Search
Total
1936 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-9235 | 1 Google | 1 Android | 2019-10-03 | 1.9 LOW | 5.0 MEDIUM |
| In NFC, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-122323053 | |||||
| CVE-2019-9243 | 1 Google | 1 Android | 2019-10-03 | 2.1 LOW | 5.5 MEDIUM |
| In wpa_supplicant_8, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-120905706 | |||||
| CVE-2017-16229 | 1 Ox Project | 1 Ox | 2019-10-03 | 4.3 MEDIUM | 5.5 MEDIUM |
| In the Ox gem 2.8.1 for Ruby, the process crashes with a stack-based buffer over-read in the read_from_str function in sax_buf.c when a crafted input is supplied to sax_parse. | |||||
| CVE-2017-8363 | 2 Debian, Libsndfile Project | 2 Debian Linux, Libsndfile | 2019-10-03 | 4.3 MEDIUM | 6.5 MEDIUM |
| The flac_buffer_copy function in flac.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted audio file. | |||||
| CVE-2017-7939 | 1 Entropymine | 1 Imageworsener | 2019-10-03 | 4.3 MEDIUM | 5.5 MEDIUM |
| The read_next_pam_token function in imagew-pnm.c in libimageworsener.a in ImageWorsener 1.3.0 allows remote attackers to cause a denial of service (stack-based buffer over-read) via a crafted file. | |||||
| CVE-2017-7960 | 1 Gnome | 1 Libcroco | 2019-10-03 | 4.3 MEDIUM | 5.5 MEDIUM |
| The cr_input_new_from_uri function in cr-input.c in libcroco 0.6.11 and 0.6.12 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted CSS file. | |||||
| CVE-2017-9206 | 1 Entropymine | 1 Imageworsener | 2019-10-03 | 4.3 MEDIUM | 6.5 MEDIUM |
| The iw_get_ui16le function in imagew-util.c:405:23 in libimageworsener.a in ImageWorsener 1.3.1 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted image, related to imagew-jpeg.c. | |||||
| CVE-2017-7854 | 1 Radare | 1 Radare2 | 2019-10-03 | 4.3 MEDIUM | 5.5 MEDIUM |
| The consume_init_expr function in wasm.c in radare2 1.3.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted Web Assembly file. | |||||
| CVE-2017-7716 | 1 Radare | 1 Radare2 | 2019-10-03 | 4.3 MEDIUM | 5.5 MEDIUM |
| The read_u32_leb128 function in libr/util/uleb128.c in radare2 1.3.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted Web Assembly file. | |||||
| CVE-2017-7623 | 1 Entropymine | 1 Imageworsener | 2019-10-03 | 4.3 MEDIUM | 5.5 MEDIUM |
| The iwmiffr_convert_row32 function in imagew-miff.c in libimageworsener.a in ImageWorsener 1.3.0 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file. | |||||
| CVE-2017-9207 | 1 Entropymine | 1 Imageworsener | 2019-10-03 | 4.3 MEDIUM | 6.5 MEDIUM |
| The iw_get_ui16be function in imagew-util.c:422:24 in libimageworsener.a in ImageWorsener 1.3.1 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted image, related to imagew-jpeg.c. | |||||
| CVE-2017-7612 | 3 Canonical, Debian, Elfutils Project | 3 Ubuntu Linux, Debian Linux, Elfutils | 2019-10-03 | 4.3 MEDIUM | 5.5 MEDIUM |
| The check_sysv_hash function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file. | |||||
| CVE-2017-9260 | 1 Surina | 1 Soundtouch | 2019-10-03 | 4.3 MEDIUM | 5.5 MEDIUM |
| The TDStretchSSE::calcCrossCorr function in source/SoundTouch/sse_optimized.cpp in SoundTouch 1.9.2 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted wav file. | |||||
| CVE-2017-7611 | 3 Canonical, Debian, Elfutils Project | 3 Ubuntu Linux, Debian Linux, Elfutils | 2019-10-03 | 4.3 MEDIUM | 5.5 MEDIUM |
| The check_symtab_shndx function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file. | |||||
| CVE-2017-7610 | 3 Canonical, Debian, Elfutils Project | 3 Ubuntu Linux, Debian Linux, Elfutils | 2019-10-03 | 4.3 MEDIUM | 5.5 MEDIUM |
| The check_group function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file. | |||||
