Total
7228 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-11078 | 1 Google | 1 Android | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while processing the boot image header, an out of bounds read can occur in boot. | |||||
| CVE-2016-9953 | 2 Haxx, Microsoft | 2 Curl, Windows Embedded Compact | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The verify_certificate function in lib/vtls/schannel.c in libcurl 7.30.0 through 7.51.0, when built for Windows CE using the schannel TLS backend, allows remote attackers to obtain sensitive information, cause a denial of service (crash), or possibly have unspecified other impact via a wildcard certificate name, which triggers an out-of-bounds read. | |||||
| CVE-2016-9598 | 2 Redhat, Xmlsoft | 2 Jboss Core Services, Libxml2 | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| libxml2, as used in Red Hat JBoss Core Services, allows context-dependent attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted XML document. NOTE: this vulnerability exists because of a missing fix for CVE-2016-4483. | |||||
| CVE-2016-9583 | 3 Jasper Project, Oracle, Redhat | 8 Jasper, Outside In Technology, Enterprise Linux Desktop and 5 more | 2024-11-21 | 6.8 MEDIUM | 5.5 MEDIUM |
| An out-of-bounds heap read vulnerability was found in the jpc_pi_nextpcrl() function of jasper before 2.0.6 when processing crafted input. | |||||
| CVE-2016-9573 | 3 Debian, Redhat, Uclouvain | 7 Debian Linux, Enterprise Linux Desktop, Enterprise Linux Server and 4 more | 2024-11-21 | 5.8 MEDIUM | 6.5 MEDIUM |
| An out-of-bounds read vulnerability was found in OpenJPEG 2.1.2, in the j2k_to_image tool. Converting a specially crafted JPEG2000 file to another format could cause the application to crash or, potentially, disclose some data from the heap. | |||||
| CVE-2016-9570 | 1 Carbonblack | 1 Carbon Black | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| cb.exe in Carbon Black 5.1.1.60603 allows attackers to cause a denial of service (out-of-bounds read, invalid pointer dereference, and application crash) by leveraging access to the NetMon named pipe. | |||||
| CVE-2016-9569 | 1 Carbonblack | 1 Carbon Black | 2024-11-21 | 4.9 MEDIUM | 4.4 MEDIUM |
| The cbstream.sys driver in Carbon Black 5.1.1.60603 allows local users with admin privileges to cause a denial of service (out-of-bounds read and system crash) via a large counter value in an 0x62430028 IOCTL call. | |||||
| CVE-2016-8621 | 1 Haxx | 1 Curl | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| The `curl_getdate` function in curl before version 7.51.0 is vulnerable to an out of bounds read if it receives an input with one digit short. | |||||
| CVE-2016-8620 | 1 Haxx | 1 Curl | 2024-11-21 | 7.5 HIGH | 6.5 MEDIUM |
| The 'globbing' feature in curl before version 7.51.0 has a flaw that leads to integer overflow and out-of-bounds read via user controlled input. | |||||
| CVE-2016-7524 | 1 Imagemagick | 1 Imagemagick | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| coders/meta.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file. | |||||
| CVE-2016-7523 | 1 Imagemagick | 1 Imagemagick | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| coders/meta.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file. | |||||
| CVE-2016-7151 | 1 Capstone-engine | 1 Capstone | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| Capstone 3.0.4 has an out-of-bounds vulnerability (SEGV caused by a read memory access) in X86_insn_reg_intel in arch/X86/X86Mapping.c. | |||||
| CVE-2016-10749 | 1 Cjson Project | 1 Cjson | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| parse_string in cJSON.c in cJSON before 2016-10-02 has a buffer over-read, as demonstrated by a string that begins with a " character and ends with a \ character. | |||||
| CVE-2016-10403 | 1 Google | 1 Chrome | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Insufficient data validation on image data in PDFium in Google Chrome prior to 51.0.2704.63 allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file. | |||||
| CVE-2015-9383 | 3 Canonical, Debian, Freetype | 3 Ubuntu Linux, Debian Linux, Freetype | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| FreeType before 2.6.2 has a heap-based buffer over-read in tt_cmap14_validate in sfnt/ttcmap.c. | |||||
| CVE-2015-9382 | 2 Debian, Freetype | 2 Debian Linux, Freetype | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| FreeType before 2.6.1 has a buffer over-read in skip_comment in psaux/psobjs.c because ps_parser_skip_PS_token is mishandled in an FT_New_Memory_Face operation. | |||||
| CVE-2015-9381 | 2 Debian, Freetype | 2 Debian Linux, Freetype | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| FreeType before 2.6.1 has a heap-based buffer over-read in T1_Get_Private_Dict in type1/t1parse.c. | |||||
| CVE-2015-9290 | 1 Freetype | 1 Freetype | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| In FreeType before 2.6.1, a buffer over-read occurs in type1/t1parse.c on function T1_Get_Private_Dict where there is no check that the new values of cur and limit are sensible before going to Again. | |||||
| CVE-2015-9289 | 1 Linux | 1 Linux Kernel | 2024-11-21 | 4.9 MEDIUM | 5.5 MEDIUM |
| In the Linux kernel before 4.1.4, a buffer overflow occurs when checking userspace params in drivers/media/dvb-frontends/cx24116.c. The maximum size for a DiSEqC command is 6, according to the userspace API. However, the code allows larger values such as 23. | |||||
| CVE-2015-9274 | 1 Harfbuzz Project | 1 Harfbuzz | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| HarfBuzz before 1.0.4 allows remote attackers to cause a denial of service (invalid read of two bytes and application crash) because of GPOS and GSUB table mishandling, related to hb-ot-layout-gpos-table.hh, hb-ot-layout-gsub-table.hh, and hb-ot-layout-gsubgpos-private.hh. | |||||