Search
Total
4471 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-14245 | 2 Debian, Libsndfile Project | 2 Debian Linux, Libsndfile | 2020-10-29 | 5.8 MEDIUM | 8.1 HIGH |
| An out of bounds read in the function d2alaw_array() in alaw.c of libsndfile 1.0.28 may lead to a remote DoS attack or information disclosure, related to mishandling of the NAN and INFINITY floating-point values. | |||||
| CVE-2019-8746 | 1 Apple | 6 Icloud, Iphone Os, Itunes and 3 more | 2020-10-29 | 7.5 HIGH | 9.8 CRITICAL |
| An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15, iOS 13, iCloud for Windows 7.14, iCloud for Windows 10.7, tvOS 13, macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, watchOS 6, iTunes 12.10.1 for Windows. A remote attacker may be able to cause unexpected application termination or arbitrary code execution. | |||||
| CVE-2020-24418 | 2 Adobe, Microsoft | 2 After Effects, Windows | 2020-10-29 | 9.3 HIGH | 7.8 HIGH |
| Adobe After Effects version 17.1.1 (and earlier) is affected by an out-of-bounds read vulnerability when parsing a crafted .aepx file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. This vulnerability requires user interaction to exploit. | |||||
| CVE-2019-8759 | 1 Apple | 1 Mac Os X | 2020-10-29 | 6.6 MEDIUM | 7.1 HIGH |
| An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, macOS Catalina 10.15. A local user may be able to cause unexpected system termination or read kernel memory. | |||||
| CVE-2020-26566 | 1 Motion Project | 1 Motion | 2020-10-29 | 5.0 MEDIUM | 7.5 HIGH |
| A Denial of Service condition in Motion-Project Motion 3.2 through 4.3.1 allows remote unauthenticated users to cause a webu.c segmentation fault and kill the main process via a crafted HTTP request. | |||||
| CVE-2015-8743 | 2 Debian, Qemu | 2 Debian Linux, Qemu | 2020-10-29 | 3.6 LOW | 7.1 HIGH |
| QEMU (aka Quick Emulator) built with the NE2000 device emulation support is vulnerable to an OOB r/w access issue. It could occur while performing 'ioport' r/w operations. A privileged (CAP_SYS_RAWIO) user/process could use this flaw to leak or corrupt QEMU memory bytes. | |||||
| CVE-2019-8547 | 1 Apple | 3 Iphone Os, Mac Os X, Watchos | 2020-10-29 | 7.5 HIGH | 9.8 CRITICAL |
| An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. This issue is fixed in macOS Mojave 10.14.5, Security Update 2019-003 High Sierra, Security Update 2019-003 Sierra, watchOS 5.2, macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra, iOS 12.2. A remote attacker may be able to leak memory. | |||||
| CVE-2020-16159 | 1 Gopro | 1 Gpmf-parser | 2020-10-29 | 6.4 MEDIUM | 9.1 CRITICAL |
| GoPro gpmf-parser 1.5 has a heap out-of-bounds read and segfault in GPMF_ScaledData(). Parsing malicious input can result in a crash or information disclosure. | |||||
| CVE-2017-13687 | 2 Debian, Tcpdump | 2 Debian Linux, Tcpdump | 2020-10-28 | 7.5 HIGH | 9.8 CRITICAL |
| The Cisco HDLC parser in tcpdump before 4.9.2 has a buffer over-read in print-chdlc.c:chdlc_print(). | |||||
| CVE-2017-13725 | 2 Debian, Tcpdump | 2 Debian Linux, Tcpdump | 2020-10-28 | 7.5 HIGH | 9.8 CRITICAL |
| The IPv6 routing header parser in tcpdump before 4.9.2 has a buffer over-read in print-rt6.c:rt6_print(). | |||||
| CVE-2017-13028 | 2 Debian, Tcpdump | 2 Debian Linux, Tcpdump | 2020-10-28 | 7.5 HIGH | 9.8 CRITICAL |
| The BOOTP parser in tcpdump before 4.9.2 has a buffer over-read in print-bootp.c:bootp_print(). | |||||
| CVE-2017-13024 | 2 Debian, Tcpdump | 2 Debian Linux, Tcpdump | 2020-10-28 | 7.5 HIGH | 9.8 CRITICAL |
| The IPv6 mobility parser in tcpdump before 4.9.2 has a buffer over-read in print-mobility.c:mobility_opt_print(). | |||||
| CVE-2017-13020 | 2 Debian, Tcpdump | 2 Debian Linux, Tcpdump | 2020-10-28 | 7.5 HIGH | 9.8 CRITICAL |
| The VTP parser in tcpdump before 4.9.2 has a buffer over-read in print-vtp.c:vtp_print(). | |||||
