Total
6082 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-42755 | 3 Debian, Linux, Redhat | 3 Debian Linux, Linux Kernel, Enterprise Linux | 2024-05-22 | N/A | 5.5 MEDIUM |
| A flaw was found in the IPv4 Resource Reservation Protocol (RSVP) classifier in the Linux kernel. The xprt pointer may go beyond the linear part of the skb, leading to an out-of-bounds read in the `rsvp_classify` function. This issue may allow a local user to crash the system and cause a denial of service. | |||||
| CVE-2023-39194 | 3 Fedoraproject, Linux, Redhat | 3 Fedora, Linux Kernel, Enterprise Linux | 2024-05-22 | N/A | 4.4 MEDIUM |
| A flaw was found in the XFRM subsystem in the Linux kernel. The specific flaw exists within the processing of state filters, which can result in a read past the end of an allocated buffer. This flaw allows a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, potentially leading to an information disclosure. | |||||
| CVE-2023-39193 | 3 Fedoraproject, Linux, Redhat | 3 Fedora, Linux Kernel, Enterprise Linux | 2024-05-22 | N/A | 6.0 MEDIUM |
| A flaw was found in the Netfilter subsystem in the Linux kernel. The sctp_mt_check did not validate the flag_count field. This flaw allows a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, leading to a crash or information disclosure. | |||||
| CVE-2023-39192 | 3 Fedoraproject, Linux, Redhat | 3 Fedora, Linux Kernel, Enterprise Linux | 2024-05-22 | N/A | 6.0 MEDIUM |
| A flaw was found in the Netfilter subsystem in the Linux kernel. The xt_u32 module did not validate the fields in the xt_u32 structure. This flaw allows a local privileged attacker to trigger an out-of-bounds read by setting the size fields with a value beyond the array boundaries, leading to a crash or information disclosure. | |||||
| CVE-2023-39189 | 3 Fedoraproject, Linux, Redhat | 3 Fedora, Linux Kernel, Enterprise Linux | 2024-05-22 | N/A | 6.0 MEDIUM |
| A flaw was found in the Netfilter subsystem in the Linux kernel. The nfnl_osf_add_callback function did not validate the user mode controlled opt_num field. This flaw allows a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, leading to a crash or information disclosure. | |||||
| CVE-2023-22656 | 2024-05-17 | N/A | 3.9 LOW | ||
| Out-of-bounds read in Intel(R) Media SDK and some Intel(R) oneVPL software before version 23.3.5 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2024-22384 | 2024-05-17 | N/A | 2.8 LOW | ||
| Out-of-bounds read for some Intel(R) Trace Analyzer and Collector software before version 2022.0.0 published Nov 2023 may allow an authenticated user to potentially enable information disclosure via local access. | |||||
| CVE-2023-39986 | 1 Hitachi | 1 Eh-view | 2024-05-17 | N/A | 5.5 MEDIUM |
| ** UNSUPPORTED WHEN ASSIGNED ** Out-of-bounds Read vulnerability in Hitachi EH-VIEW (Designer) allows local attackers to potentially disclose information on affected EH-VIEW installations. User interaction is required to exploit the vulnerabilities in that the user must open a malicious file. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2023-34256 | 3 Debian, Linux, Suse | 3 Debian Linux, Linux Kernel, Linux Enterprise | 2024-05-17 | N/A | 5.5 MEDIUM |
| An issue was discovered in the Linux kernel before 6.3.3. There is an out-of-bounds read in crc16 in lib/crc16.c when called from fs/ext4/super.c because ext4_group_desc_csum does not properly check an offset. NOTE: this is disputed by third parties because the kernel is not intended to defend against attackers with the stated "When modifying the block device while it is mounted by the filesystem" access. | |||||
| CVE-2023-29417 | 1 Bzip3 Project | 1 Bzip3 | 2024-05-17 | N/A | 6.5 MEDIUM |
| An issue was discovered in libbzip3.a in bzip3 1.2.2. There is a bz3_decompress out-of-bounds read in certain situations where buffers passed to bzip3 do not contain enough space to be filled with decompressed data. NOTE: the vendor's perspective is that the observed behavior can only occur for a contract violation, and thus the report is invalid. | |||||
