Total
4813 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-6061 | 4 Canonical, Coturn Project, Debian and 1 more | 4 Ubuntu Linux, Coturn, Debian Linux and 1 more | 2022-06-07 | 7.5 HIGH | 9.8 CRITICAL |
| An exploitable heap out-of-bounds read vulnerability exists in the way CoTURN 4.5.1.1 web server parses POST requests. A specially crafted HTTP POST request can lead to information leaks and other misbehavior. An attacker needs to send an HTTPS request to trigger this vulnerability. | |||||
| CVE-2020-6058 | 1 Minisnmpd Project | 1 Minisnmpd | 2022-06-07 | 6.4 MEDIUM | 9.1 CRITICAL |
| An exploitable out-of-bounds read vulnerability exists in the way MiniSNMPD version 1.4 parses incoming SNMP packets. A specially crafted SNMP request can trigger an out-of-bounds memory read, which can result in the disclosure of sensitive information and denial of service. To trigger this vulnerability, an attacker needs to send a specially crafted packet to the vulnerable server. | |||||
| CVE-2020-3878 | 1 Apple | 7 Icloud, Ipados, Iphone Os and 4 more | 2022-06-04 | 6.8 MEDIUM | 7.8 HIGH |
| An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing a maliciously crafted image may lead to arbitrary code execution. | |||||
| CVE-2021-29470 | 2 Exiv2, Fedoraproject | 2 Exiv2, Fedora | 2022-06-03 | 4.3 MEDIUM | 6.5 MEDIUM |
| Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An out-of-bounds read was found in Exiv2 versions v0.27.3 and earlier. The out-of-bounds read is triggered when Exiv2 is used to write metadata into a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service by crashing Exiv2, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is only triggered when writing the metadata, which is a less frequently used Exiv2 operation than reading the metadata. For example, to trigger the bug in the Exiv2 command-line application, you need to add an extra command-line argument such as insert. The bug is fixed in version v0.27.4. | |||||
| CVE-2017-2861 | 1 Natus | 1 Xltek Neuroworks | 2022-06-03 | 5.0 MEDIUM | 7.5 HIGH |
| An exploitable Denial of Service vulnerability exists in the use of a return value in the NewProducerStream command in Natus Xltek NeuroWorks 8. A specially crafted network packet can cause an out of bounds read resulting in a denial of service. An attacker can send a malicious packet to trigger this vulnerability. | |||||
| CVE-2020-6077 | 2 Debian, Videolabs | 2 Debian Linux, Libmicrodns | 2022-06-03 | 5.0 MEDIUM | 7.5 HIGH |
| An exploitable denial-of-service vulnerability exists in the message-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing mDNS messages, the implementation does not properly keep track of the available data in the message, possibly leading to an out-of-bounds read that would result in a denial of service. An attacker can send an mDNS message to trigger this vulnerability. | |||||
| CVE-2022-1907 | 1 Libmobi Project | 1 Libmobi | 2022-06-03 | 5.8 MEDIUM | 8.1 HIGH |
| Buffer Over-read in GitHub repository bfabiszewski/libmobi prior to 0.11. | |||||
| CVE-2022-1908 | 1 Libmobi Project | 1 Libmobi | 2022-06-03 | 5.8 MEDIUM | 8.1 HIGH |
| Buffer Over-read in GitHub repository bfabiszewski/libmobi prior to 0.11. | |||||
| CVE-2022-1899 | 1 Radare | 1 Radare2 | 2022-06-03 | 6.4 MEDIUM | 9.1 CRITICAL |
| Out-of-bounds Read in GitHub repository radareorg/radare2 prior to 5.7.0. | |||||
