Search
Total
4471 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-14034 | 1 Hdfgroup | 1 Hdf5 | 2018-09-11 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in the HDF HDF5 1.8.20 library. There is an out of bounds read in the function H5O_pline_reset in H5Opline.c. | |||||
| CVE-2018-14035 | 1 Hdfgroup | 1 Hdf5 | 2018-09-11 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in the HDF HDF5 1.8.20 library. There is a heap-based buffer over-read in the function H5VM_memcpyvv in H5VM.c. | |||||
| CVE-2018-6969 | 1 Vmware | 1 Tools | 2018-09-11 | 4.4 MEDIUM | 7.0 HIGH |
| VMware Tools (10.x and prior before 10.3.0) contains an out-of-bounds read vulnerability in HGFS. Successful exploitation of this issue may lead to information disclosure or may allow attackers to escalate their privileges on the guest VMs. In order to be able to exploit this issue, file sharing must be enabled. | |||||
| CVE-2017-17316 | 1 Huawei | 12 Dp300, Dp300 Firmware, Rp200 and 9 more | 2018-09-11 | 5.0 MEDIUM | 5.3 MEDIUM |
| Huawei DP300 V500R002C00; RP200 V500R002C00; V600R006C00; TE30 V100R001C10; V500R002C00; V600R006C00; TE40 V500R002C00; V600R006C00; TE50 V500R002C00; V600R006C00; TE60 V100R001C10; V500R002C00; V600R006C00 have an out-of-bounds read vulnerability. An unauthenticated, remote attacker has to control the peer device and craft the Signalling Connection Control Part (SCCP) messages to the target devices. Due to insufficient input validation of some values in the messages, successful exploit will cause out-of-bounds read and some services abnormal. | |||||
| CVE-2018-13875 | 1 Hdfgroup | 1 Hdf5 | 2018-09-07 | 6.8 MEDIUM | 7.8 HIGH |
| An issue was discovered in the HDF HDF5 1.8.20 library. There is an out-of-bounds read in the function H5VM_memcpyvv in H5VM.c. | |||||
| CVE-2018-14460 | 1 Hdfgroup | 1 Hdf5 | 2018-09-06 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in the HDF HDF5 1.8.20 library. There is a heap-based buffer over-read in the function H5O_sdspace_decode in H5Osdspace.c. | |||||
| CVE-2018-5894 | 1 Qualcomm | 48 Mdm9206, Mdm9206 Firmware, Mdm9607 and 45 more | 2018-09-05 | 4.3 MEDIUM | 6.5 MEDIUM |
| Improper Validation of Array Index in Multimedia While parsing an mp4 file in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear, an out-of-bounds access can occur. | |||||
| CVE-2018-12096 | 1 Liblnk Project | 1 Liblnk | 2018-09-01 | 1.9 LOW | 5.5 MEDIUM |
| ** DISPUTED ** The liblnk_data_string_get_utf8_string_size function in liblnk_data_string.c in liblnk through 2018-04-19 allows remote attackers to cause an information disclosure (heap-based buffer over-read) via a crafted lnk file. NOTE: the vendor has disputed this as described in libyal/liblnk issue 33 on GitHub. | |||||
| CVE-2018-11729 | 1 Libfsntfs Project | 1 Libfsntfs | 2018-09-01 | 1.9 LOW | 5.5 MEDIUM |
| ** DISPUTED ** The libfsntfs_mft_entry_read_header function in libfsntfs_mft_entry.c in libfsntfs through 2018-04-20 allows remote attackers to cause an information disclosure (heap-based buffer over-read) via a crafted ntfs file. NOTE: the vendor has disputed this as described in libyal/libfsntfs issue 8 on GitHub. | |||||
| CVE-2018-11731 | 1 Libfsntfs Project | 1 Libfsntfs | 2018-09-01 | 1.9 LOW | 5.5 MEDIUM |
| ** DISPUTED ** The libfsntfs_mft_entry_read_attributes function in libfsntfs_mft_entry.c in libfsntfs through 2018-04-20 allows remote attackers to cause an information disclosure (heap-based buffer over-read) via a crafted ntfs file. NOTE: the vendor has disputed this as described in libyal/libfsntfs issue 8 on GitHub. | |||||
| CVE-2018-12097 | 1 Liblnk Project | 1 Liblnk | 2018-09-01 | 1.9 LOW | 5.5 MEDIUM |
| ** DISPUTED ** The liblnk_location_information_read_data function in liblnk_location_information.c in liblnk through 2018-04-19 allows remote attackers to cause an information disclosure (heap-based buffer over-read) via a crafted lnk file. NOTE: the vendor has disputed this as described in libyal/liblnk issue 33 on GitHub. | |||||
| CVE-2018-11727 | 1 Libfsntfs Project | 1 Libfsntfs | 2018-09-01 | 1.9 LOW | 5.5 MEDIUM |
