Search
Total
1936 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-18795 | 1 Un4seen | 1 Bass | 2020-10-27 | 4.3 MEDIUM | 6.5 MEDIUM |
| The BASS Audio Library 2.4.14 under Windows is prone to a BASS_StreamCreateFile out of bounds read vulnerability via a crafted .wav file. An attacker can exploit this issues to gain access to sensitive information that may aid in further attacks. A failure in exploitation leads to denial of service. | |||||
| CVE-2018-7728 | 3 Canonical, Debian, Exempi Project | 3 Ubuntu Linux, Debian Linux, Exempi | 2020-10-26 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in Exempi through 2.4.4. XMPFiles/source/FileHandlers/TIFF_Handler.cpp mishandles a case of a zero length, leading to a heap-based buffer over-read in the MD5Update() function in third-party/zuid/interfaces/MD5.cpp. | |||||
| CVE-2018-7730 | 3 Canonical, Debian, Exempi Project | 3 Ubuntu Linux, Debian Linux, Exempi | 2020-10-26 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in Exempi through 2.4.4. A certain case of a 0xffffffff length is mishandled in XMPFiles/source/FormatSupport/PSIR_FileWriter.cpp, leading to a heap-based buffer over-read in the PSD_MetaHandler::CacheFileData() function. | |||||
| CVE-2018-7729 | 2 Canonical, Exempi Project | 2 Ubuntu Linux, Exempi | 2020-10-26 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in Exempi through 2.4.4. There is a stack-based buffer over-read in the PostScript_MetaHandler::ParsePSFile() function in XMPFiles/source/FileHandlers/PostScript_Handler.cpp. | |||||
| CVE-2020-5134 | 1 Sonicwall | 2 Sonicos, Sonicosv | 2020-10-23 | 4.0 MEDIUM | 6.5 MEDIUM |
| A vulnerability in SonicOS allows an authenticated attacker to cause out-of-bound invalid file reference leads to a firewall crash. This vulnerability affected SonicOS Gen 6 version 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version 7.0.0.0. | |||||
| CVE-2020-12911 | 1 Amd | 1 Atikmdag.sys | 2020-10-22 | 4.9 MEDIUM | 5.5 MEDIUM |
| A denial of service vulnerability exists in the D3DKMTCreateAllocation handler functionality of AMD ATIKMDAG.SYS (e.g. version 26.20.15029.27017). A specially crafted D3DKMTCreateAllocation API request can cause an out-of-bounds read and denial of service (BSOD). This vulnerability can be triggered from a non-privileged account. | |||||
| CVE-2016-5107 | 3 Canonical, Debian, Qemu | 3 Ubuntu Linux, Debian Linux, Qemu | 2020-10-21 | 1.9 LOW | 6.0 MEDIUM |
| The megasas_lookup_frame function in QEMU, when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, allows local guest OS administrators to cause a denial of service (out-of-bounds read and crash) via unspecified vectors. | |||||
| CVE-2020-12933 | 1 Amd | 1 Atikmdag.sys | 2020-10-21 | 4.9 MEDIUM | 5.5 MEDIUM |
| A denial of service vulnerability exists in the D3DKMTEscape handler functionality of AMD ATIKMDAG.SYS (e.g. version 26.20.15029.27017). A specially crafted D3DKMTEscape API request can cause an out-of-bounds read in Windows OS kernel memory area. This vulnerability can be triggered from a non-privileged account. | |||||
| CVE-2020-9909 | 1 Apple | 4 Ipad Os, Iphone Os, Tvos and 1 more | 2020-10-20 | 4.3 MEDIUM | 5.9 MEDIUM |
| An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8. An attacker that has already achieved kernel code execution may be able to bypass kernel memory mitigations. | |||||
| CVE-2020-9894 | 1 Apple | 7 Icloud, Ipad Os, Iphone Os and 4 more | 2020-10-20 | 4.3 MEDIUM | 4.3 MEDIUM |
| An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. A remote attacker may be able to cause unexpected application termination or arbitrary code execution. | |||||
| CVE-2019-6752 | 2 Foxitsoftware, Microsoft | 3 Foxit Reader, Phantompdf, Windows | 2020-10-16 | 4.3 MEDIUM | 5.5 MEDIUM |
| This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit PhantomPDF 9.3.10826. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF documents. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-7620. | |||||
| CVE-2020-9087 | 1 Huawei | 2 Taurus-al00a, Taurus-al00a Firmware | 2020-10-16 | 2.1 LOW | 5.5 MEDIUM |
