Search
Total
4471 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-3970 | 1 Vmware | 4 Cloud Foundation, Esxi, Fusion and 1 more | 2020-07-01 | 1.9 LOW | 3.8 LOW |
| VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain an out-of-bounds read vulnerability in the Shader functionality. A malicious actor with non-administrative local access to a virtual machine with 3D graphics enabled may be able to exploit this vulnerability to crash the virtual machine's vmx process leading to a partial denial of service condition. | |||||
| CVE-2020-9603 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Macos and 1 more | 2020-06-30 | 4.3 MEDIUM | 5.5 MEDIUM |
| Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011.30166 and earlier, 2017.011.30166 and earlier, and 2015.006.30518 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | |||||
| CVE-2020-9602 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Macos and 1 more | 2020-06-30 | 4.3 MEDIUM | 5.5 MEDIUM |
| Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011.30166 and earlier, 2017.011.30166 and earlier, and 2015.006.30518 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | |||||
| CVE-2020-9608 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Macos and 1 more | 2020-06-30 | 4.3 MEDIUM | 5.5 MEDIUM |
| Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011.30166 and earlier, 2017.011.30166 and earlier, and 2015.006.30518 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | |||||
| CVE-2020-9609 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Macos and 1 more | 2020-06-30 | 4.3 MEDIUM | 5.5 MEDIUM |
| Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011.30166 and earlier, 2017.011.30166 and earlier, and 2015.006.30518 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | |||||
| CVE-2020-9629 | 2 Adobe, Microsoft | 2 Digital Negative Software Development Kit, Windows | 2020-06-29 | 4.3 MEDIUM | 5.5 MEDIUM |
| Adobe DNG Software Development Kit (SDK) 1.5 and earlier versions have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | |||||
| CVE-2020-9661 | 2 Adobe, Microsoft | 2 After Effects, Windows | 2020-06-29 | 9.3 HIGH | 7.8 HIGH |
| Adobe After Effects versions 17.1 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to arbitrary code execution . | |||||
| CVE-2020-3809 | 2 Adobe, Microsoft | 2 After Effects, Windows | 2020-06-29 | 4.3 MEDIUM | 5.5 MEDIUM |
| Adobe After Effects versions 17.0.1 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure . | |||||
| CVE-2020-9557 | 2 Adobe, Microsoft | 2 Bridge, Windows | 2020-06-29 | 4.3 MEDIUM | 5.5 MEDIUM |
| Adobe Bridge versions 10.0.1 and earlier version have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | |||||
| CVE-2020-9558 | 2 Adobe, Microsoft | 2 Bridge, Windows | 2020-06-29 | 4.3 MEDIUM | 3.3 LOW |
| Adobe Bridge versions 10.0.1 and earlier version have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | |||||
| CVE-2020-3658 | 1 Qualcomm | 88 Apq8009, Apq8009 Firmware, Apq8017 and 85 more | 2020-06-25 | 6.4 MEDIUM | 9.1 CRITICAL |
| Possible null-pointer dereference can occur while parsing mp4 clip with corrupted sample table atoms in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, Kamorta, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, QCA6574AU, QCS405, QCS605, QM215, Rennell, Saipan, SDA660, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 | |||||
| CVE-2020-12884 | 1 Arm | 1 Mbed Os | 2020-06-25 | 6.4 MEDIUM | 9.1 CRITICAL |
| A buffer over-read was discovered in the CoAP library in Arm Mbed OS 5.15.3. The CoAP parser is responsible for parsing received CoAP packets. The function sn_coap_parser_options_parse_multiple_options() parses CoAP options that may occur multiple consecutive times in a single packet. While processing the options, packet_data_pptr is accessed after being incremented by option_len without a prior out-of-bounds memory check. The temp_parsed_uri_query_ptr is validated for a correct range, but the range valid for temp_parsed_uri_query_ptr is derived from the amount of allocated heap memory, not the actual input size. Therefore the check of temp_parsed_uri_query_ptr may be insufficient for safe access to the area pointed to by packet_data_pptr. As a result, access to a memory area outside of the intended boundary of the packet buffer is made. | |||||
