The vulnerability of Adobe InDesign’s computer design automation tool, related to reading data outside the buffer in memory, allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of Adobe InDesign’s computer layout automation tool is related to reading data outside the buffer in memory. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information...

The vulnerability of the read_descriptors() function in the drivers/usb/core/sysfs.c file of the Linux kernel’s USB driver allows a attacker to cause a service failure.

The vulnerability of the readdescriptors function in the drivers/usb/core/sysfs.c file of the Linux kernel’s USB driver is related to reading a reserved buffer from outside the system. Exploiting this vulnerability could allow an attacker to cause a service failure...

Out-of-bounds

TP-Link TL-WR940N V2/V4/V6, TL-WR841N V8, TL-WR941ND V5, and TL-WR740N V1/V2 were discovered to contain a buffer read out-of-bounds via the component /userRpm/VirtualServerRpm. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted GET request...

CVE-2023-36356

TP-Link TL-WR940N V2/V4/V6, TL-WR841N V8, TL-WR941ND V5, and TL-WR740N V1/V2 were discovered to contain a buffer read out-of-bounds via the component /userRpm/VirtualServerRpm. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted GET request...

PT-2023-25288 · Ashlar Vellum · Ashlar-Vellum Cobalt

Name of the Vulnerable Software and Affected Versions: Ashlar-Vellum Cobalt affected versions not specified Description: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required, as the target must visit a...

Out-of-bounds

Contiki-NG is an open-source, cross-platform operating system for IoT devices. When reading the TCP MSS option value from an incoming packet, the Contiki-NG OS does not verify that certain buffer indices to read from are within the bounds of the IPv6 packet buffer, uipbuf. In particular, there is...

CVE-2023-2977

A vulnerbility was found in OpenSC. This security flaw cause a buffer overrun vulnerability in pkcs15 cardoshaveverifyrcpackage. The attacker can supply a smart card package with malformed ASN1 context. The cardoshaveverifyrcpackage function scans the ASN1 buffer for 2 tags, where remaining lengt...

Samba SMB1 Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Samba. Authentication is required to exploit this vulnerability, and SMB1 must be enabled on the target. The specific flaw exists within the Samba service, which listens on TCP port 139 by...

CVE-2023-25668 TensorFlow vulnerable to heap out-of-buffer read in the QuantizeAndDequantize operation

TensorFlow is an open source platform for machine learning. Attackers using Tensorflow prior to 2.12.0 or 2.11.1 can access heap memory which is not in the control of user, leading to a crash or remote code execution. The fix will be included in TensorFlow version 2.12.0 and will also cherrypick...

PT-2023-1815 · Adobe · Dimension

Name of the Vulnerable Software and Affected Versions: Adobe Dimension versions 3.4.7 and earlier Description: The issue is related to an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as...

PT-2023-5364 · Siemens · Tecnomatix Plant Simulation

Name of the Vulnerable Software and Affected Versions: Tecnomatix Plant Simulation versions prior to V2201.0006 Description: The issue is related to an out of bounds read past the end of an allocated structure while parsing specially crafted SPP files. This could allow an attacker to execute code...

K2104: Buffer read overflow in DNS resolver libraries - CAN-2002-1146

Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...

SUSE CVE-2017-7813

Inside the JavaScript parser, a cast of an integer to a narrower type can result in data read from outside the buffer being parsed. This usually results in a non-exploitable crash, but can leak a limited amount of information from memory if it matches JavaScript identifier syntax. This...

SUSE CVE-2018-16890

libcurl versions from 7.36.0 to before 7.64.0 is vulnerable to a heap buffer out-of-bounds read. The function handling incoming NTLM type-2 messages lib/vauth/ntlm.c:ntlmdecodetype2target does not validate incoming data correctly and is subject to an integer overflow vulnerability. Using that...

SUSE CVE-2020-10378

In libImaging/PcxDecode.c in Pillow before 7.1.0, an out-of-bounds read can occur when reading PCX files where state-shuffle is instructed to read beyond state-buffer...

PT-2023-5351 · Libtiff +8 · Libtiff +8

Name of the Vulnerable Software and Affected Versions: LibTIFF version 4.4.0 Description: The issue is related to an out-of-bounds read in the tiffcrop function in tools/tiffcrop.c at line 3400, which can be exploited by attackers to cause a denial-of-service via a crafted tiff file. The...

CVE-2022-42385

This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

CVE-2022-46143

Affected devices do not check the TFTP blocksize correctly. This could allow an authenticated attacker to read from an uninitialized buffer that potentially contains previously allocated data...

OP-TEE Trusted OS 输入验证错误漏洞

OP-TEE Trusted OS is OP-TEE open source an open source trusted execution environment TEE that implements Arm TrustZone technology. A buffer overflow vulnerability exists in OP-TEE Trusted OS versions prior to 3.19.0, which stems from an unvalidated "numparams" parameter that can be exploited to...

Adobe Acrobat 缓冲区错误漏洞

Adobe Acrobat is a suite of PDF file editing and conversion tools from the American company Audobee Adobe. A buffer error vulnerability exists in Adobe Acrobat DC versions prior to 22.003.20258 and Acrobat 2020 20.005.30407, which originates from an out-of-bounds read and could lead to a memory...