Search
Total
1936 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-8682 | 1 Intel | 1 Graphics Drivers | 2020-08-19 | 2.1 LOW | 5.5 MEDIUM |
| Out of bounds read in system driver for some Intel(R) Graphics Drivers before version 15.33.50.5129 may allow an authenticated user to potentially enable denial of service via local access. | |||||
| CVE-2020-16211 | 1 Advantech | 1 Webaccess\/hmi Designer | 2020-08-10 | 4.3 MEDIUM | 5.5 MEDIUM |
| Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. An out-of-bounds read vulnerability may be exploited by processing specially crafted project files, which may allow an attacker to read information. | |||||
| CVE-2020-10177 | 1 Python | 1 Pillow | 2020-08-08 | 4.3 MEDIUM | 5.5 MEDIUM |
| Pillow before 7.1.0 has multiple out-of-bounds reads in libImaging/FliDecode.c. | |||||
| CVE-2018-1000852 | 3 Canonical, Fedoraproject, Freerdp | 3 Ubuntu Linux, Fedora, Freerdp | 2020-08-07 | 6.4 MEDIUM | 6.5 MEDIUM |
| FreeRDP FreeRDP 2.0.0-rc3 released version before commit 205c612820dac644d665b5bb1cdf437dc5ca01e3 contains a Other/Unknown vulnerability in channels/drdynvc/client/drdynvc_main.c, drdynvc_process_capability_request that can result in The RDP server can read the client's memory.. This attack appear to be exploitable via RDPClient must connect the rdp server with echo option. This vulnerability appears to have been fixed in after commit 205c612820dac644d665b5bb1cdf437dc5ca01e3. | |||||
| CVE-2019-13753 | 1 Google | 1 Chrome | 2020-08-06 | 4.3 MEDIUM | 6.5 MEDIUM |
| Out of bounds read in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. | |||||
| CVE-2019-13752 | 1 Google | 1 Chrome | 2020-08-06 | 4.3 MEDIUM | 6.5 MEDIUM |
| Out of bounds read in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. | |||||
| CVE-2011-2501 | 4 Canonical, Debian, Fedoraproject and 1 more | 4 Ubuntu Linux, Debian Linux, Fedora and 1 more | 2020-08-06 | 4.3 MEDIUM | 6.5 MEDIUM |
| The png_format_buffer function in pngerror.c in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4 allows remote attackers to cause a denial of service (application crash) via a crafted PNG image that triggers an out-of-bounds read during the copying of error-message data. NOTE: this vulnerability exists because of a CVE-2004-0421 regression. NOTE: this is called an off-by-one error by some sources. | |||||
| CVE-2018-14498 | 5 Debian, Fedoraproject, Libjpeg-turbo and 2 more | 5 Debian Linux, Fedora, Libjpeg-turbo and 2 more | 2020-07-31 | 4.3 MEDIUM | 6.5 MEDIUM |
| get_8bit_row in rdbmp.c in libjpeg-turbo through 1.5.90 and MozJPEG through 3.3.1 allows attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted 8-bit BMP in which one or more of the color indices is out of range for the number of palette entries. | |||||
| CVE-2012-1798 | 4 Debian, Imagemagick, Opensuse and 1 more | 10 Debian Linux, Imagemagick, Opensuse and 7 more | 2020-07-31 | 4.3 MEDIUM | 6.5 MEDIUM |
| The TIFFGetEXIFProperties function in coders/tiff.c in ImageMagick before 6.7.6-3 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted EXIF IFD in a TIFF image. | |||||
| CVE-2012-0259 | 4 Canonical, Debian, Imagemagick and 1 more | 4 Ubuntu Linux, Debian Linux, Imagemagick and 1 more | 2020-07-31 | 4.3 MEDIUM | 6.5 MEDIUM |
| The GetEXIFProperty function in magick/property.c in ImageMagick before 6.7.6-3 allows remote attackers to cause a denial of service (crash) via a zero value in the component count of an EXIF XResolution tag in a JPEG file, which triggers an out-of-bounds read. | |||||
