Vulnerabilities (CVE)

Filtered by CWE-125
Total 6166 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-2450 1 Apple 4 Iphone Os, Mac Os X, Tvos and 1 more 2019-03-08 5.8 MEDIUM 7.1 HIGH
An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "CoreText" component. It allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and application crash) via a crafted font file.
CVE-2017-2439 1 Apple 4 Iphone Os, Mac Os X, Tvos and 1 more 2019-03-08 5.8 MEDIUM 7.1 HIGH
An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "FontParser" component. It allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and application crash) via a crafted font file.
CVE-2019-6220 1 Apple 1 Mac Os X 2019-03-07 4.3 MEDIUM 5.5 MEDIUM
An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Mojave 10.14.3. An application may be able to read restricted memory.
CVE-2019-6231 1 Apple 4 Iphone Os, Mac Os X, Tvos and 1 more 2019-03-07 4.3 MEDIUM 5.5 MEDIUM
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2, watchOS 5.1.3. A malicious application may be able to read restricted memory.
CVE-2018-5001 6 Adobe, Apple, Google and 3 more 11 Flash Player, Flash Player Desktop Runtime, Mac Os X and 8 more 2019-03-07 4.3 MEDIUM 6.5 MEDIUM
Adobe Flash Player versions 29.0.0.171 and earlier have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
CVE-2018-4222 3 Apple, Canonical, Microsoft 8 Icloud, Iphone Os, Itunes and 5 more 2019-03-07 6.8 MEDIUM 8.8 HIGH
An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code via a crafted web site that leverages a getWasmBufferFromValue out-of-bounds read during WebAssembly compilation.
CVE-2015-5327 1 Linux 1 Linux Kernel 2019-03-07 4.0 MEDIUM 6.5 MEDIUM
Out-of-bounds memory read in the x509_decode_time function in x509_cert_parser.c in Linux kernels 4.3-rc1 and after.
CVE-2019-6209 1 Apple 4 Iphone Os, Mac Os X, Tv Os and 1 more 2019-03-06 4.3 MEDIUM 5.5 MEDIUM
An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2, watchOS 5.1.3. A malicious application may be able to determine kernel memory layout.
CVE-2019-6221 2 Apple, Microsoft 4 Iphone Os, Itunes, Mac Os X and 1 more 2019-03-06 6.8 MEDIUM 7.8 HIGH
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, iTunes 12.9.3 for Windows. A malicious application may be able to elevate privileges.
CVE-2019-6202 1 Apple 3 Iphone Os, Mac Os X, Watchos 2019-03-06 6.8 MEDIUM 7.8 HIGH
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, watchOS 5.1.3. A malicious application may be able to elevate privileges.
CVE-2019-6200 1 Apple 2 Iphone Os, Mac Os X 2019-03-06 5.8 MEDIUM 8.8 HIGH
An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3. An attacker in a privileged network position may be able to execute arbitrary code.
CVE-2016-5826 1 Libical Project 1 Libical 2019-03-04 5.0 MEDIUM 7.5 HIGH
The parser_get_next_char function in libical 0.47 and 1.0 allows remote attackers to cause a denial of service (out-of-bounds heap read) by crafting a string to the icalparser_parse_string function.
CVE-2016-5825 1 Libical Project 1 Libical 2019-03-04 4.3 MEDIUM 5.5 MEDIUM
The icalparser_parse_string function in libical 0.47 and 1.0 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted ics file.
CVE-2018-7875 2 Debian, Libming 2 Debian Linux, Libming 2019-03-04 4.3 MEDIUM 6.5 MEDIUM
There is a heap-based buffer over-read in the getString function of util/decompile.c in libming 0.4.8 for CONSTANT8 data. A Crafted input will lead to a denial of service attack.
CVE-2018-7871 2 Debian, Libming 2 Debian Linux, Libming 2019-03-04 6.8 MEDIUM 8.8 HIGH
There is a heap-based buffer over-read in the getName function of util/decompile.c in libming 0.4.8 for CONSTANT16 data. A crafted input will lead to a denial of service or possibly unspecified other impact.
CVE-2018-7868 2 Debian, Libming 2 Debian Linux, Libming 2019-03-04 4.3 MEDIUM 6.5 MEDIUM
There is a heap-based buffer over-read in the getName function of util/decompile.c in libming 0.4.8 for CONSTANT8 data. A Crafted input will lead to a denial of service attack.
CVE-2017-8362 2 Debian, Libsndfile Project 2 Debian Linux, Libsndfile 2019-03-04 4.3 MEDIUM 6.5 MEDIUM
The flac_buffer_copy function in flac.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (invalid read and application crash) via a crafted audio file.
CVE-2019-1996 1 Google 1 Android 2019-03-01 3.3 LOW 6.5 MEDIUM
In avrc_pars_browse_rsp of avrc_pars_ct.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-8.0 Android-8.1 Android-9. Android ID: A-111451066.
CVE-2018-7051 3 Canonical, Debian, Irssi 3 Ubuntu Linux, Debian Linux, Irssi 2019-02-28 5.0 MEDIUM 7.5 HIGH
An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. Certain nick names could result in out-of-bounds access when printing theme strings.
CVE-2018-9144 1 Exiv2 1 Exiv2 2019-02-27 5.8 MEDIUM 8.1 HIGH
In Exiv2 0.26, there is an out-of-bounds read in Exiv2::Internal::binaryToString in image.cpp. It could result in denial of service or information disclosure.