Total
4813 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-41211 | 1 Google | 1 Tensorflow | 2021-11-09 | 3.6 LOW | 7.1 HIGH |
| TensorFlow is an open source platform for machine learning. In affected versions the shape inference code for `QuantizeV2` can trigger a read outside of bounds of heap allocated array. This occurs whenever `axis` is a negative value less than `-1`. In this case, we are accessing data before the start of a heap buffer. The code allows `axis` to be an optional argument (`s` would contain an `error::NOT_FOUND` error code). Otherwise, it assumes that `axis` is a valid index into the dimensions of the `input` tensor. If `axis` is less than `-1` then this results in a heap OOB read. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, as this version is the only one that is also affected. | |||||
| CVE-2021-41205 | 1 Google | 1 Tensorflow | 2021-11-09 | 3.6 LOW | 7.1 HIGH |
| TensorFlow is an open source platform for machine learning. In affected versions the shape inference functions for the `QuantizeAndDequantizeV*` operations can trigger a read outside of bounds of heap allocated array. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range. | |||||
| CVE-2020-16048 | 1 Google | 1 Angle | 2021-11-04 | 4.3 MEDIUM | 6.5 MEDIUM |
| Out of bounds read in ANGLE allowed a remote attacker to obtain sensitive data via a crafted HTML page. | |||||
| CVE-2019-5432 | 1 Mqtt-packet Project | 1 Mqtt-packet | 2021-11-03 | 5.0 MEDIUM | 7.5 HIGH |
| A specifically malformed MQTT Subscribe packet crashes MQTT Brokers using the mqtt-packet module versions < 3.5.1, 4.0.0 - 4.1.3, 5.0.0 - 5.6.1, 6.0.0 - 6.1.2 for decoding. | |||||
| CVE-2019-18567 | 1 Hp | 1 Bromium | 2021-11-03 | 3.3 LOW | 6.3 MEDIUM |
| Bromium client version 4.0.3.2060 and prior to 4.1.7 Update 1 has an out of bound read results in race condition causing Kernel memory leaks or denial of service. | |||||
| CVE-2021-22563 | 1 Libjxl Project | 1 Libjxl | 2021-11-03 | 3.6 LOW | 4.4 MEDIUM |
| Invalid JPEG XL images using libjxl can cause an out of bounds access on a std::vector<std::vector<T>> when rendering splines. The OOB read access can either lead to a segfault, or rendering splines based on other process memory. It is recommended to upgrade past 0.6.0 or patch with https://github.com/libjxl/libjxl/pull/757 | |||||
| CVE-2020-29629 | 1 Apple | 1 Macos | 2021-11-02 | 4.3 MEDIUM | 5.5 MEDIUM |
| An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1. A malicious application may be able to read restricted memory. | |||||
| CVE-2021-22487 | 1 Huawei | 2 Emui, Magic Ui | 2021-11-01 | 5.0 MEDIUM | 7.5 HIGH |
| There is an Out-of-bounds read vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may affect service availability. | |||||
| CVE-2021-22469 | 1 Huawei | 1 Harmonyos | 2021-11-01 | 3.6 LOW | 7.1 HIGH |
| A component of the HarmonyOS has a Out-of-bounds Read vulnerability. Local attackers may exploit this vulnerability to cause kernel out-of-bounds read. | |||||
| CVE-2021-30879 | 1 Apple | 2 Mac Os X, Macos | 2021-11-01 | 5.8 MEDIUM | 7.1 HIGH |
| An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Monterey 12.0.1, Security Update 2021-007 Catalina, macOS Big Sur 11.6.1. Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory. | |||||
| CVE-2021-30876 | 1 Apple | 2 Mac Os X, Macos | 2021-11-01 | 5.8 MEDIUM | 7.1 HIGH |
| An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Monterey 12.0.1, Security Update 2021-007 Catalina, macOS Big Sur 11.6.1. Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory. | |||||
| CVE-2021-30880 | 1 Apple | 2 Mac Os X, Macos | 2021-11-01 | 5.8 MEDIUM | 7.1 HIGH |
| An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Monterey 12.0.1, Security Update 2021-007 Catalina, macOS Big Sur 11.6.1. Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory. | |||||
| CVE-2021-22464 | 1 Huawei | 1 Harmonyos | 2021-11-01 | 4.6 MEDIUM | 3.3 LOW |
| A component of the HarmonyOS has a Out-of-bounds Read vulnerability. Local attackers may exploit this vulnerability to cause system Soft Restart. | |||||
| CVE-2021-30877 | 1 Apple | 2 Mac Os X, Macos | 2021-11-01 | 5.8 MEDIUM | 7.1 HIGH |
| An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Monterey 12.0.1, Security Update 2021-007 Catalina, macOS Big Sur 11.6.1. Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory. | |||||
| CVE-2021-30865 | 1 Apple | 2 Mac Os X, Macos | 2021-11-01 | 9.3 HIGH | 7.8 HIGH |
| An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.6, Security Update 2021-005 Catalina. A malicious application may be able to execute arbitrary code with kernel privileges. | |||||
| CVE-2021-38451 | 1 Auvesy | 1 Versiondog | 2021-10-27 | 3.5 LOW | 5.7 MEDIUM |
| The affected product’s proprietary protocol CSC allows for calling numerous function codes. In order to call those function codes, the user must supply parameters. There is no sanitation on the value of the offset, which allows the client to specify any offset and read out-of-bounds data. | |||||
| CVE-2021-36045 | 1 Adobe | 1 Xmp Toolkit Software Development Kit | 2021-10-26 | 4.3 MEDIUM | 3.3 LOW |
| XMP Toolkit SDK versions 2020.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of arbitrary memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2021-36053 | 1 Adobe | 1 Xmp Toolkit Software Development Kit | 2021-10-26 | 4.3 MEDIUM | 3.3 LOW |
| XMP Toolkit SDK versions 2020.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of arbitrary memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2021-0413 | 1 Google | 1 Android | 2021-10-26 | 2.1 LOW | 5.5 MEDIUM |
| In flv extractor, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05561379; Issue ID: ALPS05561379. | |||||
| CVE-2021-0412 | 1 Google | 1 Android | 2021-10-26 | 2.1 LOW | 5.5 MEDIUM |
| In flv extractor, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05561366; Issue ID: ALPS05561366. | |||||