Search
Total
1936 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-0211 | 1 Google | 1 Android | 2020-06-15 | 4.3 MEDIUM | 6.5 MEDIUM |
| In SumCompoundHorizontalTaps of convolve_neon.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-147491773 | |||||
| CVE-2020-0205 | 1 Google | 1 Android | 2020-06-15 | 4.3 MEDIUM | 6.5 MEDIUM |
| In the DaalaBitReader constructor of entropy_decoder.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure in the media server with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-147234020 | |||||
| CVE-2020-0200 | 1 Google | 1 Android | 2020-06-15 | 4.3 MEDIUM | 6.5 MEDIUM |
| In ReadLittleEndian of raw_bit_reader.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure in the media server with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-147231862 | |||||
| CVE-2020-1232 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2020-06-14 | 4.3 MEDIUM | 6.5 MEDIUM |
| An information disclosure vulnerability exists when Media Foundation improperly handles objects in memory, aka 'Media Foundation Information Disclosure Vulnerability'. | |||||
| CVE-2020-0193 | 1 Google | 1 Android | 2020-06-12 | 4.3 MEDIUM | 6.5 MEDIUM |
| In ihevc_intra_pred_chroma_mode_3_to_9_av8 of ihevc_intra_pred_chroma_mode_3_to_9.s, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-144595488 | |||||
| CVE-2020-0191 | 1 Google | 1 Android | 2020-06-12 | 4.3 MEDIUM | 6.5 MEDIUM |
| In ih264d_update_default_index_list() of ih264d_dpb_mgr.c, there is a possible out of bounds read due to a logic error. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-140561484 | |||||
| CVE-2020-0180 | 1 Google | 1 Android | 2020-06-12 | 4.3 MEDIUM | 6.5 MEDIUM |
| In GetOpusHeaderBuffers() of OpusHeader.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-142861738 | |||||
| CVE-2020-0143 | 1 Google | 1 Android | 2020-06-12 | 2.1 LOW | 4.4 MEDIUM |
| In nfa_dm_ndef_find_next_handler of nfa_dm_ndef.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure of heap data via compromised device firmware with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-145597277 | |||||
| CVE-2020-0144 | 1 Google | 1 Android | 2020-06-12 | 2.1 LOW | 4.4 MEDIUM |
| In btm_proc_sp_req_evt of btm_sec.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure via compromised device firmware with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-142543497 | |||||
| CVE-2020-0149 | 1 Google | 1 Android | 2020-06-12 | 2.1 LOW | 4.4 MEDIUM |
| In btu_hcif_mode_change_evt of btu_hcif.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure via compromised device firmware with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-142544089 | |||||
| CVE-2020-0148 | 1 Google | 1 Android | 2020-06-12 | 2.1 LOW | 4.4 MEDIUM |
| In btu_hcif_pin_code_request_evt, btu_hcif_link_key_request_evt, and btu_hcif_link_key_notification_evt of btu_hcif.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure via compromised device firmware with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-142638492 | |||||
| CVE-2020-0146 | 1 Google | 1 Android | 2020-06-12 | 2.1 LOW | 4.4 MEDIUM |
| In btu_hcif_hardware_error_evt of btu_hcif.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure via compromised device firmware with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-142546561 | |||||
| CVE-2020-0145 | 1 Google | 1 Android | 2020-06-12 | 2.1 LOW | 4.4 MEDIUM |
| In btm_simple_pair_complete of btm_sec.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure via compromised device firmware with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-142544079 | |||||
