Search
Total
1936 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-1000085 | 3 Canonical, Clamav, Debian | 3 Ubuntu Linux, Clamav, Debian Linux | 2019-03-20 | 4.3 MEDIUM | 5.5 MEDIUM |
| ClamAV version version 0.99.3 contains a Out of bounds heap memory read vulnerability in XAR parser, function xar_hash_check() that can result in Leaking of memory, may help in developing exploit chains.. This attack appear to be exploitable via The victim must scan a crafted XAR file. This vulnerability appears to have been fixed in after commit d96a6b8bcc7439fa7e3876207aa0a8e79c8451b6. | |||||
| CVE-2017-15722 | 2 Debian, Irssi | 2 Debian Linux, Irssi | 2019-03-14 | 4.3 MEDIUM | 5.9 MEDIUM |
| In certain cases, Irssi before 1.0.5 may fail to verify that a Safe channel ID is long enough, causing reads beyond the end of the string. | |||||
| CVE-2017-6500 | 2 Debian, Imagemagick | 2 Debian Linux, Imagemagick | 2019-03-13 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in ImageMagick 6.9.7. A specially crafted sun file triggers a heap-based buffer over-read. | |||||
| CVE-2017-6011 | 3 Debian, Icoutils Project, Redhat | 8 Debian Linux, Icoutils, Enterprise Linux Desktop and 5 more | 2019-03-12 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in icoutils 0.31.1. An out-of-bounds read leading to a buffer overflow was observed in the "simple_vec" function in the "extract.c" source file. This affects icotool. | |||||
| CVE-2017-11358 | 2 Debian, Sound Exchange Project | 2 Debian Linux, Sound Exchange | 2019-03-08 | 4.3 MEDIUM | 5.5 MEDIUM |
| The read_samples function in hcom.c in Sound eXchange (SoX) 14.4.2 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted hcom file. | |||||
| CVE-2019-6231 | 1 Apple | 4 Iphone Os, Mac Os X, Tvos and 1 more | 2019-03-07 | 4.3 MEDIUM | 5.5 MEDIUM |
| An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2, watchOS 5.1.3. A malicious application may be able to read restricted memory. | |||||
| CVE-2019-6220 | 1 Apple | 1 Mac Os X | 2019-03-07 | 4.3 MEDIUM | 5.5 MEDIUM |
| An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Mojave 10.14.3. An application may be able to read restricted memory. | |||||
| CVE-2018-4933 | 5 Adobe, Apple, Google and 2 more | 7 Flash Player, Mac Os X, Chrome Os and 4 more | 2019-03-07 | 4.0 MEDIUM | 6.5 MEDIUM |
| Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | |||||
| CVE-2018-5001 | 6 Adobe, Apple, Google and 3 more | 11 Flash Player, Flash Player Desktop Runtime, Mac Os X and 8 more | 2019-03-07 | 4.3 MEDIUM | 6.5 MEDIUM |
| Adobe Flash Player versions 29.0.0.171 and earlier have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | |||||
| CVE-2015-5327 | 1 Linux | 1 Linux Kernel | 2019-03-07 | 4.0 MEDIUM | 6.5 MEDIUM |
| Out-of-bounds memory read in the x509_decode_time function in x509_cert_parser.c in Linux kernels 4.3-rc1 and after. | |||||
| CVE-2019-6209 | 1 Apple | 4 Iphone Os, Mac Os X, Tv Os and 1 more | 2019-03-06 | 4.3 MEDIUM | 5.5 MEDIUM |
| An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2, watchOS 5.1.3. A malicious application may be able to determine kernel memory layout. | |||||
| CVE-2016-5825 | 1 Libical Project | 1 Libical | 2019-03-04 | 4.3 MEDIUM | 5.5 MEDIUM |
| The icalparser_parse_string function in libical 0.47 and 1.0 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted ics file. | |||||
| CVE-2018-7875 | 2 Debian, Libming | 2 Debian Linux, Libming | 2019-03-04 | 4.3 MEDIUM | 6.5 MEDIUM |
