Search
Total
4471 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-6309 | 2 Debian, Tnef Project | 2 Debian Linux, Tnef | 2019-03-13 | 6.8 MEDIUM | 7.8 HIGH |
| An issue was discovered in tnef before 1.4.13. Two type confusions have been identified in the parse_file() function. These might lead to invalid read and write operations, controlled by an attacker. | |||||
| CVE-2017-6310 | 2 Debian, Tnef Project | 2 Debian Linux, Tnef | 2019-03-13 | 6.8 MEDIUM | 7.8 HIGH |
| An issue was discovered in tnef before 1.4.13. Four type confusions have been identified in the file_add_mapi_attrs() function. These might lead to invalid read and write operations, controlled by an attacker. | |||||
| CVE-2016-4776 | 1 Apple | 4 Iphone Os, Mac Os X, Tvos and 1 more | 2019-03-13 | 5.8 MEDIUM | 7.1 HIGH |
| The kernel in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows attackers to obtain sensitive memory-layout information or cause a denial of service (out-of-bounds read) via a crafted app, a different vulnerability than CVE-2016-4773 and CVE-2016-4774. | |||||
| CVE-2016-4774 | 1 Apple | 4 Iphone Os, Mac Os X, Tvos and 1 more | 2019-03-13 | 5.8 MEDIUM | 7.1 HIGH |
| The kernel in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows attackers to obtain sensitive memory-layout information or cause a denial of service (out-of-bounds read) via a crafted app, a different vulnerability than CVE-2016-4773 and CVE-2016-4776. | |||||
| CVE-2016-4773 | 1 Apple | 4 Iphone Os, Mac Os X, Tvos and 1 more | 2019-03-13 | 5.8 MEDIUM | 7.1 HIGH |
| The kernel in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows attackers to obtain sensitive memory-layout information or cause a denial of service (out-of-bounds read) via a crafted app, a different vulnerability than CVE-2016-4774 and CVE-2016-4776. | |||||
| CVE-2017-6500 | 2 Debian, Imagemagick | 2 Debian Linux, Imagemagick | 2019-03-13 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in ImageMagick 6.9.7. A specially crafted sun file triggers a heap-based buffer over-read. | |||||
| CVE-2017-6011 | 3 Debian, Icoutils Project, Redhat | 8 Debian Linux, Icoutils, Enterprise Linux Desktop and 5 more | 2019-03-12 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in icoutils 0.31.1. An out-of-bounds read leading to a buffer overflow was observed in the "simple_vec" function in the "extract.c" source file. This affects icotool. | |||||
| CVE-2018-5248 | 3 Canonical, Debian, Imagemagick | 3 Ubuntu Linux, Debian Linux, Imagemagick | 2019-03-12 | 6.8 MEDIUM | 8.8 HIGH |
| In ImageMagick 7.0.7-17 Q16, there is a heap-based buffer over-read in coders/sixel.c in the ReadSIXELImage function, related to the sixel_decode function. | |||||
| CVE-2018-11693 | 1 Sass-lang | 1 Libsass | 2019-03-11 | 5.8 MEDIUM | 8.1 HIGH |
| An issue was discovered in LibSass through 3.5.4. An out-of-bounds read of a memory region was found in the function Sass::Prelexer::skip_over_scopes which could be leveraged by an attacker to disclose information or manipulated to read from unmapped memory causing a denial of service. | |||||
| CVE-2018-11697 | 1 Sass-lang | 1 Libsass | 2019-03-11 | 5.8 MEDIUM | 8.1 HIGH |
| An issue was discovered in LibSass through 3.5.4. An out-of-bounds read of a memory region was found in the function Sass::Prelexer::exactly() which could be leveraged by an attacker to disclose information or manipulated to read from unmapped memory causing a denial of service. | |||||
| CVE-2018-11698 | 1 Sass-lang | 1 Libsass | 2019-03-11 | 5.8 MEDIUM | 8.1 HIGH |
