Search
Total
4471 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-38106 | 1 Corel | 1 Presentations 2020 | 2021-10-07 | 4.3 MEDIUM | 5.5 MEDIUM |
| UAX200.dll in Corel Presentations 2020 20.0.0.200 is affected by an Out-of-bounds Read vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to access unauthorized system memory in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious PPT file. | |||||
| CVE-2021-38108 | 1 Corel | 1 Wordperfect 2020 | 2021-10-07 | 4.3 MEDIUM | 5.5 MEDIUM |
| Word97Import200.dll in Corel WordPerfect 2020 20.0.0.200 is affected by an Out-of-bounds Read vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to access unauthorized system memory in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious DOC file. | |||||
| CVE-2021-38107 | 1 Corel | 1 Coreldraw 2020 | 2021-10-07 | 4.3 MEDIUM | 5.5 MEDIUM |
| CdrCore.dll in Corel DrawStandard 2020 22.0.0.474 is affected by an Out-of-bounds Read vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to access unauthorized system memory in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious CDR file. | |||||
| CVE-2021-38109 | 1 Corel | 1 Coreldraw 2020 | 2021-10-07 | 4.3 MEDIUM | 5.5 MEDIUM |
| Corel DrawStandard 2020 22.0.0.474 is affected by an Out-of-bounds Read vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to access unauthorized system memory in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious CDR file. | |||||
| CVE-2021-39844 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2021-10-06 | 4.3 MEDIUM | 3.3 LOW |
| Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of arbitrary memory information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2021-39858 | 3 Adobe, Apple, Microsoft | 8 Acrobat, Acrobat 2017, Acrobat Dc and 5 more | 2021-10-06 | 4.3 MEDIUM | 3.3 LOW |
| Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of arbitrary memory information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2021-29358 | 1 Irfanview | 1 Irfanview | 2021-10-05 | 4.3 MEDIUM | 5.5 MEDIUM |
| A buffer overflow vulnerability in FORMATS!ReadPVR_W+0xfa of Irfanview 4.57 allows attackers to cause a denial of service (DOS) via a crafted PVR file. | |||||
| CVE-2021-39865 | 1 Adobe | 1 Framemaker | 2021-10-04 | 4.3 MEDIUM | 3.3 LOW |
| Adobe Framemaker versions 2019 Update 8 (and earlier) and 2020 Release Update 2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2021-40697 | 1 Adobe | 1 Framemaker | 2021-10-04 | 4.3 MEDIUM | 3.3 LOW |
| Adobe Framemaker versions 2019 Update 8 (and earlier) and 2020 Release Update 2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2021-39862 | 1 Adobe | 1 Framemaker | 2021-10-04 | 4.3 MEDIUM | 3.3 LOW |
| Adobe Framemaker versions 2019 Update 8 (and earlier) and 2020 Release Update 2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2020-20902 | 1 Ffmpeg | 1 Ffmpeg | 2021-10-01 | 4.3 MEDIUM | 6.5 MEDIUM |
| A CWE-125: Out-of-bounds read vulnerability exists in long_term_filter function in g729postfilter.c in FFmpeg 4.2.1 during computation of the denominator of pseudo-normalized correlation R'(0), that could result in disclosure of information. | |||||
| CVE-2021-0660 | 2 Google, Mediatek | 5 Android, Mt6779, Mt6853 and 2 more | 2021-10-01 | 4.0 MEDIUM | 4.9 MEDIUM |
| In ccu, there is a possible out of bounds read due to incorrect error handling. This could lead to information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05827145; Issue ID: ALPS05827145. | |||||
| CVE-2021-41581 | 1 Openbsd | 1 Libressl | 2021-09-29 | 4.3 MEDIUM | 5.5 MEDIUM |
| x509_constraints_parse_mailbox in lib/libcrypto/x509/x509_constraints.c in LibreSSL through 3.4.0 has a stack-based buffer over-read. When the input exceeds DOMAIN_PART_MAX_LEN, the buffer lacks '\0' termination. | |||||
| CVE-2021-27045 | 1 Autodesk | 1 Navisworks | 2021-09-28 | 6.8 MEDIUM | 7.8 HIGH |
| A maliciously crafted PDF file in Autodesk Navisworks 2019, 2020, 2021, 2022 can be forced to read beyond allocated boundaries when parsing the PDF file. This vulnerability can be exploited to execute arbitrary code. | |||||
