Medium
CVE-2020-24348
njs through 0.4.3, used in NGINX, has an out-of-bounds read in njs_json_stringify_iterator in njs_json.c.
Tag: Out-of-Bounds Read
All CVEs associated with "Out-of-Bounds Read". Page 34/49 • 5854 CVEs.
Subscribe CVEs: RSS for “Out-of-Bounds Read” · RSS (High+Critical only)
About “Out-of-Bounds Read”
A curated feed of “Out-of-Bounds Read”-related CVEs appears below. We currently track 5854 CVEs for this tag (all time). In the last 365 days, 976 were published. Average CVSS is 6.5 (all time; 6.4 over 365d), and 43% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-125 - Out-of-bounds Read, CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer, CWE-122 - Heap-based Buffer Overflow.
In our taxonomy this topic maps to a MODERATE impact class. Common exploitation patterns for this weakness can lead to moderate. Use the filters to triage high risk first and validate exposure in your environment. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.
CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).
CVSS ≥ 0.0
2020-08-13
Medium
CVE-2020-24347
njs through 0.4.3, used in NGINX, has an out-of-bounds read in njs_lvlhsh_level_find in njs_lvlhsh.c.
Medium
CVE-2020-8682
Out of bounds read in system driver for some Intel(R) Graphics Drivers before version 15.33.50.5129 may allow an authenticated user to potentially enable denial of service via local access.
Medium
CVE-2020-0553
Out-of-bounds read in kernel mode driver for some Intel(R) Wireless Bluetooth(R) products on Windows* 10, may allow a privileged user to potentially enable information disclosure via local access.
High
CVE-2020-0510
Out of bounds read in some Intel(R) Graphics Drivers before versions 15.45.31.5127 and 15.40.45.5126 may allow an authenticated user to potentially enable escalation of privilege via local access.
2020-08-12
High
CVE-2020-17360
An issue was discovered in ReadyTalk Avian 1.2.0. The vm::arrayCopy method defined in classpath-common.h contains multiple boundary checks that are performed to prevent out-of-bounds memory read/writ…
High
CVE-2020-12673
In Dovecot before 2.3.11.3, sending a specially formatted NTLM request will crash the auth service because of an out-of-bounds read.
2020-08-11
Critical
CVE-2020-0260
There is a possible out of bounds read due to an incorrect bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-152225183
High
CVE-2020-0254
There is a possible out of bounds read due to an incorrect bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-152647751
High
CVE-2020-0251
There is a possible out of bounds read due to an incorrect bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-152647626
2020-08-07
High
CVE-2020-16219
Delta Electronics TPEditor Versions 1.97 and prior. An out-of-bounds read may be exploited by processing specially crafted project files. Successful exploitation of this vulnerability may allow an at…
2020-08-06
Medium
CVE-2020-16211
Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. An out-of-bounds read vulnerability may be exploited by processing specially crafted project files, which may allow an attacker to read…
2020-08-04
Low
CVE-2020-16201
Delta Industrial Automation CNCSoft ScreenEditor, Versions 1.01.23 and prior. Multiple out-of-bounds read vulnerabilities may be exploited by processing specially crafted project files, which may all…
2020-07-30
High
CVE-2020-3700
Possible out of bounds read due to a missing bounds check and could lead to local information disclosure in the wifi driver with no additional execution privileges needed in Snapdragon Auto, Snapdrag…
High
CVE-2019-14101
Out of bounds read can happen in diag event set mask command handler when user provided length in the command request is less than expected length in Snapdragon Auto, Snapdragon Compute, Snapdragon C…
2020-07-22
Medium
CVE-2020-9686
Adobe Photoshop versions Photoshop CC 2019, and Photoshop 2020 have an out-of-bounds read vulnerability. Successful exploitation could lead to arbitrary code execution.
High
CVE-2020-9683
Adobe Photoshop versions Photoshop CC 2019, and Photoshop 2020 have an out-of-bounds read vulnerability. Successful exploitation could lead to arbitrary code execution.
