Total
8217 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-9290 | 1 Freetype | 1 Freetype | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
In FreeType before 2.6.1, a buffer over-read occurs in type1/t1parse.c on function T1_Get_Private_Dict where there is no check that the new values of cur and limit are sensible before going to Again.
|
|||||
| CVE-2015-9289 | 1 Linux | 1 Linux Kernel | 2024-11-21 | 4.9 MEDIUM | 5.5 MEDIUM |
|
In the Linux kernel before 4.1.4, a buffer overflow occurs when checking userspace params in drivers/media/dvb-frontends/cx24116.c. The maximum size for a DiSEqC command is 6, according to the userspace API. However, the code allows larger values such as 23.
|
|||||
| CVE-2015-9274 | 1 Harfbuzz Project | 1 Harfbuzz | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
HarfBuzz before 1.0.4 allows remote attackers to cause a denial of service (invalid read of two bytes and application crash) because of GPOS and GSUB table mishandling, related to hb-ot-layout-gpos-table.hh, hb-ot-layout-gsub-table.hh, and hb-ot-layout-gsubgpos-private.hh.
|
|||||
| CVE-2015-7507 | 1 Netsurf-browser | 1 Libnsbmp | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
libnsbmp.c in Libnsbmp 0.1.2 allows context-dependent attackers to cause a denial of service (out-of-bounds read) via a crafted color table to the (1) bmp_decode_rgb or (2) bmp_decode_rle function.
|
|||||
| CVE-2015-7506 | 1 Netsurf-browser | 1 Libnsgif | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
The gif_next_LZW function in libnsgif.c in Libnsgif 0.1.2 allows context-dependent attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted LZW stream in a GIF file.
|
|||||
| CVE-2015-2326 | 4 Mariadb, Opensuse, Pcre and 1 more | 4 Mariadb, Opensuse, Pcre and 1 more | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
The pcre_compile2 function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code and cause a denial of service (out-of-bounds read) via regular expression with a group containing both a forward referencing subroutine call and a recursive back reference, as demonstrated by "((?+1)(\1))/".
|
|||||
| CVE-2015-2325 | 4 Mariadb, Opensuse, Pcre and 1 more | 4 Mariadb, Opensuse, Pcre and 1 more | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
The compile_branch function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code, cause a denial of service (out-of-bounds heap read and crash), or possibly have other unspecified impact via a regular expression with a group containing a forward reference repeated a large number of times within a repeated outer group that has a zero minimum quantifier.
|
|||||
| CVE-2014-3180 | 2 Google, Linux | 2 Chrome Os, Linux Kernel | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
|
In kernel/compat.c in the Linux kernel before 3.17, as used in Google Chrome OS and other products, there is a possible out-of-bounds read. restart_syscall uses uninitialized data when restarting compat_sys_nanosleep. NOTE: this is disputed because the code path is unreachable
|
|||||
| CVE-2014-2898 | 1 Wolfssl | 1 Wolfssl | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
wolfSSL CyaSSL before 2.9.4 allows remote attackers to have unspecified impact via multiple calls to the CyaSSL_read function which triggers an out-of-bounds read when an error occurs, related to not checking the return code and MAC verification failure.
|
|||||
| CVE-2014-2897 | 1 Wolfssl | 1 Wolfssl | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
The SSL 3 HMAC functionality in wolfSSL CyaSSL 2.5.0 before 2.9.4 does not check the padding length when verification fails, which allows remote attackers to have unspecified impact via a crafted HMAC, which triggers an out-of-bounds read.
|
|||||
| CVE-2014-2896 | 1 Wolfssl | 1 Wolfssl | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
The DoAlert function in the (1) TLS and (2) DTLS implementations in wolfSSL CyaSSL before 2.9.4 allows remote attackers to have unspecified impact and vectors, which trigger memory corruption or an out-of-bounds read.
|
|||||
| CVE-2014-2032 | 2 Deadwood Project, Maradns Project | 2 Deadwood, Maradns | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
|
Deadwood before 2.3.09, 3.x before 3.2.05, and as used in MaraDNS before 1.4.14 and 2.x before 2.0.09, allow remote attackers to cause a denial of service (out-of-bounds read and crash) by leveraging permission to perform recursive queries against Deadwood, related to missing input validation.
