Vulnerabilities > Out-of-bounds Read

DATE CVE VULNERABILITY TITLE RISK
2016-08-07 CVE-2016-5114 Out-of-bounds Read vulnerability in PHP
sapi/fpm/fpm/fpm_log.c in PHP before 5.5.31, 5.6.x before 5.6.17, and 7.x before 7.0.2 misinterprets the semantics of the snprintf return value, which allows attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read and buffer overflow) via a long string, as demonstrated by a long URI in a configuration with custom REQUEST_URI logging.
network
low complexity
php CWE-125
critical
9.1
2016-08-07 CVE-2016-5093 Out-of-bounds Read vulnerability in PHP
The get_icu_value_internal function in ext/intl/locale/locale_methods.c in PHP before 5.5.36, 5.6.x before 5.6.22, and 7.x before 7.0.7 does not ensure the presence of a '\0' character, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted locale_get_primary_language call.
network
low complexity
php CWE-125
8.6
2016-08-07 CVE-2013-7456 Out-of-bounds Read vulnerability in Libgd 2.1.0
gd_interpolation.c in the GD Graphics Library (aka libgd) before 2.1.1, as used in PHP before 5.5.36, 5.6.x before 5.6.22, and 7.x before 7.0.7, allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted image that is mishandled by the imagescale function.
network
low complexity
libgd CWE-125
7.6
2016-08-06 CVE-2016-3855 Out-of-bounds Read vulnerability in Google Android
drivers/thermal/supply_lm_core.c in the Qualcomm components in Android before 2016-08-05 does not validate a certain count parameter, which allows attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via a crafted application, aka Qualcomm internal bug CR990824.
local
low complexity
google CWE-125
7.8
2016-08-06 CVE-2016-3854 Out-of-bounds Read vulnerability in Google Android
drivers/media/video/msm/msm_mctl_buf.c in the Qualcomm components in Android before 2016-08-05 does not validate the image mode, which allows attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via a crafted application, aka Qualcomm internal bug CR897326.
local
low complexity
google CWE-125
7.8
2016-08-01 CVE-2016-2180 Out-of-bounds Read vulnerability in multiple products
The TS_OBJ_print_bio function in crypto/ts/ts_lib.c in the X.509 Public Key Infrastructure Time-Stamp Protocol (TSP) implementation in OpenSSL through 1.0.2h allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted time-stamp file that is mishandled by the "openssl ts" command.
network
low complexity
openssl oracle CWE-125
7.5
2016-07-25 CVE-2016-6294 Out-of-bounds Read vulnerability in PHP
The locale_accept_from_http function in ext/intl/locale/locale_methods.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 does not properly restrict calls to the ICU uloc_acceptLanguageFromHTTP function, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a call with a long argument.
network
low complexity
php CWE-125
critical
9.8
2016-07-22 CVE-2016-4652 Out-of-bounds Read vulnerability in Apple mac OS X
CoreGraphics in Apple OS X before 10.11.6 allows local users to obtain sensitive information from kernel memory and consequently gain privileges, or cause a denial of service (out-of-bounds read), via unspecified vectors.
local
high complexity
apple CWE-125
6.3
2016-07-22 CVE-2016-4628 Out-of-bounds Read vulnerability in Apple Iphone OS
IOAcceleratorFamily in Apple iOS before 9.3.3 and watchOS before 2.2.2 allows local users to obtain sensitive information from kernel memory or cause a denial of service (out-of-bounds read) via unspecified vectors.
local
low complexity
apple CWE-125
5.5
2016-06-09 CVE-2016-4523 Out-of-bounds Read vulnerability in Trihedral Vtscada
The WAP interface in Trihedral VTScada (formerly VTS) 8.x through 11.x before 11.2.02 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via unspecified vectors.
network
low complexity
trihedral CWE-125
7.5