| CVE-2018-3837 | 2 Debian, Libsdl | 2 Debian Linux, Sdl Image | 2020-07-28 | 4.3 MEDIUM | 5.5 MEDIUM |
| An exploitable information disclosure vulnerability exists in the PCX image rendering functionality of Simple DirectMedia Layer SDL2_image-2.0.2. A specially crafted PCX image can cause an out-of-bounds read on the heap, resulting in information disclosure . An attacker can display a specially crafted image to trigger this vulnerability. | |||||
| CVE-2018-3838 | 2 Debian, Libsdl | 2 Debian Linux, Sdl Image | 2020-07-28 | 4.3 MEDIUM | 6.5 MEDIUM |
| An exploitable information vulnerability exists in the XCF image rendering functionality of Simple DirectMedia Layer SDL2_image-2.0.2. A specially crafted XCF image can cause an out-of-bounds read on the heap, resulting in information disclosure. An attacker can display a specially crafted image to trigger this vulnerability. | |||||
| CVE-2019-19035 | 1 Jhead Project | 1 Jhead | 2020-07-28 | 4.3 MEDIUM | 5.5 MEDIUM |
| jhead 3.03 is affected by: heap-based buffer over-read. The impact is: Denial of service. The component is: ReadJpegSections and process_SOFn in jpgfile.c. The attack vector is: Open a specially crafted JPEG file. | |||||
| CVE-2020-10994 | 1 Python | 1 Pillow | 2020-07-27 | 4.3 MEDIUM | 5.5 MEDIUM |
| In libImaging/Jpeg2KDecode.c in Pillow before 7.1.0, there are multiple out-of-bounds reads via a crafted JP2 file. | |||||
| CVE-2020-10378 | 1 Python | 1 Pillow | 2020-07-27 | 4.3 MEDIUM | 5.5 MEDIUM |
| In libImaging/PcxDecode.c in Pillow before 7.1.0, an out-of-bounds read can occur when reading PCX files where state->shuffle is instructed to read beyond state->buffer. | |||||
| CVE-2020-12418 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2020-07-27 | 4.3 MEDIUM | 6.5 MEDIUM |
| Manipulating individual parts of a URL object could have caused an out-of-bounds read, leaking process memory to malicious JavaScript. This vulnerability affects Firefox ESR < 68.10, Firefox < 78, and Thunderbird < 68.10.0. | |||||
| CVE-2020-12425 | 1 Mozilla | 1 Firefox | 2020-07-27 | 4.3 MEDIUM | 6.5 MEDIUM |
| Due to confusion processing a hyphen character in Date.parse(), a one-byte out of bounds read could have occurred, leading to potential information disclosure. This vulnerability affects Firefox < 78. | |||||
| CVE-2020-0093 | 2 Debian, Google | 2 Debian Linux, Android | 2020-07-27 | 1.9 LOW | 5.0 MEDIUM |
| In exif_data_save_data_entry of exif-data.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-148705132 | |||||
| CVE-2020-11019 | 1 Freerdp | 1 Freerdp | 2020-07-27 | 5.0 MEDIUM | 6.5 MEDIUM |
| In FreeRDP less than or equal to 2.0.0, when running with logger set to "WLOG_TRACE", a possible crash of application could occur due to a read of an invalid array index. Data could be printed as string to local terminal. This has been fixed in 2.1.0. | |||||
| CVE-2020-11018 | 1 Freerdp | 1 Freerdp | 2020-07-27 | 4.0 MEDIUM | 6.5 MEDIUM |
| In FreeRDP less than or equal to 2.0.0, a possible resource exhaustion vulnerability can be performed. Malicious clients could trigger out of bound reads causing memory allocation with random size. This has been fixed in 2.1.0. | |||||
| CVE-2018-18662 | 1 Artifex | 1 Mupdf | 2020-07-26 | 4.3 MEDIUM | 5.5 MEDIUM |
| There is an out-of-bounds read in fz_run_t3_glyph in fitz/font.c in Artifex MuPDF 1.14.0, as demonstrated by mutool. | |||||
| CVE-2020-9679 | 2 Adobe, Microsoft | 2 Prelude, Windows | 2020-07-23 | 4.3 MEDIUM | 6.5 MEDIUM |
| Adobe Prelude versions 9.0 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2020-9686 | 2 Adobe, Microsoft | 3 Photoshop, Photoshop Cc, Windows | 2020-07-23 | 4.3 MEDIUM | 6.5 MEDIUM |