| Taurus-AL00A version 10.0.0.1(C00E1R1P1) has an out-of-bounds read vulnerability in XFRM module. An authenticated, local attacker may perform a specific operation to exploit this vulnerability. Due to insufficient validation of the parameters, which may be exploited to cause information leak. | |||||
| CVE-2020-9091 | 1 Huawei | 2 Taurus-an00b, Taurus-an00b Firmware | 2020-10-16 | 2.1 LOW | 5.5 MEDIUM |
| Taurus-AN00B versions earlier than 10.1.0.156(C00E155R7P2) have an out-of-bounds read and write vulnerability. Some functions do not verify inputs sufficiently. Attackers can exploit this vulnerability by sending specific request. This could compromise normal service of the affected device. | |||||
| CVE-2020-9108 | 1 Huawei | 2 P30 Pro, P30 Pro Firmware | 2020-10-16 | 7.1 HIGH | 5.5 MEDIUM |
| HUAWEI P30 Pro versions earlier than 10.1.0.160(C00E160R2P8) have an out-of-bounds read and write vulnerability. An unauthenticated attacker crafts malformed message with specific parameter and sends the message to the affected products. Due to insufficient validation of message, which may be exploited to cause the process reboot. | |||||
| CVE-2020-9107 | 1 Huawei | 2 P30 Pro, P30 Pro Firmware | 2020-10-16 | 7.1 HIGH | 5.5 MEDIUM |
| HUAWEI P30 Pro versions earlier than 10.1.0.160(C00E160R2P8) have an out-of-bounds read and write vulnerability. An unauthenticated attacker crafts malformed message with specific parameter and sends the message to the affected products. Due to insufficient validation of message, which may be exploited to cause the process reboot. | |||||
| CVE-2018-20459 | 1 Radare | 1 Radare2 | 2020-10-15 | 4.3 MEDIUM | 5.5 MEDIUM |
| In radare2 through 3.1.3, the armass_assemble function in libr/asm/arch/arm/armass.c allows attackers to cause a denial-of-service (application crash by out-of-bounds read) by crafting an arm assembly input because a loop uses an incorrect index in armass.c and certain length validation is missing in armass64.c, a related issue to CVE-2018-20457. | |||||
| CVE-2018-20458 | 1 Radare | 1 Radare2 | 2020-10-15 | 4.3 MEDIUM | 5.5 MEDIUM |
| In radare2 prior to 3.1.1, r_bin_dyldcache_extract in libr/bin/format/mach0/dyldcache.c may allow attackers to cause a denial-of-service (application crash caused by out-of-bounds read) by crafting an input file. | |||||
| CVE-2018-20457 | 1 Radare | 1 Radare2 | 2020-10-15 | 4.3 MEDIUM | 5.5 MEDIUM |
| In radare2 through 3.1.3, the assemble function inside libr/asm/p/asm_arm_cs.c allows attackers to cause a denial-of-service (application crash via an r_num_calc out-of-bounds read) by crafting an arm assembly input because a loop uses an incorrect index in armass.c and certain length validation is missing in armass64.c, a related issue to CVE-2018-20459. | |||||
| CVE-2018-14017 | 1 Radare | 1 Radare2 | 2020-10-15 | 4.3 MEDIUM | 5.5 MEDIUM |
| The r_bin_java_annotation_new function in shlr/java/class.c in radare2 2.7.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted .class file because of missing input validation in r_bin_java_line_number_table_attr_new. | |||||
| CVE-2018-14016 | 1 Radare | 1 Radare2 | 2020-10-15 | 4.3 MEDIUM | 5.5 MEDIUM |
| The r_bin_mdmp_init_directory_entry function in mdmp.c in radare2 2.7.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted Mini Crash Dump file. | |||||
| CVE-2018-10017 | 1 Openmpt | 2 Libopenmpt, Openmpt | 2020-10-15 | 4.3 MEDIUM | 6.5 MEDIUM |
| soundlib/Snd_fx.cpp in OpenMPT before 1.27.07.00 and libopenmpt before 0.3.8 allows remote attackers to cause a denial of service (out-of-bounds read) via an IT or MO3 file with many nested pattern loops. | |||||
| CVE-2017-18344 | 3 Canonical, Linux, Redhat | 9 Ubuntu Linux, Linux Kernel, Enterprise Linux Desktop and 6 more | 2020-10-15 | 2.1 LOW | 5.5 MEDIUM |
| The timer_create syscall implementation in kernel/time/posix-timers.c in the Linux kernel before 4.14.8 doesn't properly validate the sigevent->sigev_notify field, which leads to out-of-bounds access in the show_timer function (called when /proc/$PID/timers is read). This allows userspace applications to read arbitrary kernel memory (on a kernel built with CONFIG_POSIX_TIMERS and CONFIG_CHECKPOINT_RESTORE). | |||||
| CVE-2018-8754 | 2 Debian, Libevt Project | 2 Debian Linux, Libevt | 2020-10-14 | 2.1 LOW | 5.5 MEDIUM |
