Total
4813 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2019-11766 | 2 Debian, Dhcpcd Project | 2 Debian Linux, Dhcpcd | 2023-02-27 | 7.5 HIGH | 9.8 CRITICAL |
dhcp6.c in dhcpcd before 6.11.7 and 7.x before 7.2.2 has a buffer over-read in the D6_OPTION_PD_EXCLUDE feature. | |||||
CVE-2019-10903 | 5 Canonical, Debian, Fedoraproject and 2 more | 5 Ubuntu Linux, Debian Linux, Fedora and 2 more | 2023-02-27 | 5.0 MEDIUM | 7.5 HIGH |
In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the DCERPC SPOOLSS dissector could crash. This was addressed in epan/dissectors/packet-dcerpc-spoolss.c by adding a boundary check. | |||||
CVE-2023-22349 | 1 Jtekt | 1 Screen Creator Advance 2 | 2023-02-27 | N/A | 7.8 HIGH |
Out-of-bound read vulnerability exists in Screen Creator Advance 2 Ver.0.1.1.4 Build01 and earlier because the end of data cannot be verified when processing screen management information. Having a user of Screen Creator Advance 2 to open a specially crafted project file may lead to information disclosure and/or arbitrary code execution. | |||||
CVE-2023-22347 | 1 Jtekt | 1 Screen Creator Advance 2 | 2023-02-27 | N/A | 7.8 HIGH |
Out-of-bound read vulnerability exists in Screen Creator Advance 2 Ver.0.1.1.4 Build01 and earlier because the end of data cannot be verified when processing file structure information. Having a user of Screen Creator Advance 2 to open a specially crafted project file may lead to information disclosure and/or arbitrary code execution. | |||||
CVE-2023-22346 | 1 Jtekt | 1 Screen Creator Advance 2 | 2023-02-27 | N/A | 7.8 HIGH |
Out-of-bound read vulnerability exists in Screen Creator Advance 2 Ver.0.1.1.4 Build01 and earlier because the end of data cannot be verified when processing template information. Having a user of Screen Creator Advance 2 to open a specially crafted project file may lead to information disclosure and/or arbitrary code execution. | |||||
CVE-2023-0797 | 1 Libtiff | 1 Libtiff | 2023-02-26 | N/A | 5.5 MEDIUM |
LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in libtiff/tif_unix.c:368, invoked by tools/tiffcrop.c:2903 and tools/tiffcrop.c:6921, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e. | |||||
CVE-2023-22233 | 3 Adobe, Apple, Microsoft | 3 After Effects, Macos, Windows | 2023-02-24 | N/A | 5.5 MEDIUM |
After Affects versions 23.1 (and earlier), 22.6.3 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
CVE-2023-22231 | 3 Adobe, Apple, Microsoft | 3 Bridge, Macos, Windows | 2023-02-24 | N/A | 5.5 MEDIUM |
Adobe Bridge versions 12.0.3 (and earlier) and 13.0.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
CVE-2023-21583 | 3 Adobe, Apple, Microsoft | 3 Bridge, Macos, Windows | 2023-02-24 | N/A | 5.5 MEDIUM |
Adobe Bridge versions 12.0.3 (and earlier) and 13.0.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
CVE-2023-21578 | 3 Adobe, Apple, Microsoft | 3 Photoshop, Macos, Windows | 2023-02-24 | N/A | 5.5 MEDIUM |
Photoshop version 23.5.3 (and earlier), 24.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
CVE-2023-21577 | 3 Adobe, Apple, Microsoft | 3 Photoshop, Macos, Windows | 2023-02-24 | N/A | 5.5 MEDIUM |
Photoshop version 23.5.3 (and earlier), 24.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
CVE-2019-15927 | 1 Linux | 1 Linux Kernel | 2023-02-24 | 7.2 HIGH | 7.8 HIGH |
An issue was discovered in the Linux kernel before 4.20.2. An out-of-bounds access exists in the function build_audio_procunit in the file sound/usb/mixer.c. | |||||
CVE-2020-8835 | 4 Canonical, Fedoraproject, Linux and 1 more | 47 Ubuntu Linux, Fedora, Linux Kernel and 44 more | 2023-02-24 | 7.2 HIGH | 7.8 HIGH |
In the Linux kernel 5.5.0 and newer, the bpf verifier (kernel/bpf/verifier.c) did not properly restrict the register bounds for 32-bit operations, leading to out-of-bounds reads and writes in kernel memory. The vulnerability also affects the Linux 5.4 stable series, starting with v5.4.7, as the introducing commit was backported to that branch. This vulnerability was fixed in 5.6.1, 5.5.14, and 5.4.29. (issue is aka ZDI-CAN-10780) | |||||
CVE-2017-9074 | 1 Linux | 1 Linux Kernel | 2023-02-24 | 7.2 HIGH | 7.8 HIGH |
The IPv6 fragmentation implementation in the Linux kernel through 4.11.1 does not consider that the nexthdr field may be associated with an invalid option, which allows local users to cause a denial of service (out-of-bounds read and BUG) or possibly have unspecified other impact via crafted socket and send system calls. | |||||
CVE-2017-9985 | 2 Canonical, Linux | 2 Ubuntu Linux, Linux Kernel | 2023-02-24 | 7.2 HIGH | 7.8 HIGH |
The snd_msndmidi_input_read function in sound/isa/msnd/msnd_midi.c in the Linux kernel through 4.11.7 allows local users to cause a denial of service (over-boundary access) or possibly have unspecified other impact by changing the value of a message queue head pointer between two kernel reads of that value, aka a "double fetch" vulnerability. | |||||
CVE-2017-9984 | 1 Linux | 1 Linux Kernel | 2023-02-24 | 7.2 HIGH | 7.8 HIGH |
The snd_msnd_interrupt function in sound/isa/msnd/msnd_pinnacle.c in the Linux kernel through 4.11.7 allows local users to cause a denial of service (over-boundary access) or possibly have unspecified other impact by changing the value of a message queue head pointer between two kernel reads of that value, aka a "double fetch" vulnerability. | |||||
CVE-2021-3743 | 4 Fedoraproject, Linux, Netapp and 1 more | 21 Fedora, Linux Kernel, Baseboard Management Controller H300e and 18 more | 2023-02-24 | 3.6 LOW | 7.1 HIGH |
An out-of-bounds (OOB) memory read flaw was found in the Qualcomm IPC router protocol in the Linux kernel. A missing sanity check allows a local attacker to gain access to out-of-bounds memory, leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to system availability. | |||||
CVE-2021-43389 | 4 Debian, Linux, Oracle and 1 more | 6 Debian Linux, Linux Kernel, Communications Cloud Native Core Binding Support Function and 3 more | 2023-02-24 | 2.1 LOW | 5.5 MEDIUM |
An issue was discovered in the Linux kernel before 5.14.15. There is an array-index-out-of-bounds flaw in the detach_capi_ctr function in drivers/isdn/capi/kcapi.c. | |||||
CVE-2022-35269 | 1 Robustel | 2 R1510, R1510 Firmware | 2023-02-23 | N/A | 7.5 HIGH |
A denial of service vulnerability exists in the web_server hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to denial of service. An attacker can send a sequence of requests to trigger this vulnerability.This denial of service is in the `/action/import_e2c_json_file/` API. | |||||
CVE-2022-35270 | 1 Robustel | 2 R1510, R1510 Firmware | 2023-02-23 | N/A | 7.5 HIGH |
A denial of service vulnerability exists in the web_server hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to denial of service. An attacker can send a sequence of requests to trigger this vulnerability.This denial of service is in the `/action/import_wireguard_cert_file/` API. |