| CVE-2017-13004 | 2 Debian, Tcpdump | 2 Debian Linux, Tcpdump | 2020-10-28 | 7.5 HIGH | 9.8 CRITICAL |
| The Juniper protocols parser in tcpdump before 4.9.2 has a buffer over-read in print-juniper.c:juniper_parse_header(). | |||||
| CVE-2020-9938 | 1 Apple | 7 Icloud, Ipad Os, Iphone Os and 4 more | 2020-10-28 | 6.8 MEDIUM | 7.8 HIGH |
| An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing a maliciously crafted image may lead to arbitrary code execution. | |||||
| CVE-2019-8582 | 1 Apple | 5 Icloud, Iphone Os, Itunes and 2 more | 2020-10-28 | 4.3 MEDIUM | 5.5 MEDIUM |
| An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iCloud for Windows 7.12, tvOS 12.3, iTunes 12.9.5 for Windows, macOS Mojave 10.14.5, Security Update 2019-003 High Sierra, Security Update 2019-003 Sierra, iOS 12.3. Processing a maliciously crafted font may result in the disclosure of process memory. | |||||
| CVE-2020-9779 | 1 Apple | 1 Mac Os X | 2020-10-28 | 6.6 MEDIUM | 7.1 HIGH |
| An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.4. A local user may be able to cause unexpected system termination or read kernel memory. | |||||
| CVE-2020-9984 | 1 Apple | 7 Icloud, Ipad Os, Iphone Os and 4 more | 2020-10-27 | 6.8 MEDIUM | 7.8 HIGH |
| An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing a maliciously crafted image may lead to arbitrary code execution. | |||||
| CVE-2020-9873 | 1 Apple | 7 Icloud, Ipad Os, Iphone Os and 4 more | 2020-10-27 | 6.8 MEDIUM | 7.8 HIGH |
| An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing a maliciously crafted image may lead to arbitrary code execution. | |||||
| CVE-2020-9877 | 1 Apple | 7 Icloud, Ipad Os, Iphone Os and 4 more | 2020-10-27 | 6.8 MEDIUM | 7.8 HIGH |
| An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing a maliciously crafted image may lead to arbitrary code execution. | |||||
| CVE-2019-18795 | 1 Un4seen | 1 Bass | 2020-10-27 | 4.3 MEDIUM | 6.5 MEDIUM |
| The BASS Audio Library 2.4.14 under Windows is prone to a BASS_StreamCreateFile out of bounds read vulnerability via a crafted .wav file. An attacker can exploit this issues to gain access to sensitive information that may aid in further attacks. A failure in exploitation leads to denial of service. | |||||
| CVE-2020-25188 | 1 Laquisscada | 1 Scada | 2020-10-26 | 6.8 MEDIUM | 7.8 HIGH |
| An attacker who convinces a valid user to open a specially crafted project file to exploit could execute code under the privileges of the application due to an out-of-bounds read vulnerability on the LAquis SCADA (Versions prior to 4.3.1.870). | |||||
| CVE-2018-7728 | 3 Canonical, Debian, Exempi Project | 3 Ubuntu Linux, Debian Linux, Exempi | 2020-10-26 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in Exempi through 2.4.4. XMPFiles/source/FileHandlers/TIFF_Handler.cpp mishandles a case of a zero length, leading to a heap-based buffer over-read in the MD5Update() function in third-party/zuid/interfaces/MD5.cpp. | |||||
| CVE-2018-7730 | 3 Canonical, Debian, Exempi Project | 3 Ubuntu Linux, Debian Linux, Exempi | 2020-10-26 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in Exempi through 2.4.4. A certain case of a 0xffffffff length is mishandled in XMPFiles/source/FormatSupport/PSIR_FileWriter.cpp, leading to a heap-based buffer over-read in the PSD_MetaHandler::CacheFileData() function. | |||||
| CVE-2018-7729 | 2 Canonical, Exempi Project | 2 Ubuntu Linux, Exempi | 2020-10-26 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in Exempi through 2.4.4. There is a stack-based buffer over-read in the PostScript_MetaHandler::ParsePSFile() function in XMPFiles/source/FileHandlers/PostScript_Handler.cpp. | |||||
| CVE-2017-12987 | 3 Debian, Redhat, Tcpdump | 5 Debian Linux, Enterprise Linux Desktop, Enterprise Linux Server and 2 more | 2020-10-23 | 7.5 HIGH | 9.8 CRITICAL |
