Search
Total
4471 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-38242 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2023-08-15 | N/A | 5.5 MEDIUM |
| Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2023-30796 | 1 Siemens | 2 Jt Open Toolkit, Jt Utilities | 2023-08-15 | N/A | 7.8 HIGH |
| A vulnerability has been identified in JT Open (All versions < V11.4), JT Utilities (All versions < V13.4). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted JT files. This could allow an attacker to execute code in the context of the current process. | |||||
| CVE-2023-38229 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2023-08-15 | N/A | 5.5 MEDIUM |
| Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2023-38248 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2023-08-15 | N/A | 5.5 MEDIUM |
| Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2023-38247 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2023-08-15 | N/A | 5.5 MEDIUM |
| Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2023-38244 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2023-08-15 | N/A | 5.5 MEDIUM |
| Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2023-38682 | 1 Siemens | 2 Jt2go, Teamcenter Visualization | 2023-08-14 | N/A | 7.8 HIGH |
| A vulnerability has been identified in JT2Go (All versions < V14.2.0.5), Teamcenter Visualization V13.2 (All versions < V13.2.0.14), Teamcenter Visualization V14.1 (All versions < V14.1.0.10), Teamcenter Visualization V14.2 (All versions < V14.2.0.5). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted TIFF files. This could allow an attacker to execute code in the context of the current process. | |||||
| CVE-2023-38213 | 3 Adobe, Apple, Microsoft | 3 Dimension, Macos, Windows | 2023-08-14 | N/A | 5.5 MEDIUM |
| Adobe Dimension version 3.4.9 is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2023-4048 | 2 Debian, Mozilla | 3 Debian Linux, Firefox, Firefox Esr | 2023-08-11 | N/A | 7.5 HIGH |
| An out-of-bounds read could have led to an exploitable crash when parsing HTML with DOMParser in low memory situations. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1. | |||||
| CVE-2023-30795 | 1 Siemens | 3 Jt Open, Jt Utilities, Parasolid | 2023-08-11 | N/A | 7.8 HIGH |
| A vulnerability has been identified in JT Open (All versions < V11.4), JT Utilities (All versions < V13.4), Parasolid V34.0 (All versions < V34.0.253), Parasolid V34.1 (All versions < V34.1.243), Parasolid V35.0 (All versions < V35.0.177), Parasolid V35.1 (All versions < V35.1.073). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted JT files. This could allow an attacker to execute code in the context of the current process. | |||||
| CVE-2021-30939 | 1 Apple | 6 Ipados, Iphone Os, Mac Os X and 3 more | 2023-08-11 | 6.8 MEDIUM | 7.8 HIGH |
| An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.6.2, tvOS 15.2, macOS Monterey 12.1, Security Update 2021-008 Catalina, iOS 15.2 and iPadOS 15.2, watchOS 8.3. Processing a maliciously crafted image may lead to arbitrary code execution. | |||||
| CVE-2023-28555 | 1 Qualcomm | 142 Ar8035, Ar8035 Firmware, Mdm9628 and 139 more | 2023-08-10 | N/A | 7.5 HIGH |
| Transient DOS in Audio while remapping channel buffer in media codec decoding. | |||||
| CVE-2023-21625 | 1 Qualcomm | 92 Apq8009, Apq8009 Firmware, Apq8017 and 89 more | 2023-08-10 | N/A | 7.5 HIGH |
| Information disclosure in Network Services due to buffer over-read while the device receives DNS response. | |||||
| CVE-2023-39183 | 1 Siemens | 1 Solid Edge | 2023-08-10 | N/A | 7.8 HIGH |
| A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 7). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PSM files. This could allow an attacker to execute code in the context of the current process. | |||||
| CVE-2023-39184 | 1 Siemens | 1 Solid Edge | 2023-08-10 | N/A | 7.8 HIGH |
| A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 7). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PSM files. This could allow an attacker to execute code in the context of the current process. | |||||
| CVE-2023-39182 | 1 Siemens | 1 Solid Edge | 2023-08-10 | N/A | 7.8 HIGH |
| A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 7). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted DFT files. This could allow an attacker to execute code in the context of the current process. | |||||