| CVE-2021-40155 | 1 Autodesk | 1 Navisworks | 2021-09-28 | 6.8 MEDIUM | 7.8 HIGH |
| A maliciously crafted DWG file in Autodesk Navisworks 2019, 2020, 2021, 2022 can be forced to read beyond allocated boundaries when parsing the DWG files. This vulnerability can be exploited to execute arbitrary code. | |||||
| CVE-2020-3960 | 1 Vmware | 3 Fusion, Vsphere Esxi, Workstation | 2021-09-28 | 3.6 LOW | 8.4 HIGH |
| VMware ESXi (6.7 before ESXi670-202006401-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain an out-of-bounds read vulnerability in NVMe functionality. A malicious actor with local non-administrative access to a virtual machine with a virtual NVMe controller present may be able to read privileged information contained in physical memory. | |||||
| CVE-2020-21049 | 1 Libsixel Project | 1 Libsixel | 2021-09-24 | 4.3 MEDIUM | 6.5 MEDIUM |
| An invalid read in the stb_image.h component of libsixel prior to v1.8.5 allows attackers to cause a denial of service (DOS) via a crafted PSD file. | |||||
| CVE-2021-37176 | 1 Siemens | 1 Simcenter Femap | 2021-09-23 | 4.3 MEDIUM | 3.3 LOW |
| A vulnerability has been identified in Simcenter Femap V2020.2 (All versions), Simcenter Femap V2021.1 (All versions). The femap.exe application lacks proper validation of user-supplied data when parsing modfem files. This could result in an out of bounds read past the end of an allocated buffer. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-14260) | |||||
| CVE-2021-25455 | 1 Google | 1 Android | 2021-09-23 | 4.3 MEDIUM | 3.3 LOW |
| OOB read vulnerability in libsaviextractor.so library prior to SMR Sep-2021 Release 1 allows attackers to access arbitrary address through pointer via forged avi file. | |||||
| CVE-2021-1948 | 1 Qualcomm | 436 Apq8053, Apq8053 Firmware, Apq8064au and 433 more | 2021-09-22 | 7.8 HIGH | 7.5 HIGH |
| Possible out of bound read due to lack of length check of data while parsing the beacon or probe response in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking | |||||
| CVE-2021-1941 | 1 Qualcomm | 430 Apq8064au, Apq8064au Firmware, Apq8096au and 427 more | 2021-09-22 | 7.8 HIGH | 7.5 HIGH |
| Possible buffer over read issue due to improper length check on WPA IE string sent by peer in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking | |||||
| CVE-2021-25454 | 1 Google | 1 Android | 2021-09-22 | 4.3 MEDIUM | 5.5 MEDIUM |
| OOB read vulnerability in libsaacextractor.so library prior to SMR Sep-2021 Release 1 allows attackers to execute remote DoS via forged aac file. | |||||
| CVE-2021-25456 | 1 Google | 1 Android | 2021-09-22 | 4.3 MEDIUM | 5.5 MEDIUM |
| OOB read vulnerability in libswmfextractor.so library prior to SMR Sep-2021 Release 1 allows attackers to execute memcpy at arbitrary address via forged wmf file. | |||||
| CVE-2021-1974 | 1 Qualcomm | 380 Aqt1000, Aqt1000 Firmware, Ar8035 and 377 more | 2021-09-22 | 5.0 MEDIUM | 7.5 HIGH |
| Possible buffer over read due to lack of alignment between map or unmap length of IPA SMMU and WLAN SMMU in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking | |||||
| CVE-2021-30733 | 1 Apple | 6 Ipad Os, Iphone Os, Mac Os X and 3 more | 2021-09-22 | 4.3 MEDIUM | 5.5 MEDIUM |
| An out-of-bounds read was addressed with improved input validation. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave, macOS Big Sur 11.4, watchOS 7.5. Processing a maliciously crafted font may result in the disclosure of process memory. | |||||
| CVE-2021-30752 | 1 Apple | 5 Ipad Os, Iphone Os, Macos and 2 more | 2021-09-22 | 6.8 MEDIUM | 7.8 HIGH |
| Processing a maliciously crafted image may lead to arbitrary code execution. This issue is fixed in macOS Big Sur 11.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. An out-of-bounds read was addressed with improved input validation. | |||||
| CVE-2019-20838 | 2 Apple, Pcre | 2 Macos, Pcre | 2021-09-22 | 4.3 MEDIUM | 7.5 HIGH |
| libpcre in PCRE before 8.43 allows a subject buffer over-read in JIT when UTF is disabled, and \X or \R has more than one fixed quantifier, a related issue to CVE-2019-20454. | |||||