| Adobe Photoshop versions Photoshop CC 2019, and Photoshop 2020 have an out-of-bounds read vulnerability. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2020-9649 | 1 Adobe | 1 Media Encoder | 2020-07-22 | 4.3 MEDIUM | 5.5 MEDIUM |
| Adobe Media Encoder versions 14.2 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | |||||
| CVE-2020-11913 | 1 Treck | 1 Tcp\/ip | 2020-07-22 | 5.0 MEDIUM | 5.3 MEDIUM |
| The Treck TCP/IP stack before 6.0.1.66 has an IPv6 Out-of-bounds Read. | |||||
| CVE-2020-11903 | 1 Treck | 1 Tcp\/ip | 2020-07-22 | 3.3 LOW | 6.5 MEDIUM |
| The Treck TCP/IP stack before 6.0.1.28 has a DHCP Out-of-bounds Read. | |||||
| CVE-2020-11905 | 1 Treck | 1 Tcp\/ip | 2020-07-22 | 3.3 LOW | 6.5 MEDIUM |
| The Treck TCP/IP stack before 6.0.1.66 has a DHCPv6 Out-of-bounds Read. | |||||
| CVE-2020-11910 | 1 Treck | 1 Tcp\/ip | 2020-07-22 | 5.0 MEDIUM | 5.3 MEDIUM |
| The Treck TCP/IP stack before 6.0.1.66 has an ICMPv4 Out-of-bounds Read. | |||||
| CVE-2020-11914 | 1 Treck | 1 Tcp\/ip | 2020-07-22 | 3.3 LOW | 4.3 MEDIUM |
| The Treck TCP/IP stack before 6.0.1.66 has an ARP Out-of-bounds Read. | |||||
| CVE-2020-11912 | 1 Treck | 1 Tcp\/ip | 2020-07-22 | 3.3 LOW | 5.3 MEDIUM |
| The Treck TCP/IP stack before 6.0.1.66 has a TCP Out-of-bounds Read. | |||||
| CVE-2019-14380 | 1 Openmpt | 1 Libopenmpt | 2020-07-20 | 4.3 MEDIUM | 6.5 MEDIUM |
| libopenmpt before 0.4.5 allows a crash during playback due to an out-of-bounds read in XM and MT2 files. | |||||
| CVE-2020-13131 | 1 Yubico | 3 Libykpiv, Piv Tool Manager, Yubikey Smart Card Minidriver | 2020-07-16 | 1.9 LOW | 4.3 MEDIUM |
| An issue was discovered in Yubico libykpiv before 2.1.0. lib/util.c in this library (which is included in yubico-piv-tool) does not properly check embedded length fields during device communication. A malicious PIV token can misreport the returned length fields during RSA key generation. This will cause stack memory to be copied into heap allocated memory that gets returned to the caller. The leaked memory could include PINs, passwords, key material, and other sensitive information depending on the integration. During further processing by the caller, this information could leak across trust boundaries. Note that RSA key generation is triggered by the host and cannot directly be triggered by the token. | |||||
| CVE-2018-20185 | 3 Canonical, Debian, Graphicsmagick | 3 Ubuntu Linux, Debian Linux, Graphicsmagick | 2020-07-14 | 2.6 LOW | 5.3 MEDIUM |
| In GraphicsMagick 1.4 snapshot-20181209 Q8 on 32-bit platforms, there is a heap-based buffer over-read in the ReadBMPImage function of bmp.c, which allows attackers to cause a denial of service via a crafted bmp image file. This only affects GraphicsMagick installations with customized BMP limits. | |||||
| CVE-2018-16382 | 1 Nasm | 1 Netwide Assembler | 2020-07-13 | 4.3 MEDIUM | 5.5 MEDIUM |
| Netwide Assembler (NASM) 2.14rc15 has a buffer over-read in x86/regflags.c. | |||||
| CVE-2020-5965 | 1 Nvidia | 8 Geforce, Geforce Firmware, Nvs and 5 more | 2020-07-13 | 2.1 LOW | 5.5 MEDIUM |
| NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the DirectX 11 user mode driver (nvwgf2um/x.dll), in which a specially crafted shader can cause an out of bounds access, leading to denial of service. | |||||
| CVE-2020-0182 | 2 Debian, Google | 2 Debian Linux, Android | 2020-07-06 | 6.4 MEDIUM | 6.5 MEDIUM |
| In exif_entry_get_value of exif-entry.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-147140917 | |||||