Medium
CVE-2020-9679
Adobe Prelude versions 9.0 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to arbitrary code execution.
High
CVE-2020-9677
Adobe Prelude versions 9.0 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to arbitrary code execution.
High
CVE-2020-9675
Adobe Bridge versions 10.0.3 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to arbitrary code execution.
2020-07-21
High
CVE-2020-15890
LuaJit through 2.1.0-beta3 has an out-of-bounds read because __gc handler frame traversal is mishandled.
2020-07-17
Medium
CVE-2020-9649
Adobe Media Encoder versions 14.2 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
2020-07-09
Medium
CVE-2020-10756
An out-of-bounds read vulnerability was found in the SLiRP networking implementation of the QEMU emulator. This flaw occurs in the icmp6_send_echoreply() routine while replying to an ICMP echo reques…
Medium
CVE-2020-12425
Due to confusion processing a hyphen character in Date.parse(), a one-byte out of bounds read could have occurred, leading to potential information disclosure. This vulnerability affects Firefox < 78.
Medium
CVE-2020-12418
Manipulating individual parts of a URL object could have caused an out-of-bounds read, leaking process memory to malicious JavaScript. This vulnerability affects Firefox ESR < 68.10, Firefox < 78, an…
2020-07-07
Medium
CVE-2020-15584
An issue was discovered on Samsung mobile devices with Q(10.0) software. Attackers can trigger an out-of-bounds access and device reset via a 4K wallpaper image because ImageProcessHelper mishandles…
2020-07-01
High
CVE-2020-12498
mwe file parsing in Phoenix Contact PC Worx and PC Worx Express version 1.87 and earlier is vulnerable to out-of-bounds read remote code execution. Manipulated PC Worx projects could lead to a remote…
2020-06-26
High
CVE-2020-9628
Adobe DNG Software Development Kit (SDK) 1.5 and earlier versions have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
High
CVE-2020-9627
Adobe DNG Software Development Kit (SDK) 1.5 and earlier versions have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
High
CVE-2020-9625
Adobe DNG Software Development Kit (SDK) 1.5 and earlier versions have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
Low
CVE-2020-9558
Adobe Bridge versions 10.0.1 and earlier version have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
Medium
CVE-2020-9557
Adobe Bridge versions 10.0.1 and earlier version have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
Low
CVE-2020-9553
Adobe Bridge versions 10.0.1 and earlier version have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
Medium
CVE-2020-3809
Adobe After Effects versions 17.0.1 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure .
Medium
CVE-2020-9629
Adobe DNG Software Development Kit (SDK) 1.5 and earlier versions have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
Low
CVE-2020-9626
Adobe DNG Software Development Kit (SDK) 1.5 and earlier versions have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
Medium
CVE-2020-9624
Adobe DNG Software Development Kit (SDK) 1.5 and earlier versions have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
High
CVE-2020-9623
Adobe DNG Software Development Kit (SDK) 1.5 and earlier versions have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
Medium
CVE-2020-9622
Adobe DNG Software Development Kit (SDK) 1.5 and earlier versions have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
Medium
CVE-2020-9617
Adobe Premiere Rush versions 1.5.8 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
Medium
CVE-2020-9616
Adobe Premiere Pro versions 14.1 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
2020-06-25
High
CVE-2020-9661
Adobe After Effects versions 17.1 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to arbitrary code execution .
High
CVE-2020-9655
Adobe Premiere Rush versions 1.5.12 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to arbitrary code execution .
High
CVE-2020-9652
Adobe Premiere Pro versions 14.2 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to arbitrary code execution .