| CVE-2022-34037 | 1 Caddyserver | 1 Caddy | 2024-05-17 | N/A | 7.5 HIGH |
| An out-of-bounds read in the rewrite function at /modules/caddyhttp/rewrite/rewrite.go in Caddy v2.5.1 allows attackers to cause a Denial of Service (DoS) via a crafted URI. Note: This has been disputed as a bug, not a security vulnerability, in the Caddy web server that emerged when an administrator's bad configuration containing a malformed request URI caused the server to return an empty reply instead of a valid HTTP response to the client. | |||||
| CVE-2022-24198 | 1 Itextpdf | 1 Itext | 2024-05-17 | 4.3 MEDIUM | 6.5 MEDIUM |
| iText v7.1.17 was discovered to contain an out-of-bounds exception via the component ARCFOUREncryption.encryptARCFOUR, which allows attackers to cause a Denial of Service (DoS) via a crafted PDF file. NOTE: Vendor does not view this as a vulnerability and has not found it to be exploitable. | |||||
| CVE-2020-36325 | 1 Jansson Project | 1 Jansson | 2024-05-17 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Jansson through 2.13.1. Due to a parsing error in json_loads, there's an out-of-bounds read-access bug. NOTE: the vendor reports that this only occurs when a programmer fails to follow the API specification | |||||
| CVE-2020-17360 | 1 Readytalk | 1 Avian | 2024-05-17 | 6.8 MEDIUM | 7.8 HIGH |
| An issue was discovered in ReadyTalk Avian 1.2.0. The vm::arrayCopy method defined in classpath-common.h contains multiple boundary checks that are performed to prevent out-of-bounds memory read/write. However, two of these boundary checks contain an integer overflow that leads to a bypass of these checks, and out-of-bounds read/write. NOTE: This vulnerability only affects products that are no longer supported by the maintainer | |||||
| CVE-2019-17401 | 1 Liblnk Project | 1 Liblnk | 2024-05-17 | 2.1 LOW | 3.3 LOW |
| libyal liblnk 20191006 has a heap-based buffer over-read in the network_share_name_offset>20 code block of liblnk_location_information_read_data in liblnk_location_information.c, a different issue than CVE-2019-17264. NOTE: the vendor has disputed this as described in the GitHub issue | |||||
| CVE-2019-17264 | 1 Liblnk Project | 1 Liblnk | 2024-05-17 | 2.1 LOW | 3.3 LOW |
| In libyal liblnk before 20191006, liblnk_location_information_read_data in liblnk_location_information.c has a heap-based buffer over-read because an incorrect variable name is used for a certain offset. NOTE: the vendor has disputed this as described in the GitHub issue | |||||
| CVE-2019-17263 | 1 Libfwsi Project | 1 Libfwsi | 2024-05-17 | 2.1 LOW | 3.3 LOW |
| In libyal libfwsi before 20191006, libfwsi_extension_block_copy_from_byte_stream in libfwsi_extension_block.c has a heap-based buffer over-read because rejection of an unsupported size only considers values less than 6, even though values of 6 and 7 are also unsupported. NOTE: the vendor has disputed this as described in the GitHub issue | |||||
| CVE-2018-15161 | 1 Libesedb Project | 1 Libesedb | 2024-05-17 | 4.3 MEDIUM | 6.5 MEDIUM |
| The libesedb_key_append_data function in libesedb_key.c in libesedb through 2018-04-01 allows remote attackers to cause a heap-based buffer over-read via a crafted esedb file. NOTE: the vendor has disputed this as described in the GitHub issue comments | |||||
| CVE-2018-15160 | 1 Libesedb Project | 1 Libesedb | 2024-05-17 | 4.3 MEDIUM | 6.5 MEDIUM |
| The libesedb_catalog_definition_read function in libesedb_catalog_definition.c in libesedb through 2018-04-01 allows remote attackers to cause a heap-based buffer over-read via a crafted esedb file. NOTE: the vendor has disputed this as described in the GitHub issue comments | |||||
| CVE-2018-15159 | 1 Libesedb Project | 1 Libesedb | 2024-05-17 | 4.3 MEDIUM | 6.5 MEDIUM |
| The libesedb_page_read_tags function in libesedb_page.c in libesedb through 2018-04-01 allows remote attackers to cause a heap-based buffer over-read via a crafted esedb file. NOTE: the vendor has disputed this as described in the GitHub issue comments | |||||