| CVE-2018-6974 | 2 Apple, Vmware | 4 Mac Os X, Esxi, Fusion and 1 more | 2022-06-02 | 7.2 HIGH | 8.8 HIGH |
| VMware ESXi (6.7 before ESXi670-201810101-SG, 6.5 before ESXi650-201808401-BG, and 6.0 before ESXi600-201808401-BG), Workstation (14.x before 14.1.3) and Fusion (10.x before 10.1.3) contain an out-of-bounds read vulnerability in SVGA device. This issue may allow a guest to execute code on the host. | |||||
| CVE-2021-21995 | 1 Vmware | 2 Cloud Foundation, Esxi | 2022-06-02 | 5.0 MEDIUM | 7.5 HIGH |
| OpenSLP as used in ESXi has a denial-of-service vulnerability due a heap out-of-bounds read issue. A malicious actor with network access to port 427 on ESXi may be able to trigger a heap out-of-bounds read in OpenSLP service resulting in a denial-of-service condition. | |||||
| CVE-2020-9944 | 1 Apple | 5 Ipados, Iphone Os, Mac Os X and 2 more | 2022-06-02 | 4.3 MEDIUM | 5.5 MEDIUM |
| An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.0, tvOS 14.0, iOS 14.0 and iPadOS 14.0. An application may be able to read restricted memory. | |||||
| CVE-2020-9943 | 1 Apple | 5 Ipados, Iphone Os, Mac Os X and 2 more | 2022-06-02 | 4.3 MEDIUM | 5.5 MEDIUM |
| An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.0, tvOS 14.0, iOS 14.0 and iPadOS 14.0. A malicious application may be able to read restricted memory. | |||||
| CVE-2021-42700 | 1 Inkscape | 1 Inkscape | 2022-06-02 | 3.5 LOW | 3.3 LOW |
| Inkscape 0.91 is vulnerable to an out-of-bounds read, which may allow an attacker to have access to unauthorized information. | |||||
| CVE-2022-29488 | 2022-06-02 | N/A | N/A | ||
| The affected product is vulnerable to an out-of-bounds read via uninitialized pointer, which may allow an attacker to execute arbitrary code. | |||||
| CVE-2018-20102 | 3 Canonical, Haproxy, Redhat | 3 Ubuntu Linux, Haproxy, Openshift Container Platform | 2022-06-02 | 5.0 MEDIUM | 7.5 HIGH |
| An out-of-bounds read in dns_validate_dns_response in dns.c was discovered in HAProxy through 1.8.14. Due to a missing check when validating DNS responses, remote attackers might be able read the 16 bytes corresponding to an AAAA record from the non-initialized part of the buffer, possibly accessing anything that was left on the stack, or even past the end of the 8193-byte buffer, depending on the value of accepted_payload_size. | |||||
| CVE-2020-4033 | 4 Canonical, Fedoraproject, Freerdp and 1 more | 4 Ubuntu Linux, Fedora, Freerdp and 1 more | 2022-06-01 | 6.4 MEDIUM | 6.5 MEDIUM |
| In FreeRDP before version 2.1.2, there is an out of bounds read in RLEDECOMPRESS. All FreeRDP based clients with sessions with color depth < 32 are affected. This is fixed in version 2.1.2. | |||||
| CVE-2020-9918 | 1 Apple | 3 Mac Os X, Tvos, Watchos | 2022-05-31 | 10.0 HIGH | 9.8 CRITICAL |
| An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. A remote attacker may be able to cause unexpected system termination or corrupt kernel memory. | |||||
| CVE-2022-28183 | 1 Nvidia | 2 Gpu Display Driver, Virtual Gpu | 2022-05-26 | 3.6 LOW | 7.1 HIGH |
| NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where an unprivileged regular user can cause an out-of-bounds read, which may lead to denial of service and information disclosure. | |||||
| CVE-2022-30976 | 1 Gpac | 1 Gpac | 2022-05-25 | 4.0 MEDIUM | 7.1 HIGH |
| GPAC 2.0.0 misuses a certain Unicode utf8_wcslen (renamed gf_utf8_wcslen) function in utils/utf.c, resulting in a heap-based buffer over-read, as demonstrated by MP4Box. | |||||