| ** DISPUTED ** The libevt_record_values_read_event() function in libevt_record_values.c in libevt before 2018-03-17 does not properly check for out-of-bounds values of user SID data size, strings size, or data size. NOTE: the vendor has disputed this as described in libyal/libevt issue 5 on GitHub. | |||||
| CVE-2020-25774 | 2 Microsoft, Trendmicro | 2 Windows, Apex One | 2020-10-09 | 4.3 MEDIUM | 4.3 MEDIUM |
| A vulnerability in the Trend Micro Apex One ServerMigrationTool component could allow an attacker to trigger an out-of-bounds red information disclosure which would disclose sensitive information to an unprivileged account. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. | |||||
| CVE-2019-6732 | 2 Foxitsoftware, Microsoft | 3 Phantompdf, Reader, Windows | 2020-10-05 | 4.3 MEDIUM | 6.5 MEDIUM |
| This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit PhantomPDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the AFParseDateEx method. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-7453. | |||||
| CVE-2020-24564 | 2 Microsoft, Trendmicro | 2 Windows, Apex One | 2020-10-02 | 2.1 LOW | 5.5 MEDIUM |
| An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable installations of the product. An attacker must first obtain the ability to execute low-privileged code on the target in order to exploit these vulnerabilities. The subs affected in this vulnerability makes it unique compared to similar CVEs such as CVE-2020-24565 and CVE-2020-25770. | |||||
| CVE-2020-24565 | 2 Microsoft, Trendmicro | 2 Windows, Apex One | 2020-10-02 | 2.1 LOW | 5.5 MEDIUM |
| An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable installations of the product. An attacker must first obtain the ability to execute low-privileged code on the target in order to exploit these vulnerabilities. The subs affected in this vulnerability makes it unique compared to similar CVEs such as CVE-2020-24564 and CVE-2020-25770. | |||||
| CVE-2020-25770 | 2 Microsoft, Trendmicro | 2 Windows, Apex One | 2020-10-02 | 2.1 LOW | 5.5 MEDIUM |
| An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable installations of the product. An attacker must first obtain the ability to execute low-privileged code on the target in order to exploit these vulnerabilities. The subs affected in this vulnerability makes it unique compared to similar CVEs such as CVE-2020-24564 and CVE-2020-25771. | |||||
| CVE-2020-25771 | 2 Microsoft, Trendmicro | 2 Windows, Apex One | 2020-10-02 | 2.1 LOW | 5.5 MEDIUM |
| An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable installations of the product. An attacker must first obtain the ability to execute low-privileged code on the target in order to exploit these vulnerabilities. The subs affected in this vulnerability makes it unique compared to similar CVEs such as CVE-2020-24564 and CVE-2020-25770. | |||||
| CVE-2020-25772 | 2 Microsoft, Trendmicro | 2 Windows, Apex One | 2020-10-02 | 2.1 LOW | 5.5 MEDIUM |
| An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable installations of the product. An attacker must first obtain the ability to execute low-privileged code on the target in order to exploit these vulnerabilities. The subs affected in this vulnerability makes it unique compared to similar CVEs such as CVE-2020-24564 and CVE-2020-25771. | |||||
| CVE-2020-17507 | 2 Fedoraproject, Qt | 2 Fedora, Qt | 2020-09-30 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in Qt through 5.12.9, and 5.13.x through 5.15.x before 5.15.1. read_xbm_body in gui/image/qxbmhandler.cpp has a buffer over-read. | |||||
| CVE-2017-9128 | 1 Libquicktime | 1 Libquicktime | 2020-09-28 | 4.3 MEDIUM | 6.5 MEDIUM |
| The quicktime_video_width function in lqt_quicktime.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted mp4 file. | |||||
| CVE-2017-9125 | 1 Libquicktime | 1 Libquicktime | 2020-09-28 | 4.3 MEDIUM | 6.5 MEDIUM |
| The lqt_frame_duration function in lqt_quicktime.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted mp4 file. | |||||
| CVE-2017-9123 | 1 Libquicktime | 1 Libquicktime | 2020-09-28 | 4.3 MEDIUM | 6.5 MEDIUM |
| The lqt_frame_duration function in lqt_quicktime.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted mp4 file. | |||||
