Total
6166 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-31630 | 1 Php | 1 Php | 2024-04-02 | N/A | 7.1 HIGH |
| In PHP versions prior to 7.4.33, 8.0.25 and 8.1.12, when using imageloadfont() function in gd extension, it is possible to supply a specially crafted font file, such as if the loaded font is used with imagechar() function, the read outside allocated buffer will be used. This can lead to crashes or disclosure of confidential information. | |||||
| CVE-2024-20820 | 1 Samsung | 1 Android | 2024-04-02 | N/A | 7.1 HIGH |
| Improper input validation in bootloader prior to SMR Feb-2024 Release 1 allows local privileged attackers to cause an Out-Of-Bounds read. | |||||
| CVE-2024-20814 | 1 Samsung | 1 Android | 2024-04-02 | N/A | 5.5 MEDIUM |
| Out-of-bounds Read in padmd_vld_ac_prog_refine of libpadm.so prior to SMR Feb-2024 Release 1 allows local attackers access unauthorized information. | |||||
| CVE-2023-1018 | 2 Microsoft, Trustedcomputinggroup | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2024-04-01 | N/A | 5.5 MEDIUM |
| An out-of-bounds read vulnerability exists in TPM2.0's Module Library allowing a 2-byte read past the end of a TPM2.0 command in the CryptParameterDecryption routine. An attacker who can successfully exploit this vulnerability can read or access sensitive data stored in the TPM. | |||||
| CVE-2024-2626 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2024-04-01 | N/A | 6.5 MEDIUM |
| Out of bounds read in Swiftshader in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Medium) | |||||
| CVE-2024-27319 | 2024-03-30 | N/A | 4.4 MEDIUM | ||
| Versions of the package onnx before and including 1.15.0 are vulnerable to Out-of-bounds Read as the ONNX_ASSERT and ONNX_ASSERTM functions have an off by one string copy. | |||||
| CVE-2024-0071 | 2024-03-28 | N/A | 7.8 HIGH | ||
| NVIDIA GPU Display Driver for Windows contains a vulnerability in the user mode layer, where an unprivileged regular user can cause an out-of-bounds write. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering. | |||||
| CVE-2019-20838 | 3 Apple, Pcre, Splunk | 3 Macos, Pcre, Universal Forwarder | 2024-03-27 | 4.3 MEDIUM | 7.5 HIGH |
| libpcre in PCRE before 8.43 allows a subject buffer over-read in JIT when UTF is disabled, and \X or \R has more than one fixed quantifier, a related issue to CVE-2019-20454. | |||||
| CVE-2019-20454 | 3 Fedoraproject, Pcre, Splunk | 3 Fedora, Pcre2, Universal Forwarder | 2024-03-27 | 5.0 MEDIUM | 7.5 HIGH |
| An out-of-bounds read was discovered in PCRE before 10.34 when the pattern \X is JIT compiled and used to match specially crafted subjects in non-UTF mode. Applications that use PCRE to parse untrusted input may be vulnerable to this flaw, which would allow an attacker to crash the application. The flaw occurs in do_extuni_no_utf in pcre2_jit_compile.c. | |||||
| CVE-2022-35260 | 4 Apple, Haxx, Netapp and 1 more | 12 Macos, Curl, Clustered Data Ontap and 9 more | 2024-03-27 | N/A | 6.5 MEDIUM |
| curl can be told to parse a `.netrc` file for credentials. If that file endsin a line with 4095 consecutive non-white space letters and no newline, curlwould first read past the end of the stack-based buffer, and if the readworks, write a zero byte beyond its boundary.This will in most cases cause a segfault or similar, but circumstances might also cause different outcomes.If a malicious user can provide a custom netrc file to an application or otherwise affect its contents, this flaw could be used as denial-of-service. | |||||
