Vulnerabilities (CVE)

CWE filter

CWE-125

Filter

1444 total CVE
CVE Vendors Products Updated CVSS
CVE-2019-5522 1 Vmware 1 Tools 2019-06-13 3.6
VMware Tools for Windows update addresses an out of bounds read vulnerability in vm3dmp driver which is installed with vmtools in Windows guest machines. This issue is present in versions 10.2.x and 10.3.x prior to 10.3.10. A local attacker with...
CVE-2019-12790 1 Radare 1 Radare2 2019-06-11 6.8
In radare2 through 3.5.1, there is a heap-based buffer over-read in the r_egg_lang_parsechar function of egg_lang.c. This allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact because...
CVE-2018-20102 3 Haproxy, Canonical, Redhat 3 Haproxy, Ubuntu Linux, Openshift Container Platform 2019-06-11 5.0
An out-of-bounds read in dns_validate_dns_response in dns.c was discovered in HAProxy through 1.8.14. Due to a missing check when validating DNS responses, remote attackers might be able read the 16 bytes corresponding to an AAAA record from the...
CVE-2019-2101 1 Google 1 Android 2019-06-11 4.9
In uvc_parse_standard_control of uvc_driver.c, there is a possible out-of-bound read due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed...
CVE-2019-7150 2 Elfutils Project, Debian 2 Elfutils, Debian Linux 2019-06-10 4.3
An issue was discovered in elfutils 0.175. A segmentation fault can occur in the function elf64_xlatetom in libelf/elf32_xlatetom.c, due to dwfl_segment_report_module not checking whether the dyn data read from a core file is truncated. A crafted...
CVE-2019-7149 2 Elfutils Project, Debian 2 Elfutils, Debian Linux 2019-06-10 4.3
A heap-based buffer over-read was discovered in the function read_srclines in dwarf_getsrclines.c in libdw in elfutils 0.175. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by eu-nm.
CVE-2019-3832 1 Libsndfile Project 1 Libsndfile 2019-06-10 1.9
It was discovered the fix for CVE-2018-19758 (libsndfile) was not complete and still allows a read beyond the limits of a buffer in wav_write_header() function in wav.c. A local attacker may use this flaw to make the application crash.
CVE-2018-7845 1 Schneider-electric 4 Modicon M340 Firmware, Modicon M580 Firmware, Modicon Premium Firmware and 1 more 2019-06-10 5.0
A CWE-125: Out-of-bounds Read vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause the disclosure of unexpected data from the controller when reading specific memory blocks...
CVE-2018-19758 2 Libsndfile Project, Debian 2 Libsndfile, Debian Linux 2019-06-10 4.3
There is a heap-based buffer over-read at wav.c in wav_write_header in libsndfile 1.0.28 that will cause a denial of service.
CVE-2017-17457 2 Libsndfile Project, Debian 2 Libsndfile, Debian Linux 2019-06-10 4.3
The function d2ulaw_array() in ulaw.c of libsndfile 1.0.29pre1 may lead to a remote DoS attack (SEGV on unknown address 0x000000000000), a different vulnerability than CVE-2017-14246.
CVE-2017-17456 2 Libsndfile Project, Debian 2 Libsndfile, Debian Linux 2019-06-10 4.3
The function d2alaw_array() in alaw.c of libsndfile 1.0.29pre1 may lead to a remote DoS attack (SEGV on unknown address 0x000000000000), a different vulnerability than CVE-2017-14245.
CVE-2017-14246 2 Libsndfile Project, Debian 2 Libsndfile, Debian Linux 2019-06-10 5.8
An out of bounds read in the function d2ulaw_array() in ulaw.c of libsndfile 1.0.28 may lead to a remote DoS attack or information disclosure, related to mishandling of the NAN and INFINITY floating-point values.
CVE-2017-14245 2 Libsndfile Project, Debian 2 Libsndfile, Debian Linux 2019-06-10 5.8
An out of bounds read in the function d2alaw_array() in alaw.c of libsndfile 1.0.28 may lead to a remote DoS attack or information disclosure, related to mishandling of the NAN and INFINITY floating-point values.
CVE-2019-5798 2 Google, Debian 2 Chrome, Debian Linux 2019-06-10 4.3
Lack of correct bounds checking in Skia in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
CVE-2019-3957 1 Dameware 1 Remote Mini Control 2019-06-09 5.8
Dameware Remote Mini Control version 12.1.0.34 and prior contains an unauthenticated remote buffer over-read due to the server not properly validating RsaSignatureLen during key negotiation, which could crash the application or leak sensitive information.
CVE-2019-3956 1 Dameware 1 Remote Mini Control 2019-06-09 5.8
Dameware Remote Mini Control version 12.1.0.34 and prior contains an unauthenticated remote buffer over-read due to the server not properly validating CltDHPubKeyLen during key negotiation, which could crash the application or leak sensitive information.
CVE-2019-12360 1 Glyphandcog 1 Xpdfreader 2019-06-06 5.8
A stack-based buffer over-read exists in FoFiTrueType::dumpString in fofi/FoFiTrueType.cc in Xpdf 4.01.01. It can, for example, be triggered by sending crafted TrueType data in a PDF document to the pdftops tool. It might allow an attacker to...
CVE-2019-12293 1 Freedesktop 1 Poppler 2019-06-06 6.8
In Poppler through 0.76.1, there is a heap-based buffer over-read in JPXStream::init in JPEG2000Stream.cc via data with inconsistent heights or widths.
CVE-2019-10872 1 Freedesktop 1 Poppler 2019-06-06 6.8
An issue was discovered in Poppler 0.74.0. There is a heap-based buffer over-read in the function Splash::blitTransparent at splash/Splash.cc.
CVE-2019-8457 1 Sqlite 1 Sqlite 2019-06-06 7.5
SQLite3 from 3.6.0 to and including 3.27.2 is vulnerable to heap out-of-bound read in the rtreenode() function when handling invalid rtree tables.