| An issue was discovered in LibSass through 3.5.4. An out-of-bounds read of a memory region was found in the function Sass::handle_error which could be leveraged by an attacker to disclose information or manipulated to read from unmapped memory causing a denial of service. | |||||
| CVE-2017-7010 | 2 Apple, Microsoft | 6 Icloud, Iphone Os, Itunes and 3 more | 2019-03-08 | 6.8 MEDIUM | 7.8 HIGH |
| An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. macOS before 10.12.6 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the "libxml2" component. It allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and application crash) via a crafted XML file. | |||||
| CVE-2017-7013 | 2 Apple, Microsoft | 7 Icloud, Iphone Os, Itunes and 4 more | 2019-03-08 | 6.8 MEDIUM | 7.8 HIGH |
| An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. macOS before 10.12.6 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. watchOS before 3.2.3 is affected. The issue involves the "libxml2" component. It allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and application crash) via a crafted XML file. | |||||
| CVE-2017-2450 | 1 Apple | 4 Iphone Os, Mac Os X, Tvos and 1 more | 2019-03-08 | 5.8 MEDIUM | 7.1 HIGH |
| An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "CoreText" component. It allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and application crash) via a crafted font file. | |||||
| CVE-2017-2439 | 1 Apple | 4 Iphone Os, Mac Os X, Tvos and 1 more | 2019-03-08 | 5.8 MEDIUM | 7.1 HIGH |
| An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "FontParser" component. It allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and application crash) via a crafted font file. | |||||
| CVE-2017-11358 | 2 Debian, Sound Exchange Project | 2 Debian Linux, Sound Exchange | 2019-03-08 | 4.3 MEDIUM | 5.5 MEDIUM |
| The read_samples function in hcom.c in Sound eXchange (SoX) 14.4.2 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted hcom file. | |||||
| CVE-2019-6220 | 1 Apple | 1 Mac Os X | 2019-03-07 | 4.3 MEDIUM | 5.5 MEDIUM |
| An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Mojave 10.14.3. An application may be able to read restricted memory. | |||||
| CVE-2019-6231 | 1 Apple | 4 Iphone Os, Mac Os X, Tvos and 1 more | 2019-03-07 | 4.3 MEDIUM | 5.5 MEDIUM |
| An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2, watchOS 5.1.3. A malicious application may be able to read restricted memory. | |||||
| CVE-2018-4933 | 5 Adobe, Apple, Google and 2 more | 7 Flash Player, Mac Os X, Chrome Os and 4 more | 2019-03-07 | 4.0 MEDIUM | 6.5 MEDIUM |
| Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | |||||
| CVE-2018-5001 | 6 Adobe, Apple, Google and 3 more | 11 Flash Player, Flash Player Desktop Runtime, Mac Os X and 8 more | 2019-03-07 | 4.3 MEDIUM | 6.5 MEDIUM |
| Adobe Flash Player versions 29.0.0.171 and earlier have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | |||||
| CVE-2018-4934 | 5 Adobe, Apple, Google and 2 more | 8 Flash Player, Flash Player Desktop Runtime, Mac Os X and 5 more | 2019-03-07 | 5.0 MEDIUM | 7.5 HIGH |
| Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | |||||
| CVE-2018-4222 | 3 Apple, Canonical, Microsoft | 8 Icloud, Iphone Os, Itunes and 5 more | 2019-03-07 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code via a crafted web site that leverages a getWasmBufferFromValue out-of-bounds read during WebAssembly compilation. | |||||
| CVE-2015-5327 | 1 Linux | 1 Linux Kernel | 2019-03-07 | 4.0 MEDIUM | 6.5 MEDIUM |
| Out-of-bounds memory read in the x509_decode_time function in x509_cert_parser.c in Linux kernels 4.3-rc1 and after. | |||||
