| CVE-2016-8621 | 1 Haxx | 1 Curl | 2018-11-13 | 5.0 MEDIUM | 7.5 HIGH |
| The `curl_getdate` function in curl before version 7.51.0 is vulnerable to an out of bounds read if it receives an input with one digit short. | |||||
| CVE-2018-11278 | 1 Google | 1 Android | 2018-11-09 | 6.6 MEDIUM | 7.1 HIGH |
| In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Venus HW searches for start code when decoding input bit stream buffers. If start code is not found in entire buffer, there is over-fetch beyond allocation length. This leads to page fault. | |||||
| CVE-2017-15825 | 1 Google | 1 Android | 2018-11-09 | 4.6 MEDIUM | 7.8 HIGH |
| In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while processing a gpt update, an out of bounds memory access may potentially occur. | |||||
| CVE-2018-11297 | 1 Google | 1 Android | 2018-11-09 | 7.2 HIGH | 7.8 HIGH |
| In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, a buffer over-read can occur In the WMA NDP event handler functions due to lack of validation of input value event_info which is received from FW. | |||||
| CVE-2018-11898 | 1 Google | 1 Android | 2018-11-09 | 7.2 HIGH | 7.8 HIGH |
| In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while processing start bss request from upper layer, out of bounds read occurs if ssid length is greater than maximum. | |||||
| CVE-2017-18198 | 1 Gnu | 1 Libcdio | 2018-10-31 | 6.8 MEDIUM | 8.8 HIGH |
| print_iso9660_recurse in iso-info.c in GNU libcdio before 1.0.0 allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted iso file. | |||||
| CVE-2016-8682 | 3 Debian, Graphicsmagick, Opensuse | 3 Debian Linux, Graphicsmagick, Opensuse | 2018-10-30 | 5.0 MEDIUM | 7.5 HIGH |
| The ReadSCTImage function in coders/sct.c in GraphicsMagick 1.3.25 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted SCT header. | |||||
| CVE-2016-3658 | 1 Libtiff | 1 Libtiff | 2018-10-30 | 5.0 MEDIUM | 7.5 HIGH |
| The TIFFWriteDirectoryTagLongLong8Array function in tif_dirwrite.c in the tiffset tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via vectors involving the ma variable. | |||||
| CVE-2016-3634 | 1 Libtiff | 1 Libtiff | 2018-10-30 | 5.0 MEDIUM | 7.5 HIGH |
| The tagCompare function in tif_dirinfo.c in the thumbnail tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via vectors related to field_tag matching. | |||||
| CVE-2016-3633 | 1 Libtiff | 1 Libtiff | 2018-10-30 | 5.0 MEDIUM | 7.5 HIGH |
| The setrow function in the thumbnail tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via vectors related to the src variable. | |||||
| CVE-2016-3631 | 1 Libtiff | 1 Libtiff | 2018-10-30 | 5.0 MEDIUM | 7.5 HIGH |
| The (1) cpStrips and (2) cpTiles functions in the thumbnail tool in LibTIFF 4.0.6 and earlier allow remote attackers to cause a denial of service (out-of-bounds read) via vectors related to the bytecounts[] array variable. | |||||
| CVE-2017-5335 | 2 Gnu, Opensuse | 2 Gnutls, Leap | 2018-10-30 | 5.0 MEDIUM | 7.5 HIGH |
| The stream reading functions in lib/opencdk/read-packet.c in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allow remote attackers to cause a denial of service (out-of-memory error and crash) via a crafted OpenPGP certificate. | |||||
| CVE-2016-9959 | 4 Game-music-emu Project, Opensuse, Opensuse Project and 1 more | 9 Game-music-emu, Leap, Opensuse and 6 more | 2018-10-30 | 6.8 MEDIUM | 7.8 HIGH |
| game-music-emu before 0.6.1 allows remote attackers to generate out of bounds 8-bit values. | |||||
| CVE-2016-7643 | 1 Apple | 3 Iphone Os, Mac Os X, Watchos | 2018-10-30 | 5.8 MEDIUM | 8.1 HIGH |
| An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "ImageIO" component. It allows remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read and application crash) via a crafted web site. | |||||
| CVE-2018-12826 | 6 Adobe, Apple, Google and 3 more | 10 Flash Player, Mac Os X, Chrome Os and 7 more | 2018-10-30 | 5.0 MEDIUM | 7.5 HIGH |
