Search
Total
1936 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-34985 | 1 Bentley | 1 Contextcapture Viewer | 2022-01-20 | 4.3 MEDIUM | 5.5 MEDIUM |
| This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley ContextCapture 10.18.0.232. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of OBJ files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-14785. | |||||
| CVE-2021-34984 | 1 Bentley | 1 Contextcapture Viewer | 2022-01-20 | 4.3 MEDIUM | 5.5 MEDIUM |
| This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley ContextCapture 10.18.0.232. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of OBJ files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-14784. | |||||
| CVE-2021-37114 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2022-01-11 | 5.0 MEDIUM | 5.3 MEDIUM |
| There is an Out-of-bounds read vulnerability in Smartphone.Successful exploitation of this vulnerability may affect service confidentiality. | |||||
| CVE-2021-44012 | 1 Siemens | 2 Jt2go, Teamcenter Visualization | 2022-01-06 | 4.3 MEDIUM | 5.5 MEDIUM |
| A vulnerability has been identified in JT2Go (All versions < V13.2.0.5), Teamcenter Visualization (All versions < V13.2.0.5). The Jt1001.dll is vulnerable to an out of bounds read past the end of an allocated buffer when parsing specially crafted JT files. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-15102) | |||||
| CVE-2021-44011 | 1 Siemens | 2 Jt2go, Teamcenter Visualization | 2022-01-06 | 4.3 MEDIUM | 5.5 MEDIUM |
| A vulnerability has been identified in JT2Go (All versions < V13.2.0.5), Teamcenter Visualization (All versions < V13.2.0.5). The Jt1001.dll is vulnerable to an out of bounds read past the end of an allocated buffer while parsing specially crafted JT files. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-15101) | |||||
| CVE-2021-44017 | 1 Siemens | 2 Jt2go, Teamcenter Visualization | 2022-01-06 | 4.3 MEDIUM | 5.5 MEDIUM |
| A vulnerability has been identified in JT2Go (All versions < V13.2.0.5), Teamcenter Visualization (All versions < V13.2.0.5). The Image.dll is vulnerable to an out of bounds read past the end of an allocated buffer when parsing specially crafted TIF files. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-15111) | |||||
| CVE-2021-44015 | 1 Siemens | 2 Jt2go, Teamcenter Visualization | 2022-01-06 | 4.3 MEDIUM | 5.5 MEDIUM |
| A vulnerability has been identified in JT2Go (All versions < V13.2.0.5), Teamcenter Visualization (All versions < V13.2.0.5). The VCRUNTIME140.dll is vulnerable to an out of bounds read past the end of an allocated buffer when parsing specially crafted CGM files. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-15109) | |||||
| CVE-2020-28241 | 3 Debian, Fedoraproject, Maxmind | 3 Debian Linux, Fedora, Libmaxminddb | 2022-01-06 | 4.3 MEDIUM | 6.5 MEDIUM |
| libmaxminddb before 1.4.3 has a heap-based buffer over-read in dump_entry_data_list in maxminddb.c. | |||||
| CVE-2021-30973 | 1 Apple | 4 Ipados, Iphone Os, Mac Os X and 1 more | 2022-01-03 | 4.3 MEDIUM | 5.5 MEDIUM |
| An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Monterey 12.1, iOS 15.2 and iPadOS 15.2, macOS Big Sur 11.6.2, Security Update 2021-008 Catalina. Processing a maliciously crafted file may disclose user information. | |||||
| CVE-2020-0008 | 1 Google | 1 Android | 2022-01-01 | 1.9 LOW | 4.7 MEDIUM |
| In LowEnergyClient::MtuChangedCallback of low_energy_client.cc, there is a possible out of bounds read due to a race condition. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-8.0, Android-8.1, Android-9, and Android-10 Android ID: A-142558228 | |||||