|
|||||
| CVE-2014-2031 | 2 Deadwood Project, Maradns Project | 2 Deadwood, Maradns | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
|
Deadwood before 2.3.09, 3.x before 3.2.05, and as used in MaraDNS before 1.4.14 and 2.x before 2.0.09, allow remote attackers to cause a denial of service (out-of-bounds read and crash) by leveraging permission to perform recursive queries against Deadwood, related to a logic error.
|
|||||
| CVE-2014-125017 | 1 Ffmpeg | 1 Ffmpeg | 2024-11-21 | 6.8 MEDIUM | 7.3 HIGH |
|
A vulnerability classified as critical was found in FFmpeg 2.0. This vulnerability affects the function rpza_decode_stream. The manipulation leads to memory corruption. The attack can be initiated remotely. The name of the patch is Fixes Invalid Writes. It is recommended to apply a patch to fix this issue.
|
|||||
| CVE-2013-2807 | 1 Rockwellautomation | 1 Rslinx Enterprise | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
|
Rockwell Automation RSLinx Enterprise Software (LogReceiver.exe) CPR9, CPR9-SR1, CPR9-SR2, CPR9-SR3, CPR9-SR4, CPR9-SR5, CPR9-SR5.1, and CPR9-SR6 does not handle input correctly and results in a logic error if it calculates an incorrect value for the “Total Record Size” field. By sending a datagram to the service over Port 4444/UDP with the “Record Data Size” field modified to a specifically oversized value, the service will calculate an undersized value for the “Total Record Size” that will cau ...
Show More |
|||||
| CVE-2013-2805 | 1 Rockwellautomation | 1 Rslinx Enterprise | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
|
Rockwell Automation RSLinx Enterprise Software (LogReceiver.exe) CPR9, CPR9-SR1, CPR9-SR2, CPR9-SR3, CPR9-SR4, CPR9-SR5, CPR9-SR5.1, and CPR9-SR6 does not handle input correctly and results in a logic error if it receives a datagram with an incorrect value in the “Record Data Size” field. By sending a datagram to the service over Port 4444/UDP with the “Record Data Size” field modified to an oversized value, an attacker could cause an out-of-bounds read access violation that leads to a service c ...
Show More |
|||||
| CVE-2012-4428 | 4 Canonical, Debian, Fedoraproject and 1 more | 4 Ubuntu Linux, Debian Linux, Fedora and 1 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
openslp: SLPIntersectStringList()' Function has a DoS vulnerability
|
|||||
| CVE-2024-33014 | 1 Qualcomm | 650 315 5g Iot Modem, 315 5g Iot Modem Firmware, 860 Mobile Platform and 647 more | 2024-11-20 | N/A | 7.5 HIGH |
|
Transient DOS while parsing ESP IE from beacon/probe response frame.
|
|||||
| CVE-2024-33015 | 1 Qualcomm | 390 Ar8035, Ar8035 Firmware, Csr8811 and 387 more | 2024-11-20 | N/A | 7.5 HIGH |
|
Transient DOS while parsing SCAN RNR IE when bytes received from AP is such that the size of the last param of IE is less than neighbor report.
|
|||||
| CVE-2024-33025 | 1 Qualcomm | 338 Csr8811, Csr8811 Firmware, Fastconnect 6800 and 335 more | 2024-11-20 | N/A | 7.5 HIGH |
|
Transient DOS while parsing the BSS parameter change count or MLD capabilities fields of the ML IE.
|
|||||
| CVE-2024-33018 | 1 Qualcomm | 302 Ar8035, Ar8035 Firmware, Csr8811 and 299 more | 2024-11-20 | N/A | 7.5 HIGH |
|
Transient DOS while parsing the received TID-to-link mapping element of the TID-to-link mapping action frame.
|
|||||
| CVE-2024-33026 | 1 Qualcomm | 330 Ar8035, Ar8035 Firmware, Csr8811 and 327 more | 2024-11-20 | N/A | 7.5 HIGH |
|
Transient DOS while parsing probe response and assoc response frame when received frame length is less than max size of timestamp.
|
|||||
| CVE-2024-33020 | 1 Qualcomm | 196 Ar8035, Ar8035 Firmware, Fastconnect 6700 and 193 more | 2024-11-20 | N/A | 7.5 HIGH |
|
Transient DOS while processing TID-to-link mapping IE elements.