| CVE-2020-0157 | 1 Google | 1 Android | 2020-06-12 | 4.0 MEDIUM | 4.9 MEDIUM |
| In nfa_hci_conn_cback of nfa_hci_main.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure via compromised device firmware with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-139740814 | |||||
| CVE-2020-0147 | 1 Google | 1 Android | 2020-06-12 | 2.1 LOW | 4.4 MEDIUM |
| In btu_hcif_esco_connection_chg_evt of btu_hcif.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure via compromised device firmware with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-142638392 | |||||
| CVE-2020-0156 | 1 Google | 1 Android | 2020-06-12 | 2.1 LOW | 5.5 MEDIUM |
| In NxpNfc::ioctl of NxpNfc.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-139736127 | |||||
| CVE-2020-0154 | 1 Google | 1 Android | 2020-06-12 | 2.1 LOW | 4.4 MEDIUM |
| In nci_proc_core_rsp of nci_hrcv.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure via compromised device firmware with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-141550919 | |||||
| CVE-2020-0152 | 1 Google | 1 Android | 2020-06-12 | 2.1 LOW | 4.4 MEDIUM |
| In avb_vbmeta_image_verify of avb_vbmeta_image.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-145992159 | |||||
| CVE-2020-0151 | 1 Google | 1 Android | 2020-06-12 | 2.1 LOW | 4.4 MEDIUM |
| In avb_vbmeta_image_verify of avb_vbmeta_image.c there is a possible out of bounds read due to a missing bounds check. This could lead to a local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-133164384 | |||||
| CVE-2020-0185 | 1 Google | 1 Android | 2020-06-12 | 2.1 LOW | 5.5 MEDIUM |
| In avrc_pars_browsing_cmd of avrc_pars_tg.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-79945152 | |||||
| CVE-2020-0197 | 1 Google | 1 Android | 2020-06-12 | 2.1 LOW | 5.5 MEDIUM |
| In InitDataParser::parsePssh of InitDataParser.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-137370379 | |||||
| CVE-2020-0158 | 1 Google | 1 Android | 2020-06-11 | 2.1 LOW | 4.4 MEDIUM |
| In nfc_ncif_proc_t3t_polling_ntf of nfc_ncif.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-141547128 | |||||
| CVE-2020-0159 | 1 Google | 1 Android | 2020-06-11 | 3.5 LOW | 5.5 MEDIUM |
| In rw_mfc_writeBlock of rw_mfc.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-140768035 | |||||
| CVE-2020-0164 | 1 Google | 1 Android | 2020-06-11 | 2.1 LOW | 4.4 MEDIUM |
| In phNxpNciHal_NfcDep_cmd_ext of phNxpNciHal_NfcDepSWPrio.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-139736125 | |||||
| CVE-2016-8681 | 1 Libdwarf Project | 1 Libdwarf | 2020-06-11 | 4.3 MEDIUM | 5.5 MEDIUM |
| The _dwarf_get_abbrev_for_code function in dwarf_util.c in libdwarf 20161001 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) by calling the dwarfdump command on a crafted file. | |||||
| CVE-2016-8679 | 1 Libdwarf Project | 1 Libdwarf | 2020-06-11 | 4.3 MEDIUM | 5.5 MEDIUM |
| The _dwarf_get_size_of_val function in libdwarf/dwarf_util.c in Libdwarf before 20161124 allows remote attackers to cause a denial of service (out-of-bounds read) by calling the dwarfdump command on a crafted file. | |||||
| CVE-2019-20503 | 1 Usrsctp Project | 1 Usrsctp | 2020-06-11 | 4.3 MEDIUM | 6.5 MEDIUM |
| usrsctp before 2019-12-20 has out-of-bounds reads in sctp_load_addresses_from_init. | |||||
| CVE-2018-14610 | 1 Linux | 1 Linux Kernel | 2020-06-10 | 7.1 HIGH | 5.5 MEDIUM |
