Total
4813 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-1899 | 1 Qualcomm | 82 Apq8009w, Apq8009w Firmware, Aqt1000 and 79 more | 2021-07-15 | 2.1 LOW | 4.6 MEDIUM |
| Possible buffer over read due to lack of length check while flashing meta images in Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables | |||||
| CVE-2021-1901 | 1 Qualcomm | 84 Apq8009, Apq8009 Firmware, Apq8053 and 81 more | 2021-07-15 | 2.1 LOW | 4.6 MEDIUM |
| Possible buffer over-read due to lack of length check while flashing meta images in Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | |||||
| CVE-2021-27381 | 1 Siemens | 1 Solid Edge | 2021-07-15 | 6.8 MEDIUM | 7.8 HIGH |
| A vulnerability has been identified in Solid Edge SE2020 (All Versions < SE2020MP13), Solid Edge SE2021 (All Versions < SE2021MP3). Affected applications lack proper validation of user-supplied data when parsing PAR files. This could result in an out of bounds read past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-12534) | |||||
| CVE-2019-25049 | 2 Linux, Openbsd | 2 Linux Kernel, Libressl | 2021-07-08 | 5.8 MEDIUM | 7.1 HIGH |
| LibreSSL 2.9.1 through 3.2.1 has an out-of-bounds read in asn1_item_print_ctx (called from asn1_template_print_ctx). | |||||
| CVE-2019-25048 | 2 Linux, Openbsd | 2 Linux Kernel, Libressl | 2021-07-08 | 5.8 MEDIUM | 7.1 HIGH |
| LibreSSL 2.9.1 through 3.2.1 has a heap-based buffer over-read in do_print_ex (called from asn1_item_print_ctx and ASN1_item_print). | |||||
| CVE-2021-27412 | 1 Deltaww | 1 Dopsoft | 2021-07-07 | 6.8 MEDIUM | 7.8 HIGH |
| Delta Electronics DOPSoft Versions 4.0.10.17 and prior are vulnerable to an out-of-bounds read, which may allow an attacker to execute arbitrary code. | |||||
| CVE-2021-27455 | 1 Deltaww | 1 Dopsoft | 2021-07-07 | 4.3 MEDIUM | 5.5 MEDIUM |
| Delta Electronics DOPSoft Versions 4.0.10.17 and prior are vulnerable to an out-of-bounds read while processing project files, which may allow an attacker to disclose information. | |||||
| CVE-2020-36386 | 1 Linux | 1 Linux Kernel | 2021-07-06 | 5.6 MEDIUM | 7.1 HIGH |
| An issue was discovered in the Linux kernel before 5.8.1. net/bluetooth/hci_event.c has a slab out-of-bounds read in hci_extended_inquiry_result_evt, aka CID-51c19bf3d5cf. | |||||
| CVE-2021-28576 | 2 Adobe, Microsoft | 2 Animate, Windows | 2021-07-06 | 4.3 MEDIUM | 4.3 MEDIUM |
| Adobe Animate version 21.0.5 (and earlier) is affected by an Out-of-bounds Read vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to disclose sensitive information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2021-28575 | 2 Adobe, Microsoft | 2 Animate, Windows | 2021-07-06 | 4.3 MEDIUM | 4.3 MEDIUM |
| Adobe Animate version 21.0.5 (and earlier) is affected by an Out-of-bounds Read vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to disclose sensitive information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2021-28574 | 2 Adobe, Microsoft | 2 Animate, Windows | 2021-07-06 | 4.3 MEDIUM | 4.3 MEDIUM |
| Adobe Animate version 21.0.5 (and earlier) is affected by an Out-of-bounds Read vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to disclose sensitive information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2021-32990 | 1 Fatek | 1 Winproladder | 2021-07-02 | 7.5 HIGH | 9.8 CRITICAL |
| FATEK Automation WinProladder Versions 3.30 and prior are vulnerable to an out-of-bounds read, which may allow an attacker to execute arbitrary code. | |||||
| CVE-2021-28573 | 2 Adobe, Microsoft | 2 Animate, Windows | 2021-07-02 | 4.3 MEDIUM | 6.5 MEDIUM |
| Adobe Animate version 21.0.5 (and earlier) is affected by an Out-of-bounds Read vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to disclose sensitive information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2021-22354 | 1 Huawei | 2 Emui, Magic Ui | 2021-07-02 | 6.4 MEDIUM | 9.1 CRITICAL |
| There is an Information Disclosure Vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may cause out-of-bounds read. | |||||
| CVE-2021-28587 | 2 Adobe, Microsoft | 2 After Effects, Windows | 2021-07-02 | 4.3 MEDIUM | 3.3 LOW |
| After Effects versions 18.0 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2021-31510 | 1 Opentext | 1 Brava\! Desktop | 2021-07-01 | 6.8 MEDIUM | 7.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop Build 16.6.4.55. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of TIF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13675. | |||||
| CVE-2021-31512 | 1 Opentext | 1 Brava\! Desktop | 2021-07-01 | 6.8 MEDIUM | 7.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop Build 16.6.4.55. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of TIF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13677. | |||||
| CVE-2021-31515 | 1 Vector35 | 1 Binary Ninja | 2021-07-01 | 6.8 MEDIUM | 7.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Vector 35 Binary Ninja 2.3.2660 (Build ID 88f343c3). User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of BNDB files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13668. | |||||
| CVE-2021-29964 | 2 Microsoft, Mozilla | 4 Windows, Firefox, Firefox Esr and 1 more | 2021-06-30 | 5.8 MEDIUM | 7.1 HIGH |
| A locally-installed hostile program could send `WM_COPYDATA` messages that Firefox would process incorrectly, leading to an out-of-bounds read. *This bug only affects Firefox on Windows. Other operating systems are unaffected.*. This vulnerability affects Thunderbird < 78.11, Firefox < 89, and Firefox ESR < 78.11. | |||||
| CVE-2021-31506 | 1 Opentext | 1 Brava\! Desktop | 2021-06-30 | 4.3 MEDIUM | 3.3 LOW |
| This vulnerability allows remote attackers to disclose sensitive information on affected installations of OpenText Brava! Desktop Build 16.6.4.55. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated data structure. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-13674. | |||||