| There is a heap-based buffer over-read in the getString function of util/decompile.c in libming 0.4.8 for CONSTANT8 data. A Crafted input will lead to a denial of service attack. | |||||
| CVE-2018-7868 | 2 Debian, Libming | 2 Debian Linux, Libming | 2019-03-04 | 4.3 MEDIUM | 6.5 MEDIUM |
| There is a heap-based buffer over-read in the getName function of util/decompile.c in libming 0.4.8 for CONSTANT8 data. A Crafted input will lead to a denial of service attack. | |||||
| CVE-2017-8362 | 2 Debian, Libsndfile Project | 2 Debian Linux, Libsndfile | 2019-03-04 | 4.3 MEDIUM | 6.5 MEDIUM |
| The flac_buffer_copy function in flac.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (invalid read and application crash) via a crafted audio file. | |||||
| CVE-2019-1996 | 1 Google | 1 Android | 2019-03-01 | 3.3 LOW | 6.5 MEDIUM |
| In avrc_pars_browse_rsp of avrc_pars_ct.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-8.0 Android-8.1 Android-9. Android ID: A-111451066. | |||||
| CVE-2019-8397 | 1 Hdfgroup | 1 Hdf5 | 2019-02-19 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in the HDF HDF5 1.10.4 library. There is an out of bounds read in the function H5T_close_real in H5T.c. | |||||
| CVE-2019-8398 | 1 Hdfgroup | 1 Hdf5 | 2019-02-19 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in the HDF HDF5 1.10.4 library. There is an out of bounds read in the function H5T_get_size in H5T.c. | |||||
| CVE-2018-9588 | 1 Google | 1 Android | 2019-02-12 | 3.3 LOW | 6.5 MEDIUM |
| In avdt_scb_hdl_report of avdt_scb_act.cc in Android-7.0, Android-7.1.1, Android-7.1.2, Android-8.0, Android-8.1 and Android-9, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. Android ID: A-111450156. | |||||
| CVE-2018-9589 | 1 Google | 1 Android | 2019-02-12 | 2.1 LOW | 5.5 MEDIUM |
| In ieee802_11_rx_wnmsleep_req of wnm_ap.c in Android-7.0, Android-7.1.1, Android-7.1.2, Android-8.0, Android-8.1 and Android-9, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure in the wifi driver with no additional execution privileges needed. User interaction is not needed for exploitation. Android ID: A-111893132. | |||||
| CVE-2018-9593 | 1 Google | 1 Android | 2019-02-12 | 3.3 LOW | 6.5 MEDIUM |
| In llcp_dlc_proc_i_pdu of llcp_dlc.cc in Android-7.0, Android-7.1.1, Android-7.1.2, Android-8.0, Android-8.1 and Android-9, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure over NFC with no additional execution privileges needed. User interaction is not needed for exploitation. Android ID: A-116722267. | |||||
| CVE-2018-17854 | 1 Simdcomp Project | 1 Simdcomp | 2019-02-01 | 4.3 MEDIUM | 6.5 MEDIUM |
| SIMDComp before 0.1.1 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) because it can read (and then discard) extra bytes. NOTE: this issue exists because of an incomplete fix for CVE-2018-17427. | |||||
| CVE-2018-5811 | 2 Canonical, Libraw | 2 Ubuntu Linux, Libraw | 2019-01-30 | 4.3 MEDIUM | 6.5 MEDIUM |
| An error within the "nikon_coolscan_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.9 can be exploited to cause an out-of-bounds read memory access and subsequently cause a crash. | |||||
| CVE-2018-4256 | 1 Apple | 1 Mac Os X | 2019-01-16 | 2.1 LOW | 5.5 MEDIUM |
| In macOS High Sierra before 10.13.5, an out-of-bounds read was addressed with improved input validation. | |||||
| CVE-2018-4255 | 1 Apple | 1 Mac Os X | 2019-01-16 | 2.1 LOW | 5.5 MEDIUM |
| In macOS High Sierra before 10.13.5, an out-of-bounds read was addressed with improved input validation. | |||||