| CVE-2023-39187 | 1 Siemens | 1 Solid Edge | 2023-08-10 | N/A | 7.8 HIGH |
| A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 7). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted DFT files. This could allow an attacker to execute code in the context of the current process. | |||||
| CVE-2023-39185 | 1 Siemens | 1 Solid Edge | 2023-08-10 | N/A | 7.8 HIGH |
| A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 7). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process. | |||||
| CVE-2023-39186 | 1 Siemens | 1 Solid Edge | 2023-08-10 | N/A | 7.8 HIGH |
| A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 7). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted DFT files. This could allow an attacker to execute code in the context of the current process. | |||||
| CVE-2023-39188 | 1 Siemens | 1 Solid Edge | 2023-08-10 | N/A | 7.8 HIGH |
| A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 7). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted DFT files. This could allow an attacker to execute code in the context of the current process. | |||||
| CVE-2022-47351 | 2 Google, Unisoc | 10 Android, S8000, T606 and 7 more | 2023-08-10 | N/A | 4.4 MEDIUM |
| In camera driver, there is a possible out of bounds read due to a missing bounds check. This could lead to local denial of service with System execution privileges needed | |||||
| CVE-2022-47350 | 2 Google, Unisoc | 12 Android, S8000, Sc9863a and 9 more | 2023-08-10 | N/A | 4.4 MEDIUM |
| In camera driver, there is a possible out of bounds read due to a missing bounds check. This could lead to local denial of service with System execution privileges needed | |||||
| CVE-2023-20813 | 2 Google, Mediatek | 25 Android, Mt6580, Mt6739 and 22 more | 2023-08-09 | N/A | 4.4 MEDIUM |
| In wlan service, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07453549; Issue ID: ALPS07453549. | |||||
| CVE-2023-20818 | 2 Google, Mediatek | 25 Android, Mt6580, Mt6739 and 22 more | 2023-08-09 | N/A | 4.4 MEDIUM |
| In wlan service, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07460540; Issue ID: ALPS07460540. | |||||
| CVE-2023-33383 | 1 Shelly | 2 Pro 4pm, Pro 4pm Firmware | 2023-08-09 | N/A | 5.3 MEDIUM |
| Shelly 4PM Pro four-channel smart switch 0.11.0 allows an attacker to trigger a BLE out of bounds read fault condition that results in a device reload. | |||||
| CVE-2023-20798 | 2 Google, Mediatek | 12 Android, Mt2713, Mt6855 and 9 more | 2023-08-09 | N/A | 4.4 MEDIUM |
| In pda, there is a possible out of bounds read due to an incorrect calculation of buffer size. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07147572; Issue ID: ALPS07421076. | |||||
| CVE-2018-11206 | 1 Hdfgroup | 1 Hdf5 | 2023-08-09 | 5.8 MEDIUM | 8.1 HIGH |
| An out of bounds read was discovered in H5O_fill_new_decode and H5O_fill_old_decode in H5Ofill.c in the HDF HDF5 1.10.2 library. It could allow a remote denial of service or information disclosure attack. | |||||
| CVE-2023-38746 | 1 Omron | 1 Cx-programmer | 2023-08-08 | N/A | 7.8 HIGH |
| Out-of-bounds read vulnerability/issue exists in CX-Programmer Included in CX-One CXONE-AL[][]D-V4 V9.80 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may occur. | |||||
| CVE-2023-25600 | 1 Insyde | 1 Insydecrpkg | 2023-08-08 | N/A | 7.1 HIGH |
| An issue was discovered in InsydeH2O. A malicious operating system can tamper with a runtime-writable EFI variable, leading to out-of-bounds memory reads and a denial of service. This is fixed in version 01.01.04.0016. | |||||
| CVE-2021-36411 | 2 Debian, Struktur | 2 Debian Linux, Libde265 | 2023-08-08 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue has been found in libde265 v1.0.8 due to incorrect access control. A SEGV caused by a READ memory access in function derive_boundaryStrength of deblock.cc has occurred. The vulnerability causes a segmentation fault and application crash, which leads to remote denial of service. | |||||
| CVE-2022-27942 | 2 Broadcom, Fedoraproject | 2 Tcpreplay, Fedora | 2023-08-08 | 6.8 MEDIUM | 7.8 HIGH |
| tcpprep in Tcpreplay 4.4.1 has a heap-based buffer over-read in parse_mpls in common/get.c. | |||||
| CVE-2022-27941 | 2 Broadcom, Fedoraproject | 2 Tcpreplay, Fedora | 2023-08-08 | 6.8 MEDIUM | 7.8 HIGH |
| tcprewrite in Tcpreplay 4.4.1 has a heap-based buffer over-read in get_l2len_protocol in common/get.c. | |||||
| CVE-2021-26388 | 1 Amd | 213 Epyc 7232p, Epyc 7232p Firmware, Epyc 7252 and 210 more | 2023-08-08 | 4.9 MEDIUM | 5.5 MEDIUM |