| CVE-2021-30746 | 1 Apple | 4 Ipad Os, Iphone Os, Mac Os X and 1 more | 2021-09-22 | 4.3 MEDIUM | 5.5 MEDIUM |
| An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6. Processing a maliciously crafted USD file may disclose memory contents. | |||||
| CVE-2021-36016 | 2 Adobe, Microsoft | 2 Media Encoder, Windows | 2021-09-21 | 4.3 MEDIUM | 3.3 LOW |
| Adobe Media Encoder version 15.2 (and earlier) is affected by an Out-of-bounds Read vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to read arbitrary file system information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2021-32950 | 2 Opendesign, Siemens | 3 Drawings Sdk, Jt2go, Teamcenter Visualization | 2021-09-21 | 5.8 MEDIUM | 7.1 HIGH |
| An out-of-bounds read issue exists within the parsing of DXF files in the Drawings SDK (All versions prior to 2022.4) resulting from the lack of proper validation of user-supplied data. This can result in a read past the end of an allocated buffer and allows attackers to cause a denial-of-service condition or read sensitive information from memory locations. | |||||
| CVE-2021-32940 | 2 Opendesign, Siemens | 3 Drawings Sdk, Jt2go, Teamcenter Visualization | 2021-09-21 | 5.8 MEDIUM | 7.1 HIGH |
| An out-of-bounds read issue exists in the DWG file-recovering procedure in the Drawings SDK (All versions prior to 2022.4) resulting from the lack of proper validation of user-supplied data. This can result in a read past the end of an allocated buffer and allow attackers to cause a denial-of-service condition or read sensitive information from memory locations. | |||||
| CVE-2021-32938 | 2 Opendesign, Siemens | 3 Drawings Sdk, Jt2go, Teamcenter Visualization | 2021-09-21 | 5.8 MEDIUM | 7.1 HIGH |
| Drawings SDK (All versions prior to 2022.4) are vulnerable to an out-of-bounds read due to parsing of DWG files resulting from the lack of proper validation of user-supplied data. This can result in a read past the end of an allocated buffer and allows attackers to cause a denial-of service condition or read sensitive information from memory. | |||||
| CVE-2021-33738 | 1 Siemens | 2 Jt2go, Teamcenter Visualization | 2021-09-21 | 4.3 MEDIUM | 3.3 LOW |
| A vulnerability has been identified in JT2Go (All versions < V13.2.0.2), Teamcenter Visualization (All versions < V13.2.0.2). The plmxmlAdapterSE70.dll library in affected applications lacks proper validation of user-supplied data when parsing PAR files. This could result in an out of bounds read past the end of an allocated buffer. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-13405) | |||||
| CVE-2021-1867 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2021-09-20 | 9.3 HIGH | 8.8 HIGH |
| An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 14.5 and iPadOS 14.5, macOS Big Sur 11.3. A malicious application may be able to execute arbitrary code with kernel privileges. | |||||
| CVE-2021-32078 | 1 Linux | 1 Linux Kernel | 2021-09-20 | 6.6 MEDIUM | 7.1 HIGH |
| An Out-of-Bounds Read was discovered in arch/arm/mach-footbridge/personal-pci.c in the Linux kernel through 5.12.11 because of the lack of a check for a value that shouldn't be negative, e.g., access to element -2 of an array, aka CID-298a58e165e4. | |||||
| CVE-2021-30660 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2021-09-20 | 7.8 HIGH | 7.5 HIGH |
| An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. A malicious application may be able to disclose kernel memory. | |||||
| CVE-2021-22918 | 1 Nodejs | 1 Node.js | 2021-09-20 | 5.0 MEDIUM | 5.3 MEDIUM |
| Node.js before 16.4.1, 14.17.2, 12.22.2 is vulnerable to an out-of-bounds read when uv__idna_toascii() is used to convert strings to ASCII. The pointer p is read and increased without checking whether it is beyond pe, with the latter holding a pointer to the end of the buffer. This can lead to information disclosures or crashes. This function can be triggered via uv_getaddrinfo(). | |||||