| CVE-2020-0744 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2022-01-01 | 2.1 LOW | 5.5 MEDIUM |
| An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system, aka 'Windows GDI Information Disclosure Vulnerability'. | |||||
| CVE-2019-15142 | 5 Canonical, Debian, Djvulibre Project and 2 more | 5 Ubuntu Linux, Debian Linux, Djvulibre and 2 more | 2021-12-28 | 4.3 MEDIUM | 5.5 MEDIUM |
| In DjVuLibre 3.5.27, DjVmDir.cpp in the DJVU reader component allows attackers to cause a denial-of-service (application crash in GStringRep::strdup in libdjvu/GString.cpp caused by a heap-based buffer over-read) by crafting a DJVU file. | |||||
| CVE-2019-15145 | 5 Canonical, Debian, Djvulibre Project and 2 more | 5 Ubuntu Linux, Debian Linux, Djvulibre and 2 more | 2021-12-28 | 4.3 MEDIUM | 5.5 MEDIUM |
| DjVuLibre 3.5.27 allows attackers to cause a denial-of-service attack (application crash via an out-of-bounds read) by crafting a corrupted JB2 image file that is mishandled in JB2Dict::JB2Codec::get_direct_context in libdjvu/JB2Image.h because of a missing zero-bytes check in libdjvu/GBitmap.h. | |||||
| CVE-2019-15531 | 1 Gnu | 1 Libextractor | 2021-12-26 | 4.3 MEDIUM | 6.5 MEDIUM |
| GNU Libextractor through 1.9 has a heap-based buffer over-read in the function EXTRACTOR_dvi_extract_method in plugins/dvi_extractor.c. | |||||
| CVE-2021-42374 | 2 Busybox, Fedoraproject | 2 Busybox, Fedora | 2021-12-23 | 3.3 LOW | 5.3 MEDIUM |
| An out-of-bounds heap read in Busybox's unlzma applet leads to information leak and denial of service when crafted LZMA-compressed input is decompressed. This can be triggered by any applet/format that | |||||
| CVE-2021-30836 | 1 Apple | 6 Ipados, Iphone Os, Macos and 3 more | 2021-12-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 14.8 and iPadOS 14.8, tvOS 15, watchOS 8, iOS 15 and iPadOS 15. Processing a maliciously crafted audio file may disclose restricted memory. | |||||
| CVE-2021-39657 | 1 Google | 1 Android | 2021-12-20 | 2.1 LOW | 4.4 MEDIUM |
| In ufshcd_eh_device_reset_handler of ufshcd.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-194696049References: Upstream kernel | |||||
| CVE-2021-0650 | 1 Google | 1 Android | 2021-12-20 | 7.1 HIGH | 6.5 MEDIUM |
| In WT_InterpolateNoLoop of eas_wtengine.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-9Android ID: A-190286685 | |||||
| CVE-2021-39637 | 1 Google | 1 Android | 2021-12-20 | 2.1 LOW | 4.4 MEDIUM |
| In CreateDeviceInfo of trusty_remote_provisioning_context.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-193579873References: N/A | |||||
| CVE-2021-1041 | 1 Google | 1 Android | 2021-12-20 | 2.1 LOW | 5.5 MEDIUM |
| In (TBD) of (TBD), there is a possible out of bounds read due to memory corruption. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-182950799References: N/A | |||||
| CVE-2021-1046 | 1 Google | 1 Android | 2021-12-20 | 2.1 LOW | 4.4 MEDIUM |
| In lwis_dpm_update_clock of lwis_device_dpm.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-195609074References: N/A | |||||
| CVE-2021-1007 | 1 Google | 1 Android | 2021-12-20 | 2.1 LOW | 4.4 MEDIUM |
| In btu_hcif_process_event of btu_hcif.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-167759047 | |||||
| CVE-2021-0996 | 1 Google | 1 Android | 2021-12-17 | 2.7 LOW | 4.5 MEDIUM |
| In nfaHciCallback of HciEventManager.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure over NFC with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-181346545 | |||||