Medium
CVE-2020-9618
Adobe Audition versions 13.0.5 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
Medium
CVE-2020-9609
Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011.30166 and earlier, 2017.011.30166 and earlier, and 2015.006.30518 and earlier have an out-of-bounds read vulnerability. Successf…
Medium
CVE-2020-9608
Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011.30166 and earlier, 2017.011.30166 and earlier, and 2015.006.30518 and earlier have an out-of-bounds read vulnerability. Successf…
Medium
CVE-2020-9603
Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011.30166 and earlier, 2017.011.30166 and earlier, and 2015.006.30518 and earlier have an out-of-bounds read vulnerability. Successf…
Medium
CVE-2020-9602
Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011.30166 and earlier, 2017.011.30166 and earlier, and 2015.006.30518 and earlier have an out-of-bounds read vulnerability. Successf…
High
CVE-2020-9601
Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011.30166 and earlier, 2017.011.30166 and earlier, and 2015.006.30518 and earlier have an out-of-bounds read vulnerability. Successf…
High
CVE-2020-9600
Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011.30166 and earlier, 2017.011.30166 and earlier, and 2015.006.30518 and earlier have an out-of-bounds read vulnerability. Successf…
High
CVE-2020-9599
Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011.30166 and earlier, 2017.011.30166 and earlier, and 2015.006.30518 and earlier have an out-of-bounds read vulnerability. Successf…
Medium
CVE-2020-9666
Adobe Campaign Classic before 20.2 have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
High
CVE-2020-11538
In libImaging/SgiRleDecode.c in Pillow through 7.0.0, a number of out-of-bounds reads exist in the parsing of SGI image files, a different issue than CVE-2020-5311.
Medium
CVE-2020-10994
In libImaging/Jpeg2KDecode.c in Pillow before 7.1.0, there are multiple out-of-bounds reads via a crafted JP2 file.
Medium
CVE-2020-10378
In libImaging/PcxDecode.c in Pillow before 7.1.0, an out-of-bounds read can occur when reading PCX files where state->shuffle is instructed to read beyond state->buffer.
Medium
CVE-2020-10177
Pillow before 7.1.0 has multiple out-of-bounds reads in libImaging/FliDecode.c.
Low
CVE-2020-3970
VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain an ou…
Medium
CVE-2020-5965
NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the DirectX 11 user mode driver (nvwgf2um/x.dll), in which a specially crafted shader can cause an out of bounds access, l…
2020-06-24
Medium
CVE-2020-12864
An out-of-bounds read in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to read important information, such as the ASLR offsets of the prog…
Medium
CVE-2020-12863
An out-of-bounds read in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to read important information, such as the ASLR offsets of the prog…
Medium
CVE-2020-12862
An out-of-bounds read in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to read important information, such as the ASLR offsets of the prog…
2020-06-22
Low
CVE-2020-4033
In FreeRDP before version 2.1.2, there is an out of bounds read in RLEDECOMPRESS. All FreeRDP based clients with sessions with color depth < 32 are affected. This is fixed in version 2.1.2.
Low
CVE-2020-4030
In FreeRDP before version 2.1.2, there is an out of bounds read in TrioParse. Logging might bypass string length checks due to an integer overflow. This is fixed in version 2.1.2.
Low
CVE-2020-11099
In FreeRDP before version 2.1.2, there is an out of bounds read in license_read_new_or_upgrade_license_packet. A manipulated license packet can lead to out of bound reads to an internal buffer. This…
Low
CVE-2020-11097
In FreeRDP before version 2.1.2, an out of bounds read occurs resulting in accessing a memory location that is outside of the boundaries of the static array PRIMARY_DRAWING_ORDER_FIELD_BYTES. This is…
2020-06-17
Medium
CVE-2020-14404
An issue was discovered in LibVNCServer before 0.9.13. libvncserver/rre.c allows out-of-bounds access via encodings.
Medium
CVE-2020-14403
An issue was discovered in LibVNCServer before 0.9.13. libvncserver/hextile.c allows out-of-bounds access via encodings.
Medium
CVE-2020-14402
An issue was discovered in LibVNCServer before 0.9.13. libvncserver/corre.c allows out-of-bounds access via encodings.