| CVE-2017-7608 | 3 Canonical, Debian, Elfutils Project | 3 Ubuntu Linux, Debian Linux, Elfutils | 2019-10-03 | 4.3 MEDIUM | 5.5 MEDIUM |
| The ebl_object_note_type_name function in eblobjnotetypename.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file. | |||||
| CVE-2017-9471 | 2 Canonical, Ytnef Project | 2 Ubuntu Linux, Ytnef | 2019-10-03 | 4.3 MEDIUM | 5.5 MEDIUM |
| In ytnef 1.9.2, the SwapWord function in lib/ytnef.c allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file. | |||||
| CVE-2017-9472 | 1 Ytnef Project | 1 Ytnef | 2019-10-03 | 4.3 MEDIUM | 5.5 MEDIUM |
| In ytnef 1.9.2, the SwapDWord function in lib/ytnef.c allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file. | |||||
| CVE-2017-9474 | 1 Ytnef Project | 1 Ytnef | 2019-10-03 | 4.3 MEDIUM | 5.5 MEDIUM |
| In ytnef 1.9.2, the DecompressRTF function in lib/ytnef.c allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file. | |||||
| CVE-2017-9545 | 1 Mpg123 | 1 Mpg123 | 2019-10-03 | 4.3 MEDIUM | 5.5 MEDIUM |
| The next_text function in src/libmpg123/id3.c in mpg123 1.24.0 allows remote attackers to cause a denial of service (buffer over-read) via a crafted mp3 file. | |||||
| CVE-2017-7454 | 1 Entropymine | 1 Imageworsener | 2019-10-03 | 4.3 MEDIUM | 5.5 MEDIUM |
| The iwgif_record_pixel function in imagew-gif.c in libimageworsener.a in ImageWorsener 1.3.0 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file. | |||||
| CVE-2017-9847 | 1 Libtorrent | 1 Libtorrent | 2019-10-03 | 4.3 MEDIUM | 5.5 MEDIUM |
| The bdecode function in bdecode.cpp in libtorrent 1.1.3 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file. | |||||
| CVE-2017-9865 | 2 Debian, Freedesktop | 2 Debian Linux, Poppler | 2019-10-03 | 4.3 MEDIUM | 5.5 MEDIUM |
| The function GfxImageColorMap::getGray in GfxState.cc in Poppler 0.54.0 allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a crafted PDF document, related to missing color-map validation in ImageOutputDev.cc. | |||||
| CVE-2017-9869 | 1 Lame Project | 1 Lame | 2019-10-03 | 4.3 MEDIUM | 5.5 MEDIUM |
| The II_step_one function in layer2.c in mpglib, as used in libmpgdecoder.a in LAME 3.99.5 and other products, allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted audio file. | |||||
| CVE-2017-9870 | 1 Lame Project | 1 Lame | 2019-10-03 | 4.3 MEDIUM | 5.5 MEDIUM |
| The III_i_stereo function in layer3.c in mpglib, as used in libmpgdecoder.a in LAME 3.99.5 and other products, allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted audio file that is mishandled in the code for the "block_type == 2" case, a similar issue to CVE-2017-11126. | |||||
| CVE-2017-9954 | 1 Gnu | 1 Binutils | 2019-10-03 | 4.3 MEDIUM | 5.5 MEDIUM |
| The getvalue function in tekhex.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a crafted tekhex file, as demonstrated by mishandling within the nm program. | |||||
| CVE-2017-9955 | 1 Gnu | 1 Binutils | 2019-10-03 | 4.3 MEDIUM | 5.5 MEDIUM |
| The get_build_id function in opncls.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file in which a certain size field is larger than a corresponding data field, as demonstrated by mishandling within the objdump program. | |||||
| CVE-2017-7379 | 1 Podofo Project | 1 Podofo | 2019-10-03 | 4.3 MEDIUM | 5.5 MEDIUM |
| The PoDoFo::PdfSimpleEncoding::ConvertToEncoding function in PdfEncoding.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted PDF document. | |||||
| CVE-2018-10186 | 1 Radare | 1 Radare2 | 2019-10-03 | 4.3 MEDIUM | 5.5 MEDIUM |
| In radare2 2.5.0, there is a heap-based buffer over-read in the r_hex_bin2str function (libr/util/hex.c). Remote attackers could leverage this vulnerability to cause a denial of service via a crafted DEX file. This issue is different from CVE-2017-15368. | |||||