| CVE-2021-0998 | 1 Google | 1 Android | 2021-12-17 | 2.1 LOW | 5.5 MEDIUM |
| In 'ih264e_find_bskip_params()' of ih264e_me.c, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-193442575 | |||||
| CVE-2021-0976 | 1 Google | 1 Android | 2021-12-17 | 4.3 MEDIUM | 6.5 MEDIUM |
| In toBARK of floor0.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-199680600 | |||||
| CVE-2021-44479 | 1 Nxp | 2 Kinetis K82, Kinetis K82 Firmware | 2021-12-16 | 2.1 LOW | 5.5 MEDIUM |
| NXP Kinetis K82 devices have a buffer over-read via a crafted wlength value in a GET Status-Other request during use of USB In-System Programming (ISP) mode. This discloses protected flash memory. | |||||
| CVE-2021-44004 | 1 Siemens | 2 Jt2go, Teamcenter Visualization | 2021-12-15 | 4.3 MEDIUM | 5.5 MEDIUM |
| A vulnerability has been identified in JT2Go (All versions < V13.2.0.5), Teamcenter Visualization (All versions < V13.2.0.5). The Tiff_Loader.dll is vulnerable to an out of bounds read past the end of an allocated buffer when parsing TIFF files. An attacker could leverage this vulnerability to leak information in the context of the current process. | |||||
| CVE-2021-44009 | 1 Siemens | 2 Jt2go, Teamcenter Visualization | 2021-12-15 | 4.3 MEDIUM | 5.5 MEDIUM |
| A vulnerability has been identified in JT2Go (All versions < V13.2.0.5), Teamcenter Visualization (All versions < V13.2.0.5). The Tiff_Loader.dll is vulnerable to an out of bounds read past the end of an allocated buffer when parsing TIFF files. An attacker could leverage this vulnerability to leak information in the context of the current process. | |||||
| CVE-2021-44008 | 1 Siemens | 2 Jt2go, Teamcenter Visualization | 2021-12-15 | 4.3 MEDIUM | 5.5 MEDIUM |
| A vulnerability has been identified in JT2Go (All versions < V13.2.0.5), Teamcenter Visualization (All versions < V13.2.0.5). The Tiff_Loader.dll is vulnerable to an out of bounds read past the end of an allocated buffer when parsing TIFF files. An attacker could leverage this vulnerability to leak information in the context of the current process. | |||||
| CVE-2021-44010 | 1 Siemens | 2 Jt2go, Teamcenter Visualization | 2021-12-15 | 4.3 MEDIUM | 5.5 MEDIUM |
| A vulnerability has been identified in JT2Go (All versions < V13.2.0.5), Teamcenter Visualization (All versions < V13.2.0.5). The Tiff_Loader.dll is vulnerable to an out of bounds read past the end of an allocated buffer when parsing TIFF files. An attacker could leverage this vulnerability to leak information in the context of the current process. | |||||
| CVE-2020-14402 | 3 Debian, Libvncserver Project, Opensuse | 3 Debian Linux, Libvncserver, Leap | 2021-12-14 | 5.5 MEDIUM | 5.4 MEDIUM |
| An issue was discovered in LibVNCServer before 0.9.13. libvncserver/corre.c allows out-of-bounds access via encodings. | |||||
| CVE-2020-14403 | 2 Debian, Libvncserver Project | 2 Debian Linux, Libvncserver | 2021-12-14 | 5.5 MEDIUM | 5.4 MEDIUM |
| An issue was discovered in LibVNCServer before 0.9.13. libvncserver/hextile.c allows out-of-bounds access via encodings. | |||||
| CVE-2020-14404 | 2 Debian, Libvncserver Project | 2 Debian Linux, Libvncserver | 2021-12-14 | 5.5 MEDIUM | 5.4 MEDIUM |
| An issue was discovered in LibVNCServer before 0.9.13. libvncserver/rre.c allows out-of-bounds access via encodings. | |||||
| CVE-2020-25713 | 2 Fedoraproject, Librdf | 2 Fedora, Raptor Rdf Syntax Library | 2021-12-14 | 4.0 MEDIUM | 6.5 MEDIUM |
