| CVE |
Vendors |
Products |
Updated |
CVSS |
| CVE-2019-5522 |
1 Vmware |
1 Tools |
2019-06-13 |
3.6 |
| VMware Tools for Windows update addresses an out of bounds read vulnerability in vm3dmp driver which is installed with vmtools in Windows guest machines. This issue is present in versions 10.2.x and 10.3.x prior to 10.3.10. A local attacker with... |
| CVE-2019-12790 |
1 Radare |
1 Radare2 |
2019-06-11 |
6.8 |
| In radare2 through 3.5.1, there is a heap-based buffer over-read in the r_egg_lang_parsechar function of egg_lang.c. This allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact because... |
| CVE-2018-20102 |
3 Haproxy, Canonical, Redhat |
3 Haproxy, Ubuntu Linux, Openshift Container Platform |
2019-06-11 |
5.0 |
| An out-of-bounds read in dns_validate_dns_response in dns.c was discovered in HAProxy through 1.8.14. Due to a missing check when validating DNS responses, remote attackers might be able read the 16 bytes corresponding to an AAAA record from the... |
| CVE-2019-2101 |
1 Google |
1 Android |
2019-06-11 |
4.9 |
| In uvc_parse_standard_control of uvc_driver.c, there is a possible out-of-bound read due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed... |
| CVE-2019-7150 |
2 Elfutils Project, Debian |
2 Elfutils, Debian Linux |
2019-06-10 |
4.3 |
| An issue was discovered in elfutils 0.175. A segmentation fault can occur in the function elf64_xlatetom in libelf/elf32_xlatetom.c, due to dwfl_segment_report_module not checking whether the dyn data read from a core file is truncated. A crafted... |
| CVE-2019-7149 |
2 Elfutils Project, Debian |
2 Elfutils, Debian Linux |
2019-06-10 |
4.3 |
| A heap-based buffer over-read was discovered in the function read_srclines in dwarf_getsrclines.c in libdw in elfutils 0.175. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by eu-nm. |
| CVE-2019-3832 |
1 Libsndfile Project |
1 Libsndfile |
2019-06-10 |
1.9 |
| It was discovered the fix for CVE-2018-19758 (libsndfile) was not complete and still allows a read beyond the limits of a buffer in wav_write_header() function in wav.c. A local attacker may use this flaw to make the application crash. |
| CVE-2018-7845 |
1 Schneider-electric |
4 Modicon M340 Firmware, Modicon M580 Firmware, Modicon Premium Firmware and 1 more |
2019-06-10 |
5.0 |
| A CWE-125: Out-of-bounds Read vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause the disclosure of unexpected data from the controller when reading specific memory blocks... |
| CVE-2018-19758 |
2 Libsndfile Project, Debian |
2 Libsndfile, Debian Linux |
2019-06-10 |
4.3 |
| There is a heap-based buffer over-read at wav.c in wav_write_header in libsndfile 1.0.28 that will cause a denial of service. |
| CVE-2017-17457 |
2 Libsndfile Project, Debian |
2 Libsndfile, Debian Linux |
2019-06-10 |
4.3 |
| The function d2ulaw_array() in ulaw.c of libsndfile 1.0.29pre1 may lead to a remote DoS attack (SEGV on unknown address 0x000000000000), a different vulnerability than CVE-2017-14246. |
| CVE-2017-17456 |
2 Libsndfile Project, Debian |
2 Libsndfile, Debian Linux |
2019-06-10 |
4.3 |
| The function d2alaw_array() in alaw.c of libsndfile 1.0.29pre1 may lead to a remote DoS attack (SEGV on unknown address 0x000000000000), a different vulnerability than CVE-2017-14245. |
| CVE-2017-14246 |
2 Libsndfile Project, Debian |
2 Libsndfile, Debian Linux |
2019-06-10 |
5.8 |
| An out of bounds read in the function d2ulaw_array() in ulaw.c of libsndfile 1.0.28 may lead to a remote DoS attack or information disclosure, related to mishandling of the NAN and INFINITY floating-point values. |
| CVE-2017-14245 |
2 Libsndfile Project, Debian |
2 Libsndfile, Debian Linux |
2019-06-10 |
5.8 |
| An out of bounds read in the function d2alaw_array() in alaw.c of libsndfile 1.0.28 may lead to a remote DoS attack or information disclosure, related to mishandling of the NAN and INFINITY floating-point values. |
| CVE-2019-5798 |
2 Google, Debian |
2 Chrome, Debian Linux |
2019-06-10 |
4.3 |
| Lack of correct bounds checking in Skia in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. |
| CVE-2019-3957 |
1 Dameware |
1 Remote Mini Control |
2019-06-09 |
5.8 |
| Dameware Remote Mini Control version 12.1.0.34 and prior contains an unauthenticated remote buffer over-read due to the server not properly validating RsaSignatureLen during key negotiation, which could crash the application or leak sensitive information. |
| CVE-2019-3956 |
1 Dameware |
1 Remote Mini Control |
2019-06-09 |
5.8 |
| Dameware Remote Mini Control version 12.1.0.34 and prior contains an unauthenticated remote buffer over-read due to the server not properly validating CltDHPubKeyLen during key negotiation, which could crash the application or leak sensitive information. |
| CVE-2019-12360 |
1 Glyphandcog |
1 Xpdfreader |
2019-06-06 |
5.8 |
| A stack-based buffer over-read exists in FoFiTrueType::dumpString in fofi/FoFiTrueType.cc in Xpdf 4.01.01. It can, for example, be triggered by sending crafted TrueType data in a PDF document to the pdftops tool. It might allow an attacker to... |
| CVE-2019-12293 |
1 Freedesktop |
1 Poppler |
2019-06-06 |
6.8 |
| In Poppler through 0.76.1, there is a heap-based buffer over-read in JPXStream::init in JPEG2000Stream.cc via data with inconsistent heights or widths. |
| CVE-2019-10872 |
1 Freedesktop |
1 Poppler |
2019-06-06 |
6.8 |
| An issue was discovered in Poppler 0.74.0. There is a heap-based buffer over-read in the function Splash::blitTransparent at splash/Splash.cc. |
| CVE-2019-8457 |
1 Sqlite |
1 Sqlite |
2019-06-06 |
7.5 |
| SQLite3 from 3.6.0 to and including 3.27.2 is vulnerable to heap out-of-bound read in the rtreenode() function when handling invalid rtree tables. |
