Total
4813 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-42391 | 1 Tracker-software | 1 Pdf-xchange Editor | 2023-01-27 | N/A | 5.5 MEDIUM |
| This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D files. Crafted data in a U3D file can trigger a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-18660. | |||||
| CVE-2022-42392 | 1 Tracker-software | 1 Pdf-xchange Editor | 2023-01-27 | N/A | 5.5 MEDIUM |
| This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D files. Crafted data in a U3D file can trigger a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-18661. | |||||
| CVE-2022-42393 | 1 Tracker-software | 1 Pdf-xchange Editor | 2023-01-27 | N/A | 5.5 MEDIUM |
| This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D files. Crafted data in a U3D file can trigger a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-18662. | |||||
| CVE-2022-42389 | 1 Tracker-software | 1 Pdf-xchange Editor | 2023-01-27 | N/A | 5.5 MEDIUM |
| This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D files. Crafted data in a U3D file can trigger a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-18658. | |||||
| CVE-2022-42388 | 1 Tracker-software | 1 Pdf-xchange Editor | 2023-01-27 | N/A | 5.5 MEDIUM |
| This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D files. Crafted data in a U3D file can trigger a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-18657. | |||||
| CVE-2022-42386 | 1 Tracker-software | 1 Pdf-xchange Editor | 2023-01-27 | N/A | 5.5 MEDIUM |
| This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D files. Crafted data in a U3D file can trigger a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-18655. | |||||
| CVE-2022-42387 | 1 Tracker-software | 1 Pdf-xchange Editor | 2023-01-27 | N/A | 5.5 MEDIUM |
| This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D files. Crafted data in a U3D file can trigger a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-18656. | |||||
| CVE-2022-42411 | 1 Tracker-software | 1 Pdf-xchange Editor | 2023-01-27 | N/A | 5.5 MEDIUM |
| This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JPC files. Crafted data in a JPC file can trigger a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-18306. | |||||
| CVE-2022-42413 | 1 Tracker-software | 1 Pdf-xchange Editor | 2023-01-27 | N/A | 5.5 MEDIUM |
| This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JP2 files. Crafted data in a JP2 file can trigger a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-18368. | |||||
| CVE-2022-42412 | 1 Tracker-software | 1 Pdf-xchange Editor | 2023-01-27 | N/A | 5.5 MEDIUM |
| This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. Crafted data in a PDF file can trigger a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-18324. | |||||
| CVE-2022-30674 | 4 Adobe, Apple, Fedoraproject and 1 more | 4 Indesign, Macos, Fedora and 1 more | 2023-01-27 | N/A | 5.5 MEDIUM |
| Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2022-42390 | 1 Tracker-software | 1 Pdf-xchange Editor | 2023-01-27 | N/A | 5.5 MEDIUM |
| This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D files. Crafted data in a U3D file can trigger a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-18659. | |||||
| CVE-2020-14148 | 3 Barton, Debian, Fedoraproject | 3 Ngircd, Debian Linux, Fedora | 2023-01-27 | 5.0 MEDIUM | 7.5 HIGH |
| The Server-Server protocol implementation in ngIRCd before 26~rc2 allows an out-of-bounds access, as demonstrated by the IRC_NJOIN() function. | |||||
| CVE-2020-11019 | 2 Freerdp, Opensuse | 2 Freerdp, Leap | 2023-01-27 | 4.0 MEDIUM | 6.5 MEDIUM |
| In FreeRDP less than or equal to 2.0.0, when running with logger set to "WLOG_TRACE", a possible crash of application could occur due to a read of an invalid array index. Data could be printed as string to local terminal. This has been fixed in 2.1.0. | |||||
| CVE-2020-11018 | 2 Freerdp, Opensuse | 2 Freerdp, Leap | 2023-01-27 | 4.0 MEDIUM | 6.5 MEDIUM |
| In FreeRDP less than or equal to 2.0.0, a possible resource exhaustion vulnerability can be performed. Malicious clients could trigger out of bound reads causing memory allocation with random size. This has been fixed in 2.1.0. | |||||
| CVE-2020-13112 | 4 Canonical, Debian, Libexif Project and 1 more | 4 Ubuntu Linux, Debian Linux, Libexif and 1 more | 2023-01-27 | 6.4 MEDIUM | 9.1 CRITICAL |
| An issue was discovered in libexif before 0.6.22. Several buffer over-reads in EXIF MakerNote handling could lead to information disclosure and crashes. This is different from CVE-2020-0093. | |||||
| CVE-2020-12418 | 3 Canonical, Mozilla, Opensuse | 5 Ubuntu Linux, Firefox, Firefox Esr and 2 more | 2023-01-27 | 4.3 MEDIUM | 6.5 MEDIUM |
| Manipulating individual parts of a URL object could have caused an out-of-bounds read, leaking process memory to malicious JavaScript. This vulnerability affects Firefox ESR < 68.10, Firefox < 78, and Thunderbird < 68.10.0. | |||||
| CVE-2018-4933 | 5 Adobe, Apple, Google and 2 more | 8 Flash Player, Flash Player Desktop Runtime, Mac Os X and 5 more | 2023-01-26 | 4.3 MEDIUM | 6.5 MEDIUM |
| Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | |||||
| CVE-2023-21614 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2023-01-26 | N/A | 5.5 MEDIUM |
| Adobe Acrobat Reader versions 22.003.20282 (and earlier), 22.003.20281 (and earlier) and 20.005.30418 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2023-21613 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2023-01-26 | N/A | 5.5 MEDIUM |
| Adobe Acrobat Reader versions 22.003.20282 (and earlier), 22.003.20281 (and earlier) and 20.005.30418 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||