| CVE-2020-12886 | 1 Arm | 1 Mbed Os | 2020-06-25 | 6.4 MEDIUM | 9.1 CRITICAL |
| A buffer over-read was discovered in the CoAP library in Arm Mbed OS 5.15.3. The CoAP parser is responsible for parsing received CoAP packets. The function sn_coap_parser_options_parse() parses the CoAP packet header starting from the message token. The length of the token in the received message is provided in the first byte parsed by the sn_coap_parser_options_parse() function. The length encoded in the message is not validated against the actual input buffer length before accessing the token. As a result, memory access outside of the intended boundary of the buffer may occur. | |||||
| CVE-2020-12740 | 1 Appneta | 1 Tcpreplay | 2020-06-25 | 6.4 MEDIUM | 9.1 CRITICAL |
| tcprewrite in Tcpreplay through 4.3.2 has a heap-based buffer over-read during a get_c operation. The issue is being triggered in the function get_ipv6_next() at common/get.c. | |||||
| CVE-2020-13656 | 1 Morganstanley | 1 Hobbes | 2020-06-22 | 7.5 HIGH | 9.8 CRITICAL |
| In Morgan Stanley Hobbes through 2020-05-21, the array implementation lacks bounds checking, allowing exploitation of an out-of-bounds (OOB) read/write vulnerability that leads to both local and remote code (via RPC) execution. | |||||
| CVE-2018-19504 | 1 Audiocoding | 1 Freeware Advanced Audio Decoder 2 | 2020-06-15 | 6.8 MEDIUM | 7.8 HIGH |
| An issue was discovered in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.1. There is a NULL pointer dereference in ifilter_bank() in libfaad/filtbank.c. | |||||
| CVE-2020-0127 | 1 Google | 1 Android | 2020-06-15 | 4.3 MEDIUM | 6.5 MEDIUM |
| In AudioStream::decode of AudioGroup.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure in the phone process with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-140054506 | |||||
| CVE-2020-0211 | 1 Google | 1 Android | 2020-06-15 | 4.3 MEDIUM | 6.5 MEDIUM |
| In SumCompoundHorizontalTaps of convolve_neon.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-147491773 | |||||
| CVE-2020-0205 | 1 Google | 1 Android | 2020-06-15 | 4.3 MEDIUM | 6.5 MEDIUM |
| In the DaalaBitReader constructor of entropy_decoder.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure in the media server with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-147234020 | |||||
| CVE-2020-0200 | 1 Google | 1 Android | 2020-06-15 | 4.3 MEDIUM | 6.5 MEDIUM |
| In ReadLittleEndian of raw_bit_reader.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure in the media server with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-147231862 | |||||
| CVE-2020-10030 | 1 Powerdns | 1 Recursor | 2020-06-14 | 6.5 MEDIUM | 8.8 HIGH |
| An issue has been found in PowerDNS Recursor 4.1.0 up to and including 4.3.0. It allows an attacker (with enough privileges to change the system's hostname) to cause disclosure of uninitialized memory content via a stack-based out-of-bounds read. It only occurs on systems where gethostname() does not have '\0' termination of the returned string if the hostname is larger than the supplied buffer. (Linux systems are not affected because the buffer is always large enough. OpenBSD systems are not affected because the returned hostname always has '\0' termination.) Under some conditions, this issue can lead to the writing of one '\0' byte out-of-bounds on the stack, causing a denial of service or possibly arbitrary code execution. | |||||
| CVE-2020-1232 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2020-06-14 | 4.3 MEDIUM | 6.5 MEDIUM |