| CVE-2023-38253 | 3 Fedoraproject, Redhat, Tats | 4 Extra Packages For Enterprise Linux, Fedora, Enterprise Linux and 1 more | 2024-03-27 | N/A | 5.5 MEDIUM |
| An out-of-bounds read flaw was found in w3m, in the growbuf_to_Str function in indep.c. This issue may allow an attacker to cause a denial of service through a crafted HTML file. | |||||
| CVE-2023-38252 | 3 Fedoraproject, Redhat, Tats | 4 Extra Packages For Enterprise Linux, Fedora, Enterprise Linux and 1 more | 2024-03-27 | N/A | 5.5 MEDIUM |
| An out-of-bounds read flaw was found in w3m, in the Strnew_size function in Str.c. This issue may allow an attacker to cause a denial of service through a crafted HTML file. | |||||
| CVE-2024-21920 | 2024-03-26 | N/A | 4.4 MEDIUM | ||
| A memory buffer vulnerability in Rockwell Automation Arena Simulation could potentially let a threat actor read beyond the intended memory boundaries. This could reveal sensitive information and even cause the application to crash, resulting in a denial-of-service condition. To trigger this, the user would unwittingly need to open a malicious file shared by the threat actor. | |||||
| CVE-2023-37453 | 1 Linux | 1 Linux Kernel | 2024-03-25 | N/A | 4.6 MEDIUM |
| An issue was discovered in the USB subsystem in the Linux kernel through 6.4.2. There is an out-of-bounds and crash in read_descriptors in drivers/usb/core/sysfs.c. | |||||
| CVE-2023-26607 | 2 Linux, Netapp | 2 Linux Kernel, Hci Baseboard Management Controller | 2024-03-25 | N/A | 7.1 HIGH |
| In the Linux kernel 6.0.8, there is an out-of-bounds read in ntfs_attr_find in fs/ntfs/attrib.c. | |||||
| CVE-2021-29155 | 3 Debian, Fedoraproject, Linux | 3 Debian Linux, Fedora, Linux Kernel | 2024-03-25 | 2.1 LOW | 5.5 MEDIUM |
| An issue was discovered in the Linux kernel through 5.11.x. kernel/bpf/verifier.c performs undesirable out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory. Specifically, for sequences of pointer arithmetic operations, the pointer modification performed by the first operation is not correctly accounted for when restricting subsequent operations. | |||||
| CVE-2024-1848 | 2024-03-22 | N/A | 7.8 HIGH | ||
| Heap-based Buffer Overflow, Memory Corruption, Out-Of-Bounds Read, Out-Of-Bounds Write, Stack-based Buffer Overflow, Type Confusion, Uninitialized Variable, Use-After-Free vulnerabilities exist in the file reading procedure in SOLIDWORKS Desktop on Release SOLIDWORKS 2024. These vulnerabilities could allow an attacker to execute arbitrary code while opening a specially crafted CATPART, DWG, DXF, IPT, JT, SAT, SLDDRW, SLDPRT, STL, STP, X_B or X_T file. | |||||
| CVE-2021-23437 | 2 Fedoraproject, Python | 2 Fedora, Pillow | 2024-03-22 | 5.0 MEDIUM | 7.5 HIGH |
| The package pillow 5.2.0 and before 8.3.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the getrgb function. | |||||
| CVE-2024-27094 | 2024-03-21 | N/A | 6.5 MEDIUM | ||
| OpenZeppelin Contracts is a library for secure smart contract development. The `Base64.encode` function encodes a `bytes` input by iterating over it in chunks of 3 bytes. When this input is not a multiple of 3, the last iteration may read parts of the memory that are beyond the input buffer. The vulnerability is fixed in 5.0.2 and 4.9.6. | |||||
| CVE-2023-46045 | 1 Graphviz | 1 Graphviz | 2024-03-21 | N/A | 7.8 HIGH |
| Graphviz 2.36.0 through 9.x before 10.0.1 has an out-of-bounds read via a crafted config6a file. NOTE: exploitability may be uncommon because this file is typically owned by root. | |||||