| Improper validation of the BIOS directory may allow for searches to read beyond the directory table copy in RAM, exposing out of bounds memory contents, resulting in a potential denial of service. | |||||
| CVE-2021-40606 | 1 Gpac | 1 Gpac | 2023-08-08 | 4.3 MEDIUM | 5.5 MEDIUM |
| The gf_bs_write_data function in GPAC 1.0.1 allows attackers to cause a denial of service via a crafted file in the MP4Box command. | |||||
| CVE-2022-46393 | 2 Arm, Fedoraproject | 2 Mbed Tls, Fedora | 2023-08-08 | N/A | 9.8 CRITICAL |
| An issue was discovered in Mbed TLS before 2.28.2 and 3.x before 3.3.0. There is a potential heap-based buffer overflow and heap-based buffer over-read in DTLS if MBEDTLS_SSL_DTLS_CONNECTION_ID is enabled and MBEDTLS_SSL_CID_IN_LEN_MAX > 2 * MBEDTLS_SSL_CID_OUT_LEN_MAX. | |||||
| CVE-2022-20574 | 1 Google | 1 Android | 2023-08-08 | N/A | 5.5 MEDIUM |
| In sec_sysmmu_info of drm_fw.c, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-237582191References: N/A | |||||
| CVE-2021-35452 | 2 Debian, Struktur | 2 Debian Linux, Libde265 | 2023-08-08 | 4.3 MEDIUM | 6.5 MEDIUM |
| An Incorrect Access Control vulnerability exists in libde265 v1.0.8 due to a SEGV in slice.cc. | |||||
| CVE-2022-42901 | 1 Bentley | 2 Microstation, View | 2023-08-08 | N/A | 7.8 HIGH |
| Bentley MicroStation and MicroStation-based applications may be affected by out-of-bounds and stack overflow issues when opening crafted XMT files. Exploiting these issues could lead to information disclosure and code execution. The fixed versions are 10.17.01.58* for MicroStation and 10.17.01.19* for Bentley View. | |||||
| CVE-2022-0806 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2023-08-08 | 4.3 MEDIUM | 6.5 MEDIUM |
| Data leak in Canvas in Google Chrome prior to 99.0.4844.51 allowed a remote attacker who convinced a user to engage in screen sharing to potentially leak cross-origin data via a crafted HTML page. | |||||
| CVE-2022-20513 | 1 Google | 1 Android | 2023-08-08 | N/A | 5.5 MEDIUM |
| In decrypt_1_2 of CryptoPlugin.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-244569759 | |||||
| CVE-2022-35087 | 1 Swftools | 1 Swftools | 2023-08-08 | N/A | 5.5 MEDIUM |
| SWFTools commit 772e55a2 was discovered to contain a segmentation violation via MovieAddFrame at /src/gif2swf.c. | |||||
| CVE-2022-27940 | 2 Broadcom, Fedoraproject | 2 Tcpreplay, Fedora | 2023-08-08 | 6.8 MEDIUM | 7.8 HIGH |
| tcprewrite in Tcpreplay 4.4.1 has a heap-based buffer over-read in get_ipv6_next in common/get.c. | |||||
| CVE-2022-31747 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2023-08-08 | N/A | 9.8 CRITICAL |
| Mozilla developers Andrew McCreight, Nicolas B. Pierron, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 100 and Firefox ESR 91.9. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10. | |||||
| CVE-2022-34529 | 1 Wasm3 Project | 1 Wasm3 | 2023-08-08 | N/A | 5.5 MEDIUM |
| WASM3 v0.5.0 was discovered to contain a segmentation fault via the component Compile_Memory_CopyFill. | |||||
| CVE-2021-40167 | 1 Autodesk | 1 Design Review | 2023-08-08 | 6.8 MEDIUM | 7.8 HIGH |
| A malicious crafted dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by read access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. | |||||
| CVE-2022-35482 | 1 Otfcc Project | 1 Otfcc | 2023-08-08 | N/A | 6.5 MEDIUM |
| OTFCC v0.10.4 was discovered to contain a segmentation violation via /release-x64/otfccdump+0x65f724. | |||||
| CVE-2021-0902 | 2 Google, Mediatek | 12 Android, Mt6873, Mt6875 and 9 more | 2023-08-08 | 2.1 LOW | 4.4 MEDIUM |
| In apusys, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672107; Issue ID: ALPS05656484. | |||||
| CVE-2022-35106 | 1 Swftools | 1 Swftools | 2023-08-08 | N/A | 5.5 MEDIUM |
| SWFTools commit 772e55a2 was discovered to contain a segmentation violation via FoFiTrueType::computeTableChecksum(unsigned char*, int) at /xpdf/FoFiTrueType.cc. | |||||
| CVE-2022-35481 | 1 Otfcc Project | 1 Otfcc | 2023-08-08 | N/A | 6.5 MEDIUM |
| OTFCC v0.10.4 was discovered to contain a segmentation violation via /multiarch/memmove-vec-unaligned-erms.S. | |||||
| CVE-2021-0676 | 2 Google, Mediatek | 44 Android, Mt6762, Mt6765 and 41 more | 2023-08-08 | 2.1 LOW | 4.4 MEDIUM |
| In geniezone driver, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05863009; Issue ID: ALPS05863009. | |||||