| An information disclosure vulnerability exists when Media Foundation improperly handles objects in memory, aka 'Media Foundation Information Disclosure Vulnerability'. | |||||
| CVE-2019-8267 | 1 Uvnc | 1 Ultravnc | 2020-06-12 | 5.0 MEDIUM | 7.5 HIGH |
| UltraVNC revision 1207 has out-of-bounds read vulnerability in VNC client code inside TextChat module, which results in a denial of service (DoS) condition. This attack appears to be exploitable via network connectivity. This vulnerability has been fixed in revision 1208. | |||||
| CVE-2019-8266 | 1 Uvnc | 1 Ultravnc | 2020-06-12 | 7.5 HIGH | 9.8 CRITICAL |
| UltraVNC revision 1207 has multiple out-of-bounds access vulnerabilities connected with improper usage of ClientConnection::Copybuffer function in VNC client code, which can potentially result in code execution. This attack appears to be exploitable via network connectivity. User interaction is required to trigger these vulnerabilities. These vulnerabilities have been fixed in revision 1208. | |||||
| CVE-2019-8270 | 1 Uvnc | 1 Ultravnc | 2020-06-12 | 5.0 MEDIUM | 7.5 HIGH |
| UltraVNC revision 1210 has out-of-bounds read vulnerability in VNC client code inside Ultra decoder, which results in a denial of service (DoS) condition. This attack appear to be exploitable via network connectivity. This vulnerability has been fixed in revision 1211. | |||||
| CVE-2020-0191 | 1 Google | 1 Android | 2020-06-12 | 4.3 MEDIUM | 6.5 MEDIUM |
| In ih264d_update_default_index_list() of ih264d_dpb_mgr.c, there is a possible out of bounds read due to a logic error. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-140561484 | |||||
| CVE-2020-0193 | 1 Google | 1 Android | 2020-06-12 | 4.3 MEDIUM | 6.5 MEDIUM |
| In ihevc_intra_pred_chroma_mode_3_to_9_av8 of ihevc_intra_pred_chroma_mode_3_to_9.s, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-144595488 | |||||
| CVE-2020-0180 | 1 Google | 1 Android | 2020-06-12 | 4.3 MEDIUM | 6.5 MEDIUM |
| In GetOpusHeaderBuffers() of OpusHeader.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-142861738 | |||||
| CVE-2020-0143 | 1 Google | 1 Android | 2020-06-12 | 2.1 LOW | 4.4 MEDIUM |
| In nfa_dm_ndef_find_next_handler of nfa_dm_ndef.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure of heap data via compromised device firmware with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-145597277 | |||||
| CVE-2020-0144 | 1 Google | 1 Android | 2020-06-12 | 2.1 LOW | 4.4 MEDIUM |
| In btm_proc_sp_req_evt of btm_sec.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure via compromised device firmware with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-142543497 | |||||
| CVE-2020-0149 | 1 Google | 1 Android | 2020-06-12 | 2.1 LOW | 4.4 MEDIUM |
| In btu_hcif_mode_change_evt of btu_hcif.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure via compromised device firmware with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-142544089 | |||||
| CVE-2020-0148 | 1 Google | 1 Android | 2020-06-12 | 2.1 LOW | 4.4 MEDIUM |
| In btu_hcif_pin_code_request_evt, btu_hcif_link_key_request_evt, and btu_hcif_link_key_notification_evt of btu_hcif.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure via compromised device firmware with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-142638492 | |||||
| CVE-2020-0146 | 1 Google | 1 Android | 2020-06-12 | 2.1 LOW | 4.4 MEDIUM |
| In btu_hcif_hardware_error_evt of btu_hcif.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure via compromised device firmware with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-142546561 | |||||
| CVE-2020-0145 | 1 Google | 1 Android | 2020-06-12 | 2.1 LOW | 4.4 MEDIUM |
| In btm_simple_pair_complete of btm_sec.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure via compromised device firmware with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-142544079 | |||||
