Total
6260 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-3731 | 2 Nodejs, Openssl | 2 Node.js, Openssl | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| If an SSL/TLS server or client is running on a 32-bit host, and a specific cipher is being used, then a truncated packet can cause that server or client to perform an out-of-bounds read, usually resulting in a crash. For OpenSSL 1.1.0, the crash can be triggered when using CHACHA20/POLY1305; users should upgrade to 1.1.0d. For Openssl 1.0.2, the crash can be triggered when using RC4-MD5; users who have not disabled that algorithm should update to 1.0.2k. | |||||
| CVE-2017-7206 | 1 Libav | 1 Libav | 2024-02-28 | 5.8 MEDIUM | 7.1 HIGH |
| The ff_h2645_extract_rbsp function in libavcodec in libav 9.21 allows remote attackers to cause a denial of service (heap-based buffer over-read) or obtain sensitive information from process memory via a crafted h264 video file. | |||||
| CVE-2016-9777 | 1 Linux | 1 Linux Kernel | 2024-02-28 | 6.9 MEDIUM | 7.8 HIGH |
| KVM in the Linux kernel before 4.8.12, when I/O APIC is enabled, does not properly restrict the VCPU index, which allows guest OS users to gain host OS privileges or cause a denial of service (out-of-bounds array access and host OS crash) via a crafted interrupt request, related to arch/x86/kvm/ioapic.c and arch/x86/kvm/ioapic.h. | |||||
| CVE-2017-6801 | 2 Debian, Ytnef Project | 2 Debian Linux, Ytnef | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in ytnef before 1.9.2. There is a potential out-of-bounds access with fields of Size 0 in TNEFParse() in libytnef. | |||||
| CVE-2016-5036 | 1 Libdwarf Project | 1 Libdwarf | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| The dump_block function in print_sections.c in libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds read) via crafted frame data. | |||||
| CVE-2016-9532 | 2 Debian, Libtiff | 2 Debian Linux, Libtiff | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
| Integer overflow in the writeBufferToSeparateStrips function in tiffcrop.c in LibTIFF before 4.0.7 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted tif file. | |||||
| CVE-2017-7854 | 1 Radare | 1 Radare2 | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
| The consume_init_expr function in wasm.c in radare2 1.3.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted Web Assembly file. | |||||
| CVE-2016-9555 | 1 Linux | 1 Linux Kernel | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
| The sctp_sf_ootb function in net/sctp/sm_statefuns.c in the Linux kernel before 4.8.8 lacks chunk-length checking for the first chunk, which allows remote attackers to cause a denial of service (out-of-bounds slab access) or possibly have unspecified other impact via crafted SCTP data. | |||||
| CVE-2016-5038 | 1 Libdwarf Project | 1 Libdwarf | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| The dwarf_get_macro_startend_file function in dwarf_macro5.c in libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted string offset for .debug_str. | |||||
| CVE-2017-5504 | 1 Jasper Project | 1 Jasper | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
| The jpc_undo_roi function in libjasper/jpc/jpc_dec.c in JasPer 1.900.27 allows remote attackers to cause a denial of service (invalid memory read and crash) via a crafted image. | |||||
| CVE-2016-2374 | 3 Canonical, Debian, Pidgin | 3 Ubuntu Linux, Debian Linux, Pidgin | 2024-02-28 | 6.8 MEDIUM | 8.1 HIGH |
| An exploitable memory corruption vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT MultiMX message sent via the server can result in an out-of-bounds write leading to memory disclosure and code execution. | |||||
| CVE-2017-5538 | 1 Samsung | 1 Samsung Mobile | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
| The kbase_dispatch function in arm/t7xx/r5p0/mali_kbase_core_linux.c in the GPU driver on Samsung devices with M(6.0) and N(7.0) software and Exynos AP chipsets allows attackers to have unspecified impact via unknown vectors, which trigger an out-of-bounds read, aka SVE-2016-6362. | |||||
| CVE-2016-9811 | 4 Debian, Fedoraproject, Gstreamer and 1 more | 9 Debian Linux, Fedora, Gstreamer and 6 more | 2024-02-28 | 4.3 MEDIUM | 4.7 MEDIUM |
| The windows_icon_typefind function in gst-plugins-base in GStreamer before 1.10.2, when G_SLICE is set to always-malloc, allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted ico file. | |||||
| CVE-2016-7264 | 1 Microsoft | 4 Excel, Excel For Mac, Excel Viewer and 1 more | 2024-02-28 | 5.8 MEDIUM | 7.1 HIGH |
| Microsoft Excel 2007 SP3, Office Compatibility Pack SP3, Excel Viewer, Excel for Mac 2011, and Excel 2016 for Mac allow remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via a crafted document, aka "Microsoft Office Information Disclosure Vulnerability." | |||||
| CVE-2017-2981 | 1 Adobe | 1 Digital Editions | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| Adobe Digital Editions versions 4.5.3 and earlier have an exploitable buffer over-read vulnerability. Successful exploitation could lead to information disclosure. | |||||
| CVE-2016-2380 | 3 Canonical, Debian, Pidgin | 3 Ubuntu Linux, Debian Linux, Pidgin | 2024-02-28 | 4.3 MEDIUM | 3.1 LOW |
| An information leak exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent to the server could potentially result in an out-of-bounds read. A user could be convinced to enter a particular string which would then get converted incorrectly and could lead to a potential out-of-bounds read. | |||||
| CVE-2017-6658 | 1 Cisco | 1 Sourcefire Snort | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| Cisco Sourcefire Snort 3.0 before build 233 has a Buffer Overread related to use of a decoder array. The size was off by one making it possible to read past the end of the array with an ether type of 0xFFFF. Increasing the array size solves this problem. | |||||
| CVE-2017-2439 | 1 Apple | 4 Iphone Os, Mac Os X, Tvos and 1 more | 2024-02-28 | 5.8 MEDIUM | 7.1 HIGH |
| An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "FontParser" component. It allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and application crash) via a crafted font file. | |||||
| CVE-2016-8334 | 1 Foxitsoftware | 1 Reader | 2024-02-28 | 4.3 MEDIUM | 3.3 LOW |
| A large out-of-bounds read on the heap vulnerability in Foxit PDF Reader can potentially be abused for information disclosure. Combined with another vulnerability, it can be used to leak heap memory layout and in bypassing ASLR. | |||||
| CVE-2017-8453 | 1 Foxitsoftware | 2 Foxit Reader, Phantompdf | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
| Foxit Reader before 8.2.1 and PhantomPDF before 8.2.1 have an out-of-bounds read that allows remote attackers to obtain sensitive information or possibly execute arbitrary code via a crafted font in a PDF document. | |||||