| An issue was discovered in the Linux kernel through 4.17.10. There is out-of-bounds access in write_extent_buffer() when mounting and operating a crafted btrfs image, because of a lack of verification that each block group has a corresponding chunk at mount time, within btrfs_read_block_groups in fs/btrfs/extent-tree.c. | |||||
| CVE-2020-9832 | 1 Apple | 1 Mac Os X | 2020-06-10 | 4.3 MEDIUM | 5.5 MEDIUM |
| An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.5. A malicious application may be able to determine kernel memory layout. | |||||
| CVE-2020-9831 | 1 Apple | 1 Mac Os X | 2020-06-10 | 4.3 MEDIUM | 5.5 MEDIUM |
| An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Catalina 10.15.5. A malicious application may be able to determine kernel memory layout. | |||||
| CVE-2020-11047 | 2 Canonical, Freerdp | 2 Ubuntu Linux, Freerdp | 2020-06-09 | 4.9 MEDIUM | 5.9 MEDIUM |
| In FreeRDP after 1.1 and before 2.0.0, there is an out-of-bounds read in autodetect_recv_bandwidth_measure_results. A malicious server can extract up to 8 bytes of client memory with a manipulated message by providing a short input and reading the measurement result data. This has been patched in 2.0.0. | |||||
| CVE-2019-7152 | 1 Webassembly | 1 Binaryen | 2020-06-08 | 4.3 MEDIUM | 6.5 MEDIUM |
| A heap-based buffer over-read was discovered in wasm::WasmBinaryBuilder::processFunctions() in wasm/wasm-binary.cpp (when calling wasm::WasmBinaryBuilder::getFunctionIndexName) in Binaryen 1.38.22. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by wasm-opt. | |||||
| CVE-2019-7700 | 1 Webassembly | 1 Binaryen | 2020-06-08 | 4.3 MEDIUM | 6.5 MEDIUM |
| A heap-based buffer over-read was discovered in wasm::WasmBinaryBuilder::visitCall in wasm-binary.cpp in Binaryen 1.38.22. A crafted wasm input can cause a segmentation fault, leading to denial-of-service, as demonstrated by wasm-merge. | |||||
| CVE-2019-7701 | 1 Webassembly | 1 Binaryen | 2020-06-08 | 4.3 MEDIUM | 6.5 MEDIUM |
| A heap-based buffer over-read was discovered in wasm::SExpressionParser::skipWhitespace() in wasm-s-parser.cpp in Binaryen 1.38.22. A crafted wasm input can cause a segmentation fault, leading to denial-of-service, as demonstrated by wasm2js. | |||||
| CVE-2020-9071 | 1 Huawei | 34 Ar120-s, Ar120-s Firmware, Ar1200 and 31 more | 2020-06-03 | 4.0 MEDIUM | 6.5 MEDIUM |
| There is a few bytes out-of-bounds read vulnerability in some Huawei products. The software reads data past the end of the intended buffer when parsing certain message, an authenticated attacker could exploit this vulnerability by sending crafted messages to the device. Successful exploit may cause service abnormal in specific scenario.Affected product versions include:AR120-S versions V200R007C00SPC900,V200R007C00SPCa00 | |||||
| CVE-2017-5846 | 1 Gstreamer Project | 1 Gstreamer | 2020-05-30 | 4.3 MEDIUM | 5.5 MEDIUM |
| The gst_asf_demux_process_ext_stream_props function in gst/asfdemux/gstasfdemux.c in gst-plugins-ugly in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (invalid memory read and crash) via vectors related to the number of languages in a video file. | |||||
| CVE-2016-10198 | 1 Gstreamer Project | 1 Gstreamer | 2020-05-30 | 4.3 MEDIUM | 5.5 MEDIUM |
| The gst_aac_parse_sink_setcaps function in gst/audioparsers/gstaacparse.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (invalid memory read and crash) via a crafted audio file. | |||||
| CVE-2020-0100 | 1 Google | 1 Android | 2020-05-18 | 2.1 LOW | 5.5 MEDIUM |
| In onTransact of IHDCP.cpp, there is a possible out of bounds read due to incorrect error handling. This could lead to local information disclosure of data from a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-8.0Android ID: A-150156584 | |||||