| CVE-2018-16082 | 2 Google, Redhat | 4 Chrome, Enterprise Linux Desktop, Enterprise Linux Server and 1 more | 2019-01-15 | 4.3 MEDIUM | 6.5 MEDIUM |
| An out of bounds read in Swiftshader in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. | |||||
| CVE-2018-6143 | 3 Debian, Google, Redhat | 5 Debian Linux, Chrome, Enterprise Linux Desktop and 2 more | 2019-01-15 | 4.3 MEDIUM | 6.5 MEDIUM |
| Insufficient validation in V8 in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. | |||||
| CVE-2018-20588 | 1 Otfcc Project | 1 Otfcc | 2019-01-14 | 4.3 MEDIUM | 6.5 MEDIUM |
| lib/support/unicodeconv/unicodeconv.c in libotfcc.a in otfcc v0.10.3-alpha has a buffer over-read. | |||||
| CVE-2018-20430 | 2 Debian, Gnu | 2 Debian Linux, Libextractor | 2019-01-11 | 4.3 MEDIUM | 6.5 MEDIUM |
| GNU Libextractor through 1.8 has an out-of-bounds read vulnerability in the function history_extract() in plugins/ole2_extractor.c, related to EXTRACTOR_common_convert_to_utf8 in common/convert.c. | |||||
| CVE-2018-20453 | 1 Libdoc Project | 1 Libdoc | 2019-01-11 | 4.3 MEDIUM | 6.5 MEDIUM |
| The getlong function in numutils.c in libdoc through 2017-10-23 has a heap-based buffer over-read that allows attackers to cause a denial of service (application crash) via a crafted file. | |||||
| CVE-2018-20591 | 1 Libming | 1 Libming | 2019-01-04 | 4.3 MEDIUM | 6.5 MEDIUM |
| A heap-based buffer over-read was discovered in decompileJUMP function in util/decompile.c of libming v0.4.8. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by swftocxx. | |||||
| CVE-2018-19842 | 1 Radare | 1 Radare2 | 2018-12-31 | 4.3 MEDIUM | 5.5 MEDIUM |
| getToken in libr/asm/p/asm_x86_nz.c in radare2 before 3.1.0 allows attackers to cause a denial of service (stack-based buffer over-read) via crafted x86 assembly data, as demonstrated by rasm2. | |||||
| CVE-2018-19843 | 1 Radare | 1 Radare2 | 2018-12-31 | 4.3 MEDIUM | 5.5 MEDIUM |
| opmov in libr/asm/p/asm_x86_nz.c in radare2 before 3.1.0 allows attackers to cause a denial of service (buffer over-read) via crafted x86 assembly data, as demonstrated by rasm2. | |||||
| CVE-2018-20456 | 1 Radare | 1 Radare2 | 2018-12-31 | 4.3 MEDIUM | 5.5 MEDIUM |
| In radare2 prior to 3.1.1, the parseOperand function inside libr/asm/p/asm_x86_nz.c may allow attackers to cause a denial of service (application crash in libr/util/strbuf.c via a stack-based buffer over-read) by crafting an input file, a related issue to CVE-2018-20455. | |||||
| CVE-2018-20461 | 1 Radare | 1 Radare2 | 2018-12-31 | 4.3 MEDIUM | 5.5 MEDIUM |
| In radare2 prior to 3.1.1, core_anal_bytes in libr/core/cmd_anal.c allows attackers to cause a denial-of-service (application crash caused by out-of-bounds read) by crafting a binary file. | |||||
| CVE-2017-16910 | 2 Canonical, Libraw | 2 Ubuntu Linux, Libraw | 2018-12-28 | 4.3 MEDIUM | 6.5 MEDIUM |
| An error within the "LibRaw::xtrans_interpolate()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.6 can be exploited to cause an invalid read memory access and subsequently a Denial of Service condition. | |||||
| CVE-2017-14501 | 1 Libarchive | 1 Libarchive | 2018-12-28 | 4.3 MEDIUM | 6.5 MEDIUM |
| An out-of-bounds read flaw exists in parse_file_info in archive_read_support_format_iso9660.c in libarchive 3.3.2 when extracting a specially crafted iso9660 iso file, related to archive_read_format_iso9660_read_header. | |||||
| CVE-2017-14503 | 1 Libarchive | 1 Libarchive | 2018-12-28 | 4.3 MEDIUM | 6.5 MEDIUM |