| ** DISPUTED ** The libfsntfs_attribute_read_from_mft function in libfsntfs_attribute.c in libfsntfs through 2018-04-20 allows remote attackers to cause an information disclosure (heap-based buffer over-read) via a crafted ntfs file. NOTE: the vendor has disputed this as described in libyal/libfsntfs issue 8 on GitHub. | |||||
| CVE-2018-11728 | 1 Libfsntfs Project | 1 Libfsntfs | 2018-09-01 | 1.9 LOW | 5.5 MEDIUM |
| ** DISPUTED ** The libfsntfs_reparse_point_values_read_data function in libfsntfs_reparse_point_values.c in libfsntfs through 2018-04-20 allows remote attackers to cause an information disclosure (heap-based buffer over-read) via a crafted ntfs file. NOTE: the vendor has disputed this as described in libyal/libfsntfs issue 8 on GitHub. | |||||
| CVE-2018-12098 | 1 Liblnk Project | 1 Liblnk | 2018-09-01 | 1.9 LOW | 5.5 MEDIUM |
| ** DISPUTED ** The liblnk_data_block_read function in liblnk_data_block.c in liblnk through 2018-04-19 allows remote attackers to cause an information disclosure (heap-based buffer over-read) via a crafted lnk file. NOTE: the vendor has disputed this as described in libyal/liblnk issue 33 on GitHub. | |||||
| CVE-2018-11723 | 1 Libpff Project | 1 Libpff | 2018-09-01 | 1.9 LOW | 5.5 MEDIUM |
| ** DISPUTED ** The libpff_name_to_id_map_entry_read function in libpff_name_to_id_map.c in libyal libpff through 2018-04-28 allows remote attackers to cause an information disclosure (heap-based buffer over-read) via a crafted pff file. NOTE: the vendor has disputed this as described in libyal/libpff issue 66 on GitHub. | |||||
| CVE-2018-4999 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2018-08-29 | 4.3 MEDIUM | 6.5 MEDIUM |
| Adobe Acrobat and Reader versions 2018.009.20050 and earlier, 2017.011.30070 and earlier, and 2015.006.30394 and earlier have an Out-of-bounds read vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user. | |||||
| CVE-2018-5886 | 1 Google | 1 Android | 2018-08-29 | 5.0 MEDIUM | 7.5 HIGH |
| A pointer in an ADSPRPC command is not properly validated in all Android releases from CAF using the Linux kernel (Android for MSM, Firefox OS for MSM, QRD Android), which can lead to kernel memory being accessed. | |||||
| CVE-2018-1093 | 1 Linux | 1 Linux Kernel | 2018-08-29 | 7.1 HIGH | 5.5 MEDIUM |
| The ext4_valid_block_bitmap function in fs/ext4/balloc.c in the Linux kernel through 4.15.15 allows attackers to cause a denial of service (out-of-bounds read and system crash) via a crafted ext4 image because balloc.c and ialloc.c do not validate bitmap block numbers. | |||||
| CVE-2018-13867 | 1 Hdfgroup | 1 Hdf5 | 2018-08-28 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the HDF HDF5 1.8.20 library. There is an out of bounds read in the function H5F__accum_read in H5Faccum.c. | |||||
| CVE-2017-18159 | 1 Google | 1 Android | 2018-08-28 | 7.2 HIGH | 7.8 HIGH |
| In Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05, while processing a StrHwPlatform with length smaller than EFICHIPINFO_MAX_ID_LENGTH, an array out of bounds access may occur. | |||||
| CVE-2018-5895 | 1 Google | 1 Android | 2018-08-27 | 2.1 LOW | 5.5 MEDIUM |
| Buffer over-read may happen in wma_process_utf_event() due to improper buffer length validation before writing into param_buf->num_wow_packet_buffer in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05. | |||||
| CVE-2018-5896 | 1 Google | 1 Android | 2018-08-27 | 6.6 MEDIUM | 7.1 HIGH |
| In Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05, kernel panic may happen due to out-of-bound read, caused by not checking source buffer length against length of packet stream to be copied. | |||||
| CVE-2018-5888 | 1 Google | 1 Android | 2018-08-27 | 4.6 MEDIUM | 7.8 HIGH |
| While processing the system path, an out of bounds access can occur in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05. | |||||
| CVE-2018-5887 | 1 Google | 1 Android | 2018-08-27 | 4.6 MEDIUM | 7.8 HIGH |
| While processing the USB StrSerialDescriptor array, an array index out of bounds can occur in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05. | |||||