| CVE-2020-3988 | 1 Vmware | 3 Horizon Client, Workstation Player, Workstation Pro | 2020-09-28 | 3.6 LOW | 6.1 MEDIUM |
| VMware Workstation (15.x) and Horizon Client for Windows (5.x before 5.4.4) contain an out-of-bounds read vulnerability in Cortado ThinPrint component (JPEG2000 parser). A malicious actor with normal access to a virtual machine may be able to exploit these issues to create a partial denial-of-service condition or to leak memory from TPView process running on the system where Workstation or Horizon Client for Windows is installed. | |||||
| CVE-2020-3987 | 1 Vmware | 3 Horizon Client, Workstation Player, Workstation Pro | 2020-09-28 | 3.6 LOW | 6.1 MEDIUM |
| VMware Workstation (15.x) and Horizon Client for Windows (5.x before 5.4.4) contain an out-of-bounds read vulnerability in Cortado ThinPrint component (EMR STRETCHDIBITS parser). A malicious actor with normal access to a virtual machine may be able to exploit these issues to create a partial denial-of-service condition or to leak memory from TPView process running on the system where Workstation or Horizon Client for Windows is installed. | |||||
| CVE-2020-3986 | 1 Vmware | 3 Horizon Client, Workstation Player, Workstation Pro | 2020-09-28 | 3.6 LOW | 6.1 MEDIUM |
| VMware Workstation (15.x) and Horizon Client for Windows (5.x before 5.4.4) contain an out-of-bounds read vulnerability in Cortado ThinPrint component (EMF Parser). A malicious actor with normal access to a virtual machine may be able to exploit these issues to create a partial denial-of-service condition or to leak memory from TPView process running on the system where Workstation or Horizon Client for Windows is installed. | |||||
| CVE-2017-9782 | 1 Jasper Project | 1 Jasper | 2020-09-25 | 4.3 MEDIUM | 5.5 MEDIUM |
| JasPer 2.0.12 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted image, related to the jp2_decode function in libjasper/jp2/jp2_dec.c. | |||||
| CVE-2018-20570 | 2 Debian, Jasper Project | 2 Debian Linux, Jasper | 2020-09-25 | 4.3 MEDIUM | 6.5 MEDIUM |
| jp2_encode in jp2/jp2_enc.c in JasPer 2.0.14 has a heap-based buffer over-read. | |||||
| CVE-2017-5504 | 1 Jasper Project | 1 Jasper | 2020-09-25 | 4.3 MEDIUM | 5.5 MEDIUM |
| The jpc_undo_roi function in libjasper/jpc/jpc_dec.c in JasPer 1.900.27 allows remote attackers to cause a denial of service (invalid memory read and crash) via a crafted image. | |||||
| CVE-2020-0324 | 1 Google | 1 Android | 2020-09-23 | 4.3 MEDIUM | 6.5 MEDIUM |
| In libsonivox, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-136660304 | |||||
| CVE-2020-0270 | 1 Google | 1 Android | 2020-09-23 | 4.3 MEDIUM | 6.5 MEDIUM |
| In tremolo, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-145790628 | |||||
| CVE-2020-0364 | 1 Google | 1 Android | 2020-09-23 | 4.3 MEDIUM | 6.5 MEDIUM |
| In libDRCdec, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-137282770 | |||||
| CVE-2020-0370 | 1 Google | 1 Android | 2020-09-23 | 4.3 MEDIUM | 6.5 MEDIUM |
| In libAACdec, there is a possible out of bounds read due to missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-112051700 | |||||
| CVE-2020-0393 | 1 Google | 1 Android | 2020-09-22 | 4.9 MEDIUM | 5.5 MEDIUM |
| In decrypt and decrypt_1_2 of CryptoPlugin.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11Android ID: A-154123412 | |||||
| CVE-2020-0125 | 1 Google | 1 Android | 2020-09-22 | 2.1 LOW | 5.5 MEDIUM |
| In mediadrm, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-137282168 | |||||
| CVE-2020-0329 | 1 Google | 1 Android | 2020-09-22 | 2.1 LOW | 5.5 MEDIUM |
| In the OMX encoder, there is a possible out of bounds read due to invalid input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-63522940 | |||||
| CVE-2020-0322 | 1 Google | 1 Android | 2020-09-22 | 2.1 LOW | 4.4 MEDIUM |
| In apexd, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-147002540 | |||||
| CVE-2020-0323 | 1 Google | 1 Android | 2020-09-22 | 2.1 LOW | 5.5 MEDIUM |
| In libavb, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-146516087 | |||||
| CVE-2020-0359 | 1 Google | 1 Android | 2020-09-21 | 2.1 LOW | 5.5 MEDIUM |
| In GLESRenderEngine, there is a possible out of bounds read due to a buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-150303018 | |||||