| CVE-2018-13112 | 1 Appneta | 1 Tcpreplay | 2019-03-06 | 5.0 MEDIUM | 7.5 HIGH |
| get_l2len in common/get.c in Tcpreplay 4.3.0 beta1 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via crafted packets, as demonstrated by tcpprep. | |||||
| CVE-2019-6209 | 1 Apple | 4 Iphone Os, Mac Os X, Tv Os and 1 more | 2019-03-06 | 4.3 MEDIUM | 5.5 MEDIUM |
| An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2, watchOS 5.1.3. A malicious application may be able to determine kernel memory layout. | |||||
| CVE-2019-6221 | 2 Apple, Microsoft | 4 Iphone Os, Itunes, Mac Os X and 1 more | 2019-03-06 | 6.8 MEDIUM | 7.8 HIGH |
| An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, iTunes 12.9.3 for Windows. A malicious application may be able to elevate privileges. | |||||
| CVE-2019-6202 | 1 Apple | 3 Iphone Os, Mac Os X, Watchos | 2019-03-06 | 6.8 MEDIUM | 7.8 HIGH |
| An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, watchOS 5.1.3. A malicious application may be able to elevate privileges. | |||||
| CVE-2019-6200 | 1 Apple | 2 Iphone Os, Mac Os X | 2019-03-06 | 5.8 MEDIUM | 8.8 HIGH |
| An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3. An attacker in a privileged network position may be able to execute arbitrary code. | |||||
| CVE-2018-17466 | 4 Canonical, Debian, Google and 1 more | 9 Ubuntu Linux, Debian Linux, Chrome and 6 more | 2019-03-05 | 6.8 MEDIUM | 8.8 HIGH |
| Incorrect texture handling in Angle in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. | |||||
| CVE-2016-5826 | 1 Libical Project | 1 Libical | 2019-03-04 | 5.0 MEDIUM | 7.5 HIGH |
| The parser_get_next_char function in libical 0.47 and 1.0 allows remote attackers to cause a denial of service (out-of-bounds heap read) by crafting a string to the icalparser_parse_string function. | |||||
| CVE-2016-5825 | 1 Libical Project | 1 Libical | 2019-03-04 | 4.3 MEDIUM | 5.5 MEDIUM |
| The icalparser_parse_string function in libical 0.47 and 1.0 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted ics file. | |||||
| CVE-2018-7875 | 2 Debian, Libming | 2 Debian Linux, Libming | 2019-03-04 | 4.3 MEDIUM | 6.5 MEDIUM |
| There is a heap-based buffer over-read in the getString function of util/decompile.c in libming 0.4.8 for CONSTANT8 data. A Crafted input will lead to a denial of service attack. | |||||
| CVE-2018-7871 | 2 Debian, Libming | 2 Debian Linux, Libming | 2019-03-04 | 6.8 MEDIUM | 8.8 HIGH |
| There is a heap-based buffer over-read in the getName function of util/decompile.c in libming 0.4.8 for CONSTANT16 data. A crafted input will lead to a denial of service or possibly unspecified other impact. | |||||
| CVE-2018-7868 | 2 Debian, Libming | 2 Debian Linux, Libming | 2019-03-04 | 4.3 MEDIUM | 6.5 MEDIUM |
| There is a heap-based buffer over-read in the getName function of util/decompile.c in libming 0.4.8 for CONSTANT8 data. A Crafted input will lead to a denial of service attack. | |||||
| CVE-2017-8362 | 2 Debian, Libsndfile Project | 2 Debian Linux, Libsndfile | 2019-03-04 | 4.3 MEDIUM | 6.5 MEDIUM |
| The flac_buffer_copy function in flac.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (invalid read and application crash) via a crafted audio file. | |||||
| CVE-2019-1996 | 1 Google | 1 Android | 2019-03-01 | 3.3 LOW | 6.5 MEDIUM |
| In avrc_pars_browse_rsp of avrc_pars_ct.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-8.0 Android-8.1 Android-9. Android ID: A-111451066. | |||||
| CVE-2018-7051 | 3 Canonical, Debian, Irssi | 3 Ubuntu Linux, Debian Linux, Irssi | 2019-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. Certain nick names could result in out-of-bounds access when printing theme strings. | |||||
