| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| An issue in SQLite before Fossil check-in 869a51ae84df allows a local attacker to obtain sensitive information via the Session Extension changeset concat/changegroup merge path |
| A buffer over-read vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions, FortiProxy 7.6.0 through 7.6.5, FortiProxy 7.4.0 through 7.4.13, FortiProxy 7.2 all versions, FortiProxy 7.0 all versions may allow attacker to information disclosure via <insert attack vector here> |
| An issue was discovered in cyrus-imapd in Cyrus IMAP through 3.12.2. There is heap exposure in nested MIME comment parsing. An authenticated IMAP user could craft an email message containing an RFC 822 comment ending with a backslash. When parsing the message, the server would read past the message's end in memory, and read into the heap, returning the read content to the user. |
| Buffer over-read in Windows NTFS allows an authorized attacker to disclose information locally. |
| Buffer over-read in Windows Kernel allows an authorized attacker to disclose information locally. |
| A buffer over-read vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions may allow an authenticated remote attacker to return a portion of device memory in the redirect response via submitting a specially crafted request. |
| TDengine is a time-series database optimized for Internet of Things devices. Prior to 3.4.1.14, source/libs/parser/src/parTokenizer.c tGetToken() incremented past a trailing backslash in a SQL string literal such as 'abc\ and read one byte beyond the null terminator, allowing an authenticated user who can submit SQL queries to crash the server and possibly leak adjacent memory. This issue is fixed in version 3.4.1.14. |
| Buffer over-read in Windows Overlay Filter allows an authorized attacker to elevate privileges locally. |
| Buffer over-read in Windows Print Spooler Components allows an authorized attacker to disclose information locally. |
| Tornado is a Python web framework and asynchronous networking library. Prior to 6.5.6, the optional native extension tornado.speedups implemented websocket_mask without validating that the mask argument is exactly four bytes, allowing the C function to read up to three bytes beyond the provided buffer when reached through Tornado XSRF token decoding with the native extension active. This issue is fixed in version 6.5.6. |
| Buffer over-read in Microsoft Office Excel allows an unauthorized attacker to execute code locally. |
| Buffer over-read in Windows RDP allows an unauthorized attacker to disclose information over a network. |
| A flaw was found in libgnutls. A remote attacker, by sending an extremely short premaster secret during an RSA key exchange to a server using an RSA key backed by a PKCS#11 token, could trigger a short heap overread. This memory corruption vulnerability could lead to information disclosure. |
| Buffer over-read in Windows Redirected Drive Buffering allows an authorized attacker to elevate privileges locally. |
| Incorrect conversion between numeric types in Windows NTFS allows an authorized attacker to elevate privileges locally. |
| Buffer over-read in SQL Server allows an authorized attacker to disclose information over a network. |
| Buffer over-read in Windows Hyper-V allows an authorized attacker to deny service over an adjacent network. |
| Buffer over-read in Remote Desktop Client allows an unauthorized attacker to disclose information over a network. |
| Buffer over-read in Windows Subsystem for Linux allows an authorized attacker to elevate privileges locally. |
| An issue was discovered in Django 6.0 before 6.0.7 and 5.2 before 5.2.16.
`django.contrib.gis.gdal.GDALRaster` over-reads its in-memory buffer when constructed from a bytes object, which can disclose adjacent memory or cause service degradation via a potential segmentation fault when the `vsi_buffer` property is accessed.
Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.
Django would like to thank Bence Nagy for reporting this issue. |