Total
6166 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-28603 | 2 Cgal, Debian | 2 Computational Geometry Algorithms Library, Debian Linux | 2024-01-25 | 6.8 MEDIUM | 8.8 HIGH |
| Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_2/PM_io_parser.h PM_io_parser<PMDEC>::read_hedge() e->set_prev(). | |||||
| CVE-2020-28635 | 2 Cgal, Debian | 2 Computational Geometry Algorithms Library, Debian Linux | 2024-01-25 | 6.8 MEDIUM | 8.8 HIGH |
| Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_sedge() seh->facet(). | |||||
| CVE-2022-23537 | 2 Debian, Teluu | 2 Debian Linux, Pjsip | 2024-01-25 | N/A | 9.8 CRITICAL |
| PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. Buffer overread is possible when parsing a specially crafted STUN message with unknown attribute. The vulnerability affects applications that uses STUN including PJNATH and PJSUA-LIB. The patch is available as a commit in the master branch (2.13.1). | |||||
| CVE-2023-44358 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2024-01-25 | N/A | 5.5 MEDIUM |
| Adobe Acrobat Reader versions 23.006.20360 (and earlier) and 20.005.30524 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2023-38235 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2024-01-25 | N/A | 5.5 MEDIUM |
| Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2023-20241 | 1 Cisco | 2 Anyconnect Secure Mobility Client, Secure Client | 2024-01-25 | N/A | 5.5 MEDIUM |
| Multiple vulnerabilities in Cisco Secure Client Software, formerly AnyConnect Secure Mobility Client, could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an affected system. These vulnerabilities are due to an out-of-bounds memory read from Cisco Secure Client Software. An attacker could exploit these vulnerabilities by logging in to an affected device at the same time that another user is accessing Cisco Secure Client on the same system, and then sending crafted packets to a port on that local host. A successful exploit could allow the attacker to crash the VPN Agent service, causing it to be unavailable to all users of the system. To exploit these vulnerabilities, the attacker must have valid credentials on a multi-user system. | |||||
| CVE-2023-20240 | 1 Cisco | 2 Anyconnect Secure Mobility Client, Secure Client | 2024-01-25 | N/A | 5.5 MEDIUM |
| Multiple vulnerabilities in Cisco Secure Client Software, formerly AnyConnect Secure Mobility Client, could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an affected system. These vulnerabilities are due to an out-of-bounds memory read from Cisco Secure Client Software. An attacker could exploit these vulnerabilities by logging in to an affected device at the same time that another user is accessing Cisco Secure Client on the same system, and then sending crafted packets to a port on that local host. A successful exploit could allow the attacker to crash the VPN Agent service, causing it to be unavailable to all users of the system. To exploit these vulnerabilities, the attacker must have valid credentials on a multi-user system. | |||||
| CVE-2022-20688 | 1 Cisco | 6 Ata 190, Ata 190 Firmware, Ata 191 and 3 more | 2024-01-25 | N/A | 5.3 MEDIUM |
| A vulnerability in the Cisco Discovery Protocol functionality of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device and cause Cisco Discovery Protocol service to restart. This vulnerability is due to missing length validation of certain Cisco Discovery Protocol packet header fields. An attacker could exploit these vulnerabilities by sending a malicious Cisco Discovery Protocol packet to an affected device. A successful exploit could allow the attacker to execute code on the affected device and cause Cisco Discovery Protocol to restart unexpectedly, resulting in a DoS condition. | |||||
| CVE-2024-22957 | 1 Swftools | 1 Swftools | 2024-01-25 | N/A | 5.5 MEDIUM |
| swftools 0.9.2 was discovered to contain an Out-of-bounds Read vulnerability via the function dict_do_lookup in swftools/lib/q.c:1190. | |||||
| CVE-2022-28739 | 3 Apple, Debian, Ruby-lang | 3 Macos, Debian Linux, Ruby | 2024-01-24 | 4.3 MEDIUM | 7.5 HIGH |
| There is a buffer over-read in Ruby before 2.6.10, 2.7.x before 2.7.6, 3.x before 3.0.4, and 3.1.x before 3.1.2. It occurs in String-to-Float conversion, including Kernel#Float and String#to_f. | |||||
| CVE-2024-21639 | 1 Chromiumembedded | 1 Chromium Embedded Framework | 2024-01-22 | N/A | 9.6 CRITICAL |
| CEF (Chromium Embedded Framework ) is a simple framework for embedding Chromium-based browsers in other applications. `CefLayeredWindowUpdaterOSR::OnAllocatedSharedMemory` does not check the size of the shared memory, which leads to out-of-bounds read outside the sandbox. This vulnerability was patched in commit 1f55d2e. | |||||
| CVE-2024-21640 | 1 Chromiumembedded | 1 Chromium Embedded Framework | 2024-01-22 | N/A | 9.6 CRITICAL |
| Chromium Embedded Framework (CEF) is a simple framework for embedding Chromium-based browsers in other applications.`CefVideoConsumerOSR::OnFrameCaptured` does not check `pixel_format` properly, which leads to out-of-bounds read out of the sandbox. This vulnerability was patched in commit 1f55d2e. | |||||
| CVE-2023-48347 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2024-01-19 | N/A | 5.5 MEDIUM |
| In video decoder, there is a possible out of bounds read due to improper input validation. This could lead to local denial of service with no additional execution privileges needed | |||||
| CVE-2023-48345 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2024-01-19 | N/A | 5.5 MEDIUM |
| In video decoder, there is a possible out of bounds read due to improper input validation. This could lead to local denial of service with no additional execution privileges needed | |||||
| CVE-2023-48344 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2024-01-19 | N/A | 5.5 MEDIUM |
| In video decoder, there is a possible out of bounds read due to improper input validation. This could lead to local denial of service with no additional execution privileges needed | |||||
| CVE-2023-48341 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2024-01-19 | N/A | 5.5 MEDIUM |
| In video decoder, there is a possible out of bounds read due to improper input validation. This could lead to local denial of service with no additional execution privileges needed | |||||
| CVE-2023-49285 | 1 Squid-cache | 1 Squid | 2024-01-19 | N/A | 7.5 HIGH |
| Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a Buffer Overread bug Squid is vulnerable to a Denial of Service attack against Squid HTTP Message processing. This bug is fixed by Squid version 6.5. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2023-44112 | 1 Huawei | 2 Emui, Harmonyos | 2024-01-19 | N/A | 7.5 HIGH |
| Out-of-bounds access vulnerability in the device authentication module. Successful exploitation of this vulnerability may affect confidentiality. | |||||
| CVE-2023-42862 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2024-01-17 | N/A | 6.5 MEDIUM |
| An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Ventura 13.3, tvOS 16.4, iOS 16.4 and iPadOS 16.4, watchOS 9.4. Processing an image may result in disclosure of process memory. | |||||
| CVE-2023-42865 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2024-01-17 | N/A | 6.5 MEDIUM |
| An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Ventura 13.3, tvOS 16.4, iOS 16.4 and iPadOS 16.4, watchOS 9.4. Processing an image may result in disclosure of process memory. | |||||