| The IEEE 802.11 parser in tcpdump before 4.9.2 has a buffer over-read in print-802_11.c:parse_elements(). | |||||
| CVE-2017-12899 | 3 Debian, Redhat, Tcpdump | 5 Debian Linux, Enterprise Linux Desktop, Enterprise Linux Server and 2 more | 2020-10-23 | 7.5 HIGH | 9.8 CRITICAL |
| The DECnet parser in tcpdump before 4.9.2 has a buffer over-read in print-decnet.c:decnet_print(). | |||||
| CVE-2017-12896 | 3 Debian, Redhat, Tcpdump | 5 Debian Linux, Enterprise Linux Desktop, Enterprise Linux Server and 2 more | 2020-10-23 | 7.5 HIGH | 9.8 CRITICAL |
| The ISAKMP parser in tcpdump before 4.9.2 has a buffer over-read in print-isakmp.c:isakmp_rfc3948_print(). | |||||
| CVE-2017-12902 | 3 Debian, Redhat, Tcpdump | 5 Debian Linux, Enterprise Linux Desktop, Enterprise Linux Server and 2 more | 2020-10-23 | 7.5 HIGH | 9.8 CRITICAL |
| The Zephyr parser in tcpdump before 4.9.2 has a buffer over-read in print-zephyr.c, several functions. | |||||
| CVE-2020-9750 | 2 Adobe, Microsoft | 2 Animate, Windows | 2020-10-23 | 9.3 HIGH | 7.8 HIGH |
| Adobe Animate version 20.5 (and earlier) is affected by an out-of-bounds read vulnerability, which could result in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted .fla file in Animate. | |||||
| CVE-2020-9749 | 2 Adobe, Microsoft | 2 Animate, Windows | 2020-10-23 | 9.3 HIGH | 7.8 HIGH |
| Adobe Animate version 20.5 (and earlier) is affected by an out-of-bounds read vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted .fla file in Animate. | |||||
| CVE-2020-5134 | 1 Sonicwall | 2 Sonicos, Sonicosv | 2020-10-23 | 4.0 MEDIUM | 6.5 MEDIUM |
| A vulnerability in SonicOS allows an authenticated attacker to cause out-of-bound invalid file reference leads to a firewall crash. This vulnerability affected SonicOS Gen 6 version 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version 7.0.0.0. | |||||
| CVE-2020-5140 | 1 Sonicwall | 2 Sonicos, Sonicosv | 2020-10-23 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability in SonicOS allows a remote unauthenticated attacker to cause Denial of Service (DoS) on the firewall SSLVPN service by sending a malicious HTTP request that leads to memory addresses leak. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version SonicOS 7.0.0.0. | |||||
| CVE-2020-12911 | 1 Amd | 1 Atikmdag.sys | 2020-10-22 | 4.9 MEDIUM | 5.5 MEDIUM |
| A denial of service vulnerability exists in the D3DKMTCreateAllocation handler functionality of AMD ATIKMDAG.SYS (e.g. version 26.20.15029.27017). A specially crafted D3DKMTCreateAllocation API request can cause an out-of-bounds read and denial of service (BSOD). This vulnerability can be triggered from a non-privileged account. | |||||
| CVE-2016-5107 | 3 Canonical, Debian, Qemu | 3 Ubuntu Linux, Debian Linux, Qemu | 2020-10-21 | 1.9 LOW | 6.0 MEDIUM |
| The megasas_lookup_frame function in QEMU, when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, allows local guest OS administrators to cause a denial of service (out-of-bounds read and crash) via unspecified vectors. | |||||
| CVE-2020-12933 | 1 Amd | 1 Atikmdag.sys | 2020-10-21 | 4.9 MEDIUM | 5.5 MEDIUM |
| A denial of service vulnerability exists in the D3DKMTEscape handler functionality of AMD ATIKMDAG.SYS (e.g. version 26.20.15029.27017). A specially crafted D3DKMTEscape API request can cause an out-of-bounds read in Windows OS kernel memory area. This vulnerability can be triggered from a non-privileged account. | |||||
| CVE-2020-9909 | 1 Apple | 4 Ipad Os, Iphone Os, Tvos and 1 more | 2020-10-20 | 4.3 MEDIUM | 5.9 MEDIUM |
| An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8. An attacker that has already achieved kernel code execution may be able to bypass kernel memory mitigations. | |||||
| CVE-2020-9894 | 1 Apple | 7 Icloud, Ipad Os, Iphone Os and 4 more | 2020-10-20 | 4.3 MEDIUM | 4.3 MEDIUM |
