Vulnerabilities > Out-of-bounds Read

DATE CVE VULNERABILITY TITLE RISK
2017-01-06 CVE-2016-2366 Out-of-bounds Read vulnerability in multiple products
A denial of service vulnerability exists in the handling of the MXIT protocol in Pidgin.
network
high complexity
pidgin canonical debian CWE-125
5.9
2017-01-05 CVE-2016-6891 Out-of-bounds Read vulnerability in Matrixssl
MatrixSSL before 3.8.6 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted ASN.1 Bit Field primitive in an X.509 certificate.
network
low complexity
matrixssl CWE-125
7.5
2017-01-04 CVE-2016-9935 Out-of-bounds Read vulnerability in PHP
The php_wddx_push_element function in ext/wddx/wddx.c in PHP before 5.6.29 and 7.x before 7.0.14 allows remote attackers to cause a denial of service (out-of-bounds read and memory corruption) or possibly have unspecified other impact via an empty boolean element in a wddxPacket XML document.
network
low complexity
php CWE-125
critical
9.8
2016-12-28 CVE-2016-9777 Out-of-bounds Read vulnerability in Linux Kernel
KVM in the Linux kernel before 4.8.12, when I/O APIC is enabled, does not properly restrict the VCPU index, which allows guest OS users to gain host OS privileges or cause a denial of service (out-of-bounds array access and host OS crash) via a crafted interrupt request, related to arch/x86/kvm/ioapic.c and arch/x86/kvm/ioapic.h.
local
high complexity
linux CWE-125
7.8
2016-12-23 CVE-2016-9037 Out-of-bounds Read vulnerability in Tarantool 1.7.2
An exploitable out-of-bounds array access vulnerability exists in the xrow_header_decode function of Tarantool 1.7.2.0-g8e92715.
network
low complexity
tarantool CWE-125
7.5
2016-12-23 CVE-2016-9036 Out-of-bounds Read vulnerability in Tarantool Msgpuck 1.0.3
An exploitable incorrect return value vulnerability exists in the mp_check function of Tarantool's Msgpuck library 1.0.3.
network
low complexity
tarantool CWE-125
7.5
2016-12-23 CVE-2016-7502 Out-of-bounds Read vulnerability in Ffmpeg
The cavs_idct8_add_c function in libavcodec/cavsdsp.c in FFmpeg before 3.1.4 is vulnerable to reading out-of-bounds memory when decoding with cavs_decode.
local
low complexity
ffmpeg CWE-125
7.8
2016-12-23 CVE-2016-7450 Out-of-bounds Read vulnerability in Ffmpeg
The ff_log2_16bit_c function in libavutil/intmath.h in FFmpeg before 3.1.4 is vulnerable to reading out-of-bounds memory when it decodes a malformed AIFF file.
local
low complexity
ffmpeg CWE-125
7.8
2016-12-20 CVE-2016-7291 Out-of-bounds Read vulnerability in Microsoft products
Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Word for Mac 2011, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allow remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via a crafted document, aka "Microsoft Office Information Disclosure Vulnerability," a different vulnerability than CVE-2016-7290.
local
low complexity
microsoft CWE-125
7.1
2016-12-20 CVE-2016-7290 Out-of-bounds Read vulnerability in Microsoft products
Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Word for Mac 2011, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allow remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via a crafted document, aka "Microsoft Office Information Disclosure Vulnerability," a different vulnerability than CVE-2016-7291.
local
low complexity
microsoft CWE-125
7.1