Total
6166 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2017-2450 | 1 Apple | 4 Iphone Os, Mac Os X, Tvos and 1 more | 2019-03-08 | 5.8 MEDIUM | 7.1 HIGH |
An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "CoreText" component. It allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and application crash) via a crafted font file. | |||||
CVE-2017-2439 | 1 Apple | 4 Iphone Os, Mac Os X, Tvos and 1 more | 2019-03-08 | 5.8 MEDIUM | 7.1 HIGH |
An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "FontParser" component. It allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and application crash) via a crafted font file. | |||||
CVE-2019-6220 | 1 Apple | 1 Mac Os X | 2019-03-07 | 4.3 MEDIUM | 5.5 MEDIUM |
An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Mojave 10.14.3. An application may be able to read restricted memory. | |||||
CVE-2019-6231 | 1 Apple | 4 Iphone Os, Mac Os X, Tvos and 1 more | 2019-03-07 | 4.3 MEDIUM | 5.5 MEDIUM |
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2, watchOS 5.1.3. A malicious application may be able to read restricted memory. | |||||
CVE-2018-5001 | 6 Adobe, Apple, Google and 3 more | 11 Flash Player, Flash Player Desktop Runtime, Mac Os X and 8 more | 2019-03-07 | 4.3 MEDIUM | 6.5 MEDIUM |
Adobe Flash Player versions 29.0.0.171 and earlier have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | |||||
CVE-2018-4222 | 3 Apple, Canonical, Microsoft | 8 Icloud, Iphone Os, Itunes and 5 more | 2019-03-07 | 6.8 MEDIUM | 8.8 HIGH |
An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code via a crafted web site that leverages a getWasmBufferFromValue out-of-bounds read during WebAssembly compilation. | |||||
CVE-2015-5327 | 1 Linux | 1 Linux Kernel | 2019-03-07 | 4.0 MEDIUM | 6.5 MEDIUM |
Out-of-bounds memory read in the x509_decode_time function in x509_cert_parser.c in Linux kernels 4.3-rc1 and after. | |||||
CVE-2019-6209 | 1 Apple | 4 Iphone Os, Mac Os X, Tv Os and 1 more | 2019-03-06 | 4.3 MEDIUM | 5.5 MEDIUM |
An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2, watchOS 5.1.3. A malicious application may be able to determine kernel memory layout. | |||||
CVE-2019-6221 | 2 Apple, Microsoft | 4 Iphone Os, Itunes, Mac Os X and 1 more | 2019-03-06 | 6.8 MEDIUM | 7.8 HIGH |
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, iTunes 12.9.3 for Windows. A malicious application may be able to elevate privileges. | |||||
CVE-2019-6202 | 1 Apple | 3 Iphone Os, Mac Os X, Watchos | 2019-03-06 | 6.8 MEDIUM | 7.8 HIGH |
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, watchOS 5.1.3. A malicious application may be able to elevate privileges. | |||||
CVE-2019-6200 | 1 Apple | 2 Iphone Os, Mac Os X | 2019-03-06 | 5.8 MEDIUM | 8.8 HIGH |
An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3. An attacker in a privileged network position may be able to execute arbitrary code. | |||||
CVE-2016-5826 | 1 Libical Project | 1 Libical | 2019-03-04 | 5.0 MEDIUM | 7.5 HIGH |
The parser_get_next_char function in libical 0.47 and 1.0 allows remote attackers to cause a denial of service (out-of-bounds heap read) by crafting a string to the icalparser_parse_string function. | |||||
CVE-2016-5825 | 1 Libical Project | 1 Libical | 2019-03-04 | 4.3 MEDIUM | 5.5 MEDIUM |
The icalparser_parse_string function in libical 0.47 and 1.0 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted ics file. | |||||
CVE-2018-7875 | 2 Debian, Libming | 2 Debian Linux, Libming | 2019-03-04 | 4.3 MEDIUM | 6.5 MEDIUM |
There is a heap-based buffer over-read in the getString function of util/decompile.c in libming 0.4.8 for CONSTANT8 data. A Crafted input will lead to a denial of service attack. | |||||
CVE-2018-7871 | 2 Debian, Libming | 2 Debian Linux, Libming | 2019-03-04 | 6.8 MEDIUM | 8.8 HIGH |
There is a heap-based buffer over-read in the getName function of util/decompile.c in libming 0.4.8 for CONSTANT16 data. A crafted input will lead to a denial of service or possibly unspecified other impact. | |||||
CVE-2018-7868 | 2 Debian, Libming | 2 Debian Linux, Libming | 2019-03-04 | 4.3 MEDIUM | 6.5 MEDIUM |
There is a heap-based buffer over-read in the getName function of util/decompile.c in libming 0.4.8 for CONSTANT8 data. A Crafted input will lead to a denial of service attack. | |||||
CVE-2017-8362 | 2 Debian, Libsndfile Project | 2 Debian Linux, Libsndfile | 2019-03-04 | 4.3 MEDIUM | 6.5 MEDIUM |
The flac_buffer_copy function in flac.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (invalid read and application crash) via a crafted audio file. | |||||
CVE-2019-1996 | 1 Google | 1 Android | 2019-03-01 | 3.3 LOW | 6.5 MEDIUM |
In avrc_pars_browse_rsp of avrc_pars_ct.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-8.0 Android-8.1 Android-9. Android ID: A-111451066. | |||||
CVE-2018-7051 | 3 Canonical, Debian, Irssi | 3 Ubuntu Linux, Debian Linux, Irssi | 2019-02-28 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. Certain nick names could result in out-of-bounds access when printing theme strings. | |||||
CVE-2018-9144 | 1 Exiv2 | 1 Exiv2 | 2019-02-27 | 5.8 MEDIUM | 8.1 HIGH |
In Exiv2 0.26, there is an out-of-bounds read in Exiv2::Internal::binaryToString in image.cpp. It could result in denial of service or information disclosure. |