| CVE-2018-5836 | 1 Google | 1 Android | 2018-08-27 | 2.1 LOW | 5.5 MEDIUM |
| In wma_nan_rsp_event_handler() in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05, the data_len value is received from firmware and not properly validated which could potentially lead to an out-of-bounds access. | |||||
| CVE-2017-14893 | 1 Google | 1 Android | 2018-08-27 | 2.1 LOW | 5.5 MEDIUM |
| While flashing meta image, a buffer over-read may potentially occur when the image size is smaller than the image header size or is smaller than the image header size + total image header entry in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05. | |||||
| CVE-2017-14872 | 1 Google | 1 Android | 2018-08-27 | 2.1 LOW | 5.5 MEDIUM |
| While flashing a meta image, a buffer over-read can potentially occur when the number of images are out of the maximum range of 32 in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05. | |||||
| CVE-2017-16529 | 1 Linux | 1 Linux Kernel | 2018-08-24 | 7.2 HIGH | 6.6 MEDIUM |
| The snd_usb_create_streams function in sound/usb/card.c in the Linux kernel before 4.13.6 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device. | |||||
| CVE-2017-16645 | 1 Linux | 1 Linux Kernel | 2018-08-24 | 7.2 HIGH | 6.6 MEDIUM |
| The ims_pcu_get_cdc_union_desc function in drivers/input/misc/ims-pcu.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (ims_pcu_parse_cdc_data out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device. | |||||
| CVE-2017-9985 | 1 Linux | 1 Linux Kernel | 2018-08-24 | 7.2 HIGH | 7.8 HIGH |
| The snd_msndmidi_input_read function in sound/isa/msnd/msnd_midi.c in the Linux kernel through 4.11.7 allows local users to cause a denial of service (over-boundary access) or possibly have unspecified other impact by changing the value of a message queue head pointer between two kernel reads of that value, aka a "double fetch" vulnerability. | |||||
| CVE-2017-9984 | 1 Linux | 1 Linux Kernel | 2018-08-24 | 7.2 HIGH | 7.8 HIGH |
| The snd_msnd_interrupt function in sound/isa/msnd/msnd_pinnacle.c in the Linux kernel through 4.11.7 allows local users to cause a denial of service (over-boundary access) or possibly have unspecified other impact by changing the value of a message queue head pointer between two kernel reads of that value, aka a "double fetch" vulnerability. | |||||
| CVE-2017-16912 | 1 Linux | 1 Linux Kernel | 2018-08-24 | 7.1 HIGH | 5.9 MEDIUM |
| The "get_pipe()" function (drivers/usb/usbip/stub_rx.c) in the Linux Kernel before version 4.14.8, 4.9.71, and 4.4.114 allows attackers to cause a denial of service (out-of-bounds read) via a specially crafted USB over IP packet. | |||||
| CVE-2016-10208 | 1 Linux | 1 Linux Kernel | 2018-08-24 | 4.9 MEDIUM | 4.3 MEDIUM |
| The ext4_fill_super function in fs/ext4/super.c in the Linux kernel through 4.9.8 does not properly validate meta block groups, which allows physically proximate attackers to cause a denial of service (out-of-bounds read and system crash) via a crafted ext4 image. | |||||
| CVE-2017-16533 | 1 Linux | 1 Linux Kernel | 2018-08-24 | 7.2 HIGH | 6.6 MEDIUM |
| The usbhid_parse function in drivers/hid/usbhid/hid-core.c in the Linux kernel before 4.13.8 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device. | |||||
| CVE-2017-5897 | 1 Linux | 1 Linux Kernel | 2018-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| The ip6gre_err function in net/ipv6/ip6_gre.c in the Linux kernel allows remote attackers to have unspecified impact via vectors involving GRE flags in an IPv6 packet, which trigger an out-of-bounds access. | |||||
| CVE-2017-16535 | 1 Linux | 1 Linux Kernel | 2018-08-24 | 7.2 HIGH | 6.6 MEDIUM |
| The usb_get_bos_descriptor function in drivers/usb/core/config.c in the Linux kernel before 4.13.10 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device. | |||||
| CVE-2017-16643 | 1 Linux | 1 Linux Kernel | 2018-08-24 | 7.2 HIGH | 6.6 MEDIUM |
| The parse_hid_report_descriptor function in drivers/input/tablet/gtco.c in the Linux kernel before 4.13.11 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device. | |||||