| CVE-2020-9618 | 2 Adobe, Microsoft | 2 Audition, Windows | 2020-07-02 | 4.3 MEDIUM | 5.5 MEDIUM |
| Adobe Audition versions 13.0.5 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | |||||
| CVE-2020-9622 | 2 Adobe, Microsoft | 2 Digital Negative Software Development Kit, Windows | 2020-07-02 | 4.3 MEDIUM | 5.5 MEDIUM |
| Adobe DNG Software Development Kit (SDK) 1.5 and earlier versions have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | |||||
| CVE-2020-9624 | 2 Adobe, Microsoft | 2 Digital Negative Software Development Kit, Windows | 2020-07-01 | 4.3 MEDIUM | 5.5 MEDIUM |
| Adobe DNG Software Development Kit (SDK) 1.5 and earlier versions have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | |||||
| CVE-2020-9616 | 2 Adobe, Microsoft | 2 Premiere Pro, Windows | 2020-07-01 | 4.3 MEDIUM | 5.5 MEDIUM |
| Adobe Premiere Pro versions 14.1 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | |||||
| CVE-2020-9666 | 3 Adobe, Linux, Microsoft | 3 Campaign Classic, Linux Kernel, Windows | 2020-07-01 | 4.3 MEDIUM | 5.5 MEDIUM |
| Adobe Campaign Classic before 20.2 have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | |||||
| CVE-2020-9617 | 2 Adobe, Microsoft | 2 Premiere Rush, Windows | 2020-07-01 | 4.3 MEDIUM | 5.5 MEDIUM |
| Adobe Premiere Rush versions 1.5.8 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | |||||
| CVE-2020-9603 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Macos and 1 more | 2020-06-30 | 4.3 MEDIUM | 5.5 MEDIUM |
| Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011.30166 and earlier, 2017.011.30166 and earlier, and 2015.006.30518 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | |||||
| CVE-2020-9602 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Macos and 1 more | 2020-06-30 | 4.3 MEDIUM | 5.5 MEDIUM |
| Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011.30166 and earlier, 2017.011.30166 and earlier, and 2015.006.30518 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | |||||
| CVE-2020-9608 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Macos and 1 more | 2020-06-30 | 4.3 MEDIUM | 5.5 MEDIUM |
| Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011.30166 and earlier, 2017.011.30166 and earlier, and 2015.006.30518 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | |||||
| CVE-2020-9609 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Macos and 1 more | 2020-06-30 | 4.3 MEDIUM | 5.5 MEDIUM |
| Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011.30166 and earlier, 2017.011.30166 and earlier, and 2015.006.30518 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | |||||
| CVE-2020-9629 | 2 Adobe, Microsoft | 2 Digital Negative Software Development Kit, Windows | 2020-06-29 | 4.3 MEDIUM | 5.5 MEDIUM |
| Adobe DNG Software Development Kit (SDK) 1.5 and earlier versions have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | |||||
| CVE-2020-3809 | 2 Adobe, Microsoft | 2 After Effects, Windows | 2020-06-29 | 4.3 MEDIUM | 5.5 MEDIUM |
| Adobe After Effects versions 17.0.1 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure . | |||||
| CVE-2020-9557 | 2 Adobe, Microsoft | 2 Bridge, Windows | 2020-06-29 | 4.3 MEDIUM | 5.5 MEDIUM |
| Adobe Bridge versions 10.0.1 and earlier version have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | |||||
| CVE-2020-0127 | 1 Google | 1 Android | 2020-06-15 | 4.3 MEDIUM | 6.5 MEDIUM |
| In AudioStream::decode of AudioGroup.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure in the phone process with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-140054506 | |||||