| CVE-2018-10187 | 1 Radare | 1 Radare2 | 2019-10-03 | 4.3 MEDIUM | 5.5 MEDIUM |
| In radare2 2.5.0, there is a heap-based buffer over-read in the dalvik_op function (libr/anal/p/anal_dalvik.c). Remote attackers could leverage this vulnerability to cause a denial of service via a crafted DEX file. Note that this issue is different from CVE-2018-8809, which was patched earlier. | |||||
| CVE-2017-7378 | 1 Podofo Project | 1 Podofo | 2019-10-03 | 4.3 MEDIUM | 5.5 MEDIUM |
| The PoDoFo::PdfPainter::ExpandTabs function in PdfPainter.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted PDF document. | |||||
| CVE-2018-10733 | 3 Gnome, Opensuse, Redhat | 6 Libgxps, Leap, Ansible Tower and 3 more | 2019-10-03 | 4.3 MEDIUM | 6.5 MEDIUM |
| There is a heap-based buffer over-read in the function ft_font_face_hash of gxps-fonts.c in libgxps through 0.3.0. A crafted input will lead to a remote denial of service attack. | |||||
| CVE-2018-10767 | 2 Gnome, Redhat | 5 Libgxps, Ansible Tower, Enterprise Linux Desktop and 2 more | 2019-10-03 | 4.3 MEDIUM | 6.5 MEDIUM |
| There is a stack-based buffer over-read in calling GLib in the function gxps_images_guess_content_type of gxps-images.c in libgxps through 0.3.0 because it does not reject negative return values from a g_input_stream_read call. A crafted input will lead to a remote denial of service attack. | |||||
| CVE-2018-10779 | 2 Canonical, Libtiff | 2 Ubuntu Linux, Libtiff | 2019-10-03 | 4.3 MEDIUM | 6.5 MEDIUM |
| TIFFWriteScanline in tif_write.c in LibTIFF 3.8.2 has a heap-based buffer over-read, as demonstrated by bmp2tiff. | |||||
| CVE-2018-10780 | 1 Exiv2 | 1 Exiv2 | 2019-10-03 | 4.3 MEDIUM | 6.5 MEDIUM |
| Exiv2::Image::byteSwap2 in image.cpp in Exiv2 0.26 has a heap-based buffer over-read. | |||||
| CVE-2017-6883 | 2 Foxitsoftware, Microsoft | 3 Foxit Reader, Phantompdf, Windows | 2019-10-03 | 2.6 LOW | 4.7 MEDIUM |
| The ConvertToPDF plugin in Foxit Reader before 8.2.1 and PhantomPDF before 8.2.1 on Windows, when the gflags app is enabled, allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted TIFF image. The vulnerability could lead to information disclosure; an attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. | |||||
| CVE-2018-10999 | 3 Canonical, Debian, Exiv2 | 3 Ubuntu Linux, Debian Linux, Exiv2 | 2019-10-03 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in Exiv2 0.26. The Exiv2::Internal::PngChunk::parseTXTChunk function has a heap-based buffer over-read. | |||||
| CVE-2018-11251 | 1 Imagemagick | 1 Imagemagick | 2019-10-03 | 4.3 MEDIUM | 6.5 MEDIUM |
| In ImageMagick 7.0.7-23 Q16 x86_64 2018-01-24, there is a heap-based buffer over-read in ReadSUNImage in coders/sun.c, which allows attackers to cause a denial of service (application crash in SetGrayscaleImage in MagickCore/quantize.c) via a crafted SUN image file. | |||||
| CVE-2017-6829 | 1 Audiofile | 1 Audiofile | 2019-10-03 | 4.3 MEDIUM | 5.5 MEDIUM |
| The decodeSample function in IMA.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (crash) via a crafted file. | |||||
| CVE-2017-6615 | 1 Cisco | 1 Ios Xe | 2019-10-03 | 6.3 MEDIUM | 6.3 MEDIUM |
| A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco IOS XE 3.16 could allow an authenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to a race condition that could occur when the affected software processes an SNMP read request that contains certain criteria for a specific object ID (OID) and an active crypto session is disconnected on an affected device. An attacker who can authenticate to an affected device could trigger this vulnerability by issuing an SNMP request for a specific OID on the device. A successful exploit will cause the device to restart due to an attempt to access an invalid memory region. The attacker does not control how or when crypto sessions are disconnected on the device. Cisco Bug IDs: CSCvb94392. | |||||
