Total
6166 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-38428 | 2 Linux, Netapp | 7 Linux Kernel, H300s, H410s and 4 more | 2023-12-15 | N/A | 9.1 CRITICAL |
| An issue was discovered in the Linux kernel before 6.3.4. fs/ksmbd/smb2pdu.c in ksmbd does not properly check the UserName value because it does not consider the address of security buffer, leading to an out-of-bounds read. | |||||
| CVE-2023-47081 | 3 Adobe, Apple, Microsoft | 3 Substance 3d Stager, Macos, Windows | 2023-12-15 | N/A | 5.5 MEDIUM |
| Adobe Substance 3D Stager versions 2.1.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2023-47080 | 3 Adobe, Apple, Microsoft | 3 Substance 3d Stager, Macos, Windows | 2023-12-15 | N/A | 5.5 MEDIUM |
| Adobe Substance 3D Stager versions 2.1.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2023-47079 | 3 Adobe, Apple, Microsoft | 3 Dimension, Macos, Windows | 2023-12-15 | N/A | 5.5 MEDIUM |
| Adobe Dimension versions 3.4.10 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2023-47078 | 3 Adobe, Apple, Microsoft | 3 Dimension, Macos, Windows | 2023-12-15 | N/A | 5.5 MEDIUM |
| Adobe Dimension versions 3.4.10 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2023-47062 | 3 Adobe, Apple, Microsoft | 3 Dimension, Macos, Windows | 2023-12-15 | N/A | 5.5 MEDIUM |
| Adobe Dimension versions 3.4.10 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2023-47061 | 3 Adobe, Apple, Microsoft | 3 Dimension, Macos, Windows | 2023-12-15 | N/A | 5.5 MEDIUM |
| Adobe Dimension versions 3.4.10 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2023-47074 | 3 Adobe, Apple, Microsoft | 3 Illustrator, Macos, Windows | 2023-12-14 | N/A | 7.8 HIGH |
| Adobe Illustrator versions 28.0 (and earlier) and 27.9 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2023-47077 | 3 Adobe, Apple, Microsoft | 3 Indesign, Macos, Windows | 2023-12-14 | N/A | 5.5 MEDIUM |
| Adobe InDesign versions 19.0 (and earlier) and 17.4.2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2019-17362 | 2 Debian, Libtom | 2 Debian Linux, Libtomcrypt | 2023-12-14 | 6.4 MEDIUM | 9.1 CRITICAL |
| In LibTomCrypt through 1.18.2, the der_decode_utf8_string function (in der_decode_utf8_string.c) does not properly detect certain invalid UTF-8 sequences. This allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) or read information from other memory locations via carefully crafted DER-encoded data. | |||||
| CVE-2023-42886 | 1 Apple | 1 Macos | 2023-12-13 | N/A | 7.8 HIGH |
| An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Sonoma 14.2, macOS Ventura 13.6.3, macOS Monterey 12.7.2. A user may be able to cause unexpected app termination or arbitrary code execution. | |||||
| CVE-2022-46344 | 4 Debian, Fedoraproject, Redhat and 1 more | 4 Debian Linux, Fedora, Enterprise Linux and 1 more | 2023-12-13 | N/A | 8.8 HIGH |
| A vulnerability was found in X.Org. This security flaw occurs because the handler for the XIChangeProperty request has a length-validation issues, resulting in out-of-bounds memory reads and potential information disclosure. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions. | |||||
| CVE-2023-4135 | 2 Fedoraproject, Qemu | 2 Fedora, Qemu | 2023-12-11 | N/A | 6.5 MEDIUM |
| A heap out-of-bounds memory read flaw was found in the virtual nvme device in QEMU. The QEMU process does not validate an offset provided by the guest before computing a host heap pointer, which is used for copying data back to the guest. Arbitrary heap memory relative to an allocated buffer can be disclosed. | |||||
| CVE-2023-1380 | 5 Canonical, Debian, Linux and 2 more | 14 Ubuntu Linux, Debian Linux, Linux Kernel and 11 more | 2023-12-08 | N/A | 7.1 HIGH |
| A slab-out-of-bound read problem was found in brcmf_get_assoc_ies in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c in the Linux Kernel. This issue could occur when assoc_info->req_len data is bigger than the size of the buffer, defined as WL_EXTRA_BUF_MAX, leading to a denial of service. | |||||
| CVE-2023-32870 | 2 Google, Mediatek | 29 Android, Mt6761, Mt6765 and 26 more | 2023-12-07 | N/A | 6.7 MEDIUM |
| In display drm, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07363740; Issue ID: ALPS07363740. | |||||
| CVE-2023-32857 | 2 Google, Mediatek | 15 Android, Mt6765, Mt6768 and 12 more | 2023-12-07 | N/A | 4.4 MEDIUM |
| In display, there is a possible out of bounds read due to an incorrect status check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07993705; Issue ID: ALPS07993710. | |||||
| CVE-2023-32861 | 2 Google, Mediatek | 28 Android, Mt6761, Mt6765 and 25 more | 2023-12-07 | N/A | 6.7 MEDIUM |
| In display, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08059081; Issue ID: ALPS08059081. | |||||
| CVE-2023-32862 | 2 Google, Mediatek | 27 Android, Mt6761, Mt6765 and 24 more | 2023-12-07 | N/A | 6.7 MEDIUM |
| In display, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07388762; Issue ID: ALPS07388762. | |||||
| CVE-2023-32863 | 2 Google, Mediatek | 24 Android, Mt6761, Mt6765 and 21 more | 2023-12-07 | N/A | 6.7 MEDIUM |
| In display drm, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07326314; Issue ID: ALPS07326314. | |||||
| CVE-2023-42719 | 2 Google, Unisoc | 4 Android, T606, T612 and 1 more | 2023-12-07 | N/A | 5.5 MEDIUM |
| In video service, there is a possible out of bounds read due to a incorrect bounds check. This could lead to local denial of service with no additional execution privileges needed | |||||