Medium
CVE-2020-11914
The Treck TCP/IP stack before 6.0.1.66 has an ARP Out-of-bounds Read.
Medium
CVE-2020-11913
The Treck TCP/IP stack before 6.0.1.66 has an IPv6 Out-of-bounds Read.
Medium
CVE-2020-11912
The Treck TCP/IP stack before 6.0.1.66 has a TCP Out-of-bounds Read.
Medium
CVE-2020-11910
The Treck TCP/IP stack before 6.0.1.66 has an ICMPv4 Out-of-bounds Read.
Medium
CVE-2020-11905
The Treck TCP/IP stack before 6.0.1.66 has a DHCPv6 Out-of-bounds Read.
Medium
CVE-2020-11903
The Treck TCP/IP stack before 6.0.1.28 has a DHCP Out-of-bounds Read.
High
CVE-2020-11902
The Treck TCP/IP stack before 6.0.1.66 has an IPv6OverIPv4 tunneling Out-of-bounds Read.
Medium
CVE-2020-11899
The Treck TCP/IP stack before 6.0.1.66 has an IPv6 Out-of-bounds Read.
2020-06-15
High
CVE-2020-14148
The Server-Server protocol implementation in ngIRCd before 26~rc2 allows an out-of-bounds access, as demonstrated by the IRC_NJOIN() function.
Medium
CVE-2020-8674
Out-of-bounds read in DHCPv6 subsystem in Intel(R) AMT and Intel(R)ISM versions before 11.8.77, 11.12.77, 11.22.77, 12.0.64 and 14.0.33 may allow an unauthenticated user to potentially enable informa…
High
CVE-2020-0597
Out-of-bounds read in IPv6 subsystem in Intel(R) AMT and Intel(R) ISM versions before 14.0.33 may allow an unauthenticated user to potentially enable denial of service via network access.
Critical
CVE-2020-0594
Out-of-bounds read in IPv6 subsystem in Intel(R) AMT and Intel(R) ISM versions before 11.8.77, 11.12.77, 11.22.77 and 12.0.64 may allow an unauthenticated user to potentially enable escalation of pri…
2020-06-11
High
CVE-2020-0214
In ce_t4t_process_select_file_cmd of ce_t4t.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote information disclosure with no additional execution…
Medium
CVE-2020-0212
In _onBufferDestroyed of InputBufferManager.cpp, there is a possible out of bounds read due to a use after free. This could lead to remote information disclosure with no additional execution privileg…
Medium
CVE-2020-0211
In SumCompoundHorizontalTaps of convolve_neon.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution p…
Medium
CVE-2020-0207
In next_marker of jdmarker.c, there is a possible out of bounds read due to improper input validation. This could lead to remote information disclosure with no additional execution privileges needed.…
Medium
CVE-2020-0205
In the DaalaBitReader constructor of entropy_decoder.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure in the media server wit…
Medium
CVE-2020-0200
In ReadLittleEndian of raw_bit_reader.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure in the media server with no additional…
Medium
CVE-2020-0197
In InitDataParser::parsePssh of InitDataParser.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution…
Medium
CVE-2020-0193
In ihevc_intra_pred_chroma_mode_3_to_9_av8 of ihevc_intra_pred_chroma_mode_3_to_9.s, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclo…
Medium
CVE-2020-0192
In ih264d_decode_slice_thread of ih264d_thread_parse_decode.c, there is a possible out of bounds read due to improper input validation. This could lead to remote information disclosure with no additi…
Medium
CVE-2020-0191
In ih264d_update_default_index_list() of ih264d_dpb_mgr.c, there is a possible out of bounds read due to a logic error. This could lead to remote information disclosure with no additional execution p…
Medium
CVE-2020-0185
In avrc_pars_browsing_cmd of avrc_pars_tg.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privil…
Medium
CVE-2020-0182
In exif_entry_get_value of exif-entry.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges…
Medium
CVE-2020-0180
In GetOpusHeaderBuffers() of OpusHeader.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privil…
High
CVE-2020-0176
In avdt_msg_prs_rej of avdt_msg.cc, there is a possible out-of-bounds read due to improper input validation. This could lead to remote information disclosure with no additional execution privileges n…
Medium
CVE-2020-0167