| Adobe Flash Player 30.0.0.134 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | |||||
| CVE-2018-12827 | 6 Adobe, Apple, Google and 3 more | 10 Flash Player, Mac Os X, Chrome Os and 7 more | 2018-10-30 | 5.0 MEDIUM | 7.5 HIGH |
| Adobe Flash Player 30.0.0.134 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | |||||
| CVE-2018-16438 | 1 Hdfgroup | 1 Hdf5 | 2018-10-26 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in the HDF HDF5 1.8.20 library. There is an out of bounds read in H5L_extern_query at H5Lexternal.c. | |||||
| CVE-2018-16430 | 2 Debian, Gnu | 2 Debian Linux, Libextractor | 2018-10-25 | 6.8 MEDIUM | 8.8 HIGH |
| GNU Libextractor through 1.7 has an out-of-bounds read vulnerability in EXTRACTOR_zip_extract_method() in zip_extractor.c. | |||||
| CVE-2017-14316 | 1 Xen | 1 Xen | 2018-10-19 | 7.2 HIGH | 8.8 HIGH |
| A parameter verification issue was discovered in Xen through 4.9.x. The function `alloc_heap_pages` allows callers to specify the first NUMA node that should be used for allocations through the `memflags` parameter; the node is extracted using the `MEMF_get_node` macro. While the function checks to see if the special constant `NUMA_NO_NODE` is specified, it otherwise does not handle the case where `node >= MAX_NUMNODES`. This allows an out-of-bounds access to an internal array. | |||||
| CVE-2016-7265 | 1 Microsoft | 4 Excel, Excel Viewer, Office Compatibility Pack and 1 more | 2018-10-12 | 5.8 MEDIUM | 7.1 HIGH |
| Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Office Compatibility Pack SP3, Excel Viewer, Excel Services on SharePoint Server 2007 SP3, and Excel Services on SharePoint Server 2010 SP2 allow remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via a crafted document, aka "Microsoft Office Information Disclosure Vulnerability." | |||||
| CVE-2016-7291 | 1 Microsoft | 7 Office, Office Compatibility Pack, Office Web Apps and 4 more | 2018-10-12 | 5.8 MEDIUM | 7.1 HIGH |
| Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Word for Mac 2011, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allow remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via a crafted document, aka "Microsoft Office Information Disclosure Vulnerability," a different vulnerability than CVE-2016-7290. | |||||
| CVE-2016-7290 | 1 Microsoft | 7 Office, Office Compatibility Pack, Office Web Apps and 4 more | 2018-10-12 | 5.8 MEDIUM | 7.1 HIGH |
| Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Word for Mac 2011, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allow remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via a crafted document, aka "Microsoft Office Information Disclosure Vulnerability," a different vulnerability than CVE-2016-7291. | |||||
| CVE-2016-7276 | 1 Microsoft | 2 Office, Office For Mac | 2018-10-12 | 5.8 MEDIUM | 7.1 HIGH |
| Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office for Mac 2011, and Office 2016 for Mac allow remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via a crafted document, aka "Microsoft Office Information Disclosure Vulnerability." | |||||
| CVE-2016-7268 | 1 Microsoft | 7 Office, Office Compatibility Pack, Office Web Apps and 4 more | 2018-10-12 | 5.8 MEDIUM | 7.1 HIGH |
| Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Word Viewer, Word for Mac 2011, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allow remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via a crafted document, aka "Microsoft Office Information Disclosure Vulnerability." | |||||
| CVE-2016-7264 | 1 Microsoft | 4 Excel, Excel For Mac, Excel Viewer and 1 more | 2018-10-12 | 5.8 MEDIUM | 7.1 HIGH |
| Microsoft Excel 2007 SP3, Office Compatibility Pack SP3, Excel Viewer, Excel for Mac 2011, and Excel 2016 for Mac allow remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via a crafted document, aka "Microsoft Office Information Disclosure Vulnerability." | |||||
