Total
4813 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2017-12937 | 2 Debian, Graphicsmagick | 2 Debian Linux, Graphicsmagick | 2019-10-02 | 6.8 MEDIUM | 8.8 HIGH |
The ReadSUNImage function in coders/sun.c in GraphicsMagick 1.3.26 has a colormap heap-based buffer over-read. | |||||
CVE-2017-8268 | 1 Google | 1 Android | 2019-10-02 | 9.3 HIGH | 7.8 HIGH |
In all Qualcomm products with Android releases from CAF using the Linux kernel, the camera application can possibly request frame/command buffer processing with invalid values leading to the driver performing a heap buffer over-read. | |||||
CVE-2017-8256 | 1 Google | 1 Android | 2019-10-02 | 6.8 MEDIUM | 7.8 HIGH |
In all Qualcomm products with Android releases from CAF using the Linux kernel, array out of bounds access can occur if userspace sends more than 16 multicast addresses. | |||||
CVE-2017-8240 | 1 Google | 1 Android | 2019-10-02 | 9.3 HIGH | 7.8 HIGH |
In all Android releases from CAF using the Linux kernel, a kernel driver has an off-by-one buffer over-read vulnerability. | |||||
CVE-2017-8234 | 1 Google | 1 Android | 2019-10-02 | 9.3 HIGH | 7.8 HIGH |
In all Android releases from CAF using the Linux kernel, an out of bounds access can potentially occur in a camera function. | |||||
CVE-2017-12933 | 1 Php | 1 Php | 2019-10-02 | 7.5 HIGH | 9.8 CRITICAL |
The finish_nested_data function in ext/standard/var_unserializer.re in PHP before 5.6.31, 7.0.x before 7.0.21, and 7.1.x before 7.1.7 is prone to a buffer over-read while unserializing untrusted data. Exploitation of this issue can have an unspecified impact on the integrity of PHP. | |||||
CVE-2017-13010 | 1 Tcpdump | 1 Tcpdump | 2019-10-02 | 7.5 HIGH | 9.8 CRITICAL |
The BEEP parser in tcpdump before 4.9.2 has a buffer over-read in print-beep.c:l_strnstart(). | |||||
CVE-2017-13008 | 1 Tcpdump | 1 Tcpdump | 2019-10-02 | 7.5 HIGH | 9.8 CRITICAL |
The IEEE 802.11 parser in tcpdump before 4.9.2 has a buffer over-read in print-802_11.c:parse_elements(). | |||||
CVE-2017-13009 | 1 Tcpdump | 1 Tcpdump | 2019-10-02 | 7.5 HIGH | 9.8 CRITICAL |
The IPv6 mobility parser in tcpdump before 4.9.2 has a buffer over-read in print-mobility.c:mobility_print(). | |||||
CVE-2017-7960 | 1 Gnome | 1 Libcroco | 2019-10-02 | 4.3 MEDIUM | 5.5 MEDIUM |
The cr_input_new_from_uri function in cr-input.c in libcroco 0.6.11 and 0.6.12 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted CSS file. | |||||
CVE-2017-7939 | 1 Entropymine | 1 Imageworsener | 2019-10-02 | 4.3 MEDIUM | 5.5 MEDIUM |
The read_next_pam_token function in imagew-pnm.c in libimageworsener.a in ImageWorsener 1.3.0 allows remote attackers to cause a denial of service (stack-based buffer over-read) via a crafted file. | |||||
CVE-2017-7854 | 1 Radare | 1 Radare2 | 2019-10-02 | 4.3 MEDIUM | 5.5 MEDIUM |
The consume_init_expr function in wasm.c in radare2 1.3.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted Web Assembly file. | |||||
CVE-2017-12901 | 1 Tcpdump | 1 Tcpdump | 2019-10-02 | 7.5 HIGH | 9.8 CRITICAL |
The EIGRP parser in tcpdump before 4.9.2 has a buffer over-read in print-eigrp.c:eigrp_print(). | |||||
CVE-2017-7813 | 1 Mozilla | 1 Firefox | 2019-10-02 | 6.4 MEDIUM | 8.2 HIGH |
Inside the JavaScript parser, a cast of an integer to a narrower type can result in data read from outside the buffer being parsed. This usually results in a non-exploitable crash, but can leak a limited amount of information from memory if it matches JavaScript identifier syntax. This vulnerability affects Firefox < 56. | |||||
CVE-2017-12900 | 1 Tcpdump | 1 Tcpdump | 2019-10-02 | 7.5 HIGH | 9.8 CRITICAL |
Several protocol parsers in tcpdump before 4.9.2 could cause a buffer over-read in util-print.c:tok2strbuf(). | |||||
CVE-2017-12898 | 1 Tcpdump | 1 Tcpdump | 2019-10-02 | 7.5 HIGH | 9.8 CRITICAL |
The NFS parser in tcpdump before 4.9.2 has a buffer over-read in print-nfs.c:interp_reply(). | |||||
CVE-2017-7716 | 1 Radare | 1 Radare2 | 2019-10-02 | 4.3 MEDIUM | 5.5 MEDIUM |
The read_u32_leb128 function in libr/util/uleb128.c in radare2 1.3.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted Web Assembly file. | |||||
CVE-2017-12894 | 1 Tcpdump | 1 Tcpdump | 2019-10-02 | 7.5 HIGH | 9.8 CRITICAL |
Several protocol parsers in tcpdump before 4.9.2 could cause a buffer over-read in addrtoname.c:lookup_bytestring(). | |||||
CVE-2017-7623 | 1 Entropymine | 1 Imageworsener | 2019-10-02 | 4.3 MEDIUM | 5.5 MEDIUM |
The iwmiffr_convert_row32 function in imagew-miff.c in libimageworsener.a in ImageWorsener 1.3.0 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file. | |||||
CVE-2017-12897 | 1 Tcpdump | 1 Tcpdump | 2019-10-02 | 7.5 HIGH | 9.8 CRITICAL |
The ISO CLNS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c:isoclns_print(). |