| CVE-2021-1877 | 1 Apple | 2 Ipados, Iphone Os | 2021-09-20 | 4.9 MEDIUM | 5.5 MEDIUM |
| An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 14.5 and iPadOS 14.5. A local user may be able to read kernel memory. | |||||
| CVE-2021-30687 | 1 Apple | 6 Ipados, Iphone Os, Mac Os X and 3 more | 2021-09-17 | 4.3 MEDIUM | 5.5 MEDIUM |
| An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in tvOS 14.6, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6, Security Update 2021-003 Catalina, macOS Big Sur 11.4, watchOS 7.5. Processing a maliciously crafted image may lead to disclosure of user information. | |||||
| CVE-2021-1881 | 1 Apple | 6 Ipados, Iphone Os, Mac Os X and 3 more | 2021-09-17 | 6.8 MEDIUM | 7.8 HIGH |
| An out-of-bounds read was addressed with improved input validation. This issue is fixed in Security Update 2021-002 Catalina, Security Update 2021-003 Mojave, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. Processing a maliciously crafted font file may lead to arbitrary code execution. | |||||
| CVE-2021-1885 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2021-09-17 | 6.8 MEDIUM | 7.8 HIGH |
| An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. Processing a maliciously crafted image may lead to arbitrary code execution. | |||||
| CVE-2021-30695 | 1 Apple | 4 Ipados, Iphone Os, Mac Os X and 1 more | 2021-09-17 | 4.3 MEDIUM | 5.5 MEDIUM |
| An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6. Processing a maliciously crafted USD file may disclose memory contents. | |||||
| CVE-2021-30686 | 1 Apple | 6 Ipados, Iphone Os, Mac Os X and 3 more | 2021-09-17 | 4.3 MEDIUM | 5.5 MEDIUM |
| An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Security Update 2021-003 Catalina, macOS Big Sur 11.4, watchOS 7.5. Processing a maliciously crafted audio file may disclose restricted memory. | |||||
| CVE-2021-1846 | 1 Apple | 6 Ipados, Iphone Os, Mac Os X and 3 more | 2021-09-17 | 4.3 MEDIUM | 5.5 MEDIUM |
| Processing a maliciously crafted audio file may disclose restricted memory. This issue is fixed in Security Update 2021-002 Catalina, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. An out-of-bounds read was addressed with improved input validation. | |||||
| CVE-2021-30706 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2021-09-17 | 4.3 MEDIUM | 5.5 MEDIUM |
| Processing a maliciously crafted image may lead to disclosure of user information. This issue is fixed in macOS Big Sur 11.4, tvOS 14.6, watchOS 7.5, iOS 14.6 and iPadOS 14.6. This issue was addressed with improved checks. | |||||
| CVE-2021-30708 | 1 Apple | 4 Ipados, Iphone Os, Mac Os X and 1 more | 2021-09-16 | 6.8 MEDIUM | 7.8 HIGH |
| An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6. Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution. | |||||
| CVE-2021-1945 | 1 Qualcomm | 412 Apq8053, Apq8053 Firmware, Apq8064au and 409 more | 2021-09-16 | 5.0 MEDIUM | 7.5 HIGH |
| Possible out of bound read due to lack of length check of Bandwidth-NSS IE in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking | |||||
| CVE-2021-1852 | 1 Apple | 2 Ipad Os, Iphone Os | 2021-09-16 | 4.9 MEDIUM | 5.5 MEDIUM |
| An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 14.5 and iPadOS 14.5. A local user may be able to read kernel memory. | |||||
| CVE-2021-1809 | 1 Apple | 6 Ipados, Iphone Os, Mac Os X and 3 more | 2021-09-16 | 5.0 MEDIUM | 7.5 HIGH |
| A memory corruption issue was addressed with improved validation. This issue is fixed in Security Update 2021-002 Catalina, Security Update 2021-003 Mojave, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. A malicious application may be able to read restricted memory. | |||||
| CVE-2021-1808 | 1 Apple | 6 Ipados, Iphone Os, Mac Os X and 3 more | 2021-09-16 | 5.0 MEDIUM | 7.5 HIGH |
| A memory corruption issue was addressed with improved validation. This issue is fixed in Security Update 2021-002 Catalina, Security Update 2021-003 Mojave, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. An application may be able to read restricted memory. | |||||