| CVE-2018-13011 | 1 Gopro | 1 Gpmf-parser | 2018-08-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in gpmf-parser 1.1.2. There is a heap-based buffer over-read in GPMF_parser.c in the function GPMF_Validate. | |||||
| CVE-2018-13009 | 1 Gopro | 1 Gpmf-parser | 2018-08-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in gpmf-parser 1.1.2. There is a heap-based buffer over-read in GPMF_parser.c in the function GPMF_Next, related to certain checks for GPMF_KEY_END and nest_level (conditional on a buffer_size_longs check). | |||||
| CVE-2018-13008 | 1 Gopro | 1 Gpmf-parser | 2018-08-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in gpmf-parser 1.1.2. There is a heap-based buffer over-read in GPMF_parser.c in the function GPMF_Next, related to certain checks for a positive nest_level. | |||||
| CVE-2018-13007 | 1 Gopro | 1 Gpmf-parser | 2018-08-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in gpmf-parser 1.1.2. There is a heap-based buffer over-read in GPMF_parser.c in the function GPMF_Next, related to certain checks for GPMF_KEY_END and nest_level (not conditional on a buffer_size_longs check). | |||||
| CVE-2017-7244 | 1 Pcre | 1 Pcre | 2018-08-17 | 4.3 MEDIUM | 5.5 MEDIUM |
| The _pcre32_xclass function in pcre_xclass.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (invalid memory read) via a crafted file. | |||||
| CVE-2018-5153 | 2 Canonical, Mozilla | 2 Ubuntu Linux, Firefox | 2018-08-14 | 5.0 MEDIUM | 7.5 HIGH |
| If websocket data is sent with mixed text and binary in a single message, the binary data can be corrupted. This can result in an out-of-bounds read with the read memory sent to the originating server in response. This vulnerability affects Firefox < 60. | |||||
| CVE-2016-9555 | 1 Linux | 1 Linux Kernel | 2018-08-13 | 10.0 HIGH | 9.8 CRITICAL |
| The sctp_sf_ootb function in net/sctp/sm_statefuns.c in the Linux kernel before 4.8.8 lacks chunk-length checking for the first chunk, which allows remote attackers to cause a denial of service (out-of-bounds slab access) or possibly have unspecified other impact via crafted SCTP data. | |||||
| CVE-2017-7778 | 3 Debian, Mozilla, Sil | 5 Debian Linux, Firefox, Firefox Esr and 2 more | 2018-08-13 | 7.5 HIGH | 9.8 CRITICAL |
| A number of security vulnerabilities in the Graphite 2 library including out-of-bounds reads, buffer overflow reads and writes, and the use of uninitialized memory. These issues were addressed in Graphite 2 version 1.3.10. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2. | |||||
| CVE-2018-10945 | 1 Cesanta | 1 Mongoose | 2018-08-10 | 5.0 MEDIUM | 7.5 HIGH |
| The mg_handle_cgi function in mongoose.c in Mongoose 6.11 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash, or NULL pointer dereference) via an HTTP request, related to the mbuf_insert function. | |||||
| CVE-2018-12684 | 1 Civetweb Project | 1 Civetweb | 2018-08-10 | 5.8 MEDIUM | 7.1 HIGH |
| Out-of-bounds Read in the send_ssi_file function in civetweb.c in CivetWeb through 1.10 allows attackers to cause a Denial of Service or Information Disclosure via a crafted SSI file. | |||||
| CVE-2018-11725 | 1 Libmobi Project | 1 Libmobi | 2018-08-08 | 4.3 MEDIUM | 6.5 MEDIUM |
| The mobi_parse_index_entry function in index.c in Libmobi 0.3 allows remote attackers to cause an information disclosure (heap-based buffer over-read) via a crafted mobi file. | |||||
| CVE-2017-5465 | 3 Debian, Mozilla, Redhat | 10 Debian Linux, Firefox, Firefox Esr and 7 more | 2018-08-07 | 6.4 MEDIUM | 9.1 CRITICAL |
| An out-of-bounds read while processing SVG content in "ConvolvePixel". This results in a crash and also allows for otherwise inaccessible memory being copied into SVG graphic content, which could then displayed. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53. | |||||
| CVE-2017-5446 | 3 Debian, Mozilla, Redhat | 10 Debian Linux, Firefox, Firefox Esr and 7 more | 2018-08-07 | 7.5 HIGH | 9.8 CRITICAL |
| An out-of-bounds read when an HTTP/2 connection to a servers sends "DATA" frames with incorrect data content. This leads to a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53. | |||||