| CVE-2018-9144 | 1 Exiv2 | 1 Exiv2 | 2019-02-27 | 5.8 MEDIUM | 8.1 HIGH |
| In Exiv2 0.26, there is an out-of-bounds read in Exiv2::Internal::binaryToString in image.cpp. It could result in denial of service or information disclosure. | |||||
| CVE-2019-9037 | 1 Matio Project | 1 Matio | 2019-02-27 | 6.4 MEDIUM | 9.1 CRITICAL |
| An issue was discovered in libmatio.a in matio (aka MAT File I/O Library) 1.5.13. There is a buffer over-read in the function Mat_VarPrint() in mat.c. | |||||
| CVE-2019-9035 | 1 Matio Project | 1 Matio | 2019-02-27 | 6.4 MEDIUM | 9.1 CRITICAL |
| An issue was discovered in libmatio.a in matio (aka MAT File I/O Library) 1.5.13. There is a stack-based buffer over-read in the function ReadNextStructField() in mat5.c. | |||||
| CVE-2019-9034 | 1 Matio Project | 1 Matio | 2019-02-27 | 6.4 MEDIUM | 9.1 CRITICAL |
| An issue was discovered in libmatio.a in matio (aka MAT File I/O Library) 1.5.13. There is a stack-based buffer over-read for a memcpy in the function ReadNextCell() in mat5.c. | |||||
| CVE-2019-9033 | 1 Matio Project | 1 Matio | 2019-02-27 | 6.4 MEDIUM | 9.1 CRITICAL |
| An issue was discovered in libmatio.a in matio (aka MAT File I/O Library) 1.5.13. There is a stack-based buffer over-read for the "Rank and Dimension" feature in the function ReadNextCell() in mat5.c. | |||||
| CVE-2019-9030 | 1 Matio Project | 1 Matio | 2019-02-27 | 6.4 MEDIUM | 9.1 CRITICAL |
| An issue was discovered in libmatio.a in matio (aka MAT File I/O Library) 1.5.13. There is a stack-based buffer over-read in Mat_VarReadNextInfo5() in mat5.c. | |||||
| CVE-2019-9038 | 1 Matio Project | 1 Matio | 2019-02-27 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in libmatio.a in matio (aka MAT File I/O Library) 1.5.13. There is an out-of-bounds read problem with a SEGV in the function ReadNextCell() in mat5.c. | |||||
| CVE-2019-9029 | 1 Matio Project | 1 Matio | 2019-02-27 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in libmatio.a in matio (aka MAT File I/O Library) 1.5.13. There is an out-of-bounds read with a SEGV in the function Mat_VarReadNextInfo5() in mat5.c. | |||||
| CVE-2019-9151 | 1 Hdfgroup | 1 Hdf5 | 2019-02-26 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in the HDF HDF5 1.10.4 library. There is an out of bounds read in the function H5VM_memcpyvv in H5VM.c when called from H5D__compact_readvv in H5Dcompact.c. | |||||
| CVE-2019-9152 | 1 Hdfgroup | 1 Hdf5 | 2019-02-26 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in the HDF HDF5 1.10.4 library. There is an out of bounds read in the function H5MM_xstrdup in H5MM.c when called from H5O_dtype_decode_helper in H5Odtype.c. | |||||
| CVE-2019-9028 | 1 Matio Project | 1 Matio | 2019-02-25 | 6.4 MEDIUM | 9.1 CRITICAL |
| An issue was discovered in libmatio.a in matio (aka MAT File I/O Library) 1.5.13. There is a stack-based buffer over-read in the function InflateDimensions() in inflate.c when called from ReadNextCell in mat5.c. | |||||
| CVE-2019-8378 | 1 Axiosys | 1 Bento4 | 2019-02-20 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in Bento4 1.5.1-628. A heap-based buffer over-read exists in AP4_BitStream::ReadBytes() in Codecs/Ap4BitStream.cpp, a similar issue to CVE-2017-14645. It can be triggered by sending a crafted file to the aac2mp4 binary. It allows an attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact. | |||||
| CVE-2019-8397 | 1 Hdfgroup | 1 Hdf5 | 2019-02-19 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in the HDF HDF5 1.10.4 library. There is an out of bounds read in the function H5T_close_real in H5T.c. | |||||