In load of ResourceTypes.cpp, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure with no additional execution privileges needed. User i…
Medium
CVE-2020-0164
In phNxpNciHal_NfcDep_cmd_ext of phNxpNciHal_NfcDepSWPrio.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System executi…
Medium
CVE-2020-0159
In rw_mfc_writeBlock of rw_mfc.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. Us…
Medium
CVE-2020-0158
In nfc_ncif_proc_t3t_polling_ntf of nfc_ncif.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges…
Medium
CVE-2020-0157
In nfa_hci_conn_cback of nfa_hci_main.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure via compromised device firmware with S…
Medium
CVE-2020-0156
In NxpNfc::ioctl of NxpNfc.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with User execution privileges needed. User inter…
Medium
CVE-2020-0154
In nci_proc_core_rsp of nci_hrcv.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure via compromised device firmware with Syst…
Medium
CVE-2020-0152
In avb_vbmeta_image_verify of avb_vbmeta_image.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privilege…
Medium
CVE-2020-0151
In avb_vbmeta_image_verify of avb_vbmeta_image.c there is a possible out of bounds read due to a missing bounds check. This could lead to a local information disclosure with System execution privileg…
Medium
CVE-2020-0149
In btu_hcif_mode_change_evt of btu_hcif.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure via compromised device firmware with…
Medium
CVE-2020-0148
In btu_hcif_pin_code_request_evt, btu_hcif_link_key_request_evt, and btu_hcif_link_key_notification_evt of btu_hcif.cc, there is a possible out of bounds read due to a missing bounds check. This coul…
Medium
CVE-2020-0147
In btu_hcif_esco_connection_chg_evt of btu_hcif.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure via compromised device firmwa…
Medium
CVE-2020-0146
In btu_hcif_hardware_error_evt of btu_hcif.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure via compromised device firmware wi…
Medium
CVE-2020-0145
In btm_simple_pair_complete of btm_sec.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure via compromised device firmware with S…
Medium
CVE-2020-0144
In btm_proc_sp_req_evt of btm_sec.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure via compromised device firmware with System…
Medium
CVE-2020-0143
In nfa_dm_ndef_find_next_handler of nfa_dm_ndef.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure of heap data via compromised d…
Medium
CVE-2020-0139
In NDEF_MsgValidate of ndef_utils.c, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure if a malformed NFC tag is provided by the firmw…
Medium
CVE-2020-0132
In BnAAudioService::onTransact of IAAudioService.cpp, there is a possible out of bounds read due to unsafe deserialization. This could lead to local information disclosure with no additional executio…
High
CVE-2020-0128
In addPacket of AMPEG4ElementaryAssembler, there is an out of bounds read due to an integer overflow. This could lead to remote information disclosure with no additional execution privileges required…
Medium
CVE-2020-0127
In AudioStream::decode of AudioGroup.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure in the phone process with no additiona…
2020-06-10
Medium
CVE-2020-0113
In sendCaptureResult of Camera3OutputUtils.cpp, there is a possible out of bounds read due to a use after free. This could lead to local information disclosure with no additional execution privileges…
2020-06-09
High
CVE-2020-9847
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Catalina 10.15.5. A malicious application may be able to break out of its sandbox.
Critical
CVE-2020-9838
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.5 and iPadOS 13.5. A remote attacker may be able to cause arbitrary code execution.
High
CVE-2020-9837
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5. A remote attacker may be able to leak memory.
Medium
CVE-2020-9832
An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.5. A malicious application may be able to determine kernel memory layout.