Total
6166 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-20456 | 1 Radare | 1 Radare2 | 2018-12-31 | 4.3 MEDIUM | 5.5 MEDIUM |
| In radare2 prior to 3.1.1, the parseOperand function inside libr/asm/p/asm_x86_nz.c may allow attackers to cause a denial of service (application crash in libr/util/strbuf.c via a stack-based buffer over-read) by crafting an input file, a related issue to CVE-2018-20455. | |||||
| CVE-2018-20461 | 1 Radare | 1 Radare2 | 2018-12-31 | 4.3 MEDIUM | 5.5 MEDIUM |
| In radare2 prior to 3.1.1, core_anal_bytes in libr/core/cmd_anal.c allows attackers to cause a denial-of-service (application crash caused by out-of-bounds read) by crafting a binary file. | |||||
| CVE-2017-16910 | 2 Canonical, Libraw | 2 Ubuntu Linux, Libraw | 2018-12-28 | 4.3 MEDIUM | 6.5 MEDIUM |
| An error within the "LibRaw::xtrans_interpolate()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.6 can be exploited to cause an invalid read memory access and subsequently a Denial of Service condition. | |||||
| CVE-2018-5807 | 2 Canonical, Libraw | 2 Ubuntu Linux, Libraw | 2018-12-28 | 6.8 MEDIUM | 8.8 HIGH |
| An error within the "samsung_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.9 can be exploited to cause an out-of-bounds read memory access and subsequently cause a crash. | |||||
| CVE-2018-15978 | 6 Adobe, Apple, Google and 3 more | 11 Flash Player, Flash Player Desktop Runtime, Mac Os X and 8 more | 2018-12-28 | 5.0 MEDIUM | 7.5 HIGH |
| Flash Player versions 31.0.0.122 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | |||||
| CVE-2017-14503 | 1 Libarchive | 1 Libarchive | 2018-12-28 | 4.3 MEDIUM | 6.5 MEDIUM |
| libarchive 3.3.2 suffers from an out-of-bounds read within lha_read_data_none() in archive_read_support_format_lha.c when extracting a specially crafted lha archive, related to lha_crc16. | |||||
| CVE-2017-14501 | 1 Libarchive | 1 Libarchive | 2018-12-28 | 4.3 MEDIUM | 6.5 MEDIUM |
| An out-of-bounds read flaw exists in parse_file_info in archive_read_support_format_iso9660.c in libarchive 3.3.2 when extracting a specially crafted iso9660 iso file, related to archive_read_format_iso9660_read_header. | |||||
| CVE-2018-19347 | 1 Foxitsoftware | 2 Foxit Reader, U3d | 2018-12-27 | 5.8 MEDIUM | 7.1 HIGH |
| The u3d plugin 9.3.0.10809 (aka plugins\U3DBrowser.fpi) in FoxitReader.exe in Foxit Reader 9.3.0.10826 allows remote attackers to cause a denial of service (out-of-bounds read) or obtain sensitive information via a U3D sample because of a "Data from Faulting Address controls Branch Selection starting at U3DBrowser!PlugInMain+0x00000000000d11bb" issue. | |||||
| CVE-2018-9541 | 1 Google | 1 Android | 2018-12-27 | 5.0 MEDIUM | 7.5 HIGH |
| In avrc_pars_vendor_rsp of avcr_pars_ct.cc, there is a possible out-of-bounds read due to a missing bounds check. This could lead to remote information disclosure in the Bluetooth service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-111450531 | |||||
| CVE-2018-19763 | 1 Libsixel Project | 1 Libsixel | 2018-12-26 | 4.3 MEDIUM | 5.5 MEDIUM |
| There is a heap-based buffer over-read at writer.c (function: write_png_to_file) in libsixel 1.8.2 that will cause a denial of service. | |||||
| CVE-2018-19761 | 1 Libsixel Project | 1 Libsixel | 2018-12-26 | 4.3 MEDIUM | 5.5 MEDIUM |
| There is an illegal address access at fromsixel.c (function: sixel_decode_raw_impl) in libsixel 1.8.2 that will cause a denial of service. | |||||
| CVE-2018-19759 | 1 Libsixel Project | 1 Libsixel | 2018-12-26 | 4.3 MEDIUM | 5.5 MEDIUM |
| There is a heap-based buffer over-read at stb_image_write.h (function: stbi_write_png_to_mem) in libsixel 1.8.2 that will cause a denial of service. | |||||
| CVE-2018-19756 | 1 Libsixel Project | 1 Libsixel | 2018-12-26 | 4.3 MEDIUM | 5.5 MEDIUM |
| There is a heap-based buffer over-read at stb_image.h (function: stbi__tga_load) in libsixel 1.8.2 that will cause a denial of service. | |||||
| CVE-2018-5916 | 1 Qualcomm | 70 Mdm9206, Mdm9206 Firmware, Mdm9607 and 67 more | 2018-12-26 | 6.1 MEDIUM | 6.5 MEDIUM |
| Buffer overread while decoding PDP modify request or network initiated secondary PDP activation in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear in versions MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660, SDA845, SDX20, SXR1130. | |||||
| CVE-2018-18398 | 1 Xfce | 2 Thunar, Xfce | 2018-12-21 | 1.9 LOW | 4.7 MEDIUM |
| Xfce Thunar 1.6.15, when Xfce 4.12 is used, mishandles the IBus-Unikey input method for file searches within File Manager, leading to an out-of-bounds read and SEGV. This could potentially be exploited by an arbitrary local user who creates files in /tmp before the victim uses this input method. | |||||
| CVE-2017-11078 | 1 Google | 1 Android | 2018-12-21 | 4.6 MEDIUM | 7.8 HIGH |
| In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while processing the boot image header, an out of bounds read can occur in boot. | |||||
| CVE-2018-19565 | 1 Dcraw Project | 1 Dcraw | 2018-12-19 | 5.8 MEDIUM | 7.1 HIGH |
| A buffer over-read in crop_masked_pixels in dcraw through 9.28 could be used by attackers able to supply malicious files to crash an application that bundles the dcraw code or leak private information. | |||||
| CVE-2018-19566 | 1 Dcraw Project | 1 Dcraw | 2018-12-19 | 5.8 MEDIUM | 7.1 HIGH |
| A heap buffer over-read in parse_tiff_ifd in dcraw through 9.28 could be used by attackers able to supply malicious files to crash an application that bundles the dcraw code or leak private information. | |||||
| CVE-2018-19517 | 1 Sysstat Project | 1 Sysstat | 2018-12-19 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in sysstat 12.1.1. The remap_struct function in sa_common.c has an out-of-bounds read during a memset call, as demonstrated by sadf. | |||||
| CVE-2018-19346 | 1 Foxitsoftware | 2 Foxit Reader, U3d | 2018-12-18 | 5.8 MEDIUM | 7.1 HIGH |
| The u3d plugin 9.3.0.10809 (aka plugins\U3DBrowser.fpi) in FoxitReader.exe in Foxit Reader 9.3.0.10826 allows remote attackers to cause a denial of service (out-of-bounds read) or obtain sensitive information via a U3D sample because of a "Data from Faulting Address controls Branch Selection starting at U3DBrowser!PlugInMain+0x00000000000d11ea" issue. | |||||