| CVE-2017-3737 | 2 Debian, Openssl | 2 Debian Linux, Openssl | 2019-10-03 | 4.3 MEDIUM | 5.9 MEDIUM |
| OpenSSL 1.0.2 (starting from version 1.0.2b) introduced an "error state" mechanism. The intent was that if a fatal error occurred during a handshake then OpenSSL would move into the error state and would immediately fail if you attempted to continue the handshake. This works as designed for the explicit handshake functions (SSL_do_handshake(), SSL_accept() and SSL_connect()), however due to a bug it does not work correctly if SSL_read() or SSL_write() is called directly. In that scenario, if the handshake fails then a fatal error will be returned in the initial function call. If SSL_read()/SSL_write() is subsequently called by the application for the same SSL object then it will succeed and the data is passed without being decrypted/encrypted directly from the SSL/TLS record layer. In order to exploit this issue an application bug would have to be present that resulted in a call to SSL_read()/SSL_write() being issued after having already received a fatal error. OpenSSL version 1.0.2b-1.0.2m are affected. Fixed in OpenSSL 1.0.2n. OpenSSL 1.1.0 is not affected. | |||||
| CVE-2017-10995 | 1 Imagemagick | 1 Imagemagick | 2019-10-03 | 4.3 MEDIUM | 5.5 MEDIUM |
| The mng_get_long function in coders/png.c in ImageMagick 7.0.6-0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted MNG image. | |||||
| CVE-2018-11432 | 1 Libmobi Project | 1 Libmobi | 2019-10-03 | 4.3 MEDIUM | 6.5 MEDIUM |
| The mobi_parse_mobiheader function in read.c in Libmobi 0.3 allows remote attackers to cause information disclosure (heap-based buffer over-read) via a crafted mobi file. | |||||
| CVE-2018-11433 | 1 Libmobi Project | 1 Libmobi | 2019-10-03 | 4.3 MEDIUM | 6.5 MEDIUM |
| The mobi_get_kf8boundary_seqnumber function in util.c in Libmobi 0.3 allows remote attackers to cause information disclosure (heap-based buffer over-read) via a crafted mobi file. | |||||
| CVE-2018-11434 | 1 Libmobi Project | 1 Libmobi | 2019-10-03 | 4.3 MEDIUM | 6.5 MEDIUM |
| The buffer_fill64 function in compression.c in Libmobi 0.3 allows remote attackers to cause information disclosure (heap-based buffer over-read) via a crafted mobi file. | |||||
| CVE-2018-11436 | 1 Libmobi Project | 1 Libmobi | 2019-10-03 | 4.3 MEDIUM | 6.5 MEDIUM |
| The buffer_addraw function in buffer.c in Libmobi 0.3 allows remote attackers to cause information disclosure (heap-based buffer over-read) via a crafted mobi file. | |||||
| CVE-2018-11504 | 2 Debian, Discount Project | 2 Debian Linux, Discount | 2019-10-03 | 4.3 MEDIUM | 5.5 MEDIUM |
| The islist function in markdown.c in libmarkdown.a in DISCOUNT 2.2.3a allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file, as demonstrated by mkd2html. | |||||
| CVE-2018-11468 | 2 Debian, Discount Project | 2 Debian Linux, Discount | 2019-10-03 | 4.3 MEDIUM | 5.5 MEDIUM |
| The __mkd_trim_line function in mkdio.c in libmarkdown.a in DISCOUNT 2.2.3a allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file, as demonstrated by mkd2html. | |||||
| CVE-2018-8810 | 1 Radare | 1 Radare2 | 2019-10-03 | 4.3 MEDIUM | 5.5 MEDIUM |
| In radare2 2.4.0, there is a heap-based buffer over-read in the get_ivar_list_t function of mach0_classes.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted Mach-O file. | |||||
| CVE-2018-8809 | 1 Radare | 1 Radare2 | 2019-10-03 | 4.3 MEDIUM | 5.5 MEDIUM |
| In radare2 2.4.0, there is a heap-based buffer over-read in the dalvik_op function of anal_dalvik.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted dex file. | |||||