| An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. A remote attacker may be able to cause unexpected application termination or arbitrary code execution. | |||||
| CVE-2020-13790 | 2 Libjpeg-turbo, Mozilla | 2 Libjpeg-turbo, Mozjpeg | 2020-10-20 | 5.8 MEDIUM | 8.1 HIGH |
| libjpeg-turbo 2.0.4, and mozjpeg 4.0.0, has a heap-based buffer over-read in get_rgb_row() in rdppm.c via a malformed PPM input file. | |||||
| CVE-2020-9891 | 1 Apple | 5 Ipad Os, Iphone Os, Mac Os X and 2 more | 2020-10-19 | 6.8 MEDIUM | 7.8 HIGH |
| An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. Processing a maliciously crafted audio file may lead to arbitrary code execution. | |||||
| CVE-2020-9888 | 1 Apple | 5 Ipad Os, Iphone Os, Mac Os X and 2 more | 2020-10-19 | 6.8 MEDIUM | 7.8 HIGH |
| An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. Processing a maliciously crafted audio file may lead to arbitrary code execution. | |||||
| CVE-2020-9890 | 1 Apple | 5 Ipad Os, Iphone Os, Mac Os X and 2 more | 2020-10-19 | 6.8 MEDIUM | 7.8 HIGH |
| An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. Processing a maliciously crafted audio file may lead to arbitrary code execution. | |||||
| CVE-2020-9799 | 1 Apple | 1 Mac Os X | 2020-10-19 | 9.3 HIGH | 7.8 HIGH |
| An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Catalina 10.15.6. A malicious application may be able to execute arbitrary code with kernel privileges. | |||||
| CVE-2016-10269 | 1 Libtiff | 1 Libtiff | 2020-10-16 | 6.8 MEDIUM | 7.8 HIGH |
| LibTIFF 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6 and 4.0.7 allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted TIFF image, related to "READ of size 512" and libtiff/tif_unix.c:340:2. | |||||
| CVE-2020-0413 | 1 Google | 1 Android | 2020-10-16 | 5.0 MEDIUM | 7.5 HIGH |
| In gatt_process_read_by_type_rsp of gatt_cl.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure in the Bluetooth server with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11 Android-8.0Android ID: A-158778659 | |||||
| CVE-2020-0377 | 1 Google | 1 Android | 2020-10-16 | 7.8 HIGH | 7.5 HIGH |
| In gatt_process_read_by_type_rsp of gatt_cl.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure in the Bluetooth server with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11 Android-8.0Android ID: A-158833854 | |||||
| CVE-2019-6752 | 2 Foxitsoftware, Microsoft | 3 Foxit Reader, Phantompdf, Windows | 2020-10-16 | 4.3 MEDIUM | 5.5 MEDIUM |
| This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit PhantomPDF 9.3.10826. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF documents. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-7620. | |||||
| CVE-2020-9087 | 1 Huawei | 2 Taurus-al00a, Taurus-al00a Firmware | 2020-10-16 | 2.1 LOW | 5.5 MEDIUM |
| Taurus-AL00A version 10.0.0.1(C00E1R1P1) has an out-of-bounds read vulnerability in XFRM module. An authenticated, local attacker may perform a specific operation to exploit this vulnerability. Due to insufficient validation of the parameters, which may be exploited to cause information leak. | |||||
| CVE-2020-9091 | 1 Huawei | 2 Taurus-an00b, Taurus-an00b Firmware | 2020-10-16 | 2.1 LOW | 5.5 MEDIUM |
| Taurus-AN00B versions earlier than 10.1.0.156(C00E155R7P2) have an out-of-bounds read and write vulnerability. Some functions do not verify inputs sufficiently. Attackers can exploit this vulnerability by sending specific request. This could compromise normal service of the affected device. | |||||
| CVE-2020-9108 | 1 Huawei | 2 P30 Pro, P30 Pro Firmware | 2020-10-16 | 7.1 HIGH | 5.5 MEDIUM |
| HUAWEI P30 Pro versions earlier than 10.1.0.160(C00E160R2P8) have an out-of-bounds read and write vulnerability. An unauthenticated attacker crafts malformed message with specific parameter and sends the message to the affected products. Due to insufficient validation of message, which may be exploited to cause the process reboot. | |||||