| A malformed input file can lead to a segfault due to an out of bounds array access in raptor_xml_writer_start_element_common. | |||||
| CVE-2017-7697 | 1 Libsamplerate Project | 1 Libsamplerate | 2021-12-14 | 4.3 MEDIUM | 5.5 MEDIUM |
| In libsamplerate before 0.1.9, a buffer over-read occurs in the calc_output_single function in src_sinc.c via a crafted audio file. | |||||
| CVE-2019-9074 | 3 Canonical, Gnu, Netapp | 4 Ubuntu Linux, Binutils, Hci Management Node and 1 more | 2021-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an out-of-bounds read leading to a SEGV in bfd_getl32 in libbfd.c, when called from pex64_get_runtime_function in pei-x86_64.c. | |||||
| CVE-2021-39218 | 2 Bytecodealliance, Fedoraproject | 2 Wasmtime, Fedora | 2021-12-10 | 3.3 LOW | 6.3 MEDIUM |
| Wasmtime is an open source runtime for WebAssembly & WASI. In Wasmtime from version 0.26.0 and before version 0.30.0 is affected by a memory unsoundness vulnerability. There was an invalid free and out-of-bounds read and write bug when running Wasm that uses `externref`s in Wasmtime. To trigger this bug, Wasmtime needs to be running Wasm that uses `externref`s, the host creates non-null `externrefs`, Wasmtime performs a garbage collection (GC), and there has to be a Wasm frame on the stack that is at a GC safepoint where there are no live references at this safepoint, and there is a safepoint with live references earlier in this frame's function. Under this scenario, Wasmtime would incorrectly use the GC stack map for the safepoint from earlier in the function instead of the empty safepoint. This would result in Wasmtime treating arbitrary stack slots as `externref`s that needed to be rooted for GC. At the *next* GC, it would be determined that nothing was referencing these bogus `externref`s (because nothing could ever reference them, because they are not really `externref`s) and then Wasmtime would deallocate them and run `<ExternRef as Drop>::drop` on them. This results in a free of memory that is not necessarily on the heap (and shouldn't be freed at this moment even if it was), as well as potential out-of-bounds reads and writes. Even though support for `externref`s (via the reference types proposal) is enabled by default, unless you are creating non-null `externref`s in your host code or explicitly triggering GCs, you cannot be affected by this bug. We have reason to believe that the effective impact of this bug is relatively small because usage of `externref` is currently quite rare. This bug has been patched and users should upgrade to Wasmtime version 0.30.0. If you cannot upgrade Wasmtime at this time, you can avoid this bug by disabling the reference types proposal by passing `false` to `wasmtime::Config::wasm_reference_types`. | |||||
| CVE-2021-20221 | 3 Debian, Qemu, Redhat | 3 Debian Linux, Qemu, Enterprise Linux | 2021-12-10 | 2.1 LOW | 6.0 MEDIUM |
| An out-of-bounds heap buffer access issue was found in the ARM Generic Interrupt Controller emulator of QEMU up to and including qemu 4.2.0on aarch64 platform. The issue occurs because while writing an interrupt ID to the controller memory area, it is not masked to be 4 bits wide. It may lead to the said issue while updating controller state fields and their subsequent processing. A privileged guest user may use this flaw to crash the QEMU process on the host resulting in DoS scenario. | |||||
| CVE-2021-3477 | 2 Debian, Openexr | 2 Debian Linux, Openexr | 2021-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