| CVE-2019-19927 | 2 Linux, Opensuse | 2 Linux Kernel, Leap | 2020-05-14 | 3.6 LOW | 6.0 MEDIUM |
| In the Linux kernel 5.0.0-rc7 (as distributed in ubuntu/linux.git on kernel.ubuntu.com), mounting a crafted f2fs filesystem image and performing some operations can lead to slab-out-of-bounds read access in ttm_put_pages in drivers/gpu/drm/ttm/ttm_page_alloc.c. This is related to the vmwgfx or ttm module. | |||||
| CVE-2018-5683 | 4 Canonical, Debian, Qemu and 1 more | 9 Ubuntu Linux, Debian Linux, Qemu and 6 more | 2020-05-14 | 2.1 LOW | 6.0 MEDIUM |
| The vga_draw_text function in Qemu allows local OS guest privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) by leveraging improper memory address validation. | |||||
| CVE-2017-8845 | 1 Lrzip Project | 1 Lrzip | 2020-05-13 | 4.3 MEDIUM | 5.5 MEDIUM |
| The lzo1x_decompress function in lzo1x_d.ch in LZO 2.08, as used in lrzip 0.631, allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted archive. | |||||
| CVE-2018-20124 | 2 Canonical, Qemu | 2 Ubuntu Linux, Qemu | 2020-05-12 | 2.1 LOW | 5.5 MEDIUM |
| hw/rdma/rdma_backend.c in QEMU allows guest OS users to trigger out-of-bounds access via a PvrdmaSqWqe ring element with a large num_sge value. | |||||
| CVE-2018-21233 | 1 Google | 1 Tensorflow | 2020-05-08 | 4.3 MEDIUM | 6.5 MEDIUM |
| TensorFlow before 1.7.0 has an integer overflow that causes an out-of-bounds read, possibly causing disclosure of the contents of process memory. This occurs in the DecodeBmp feature of the BMP decoder in core/kernels/decode_bmp_op.cc. | |||||
| CVE-2019-15090 | 3 Canonical, Linux, Opensuse | 3 Ubuntu Linux, Linux Kernel, Leap | 2020-05-05 | 4.6 MEDIUM | 6.7 MEDIUM |
| An issue was discovered in drivers/scsi/qedi/qedi_dbg.c in the Linux kernel before 5.1.12. In the qedi_dbg_* family of functions, there is an out-of-bounds read. | |||||
| CVE-2020-10811 | 1 Hdfgroup | 1 Hdf5 | 2020-04-30 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in HDF5 through 1.12.0. A heap-based buffer over-read exists in the function H5O__layout_decode() located in H5Olayout.c. It allows an attacker to cause Denial of Service. | |||||
| CVE-2018-20536 | 1 Liblas | 1 Liblas | 2020-04-25 | 4.3 MEDIUM | 6.5 MEDIUM |
| There is a heap-based buffer over-read at liblas::SpatialReference::GetGTIF() (spatialreference.cpp) in libLAS 1.8.1 that will cause a denial of service. | |||||
| CVE-2019-15666 | 3 Debian, Linux, Opensuse | 3 Debian Linux, Linux Kernel, Leap | 2020-04-23 | 4.9 MEDIUM | 4.4 MEDIUM |
| An issue was discovered in the Linux kernel before 5.0.19. There is an out-of-bounds array access in __xfrm_policy_unlink, which will cause denial of service, because verify_newpolicy_info in net/xfrm/xfrm_user.c mishandles directory validation. | |||||
| CVE-2020-0077 | 1 Google | 1 Android | 2020-04-23 | 2.1 LOW | 4.4 MEDIUM |
| In authorize_enroll of the FPC IRIS TrustZone app, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-146055840 | |||||
| CVE-2020-0075 | 1 Google | 1 Android | 2020-04-22 | 2.1 LOW | 4.4 MEDIUM |
| In set_shared_key of the FPC IRIS TrustZone app, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-146057864 | |||||
| CVE-2020-10637 | 1 Eaton | 2 Hmisoft Vu3, Hmisoft Vu3 Firmware | 2020-04-22 | 4.3 MEDIUM | 5.5 MEDIUM |
| Eaton HMiSoft VU3 (HMIVU3 runtime not impacted), Version 3.00.23 and prior, however, the HMIVU runtimes are not impacted by these issues. A specially crafted input file could trigger an out-of-bounds read when loaded by the affected product. | |||||