CVE-2019-20540

An issue was discovered on Samsung mobile devices with N7.x, O8.x, and P9.0 Exynos chipsets software. There is a buffer over-read and possible information leak in the core touch screen driver. The Samsung ID is SVE-2019-14942 November 2019...

DEBIAN-CVE-2020-10811

An issue was discovered in HDF5 through 1.12.0. A heap-based buffer over-read exists in the function H5Olayoutdecode located in H5Olayout.c. It allows an attacker to cause Denial of Service...

UBUNTU-CVE-2020-10811

An issue was discovered in HDF5 through 1.12.0. A heap-based buffer over-read exists in the function H5Olayoutdecode located in H5Olayout.c. It allows an attacker to cause Denial of Service...

UBUNTU-CVE-2020-10233

In version 4.8.0 and earlier of The Sleuth Kit TSK, there is a heap-based buffer over-read in ntfsdinodelookup in fs/ntfs.c...

CVE-2020-7061

In PHP versions 7.3.x below 7.3.15 and 7.4.x below 7.4.3, while extracting PHAR files on Windows using phar extension, certain content inside PHAR file could lead to one-byte read past the allocated buffer. This could potentially lead to information disclosure or crash...

DEBIAN-CVE-2017-6363

In the GD Graphics Library aka LibGD through 2.2.5, there is a heap-based buffer over-read in tiffWriter in gdtiff.c. NOTE: the vendor says "In my opinion this issue should not have a CVE, since the GD and GD2 formats are documented to be 'obsolete, and should only be used for development and...

The vulnerability of the lsi_do_msgin function in the QEMU hardware emulation software, related to reading beyond the data buffer, allows a hacker to trigger a service failure.

The vulnerability of the lsidomsgin function hw/scsi/lsi53c895a.c in the QEMU hardware emulation software is related to reading beyond the buffer data boundary. Exploiting this vulnerability can allow an attacker to cause a service failure due to an invalid value of the msglen variable...

The vulnerability of the Dovecot mail server, related to reading beyond the buffer of memory, allows an attacker to access confidential data and also cause a service failure.

The vulnerability of the Dovecot mail server is related to reading data beyond the buffer limit of memory. Exploiting this vulnerability can allow a remote attacker to gain access to confidential data, as well as cause service interruptions through a specially crafted email message...

The vulnerability of the WriteTIFFImage function in the program for reading and editing ImageMagick graphic files involves accessing confidential data beyond the buffer limit of memory. This allows attackers to gain access to sensitive information and cause system failures.

The vulnerability of the WriteTIFFImage function in the ImageMagick program, which is used for reading and editing graphic files, is related to the absence or incomplete cleaning of input data. Exploiting this vulnerability can allow a malicious actor to compromise data confidentiality, as well a...

curl: Out-of-bounds heap read when missing RTSP headers allows information leak or denial of service

curl version curl 7.20.0 to and including curl 7.59.0 contains a CWE-126: Buffer Over-read vulnerability in denial of service that can result in curl can be tricked into reading data beyond the end of a heap based buffer used to store downloaded RTSP content.. This vulnerability appears to have...

The vulnerability of the pnv_lpc_do_eccb function in the hardware/ppc/pnv_lpc.c file of the QEMU hardware emulation software allows a hacker to induce a system failure and gain unauthorized access to the PowerNV memory.

The vulnerability of the pnvlpcdoeccb function in the hardware/ppc/pnvlpc.c file of the QEMU hardware emulator is related to reading data beyond the buffer boundaries. Exploiting this vulnerability can allow an attacker to cause a system failure and gain unauthorized access to the PowerNV memory...

curl: Out-of-bounds heap read when missing RTSP headers allows information leak or denial of service

curl version curl 7.20.0 to and including curl 7.59.0 contains a CWE-126: Buffer Over-read vulnerability in denial of service that can result in curl can be tricked into reading data beyond the end of a heap based buffer used to store downloaded RTSP content.. This vulnerability appears to have...

curl: RTSP RTP buffer over-read

A buffer over-read exists in curl 7.20.0 to and including curl 7.58.0 in the RTSP+RTP handling code that allows an attacker to cause a denial of service or information leakage...

The vulnerability of the NTLM authentication module in the RDP client FreeRDP allows a hacker to trigger a service failure.

The vulnerability of the NTLM authentication module in the RDP client FreeRDP arises from reading beyond the buffer boundaries in memory. Exploiting this vulnerability can allow a malicious actor to cause a service failure remotely...

CVE-2020-8852

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Reader 9.7.0.29455. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within t...

The vulnerability of the vrend_blit_need_swizzle function (vrend_renderer.c) in the virglrenderer library, which allows a hacker to trigger a service failure.

The vulnerability of the vrendblitneedswizzle function in the virglrenderer library is related to reading beyond the buffer boundary in dynamic memory. Exploiting this vulnerability can allow an attacker to cause a service failure using the VIRGLCCMDBLIT command...

DEBIAN-CVE-2019-20433

libaspell.a in GNU Aspell before 0.60.8 has a buffer over-read for a string ending with a single '\0' byte, if the encoding is set to ucs-2 or ucs-4 outside of the application, as demonstrated by the ASPELLCONF environment variable...

Vulnerability of functions f2fs_build_segment_manager and init_min_max_mtime in Linux kernel, allowing attackers to compromise the confidentiality, integrity, and accessibility of protected information

The vulnerability of the f2fsbuildsegmentmanager function in the Linux kernel’s fs/f2fs/segment.c file, as well as the initminmaxmtime function in the same file, relates to reading beyond the buffer boundaries. Exploiting this vulnerability could allow a remote attacker to compromise the...

PT-2020-2006 · Php +7 · Php +7

Name of the Vulnerable Software and Affected Versions: PHP versions 7.2.x through 7.2.26 PHP versions 7.3.x through 7.3.13 PHP versions 7.4.x through 7.4.1 Description: The issue is related to the fgetss function in PHP, which can be exploited to read past the allocated buffer when used to read...

The vulnerabilities of PDF viewing and editing programs like Adobe Acrobat Document Cloud, Adobe Acrobat Reader Document Cloud, and Adobe Acrobat 2017/Adobe Acrobat Reader 2017 involve reading beyond the buffer in memory, allowing attackers to gain unauthorized access to protected information.

The vulnerabilities of PDF viewing and editing programs such as Adobe Acrobat Document Cloud, Adobe Acrobat Reader Document Cloud, Adobe Acrobat 2017, and Adobe Acrobat Reader 2017 are related to reading data beyond the buffer in memory. Exploiting these vulnerabilities can allow an attacker to...