| There's a flaw in OpenEXR's deep tile sample size calculations in versions before 3.0.0-beta. An attacker who is able to submit a crafted file to be processed by OpenEXR could trigger an integer overflow, subsequently leading to an out-of-bounds read. The greatest risk of this flaw is to application availability. | |||||
| CVE-2019-8906 | 4 Apple, Canonical, File Project and 1 more | 7 Iphone Os, Mac Os X, Tvos and 4 more | 2021-12-09 | 3.6 LOW | 4.4 MEDIUM |
| do_core_note in readelf.c in libmagic.a in file 5.35 has an out-of-bounds read because memcpy is misused. | |||||
| CVE-2019-8905 | 4 Canonical, Debian, File Project and 1 more | 4 Ubuntu Linux, Debian Linux, File and 1 more | 2021-12-09 | 3.6 LOW | 4.4 MEDIUM |
| do_core_note in readelf.c in libmagic.a in file 5.35 has a stack-based buffer over-read, related to file_printable, a different vulnerability than CVE-2018-10360. | |||||
| CVE-2020-27824 | 4 Debian, Fedoraproject, Redhat and 1 more | 4 Debian Linux, Fedora, Enterprise Linux and 1 more | 2021-12-07 | 4.3 MEDIUM | 5.5 MEDIUM |
| A flaw was found in OpenJPEG’s encoder in the opj_dwt_calc_explicit_stepsizes() function. This flaw allows an attacker who can supply crafted input to decomposition levels to cause a buffer overflow. The highest threat from this vulnerability is to system availability. | |||||
| CVE-2021-40154 | 1 Nxp | 6 Lpc55s69jbd100, Lpc55s69jbd100 Firmware, Lpc55s69jbd64 and 3 more | 2021-12-06 | 2.1 LOW | 5.5 MEDIUM |
| NXP LPC55S69 devices before A3 have a buffer over-read via a crafted wlength value in a GET Descriptor Configuration request during use of USB In-System Programming (ISP) mode. This discloses protected flash memory. | |||||
| CVE-2021-30910 | 1 Apple | 5 Ipad Os, Iphone Os, Mac Os X and 2 more | 2021-12-06 | 4.3 MEDIUM | 5.5 MEDIUM |
| An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 15.1 and iPadOS 15.1, macOS Monterey 12.0.1, tvOS 15.1, Security Update 2021-007 Catalina, macOS Big Sur 11.6.1. Processing a maliciously crafted file may disclose user information. | |||||
| CVE-2020-6345 | 1 Sap | 1 3d Visual Enterprise Viewer | 2021-12-03 | 4.3 MEDIUM | 4.3 MEDIUM |
| SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated TGA file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation. | |||||
| CVE-2021-3522 | 3 Gstreamer Project, Netapp, Oracle | 12 Gstreamer, Active Iq Unified Manager, E-series Santricity Os Controller and 9 more | 2021-12-02 | 4.3 MEDIUM | 5.5 MEDIUM |
| GStreamer before 1.18.4 may perform an out-of-bounds read when handling certain ID3v2 tags. | |||||
| CVE-2020-6341 | 1 Sap | 1 3d Visual Enterprise Viewer | 2021-12-02 | 4.3 MEDIUM | 4.3 MEDIUM |
| SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated EPS file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation. | |||||
| CVE-2020-6330 | 1 Sap | 1 3d Visual Enterprise Viewer | 2021-12-01 | 4.3 MEDIUM | 4.3 MEDIUM |
| SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated 3DM file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation. | |||||
| CVE-2020-6322 | 1 Sap | 1 3d Visual Enterprise Viewer | 2021-12-01 | 4.3 MEDIUM | 4.3 MEDIUM |
| SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated 3DM file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation. | |||||
| CVE-2019-19479 | 3 Debian, Fedoraproject, Opensc Project | 3 Debian Linux, Fedora, Opensc | 2021-11-30 | 2.1 LOW | 5.5 MEDIUM |
| An issue was discovered in OpenSC through 0.19.0 and 0.20.x through 0.20.0-rc3. libopensc/card-setcos.c has an incorrect read operation during parsing of a SETCOS file attribute. | |||||