Total
4813 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-8582 | 1 Apple | 5 Icloud, Iphone Os, Itunes and 2 more | 2020-10-28 | 4.3 MEDIUM | 5.5 MEDIUM |
| An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iCloud for Windows 7.12, tvOS 12.3, iTunes 12.9.5 for Windows, macOS Mojave 10.14.5, Security Update 2019-003 High Sierra, Security Update 2019-003 Sierra, iOS 12.3. Processing a maliciously crafted font may result in the disclosure of process memory. | |||||
| CVE-2020-9779 | 1 Apple | 1 Mac Os X | 2020-10-28 | 6.6 MEDIUM | 7.1 HIGH |
| An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.4. A local user may be able to cause unexpected system termination or read kernel memory. | |||||
| CVE-2019-18795 | 1 Un4seen | 1 Bass | 2020-10-27 | 4.3 MEDIUM | 6.5 MEDIUM |
| The BASS Audio Library 2.4.14 under Windows is prone to a BASS_StreamCreateFile out of bounds read vulnerability via a crafted .wav file. An attacker can exploit this issues to gain access to sensitive information that may aid in further attacks. A failure in exploitation leads to denial of service. | |||||
| CVE-2020-25188 | 1 Laquisscada | 1 Scada | 2020-10-26 | 6.8 MEDIUM | 7.8 HIGH |
| An attacker who convinces a valid user to open a specially crafted project file to exploit could execute code under the privileges of the application due to an out-of-bounds read vulnerability on the LAquis SCADA (Versions prior to 4.3.1.870). | |||||
| CVE-2018-7728 | 3 Canonical, Debian, Exempi Project | 3 Ubuntu Linux, Debian Linux, Exempi | 2020-10-26 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in Exempi through 2.4.4. XMPFiles/source/FileHandlers/TIFF_Handler.cpp mishandles a case of a zero length, leading to a heap-based buffer over-read in the MD5Update() function in third-party/zuid/interfaces/MD5.cpp. | |||||
| CVE-2018-7730 | 3 Canonical, Debian, Exempi Project | 3 Ubuntu Linux, Debian Linux, Exempi | 2020-10-26 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in Exempi through 2.4.4. A certain case of a 0xffffffff length is mishandled in XMPFiles/source/FormatSupport/PSIR_FileWriter.cpp, leading to a heap-based buffer over-read in the PSD_MetaHandler::CacheFileData() function. | |||||
| CVE-2018-7729 | 2 Canonical, Exempi Project | 2 Ubuntu Linux, Exempi | 2020-10-26 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in Exempi through 2.4.4. There is a stack-based buffer over-read in the PostScript_MetaHandler::ParsePSFile() function in XMPFiles/source/FileHandlers/PostScript_Handler.cpp. | |||||
| CVE-2017-12987 | 3 Debian, Redhat, Tcpdump | 5 Debian Linux, Enterprise Linux Desktop, Enterprise Linux Server and 2 more | 2020-10-23 | 7.5 HIGH | 9.8 CRITICAL |
| The IEEE 802.11 parser in tcpdump before 4.9.2 has a buffer over-read in print-802_11.c:parse_elements(). | |||||
| CVE-2017-12899 | 3 Debian, Redhat, Tcpdump | 5 Debian Linux, Enterprise Linux Desktop, Enterprise Linux Server and 2 more | 2020-10-23 | 7.5 HIGH | 9.8 CRITICAL |
| The DECnet parser in tcpdump before 4.9.2 has a buffer over-read in print-decnet.c:decnet_print(). | |||||
| CVE-2017-12896 | 3 Debian, Redhat, Tcpdump | 5 Debian Linux, Enterprise Linux Desktop, Enterprise Linux Server and 2 more | 2020-10-23 | 7.5 HIGH | 9.8 CRITICAL |
| The ISAKMP parser in tcpdump before 4.9.2 has a buffer over-read in print-isakmp.c:isakmp_rfc3948_print(). | |||||
| CVE-2017-12902 | 3 Debian, Redhat, Tcpdump | 5 Debian Linux, Enterprise Linux Desktop, Enterprise Linux Server and 2 more | 2020-10-23 | 7.5 HIGH | 9.8 CRITICAL |
| The Zephyr parser in tcpdump before 4.9.2 has a buffer over-read in print-zephyr.c, several functions. | |||||
| CVE-2020-9750 | 2 Adobe, Microsoft | 2 Animate, Windows | 2020-10-22 | 9.3 HIGH | 7.8 HIGH |
| Adobe Animate version 20.5 (and earlier) is affected by an out-of-bounds read vulnerability, which could result in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted .fla file in Animate. | |||||
| CVE-2020-9749 | 2 Adobe, Microsoft | 2 Animate, Windows | 2020-10-22 | 9.3 HIGH | 7.8 HIGH |
| Adobe Animate version 20.5 (and earlier) is affected by an out-of-bounds read vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted .fla file in Animate. | |||||
| CVE-2020-5134 | 1 Sonicwall | 2 Sonicos, Sonicosv | 2020-10-22 | 4.0 MEDIUM | 6.5 MEDIUM |
| A vulnerability in SonicOS allows an authenticated attacker to cause out-of-bound invalid file reference leads to a firewall crash. This vulnerability affected SonicOS Gen 6 version 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version 7.0.0.0. | |||||
| CVE-2020-5140 | 1 Sonicwall | 2 Sonicos, Sonicosv | 2020-10-22 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability in SonicOS allows a remote unauthenticated attacker to cause Denial of Service (DoS) on the firewall SSLVPN service by sending a malicious HTTP request that leads to memory addresses leak. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version SonicOS 7.0.0.0. | |||||
| CVE-2020-12911 | 1 Amd | 1 Atikmdag.sys | 2020-10-22 | 4.9 MEDIUM | 5.5 MEDIUM |
| A denial of service vulnerability exists in the D3DKMTCreateAllocation handler functionality of AMD ATIKMDAG.SYS (e.g. version 26.20.15029.27017). A specially crafted D3DKMTCreateAllocation API request can cause an out-of-bounds read and denial of service (BSOD). This vulnerability can be triggered from a non-privileged account. | |||||
| CVE-2016-5107 | 3 Canonical, Debian, Qemu | 3 Ubuntu Linux, Debian Linux, Qemu | 2020-10-21 | 1.9 LOW | 6.0 MEDIUM |
| The megasas_lookup_frame function in QEMU, when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, allows local guest OS administrators to cause a denial of service (out-of-bounds read and crash) via unspecified vectors. | |||||
| CVE-2020-12933 | 1 Amd | 1 Atikmdag.sys | 2020-10-21 | 4.9 MEDIUM | 5.5 MEDIUM |
| A denial of service vulnerability exists in the D3DKMTEscape handler functionality of AMD ATIKMDAG.SYS (e.g. version 26.20.15029.27017). A specially crafted D3DKMTEscape API request can cause an out-of-bounds read in Windows OS kernel memory area. This vulnerability can be triggered from a non-privileged account. | |||||
| CVE-2020-13790 | 2 Libjpeg-turbo, Mozilla | 2 Libjpeg-turbo, Mozjpeg | 2020-10-20 | 5.8 MEDIUM | 8.1 HIGH |
| libjpeg-turbo 2.0.4, and mozjpeg 4.0.0, has a heap-based buffer over-read in get_rgb_row() in rdppm.c via a malformed PPM input file. | |||||
| CVE-2020-9799 | 1 Apple | 1 Mac Os X | 2020-10-19 | 9.3 HIGH | 7.8 HIGH |
| An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Catalina 10.15.6. A malicious application may be able to execute arbitrary code with kernel privileges. | |||||