Total
8242 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-16645 | 1 Linux | 1 Linux Kernel | 2025-04-20 | N/A |
| The ims_pcu_get_cdc_union_desc function in drivers/input/misc/ims-pcu.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (ims_pcu_parse_cdc_data out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device. | ||||
| CVE-2017-16579 | 1 Foxitsoftware | 1 Foxit Reader | 2025-04-20 | N/A |
| This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.2.25013. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JPEG2000 images. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5244. | ||||
| CVE-2017-16535 | 1 Linux | 1 Linux Kernel | 2025-04-20 | N/A |
| The usb_get_bos_descriptor function in drivers/usb/core/config.c in the Linux kernel before 4.13.10 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device. | ||||
| CVE-2015-5327 | 1 Linux | 1 Linux Kernel | 2025-04-20 | N/A |
| Out-of-bounds memory read in the x509_decode_time function in x509_cert_parser.c in Linux kernels 4.3-rc1 and after. | ||||
| CVE-2017-16531 | 1 Linux | 1 Linux Kernel | 2025-04-20 | 6.6 Medium |
| drivers/usb/core/config.c in the Linux kernel before 4.13.6 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device, related to the USB_DT_INTERFACE_ASSOCIATION descriptor. | ||||
| CVE-2017-16529 | 3 Canonical, Debian, Linux | 3 Ubuntu Linux, Debian Linux, Linux Kernel | 2025-04-20 | 6.6 Medium |
| The snd_usb_create_streams function in sound/usb/card.c in the Linux kernel before 4.13.6 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device. | ||||
| CVE-2017-16412 | 1 Adobe | 4 Acrobat, Acrobat Dc, Acrobat Reader and 1 more | 2025-04-20 | N/A |
| An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability occurs because of a computation that reads data that is past the end of the target buffer; the computation is part of the XPS conversion module, when handling a JPEG resource. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure. | ||||
| CVE-2017-16406 | 1 Adobe | 4 Acrobat, Acrobat Dc, Acrobat Reader and 1 more | 2025-04-20 | N/A |
| An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is an instance of a type confusion vulnerability in the EMF processing module. The issue causes the program to access an object using an incompatible type, leading to an out of bounds memory access. Attackers can exploit the vulnerability by using the out of bounds access for unintended reads, writes, or frees -- potentially leading to code corruption, control-flow hijack, or information leak attack. | ||||
| CVE-2017-16400 | 1 Adobe | 4 Acrobat, Acrobat Dc, Acrobat Reader and 1 more | 2025-04-20 | N/A |
| An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is part of the JPEG 2000 parser. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure. | ||||
| CVE-2017-16382 | 1 Adobe | 4 Acrobat, Acrobat Dc, Acrobat Reader and 1 more | 2025-04-20 | N/A |
| An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is part of the image conversion module. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure. | ||||
| CVE-2017-16374 | 1 Adobe | 4 Acrobat, Acrobat Dc, Acrobat Reader and 1 more | 2025-04-20 | N/A |
| An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. The vulnerability is caused by a buffer over-read in the JPEG 2000 module. An invalid JPEG 2000 input code stream leads to a computation where the pointer arithmetic results in a location outside valid memory locations belonging to the buffer. An attack can be used to obtain sensitive information, such as object heap addresses, etc. | ||||
| CVE-2017-16370 | 1 Adobe | 4 Acrobat, Acrobat Dc, Acrobat Reader and 1 more | 2025-04-20 | N/A |
| An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability occurs because of a computation that reads data that is past the end of the target buffer; the computation is a part of the JavaScript engine. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure. | ||||
| CVE-2017-16365 | 1 Adobe | 4 Acrobat, Acrobat Dc, Acrobat Reader and 1 more | 2025-04-20 | N/A |
| An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. The vulnerability is caused by a buffer over-read in the True Type2 Font parsing module. A corrupted cmap table input leads to a computation where the pointer arithmetic results in a location outside valid memory locations belonging to the buffer. An attack can be used to obtain sensitive information, such as object heap addresses, etc. | ||||
| CVE-2017-16363 | 1 Adobe | 4 Acrobat, Acrobat Dc, Acrobat Reader and 1 more | 2025-04-20 | N/A |
| An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. The vulnerability is caused by a buffer over-read in the module that handles character codes for certain textual representations. Invalid input leads to a computation where the pointer arithmetic results in a location outside valid memory locations belonging to the buffer. An attack can be used to obtain sensitive information, such as object heap addresses, etc. | ||||
| CVE-2017-15932 | 1 Radare | 1 Radare2 | 2025-04-20 | N/A |
| In radare2 2.0.1, an integer exception (negative number leading to an invalid memory access) exists in store_versioninfo_gnu_verdef() in libr/bin/format/elf/elf.c via crafted ELF files when parsing the ELF version on 32bit systems. | ||||
| CVE-2017-15931 | 1 Radare | 1 Radare2 | 2025-04-20 | N/A |
| In radare2 2.0.1, an integer exception (negative number leading to an invalid memory access) exists in store_versioninfo_gnu_verneed() in libr/bin/format/elf/elf.c via crafted ELF files on 32bit systems. | ||||
| CVE-2017-15922 | 1 Gnu | 1 Libextractor | 2025-04-20 | N/A |
| In GNU Libextractor 1.4, there is an out-of-bounds read in the EXTRACTOR_dvi_extract_method function in plugins/dvi_extractor.c. | ||||
| CVE-2017-15722 | 2 Debian, Irssi | 2 Debian Linux, Irssi | 2025-04-20 | N/A |
| In certain cases, Irssi before 1.0.5 may fail to verify that a Safe channel ID is long enough, causing reads beyond the end of the string. | ||||
| CVE-2017-15318 | 1 Huawei | 10 Rp200, Rp200 Firmware, Te30 and 7 more | 2025-04-20 | N/A |
| RP200 V500R002C00, V600R006C00; TE30 V100R001C10, V500R002C00, V600R006C00; TE40 V500R002C00, V600R006C00; TE50 V500R002C00, V600R006C00; TE60 V100R001C10, V500R002C00, V600R006C00 have an out-of-bounds read vulnerabilities in some Huawei products. Due to insufficient input validation, a remote attacker could exploit these vulnerabilities by sending specially crafted SS7 related packets to the target devices. Successful exploit will cause out-of-bounds read and possibly crash the system. | ||||
| CVE-2017-15228 | 1 Irssi | 1 Irssi | 2025-04-20 | N/A |
| Irssi before 1.0.5, when installing themes with unterminated colour formatting sequences, may access data beyond the end of the string. | ||||