Total
4813 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-15050 | 1 Axiosys | 1 Bento4 | 2019-08-19 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in Bento4 1.5.1.0. There is a heap-based buffer over-read in the AP4_AvccAtom class at Core/Ap4AvccAtom.cpp. | |||||
| CVE-2018-14851 | 4 Canonical, Debian, Netapp and 1 more | 4 Ubuntu Linux, Debian Linux, Storage Automation Store and 1 more | 2019-08-19 | 4.3 MEDIUM | 5.5 MEDIUM |
| exif_process_IFD_in_MAKERNOTE in ext/exif/exif.c in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG file. | |||||
| CVE-2017-16642 | 4 Canonical, Debian, Netapp and 1 more | 5 Ubuntu Linux, Debian Linux, Clustered Data Ontap and 2 more | 2019-08-19 | 5.0 MEDIUM | 7.5 HIGH |
| In PHP before 5.6.32, 7.x before 7.0.25, and 7.1.x before 7.1.11, an error in the date extension's timelib_meridian handling of 'front of' and 'back of' directives could be used by attackers able to supply date strings to leak information from the interpreter, related to ext/date/lib/parse_date.c out-of-bounds reads affecting the php_parse_date function. NOTE: this is a different issue than CVE-2017-11145. | |||||
| CVE-2018-10549 | 4 Canonical, Debian, Netapp and 1 more | 4 Ubuntu Linux, Debian Linux, Storage Automation Store and 1 more | 2019-08-19 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. exif_read_data in ext/exif/exif.c has an out-of-bounds read for crafted JPEG data because exif_iif_add_value mishandles the case of a MakerNote that lacks a final '\0' character. | |||||
| CVE-2018-18359 | 3 Debian, Google, Redhat | 5 Debian Linux, Chrome, Linux Desktop and 2 more | 2019-08-17 | 6.8 MEDIUM | 8.8 HIGH |
| Incorrect handling of Reflect.construct in V8 in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. | |||||
| CVE-2019-15047 | 1 Axiosys | 1 Bento4 | 2019-08-16 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in Bento4 1.5.1.0. There is a heap-based buffer over-read in the function AP4_BitReader::SkipBits at Core/Ap4Utils.cpp. | |||||
| CVE-2019-15049 | 1 Axiosys | 1 Bento4 | 2019-08-16 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in Bento4 1.5.1.0. There is a heap-based buffer over-read in the AP4_Dec3Atom class at Core/Ap4Dec3Atom.cpp. | |||||
| CVE-2015-9290 | 1 Freetype | 1 Freetype | 2019-08-15 | 7.5 HIGH | 9.8 CRITICAL |
| In FreeType before 2.6.1, a buffer over-read occurs in type1/t1parse.c on function T1_Get_Private_Dict where there is no check that the new values of cur and limit are sensible before going to Again. | |||||
| CVE-2017-14166 | 3 Canonical, Debian, Libarchive | 3 Ubuntu Linux, Debian Linux, Libarchive | 2019-08-15 | 4.3 MEDIUM | 6.5 MEDIUM |
| libarchive 3.3.2 allows remote attackers to cause a denial of service (xml_data heap-based buffer over-read and application crash) via a crafted xar archive, related to the mishandling of empty strings in the atol8 function in archive_read_support_format_xar.c. | |||||
| CVE-2017-18446 | 1 Cpanel | 1 Cpanel | 2019-08-14 | 6.5 MEDIUM | 6.3 MEDIUM |
| cPanel before 64.0.21 allows file-read and file-write operations for demo accounts via the SourceIPCheck API (SEC-250). | |||||
| CVE-2018-13098 | 1 Linux | 1 Linux Kernel | 2019-08-13 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in fs/f2fs/inode.c in the Linux kernel through 4.17.3. A denial of service (slab out-of-bounds read and BUG) can occur for a modified f2fs filesystem image in which FI_EXTRA_ATTR is set in an inode. | |||||
| CVE-2019-14531 | 1 Sleuthkit | 1 The Sleuth Kit | 2019-08-12 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in The Sleuth Kit (TSK) 4.6.6. There is an out of bounds read on iso9660 while parsing System Use Sharing Protocol data in fs/iso9660.c. | |||||
| CVE-2019-14283 | 1 Linux | 1 Linux Kernel | 2019-08-11 | 4.6 MEDIUM | 6.8 MEDIUM |
| In the Linux kernel before 5.2.3, set_geometry in drivers/block/floppy.c does not validate the sect and head fields, as demonstrated by an integer overflow and out-of-bounds read. It can be triggered by an unprivileged local user when a floppy disk has been inserted. NOTE: QEMU creates the floppy device by default. | |||||
| CVE-2017-6851 | 1 Jasper Project | 1 Jasper | 2019-08-09 | 4.3 MEDIUM | 5.5 MEDIUM |
| The jas_matrix_bindsub function in jas_seq.c in JasPer 2.0.10 allows remote attackers to cause a denial of service (invalid read) via a crafted image. | |||||
| CVE-2019-6501 | 2 Fedoraproject, Qemu | 2 Fedora, Qemu | 2019-08-06 | 2.1 LOW | 5.5 MEDIUM |
| In QEMU 3.1, scsi_handle_inquiry_reply in hw/scsi/scsi-generic.c allows out-of-bounds write and read operations. | |||||
| CVE-2018-19059 | 2 Canonical, Freedesktop | 2 Ubuntu Linux, Poppler | 2019-08-06 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in Poppler 0.71.0. There is a out-of-bounds read in EmbFile::save2 in FileSpec.cc, will lead to denial of service, as demonstrated by utils/pdfdetach.cc not validating embedded files before save attempts. | |||||
| CVE-2018-12264 | 3 Canonical, Debian, Exiv2 | 3 Ubuntu Linux, Debian Linux, Exiv2 | 2019-08-06 | 6.8 MEDIUM | 8.8 HIGH |
| Exiv2 0.26 has integer overflows in LoaderTiff::getData() in preview.cpp, leading to an out-of-bounds read in Exiv2::ValueType::setDataArea in value.hpp. | |||||
| CVE-2018-12265 | 3 Canonical, Debian, Exiv2 | 3 Ubuntu Linux, Debian Linux, Exiv2 | 2019-08-06 | 6.8 MEDIUM | 8.8 HIGH |
| Exiv2 0.26 has an integer overflow in the LoaderExifJpeg class in preview.cpp, leading to an out-of-bounds read in Exiv2::MemIo::read in basicio.cpp. | |||||
| CVE-2018-16427 | 1 Opensc Project | 1 Opensc | 2019-08-06 | 2.1 LOW | 4.3 MEDIUM |
| Various out of bounds reads when handling responses in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to potentially crash the opensc library using programs. | |||||
| CVE-2018-16842 | 3 Canonical, Debian, Haxx | 3 Ubuntu Linux, Debian Linux, Curl | 2019-08-06 | 6.4 MEDIUM | 9.1 CRITICAL |
| Curl versions 7.14.1 through 7.61.1 are vulnerable to a heap-based buffer over-read in the tool_msgs.c:voutf() function that may result in information exposure and denial of service. | |||||