| CVE-2020-0214 | 1 Google | 1 Android | 2020-06-12 | 5.0 MEDIUM | 7.5 HIGH |
| In ce_t4t_process_select_file_cmd of ce_t4t.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-140292264 | |||||
| CVE-2020-0157 | 1 Google | 1 Android | 2020-06-12 | 4.0 MEDIUM | 4.9 MEDIUM |
| In nfa_hci_conn_cback of nfa_hci_main.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure via compromised device firmware with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-139740814 | |||||
| CVE-2020-0147 | 1 Google | 1 Android | 2020-06-12 | 2.1 LOW | 4.4 MEDIUM |
| In btu_hcif_esco_connection_chg_evt of btu_hcif.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure via compromised device firmware with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-142638392 | |||||
| CVE-2020-0156 | 1 Google | 1 Android | 2020-06-12 | 2.1 LOW | 5.5 MEDIUM |
| In NxpNfc::ioctl of NxpNfc.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-139736127 | |||||
| CVE-2020-0154 | 1 Google | 1 Android | 2020-06-12 | 2.1 LOW | 4.4 MEDIUM |
| In nci_proc_core_rsp of nci_hrcv.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure via compromised device firmware with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-141550919 | |||||
| CVE-2020-0152 | 1 Google | 1 Android | 2020-06-12 | 2.1 LOW | 4.4 MEDIUM |
| In avb_vbmeta_image_verify of avb_vbmeta_image.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-145992159 | |||||
| CVE-2020-0151 | 1 Google | 1 Android | 2020-06-12 | 2.1 LOW | 4.4 MEDIUM |
| In avb_vbmeta_image_verify of avb_vbmeta_image.c there is a possible out of bounds read due to a missing bounds check. This could lead to a local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-133164384 | |||||
| CVE-2020-0185 | 1 Google | 1 Android | 2020-06-12 | 2.1 LOW | 5.5 MEDIUM |
| In avrc_pars_browsing_cmd of avrc_pars_tg.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-79945152 | |||||
| CVE-2020-0197 | 1 Google | 1 Android | 2020-06-12 | 2.1 LOW | 5.5 MEDIUM |
| In InitDataParser::parsePssh of InitDataParser.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-137370379 | |||||
| CVE-2020-0158 | 1 Google | 1 Android | 2020-06-11 | 2.1 LOW | 4.4 MEDIUM |
| In nfc_ncif_proc_t3t_polling_ntf of nfc_ncif.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-141547128 | |||||
| CVE-2020-0159 | 1 Google | 1 Android | 2020-06-11 | 3.5 LOW | 5.5 MEDIUM |
| In rw_mfc_writeBlock of rw_mfc.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-140768035 | |||||
| CVE-2020-0164 | 1 Google | 1 Android | 2020-06-11 | 2.1 LOW | 4.4 MEDIUM |
| In phNxpNciHal_NfcDep_cmd_ext of phNxpNciHal_NfcDepSWPrio.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-139736125 | |||||
| CVE-2016-8681 | 1 Libdwarf Project | 1 Libdwarf | 2020-06-11 | 4.3 MEDIUM | 5.5 MEDIUM |
| The _dwarf_get_abbrev_for_code function in dwarf_util.c in libdwarf 20161001 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) by calling the dwarfdump command on a crafted file. | |||||
| CVE-2016-8679 | 1 Libdwarf Project | 1 Libdwarf | 2020-06-11 | 4.3 MEDIUM | 5.5 MEDIUM |
| The _dwarf_get_size_of_val function in libdwarf/dwarf_util.c in Libdwarf before 20161124 allows remote attackers to cause a denial of service (out-of-bounds read) by calling the dwarfdump command on a crafted file. | |||||
| CVE-2017-7544 | 1 Libexif Project | 1 Libexif | 2020-06-11 | 6.4 MEDIUM | 9.1 CRITICAL |
| libexif through 0.6.21 is vulnerable to out-of-bounds heap read vulnerability in exif_data_save_data_entry function in libexif/exif-data.c caused by improper length computation of the allocated data of an ExifMnote entry which can cause denial-of-service or possibly information disclosure. | |||||
| CVE-2019-20503 | 1 Usrsctp Project | 1 Usrsctp | 2020-06-11 | 4.3 MEDIUM | 6.5 MEDIUM |
| usrsctp before 2019-12-20 has out-of-bounds reads in sctp_load_addresses_from_init. | |||||