| CVE-2018-14736 | 1 Pbc Project | 1 Pbc | 2018-09-26 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in libpbc.a in cloudwu PBC through 2017-03-02. A buffer over-read can occur in pbc_wmessage_string in wmessage.c for PTYPE_ENUM. | |||||
| CVE-2018-5008 | 6 Adobe, Apple, Google and 3 more | 11 Flash Player, Flash Player Desktop Runtime, Mac Os X and 8 more | 2018-09-17 | 5.0 MEDIUM | 7.5 HIGH |
| Adobe Flash Player 30.0.0.113 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | |||||
| CVE-2018-14444 | 1 Libdxfrw Project | 1 Libdxfrw | 2018-09-17 | 5.0 MEDIUM | 7.5 HIGH |
| libdxfrw 0.6.3 has an Integer Overflow in dwgCompressor::decompress18 in dwgutil.cpp, leading to an out-of-bounds read and application crash. | |||||
| CVE-2018-14401 | 1 Axml Parser Project | 1 Axml Parser | 2018-09-17 | 5.0 MEDIUM | 7.5 HIGH |
| CopyData in AxmlParser.c in AXML Parser through 2018-01-04 has an out-of-bounds read. | |||||
| CVE-2018-14447 | 2 Debian, Libconfuse Project | 2 Debian Linux, Libconfuse | 2018-09-14 | 6.8 MEDIUM | 8.8 HIGH |
| trim_whitespace in lexer.l in libConfuse v3.2.1 has an out-of-bounds read. | |||||
| CVE-2018-14454 | 1 Linuxsampler | 1 Libgig | 2018-09-11 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in libgig 4.1.0. There is an out-of-bounds read in the function RIFF::Chunk::Read in RIFF.cpp. | |||||
| CVE-2018-14450 | 1 Linuxsampler | 1 Libgig | 2018-09-11 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in libgig 4.1.0. There is an out-of-bounds read in the "update dimension region's chunks" feature of the function gig::Region::UpdateChunks in gig.cpp. | |||||
| CVE-2018-14452 | 1 Linuxsampler | 1 Libgig | 2018-09-11 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in libgig 4.1.0. There is an out-of-bounds read in the "always assign the sample of the first dimension region of this region" feature of the function gig::Region::UpdateChunks in gig.cpp. | |||||
| CVE-2018-14449 | 1 Linuxsampler | 1 Libgig | 2018-09-11 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in libgig 4.1.0. There is an out of bounds read in gig::File::UpdateChunks in gig.cpp. | |||||
| CVE-2018-14033 | 1 Hdfgroup | 1 Hdf5 | 2018-09-11 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in the HDF HDF5 1.8.20 library. There is a heap-based buffer over-read in the function H5O_layout_decode in H5Olayout.c, related to HDmemcpy. | |||||
| CVE-2018-14031 | 1 Hdfgroup | 1 Hdf5 | 2018-09-11 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in the HDF HDF5 1.8.20 library. There is a heap-based buffer over-read in the function H5T_copy in H5T.c. | |||||
| CVE-2018-14034 | 1 Hdfgroup | 1 Hdf5 | 2018-09-11 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in the HDF HDF5 1.8.20 library. There is an out of bounds read in the function H5O_pline_reset in H5Opline.c. | |||||
| CVE-2018-14035 | 1 Hdfgroup | 1 Hdf5 | 2018-09-11 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in the HDF HDF5 1.8.20 library. There is a heap-based buffer over-read in the function H5VM_memcpyvv in H5VM.c. | |||||
| CVE-2018-6969 | 1 Vmware | 1 Tools | 2018-09-11 | 4.4 MEDIUM | 7.0 HIGH |
| VMware Tools (10.x and prior before 10.3.0) contains an out-of-bounds read vulnerability in HGFS. Successful exploitation of this issue may lead to information disclosure or may allow attackers to escalate their privileges on the guest VMs. In order to be able to exploit this issue, file sharing must be enabled. | |||||
| CVE-2018-13875 | 1 Hdfgroup | 1 Hdf5 | 2018-09-07 | 6.8 MEDIUM | 7.8 HIGH |
| An issue was discovered in the HDF HDF5 1.8.20 library. There is an out-of-bounds read in the function H5VM_memcpyvv in H5VM.c. | |||||
| CVE-2018-14460 | 1 Hdfgroup | 1 Hdf5 | 2018-09-06 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in the HDF HDF5 1.8.20 library. There is a heap-based buffer over-read in the function H5O_sdspace_decode in H5Osdspace.c. | |||||