| libarchive 3.3.2 suffers from an out-of-bounds read within lha_read_data_none() in archive_read_support_format_lha.c when extracting a specially crafted lha archive, related to lha_crc16. | |||||
| CVE-2018-19761 | 1 Libsixel Project | 1 Libsixel | 2018-12-26 | 4.3 MEDIUM | 5.5 MEDIUM |
| There is an illegal address access at fromsixel.c (function: sixel_decode_raw_impl) in libsixel 1.8.2 that will cause a denial of service. | |||||
| CVE-2018-19763 | 1 Libsixel Project | 1 Libsixel | 2018-12-26 | 4.3 MEDIUM | 5.5 MEDIUM |
| There is a heap-based buffer over-read at writer.c (function: write_png_to_file) in libsixel 1.8.2 that will cause a denial of service. | |||||
| CVE-2018-19759 | 1 Libsixel Project | 1 Libsixel | 2018-12-26 | 4.3 MEDIUM | 5.5 MEDIUM |
| There is a heap-based buffer over-read at stb_image_write.h (function: stbi_write_png_to_mem) in libsixel 1.8.2 that will cause a denial of service. | |||||
| CVE-2018-19756 | 1 Libsixel Project | 1 Libsixel | 2018-12-26 | 4.3 MEDIUM | 5.5 MEDIUM |
| There is a heap-based buffer over-read at stb_image.h (function: stbi__tga_load) in libsixel 1.8.2 that will cause a denial of service. | |||||
| CVE-2018-5916 | 1 Qualcomm | 70 Mdm9206, Mdm9206 Firmware, Mdm9607 and 67 more | 2018-12-26 | 6.1 MEDIUM | 6.5 MEDIUM |
| Buffer overread while decoding PDP modify request or network initiated secondary PDP activation in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear in versions MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660, SDA845, SDX20, SXR1130. | |||||
| CVE-2018-18398 | 1 Xfce | 2 Thunar, Xfce | 2018-12-21 | 1.9 LOW | 4.7 MEDIUM |
| Xfce Thunar 1.6.15, when Xfce 4.12 is used, mishandles the IBus-Unikey input method for file searches within File Manager, leading to an out-of-bounds read and SEGV. This could potentially be exploited by an arbitrary local user who creates files in /tmp before the victim uses this input method. | |||||
| CVE-2018-19517 | 1 Sysstat Project | 1 Sysstat | 2018-12-19 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in sysstat 12.1.1. The remap_struct function in sa_common.c has an out-of-bounds read during a memset call, as demonstrated by sadf. | |||||
| CVE-2015-9274 | 1 Harfbuzz Project | 1 Harfbuzz | 2018-12-18 | 4.3 MEDIUM | 6.5 MEDIUM |
| HarfBuzz before 1.0.4 allows remote attackers to cause a denial of service (invalid read of two bytes and application crash) because of GPOS and GSUB table mishandling, related to hb-ot-layout-gpos-table.hh, hb-ot-layout-gsub-table.hh, and hb-ot-layout-gsubgpos-private.hh. | |||||
| CVE-2018-19353 | 1 Ansilove | 1 Libansilove | 2018-12-17 | 4.3 MEDIUM | 6.5 MEDIUM |
| The ansilove_ansi function in loaders/ansi.c in libansilove 1.0.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted file. | |||||
| CVE-2018-9544 | 1 Google | 1 Android | 2018-12-17 | 2.1 LOW | 5.5 MEDIUM |
| In register_app of btif_hd.cc, there is a possible out-of-bounds read due to a missing bounds check. This could lead to local information disclosure in the Bluetooth service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-113037220 | |||||
| CVE-2018-19218 | 1 Sass-lang | 1 Libsass | 2018-12-13 | 4.3 MEDIUM | 6.5 MEDIUM |
| In LibSass 3.5-stable, there is an illegal address access at Sass::Parser::parse_css_variable_value_token that will lead to a DoS attack. | |||||
| CVE-2018-17427 | 1 Simdcomp Project | 1 Simdcomp | 2018-12-13 | 4.3 MEDIUM | 6.5 MEDIUM |
| SIMDComp before 0.1.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) because it can read (and then discard) extra bytes. | |||||