|
|||||
| CVE-2024-33019 | 1 Qualcomm | 298 Ar8035, Ar8035 Firmware, Csr8811 and 295 more | 2024-11-20 | N/A | 7.5 HIGH |
|
Transient DOS while parsing the received TID-to-link mapping action frame.
|
|||||
| CVE-2024-52613 | 1 Justdan96 | 1 Tsmuxer | 2024-11-20 | N/A | 5.5 MEDIUM |
|
A heap-based buffer under-read in tsMuxer version nightly-2024-05-12-02-01-18 allows attackers to cause Denial of Service (DoS) via a crafted MOV video file.
|
|||||
| CVE-2024-49536 | 3 Adobe, Apple, Microsoft | 3 Audition, Macos, Windows | 2024-11-19 | N/A | 5.5 MEDIUM |
|
Audition versions 23.6.9, 24.4.6 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2024-43449 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2024-11-19 | N/A | 6.8 MEDIUM |
|
Windows USB Video Class System Driver Elevation of Privilege Vulnerability
|
|||||
| CVE-2024-24425 | 2024-11-19 | N/A | 6.5 MEDIUM | ||
|
Magma v1.8.0 and OAI EPC Federation v1.20 were discovered to contain an out-of-bounds read in the amf_as_establish_req function at /tasks/amf/amf_as.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted NAS packet.
|
|||||
| CVE-2024-43634 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2024-11-18 | N/A | 6.8 MEDIUM |
|
Windows USB Video Class System Driver Elevation of Privilege Vulnerability
|
|||||
| CVE-2024-43638 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2024-11-18 | N/A | 6.8 MEDIUM |
|
Windows USB Video Class System Driver Elevation of Privilege Vulnerability
|
|||||
| CVE-2024-43643 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2024-11-18 | N/A | 6.8 MEDIUM |
|
Windows USB Video Class System Driver Elevation of Privilege Vulnerability
|
|||||
| CVE-2024-43644 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2024-11-18 | N/A | 7.8 HIGH |
|
Windows Client-Side Caching Elevation of Privilege Vulnerability
|
|||||
| CVE-2024-49028 | 1 Microsoft | 4 365 Apps, Excel, Office and 1 more | 2024-11-18 | N/A | 7.8 HIGH |
|
Microsoft Excel Remote Code Execution Vulnerability
|
|||||
| CVE-2024-49527 | 3 Adobe, Apple, Microsoft | 3 Animate, Macos, Windows | 2024-11-18 | N/A | 5.5 MEDIUM |
|
Animate versions 23.0.7, 24.0.4 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2024-52876 | 2024-11-18 | N/A | 7.5 HIGH | ||
|
Holy Stone Remote ID Module HSRID01, firmware distributed with the Drone Go2 mobile application before 1.1.8, allows unauthenticated "remote power off" actions (in broadcast mode) via multiple read operations on the ASTM Remote ID (0xFFFA) GATT.
|
|||||
| CVE-2022-20766 | 2024-11-18 | N/A | 5.3 MEDIUM | ||
|
A vulnerability in the Cisco Discovery Protocol functionality of Cisco ATA 190 Series Adaptive Telephone Adapter firmware could allow an unauthenticated, remote attacker to cause a DoS condition on an affected device.
This vulnerability is due to an out-of-bounds read when processing Cisco Discovery Protocol packets. An attacker could exploit this vulnerability by sending crafted Cisco Discovery Protocol packets to an affected device. A successful exploit could allow the att ...
Show More |
|||||
| CVE-2024-49510 | 3 Adobe, Apple, Microsoft | 3 Indesign, Macos, Windows | 2024-11-16 | N/A | 5.5 MEDIUM |
|
InDesign Desktop versions ID18.5.3, ID19.5 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2024-49511 | 3 Adobe, Apple, Microsoft | 3 Indesign, Macos, Windows | 2024-11-16 | N/A | 5.5 MEDIUM |
|
InDesign Desktop versions ID18.5.3, ID19.5 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2024-49512 | 3 Adobe, Apple, Microsoft | 3 Indesign, Macos, Windows | 2024-11-16 | N/A | 5.5 MEDIUM |
|
InDesign Desktop versions ID18.5.3, ID19.5 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2024-28051 | 2024-11-15 | N/A | 2.2 LOW | ||
|
Out-of-bounds read in some Intel(R) VPL software before version 24.1.4 may allow an authenticated user to potentially enable information disclosure via local access.
|
|||||