Total
4813 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-21049 | 1 Libsixel Project | 1 Libsixel | 2021-09-24 | 4.3 MEDIUM | 6.5 MEDIUM |
| An invalid read in the stb_image.h component of libsixel prior to v1.8.5 allows attackers to cause a denial of service (DOS) via a crafted PSD file. | |||||
| CVE-2021-37176 | 1 Siemens | 1 Simcenter Femap | 2021-09-23 | 4.3 MEDIUM | 3.3 LOW |
| A vulnerability has been identified in Simcenter Femap V2020.2 (All versions), Simcenter Femap V2021.1 (All versions). The femap.exe application lacks proper validation of user-supplied data when parsing modfem files. This could result in an out of bounds read past the end of an allocated buffer. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-14260) | |||||
| CVE-2021-25455 | 1 Google | 1 Android | 2021-09-23 | 4.3 MEDIUM | 3.3 LOW |
| OOB read vulnerability in libsaviextractor.so library prior to SMR Sep-2021 Release 1 allows attackers to access arbitrary address through pointer via forged avi file. | |||||
| CVE-2021-1948 | 1 Qualcomm | 436 Apq8053, Apq8053 Firmware, Apq8064au and 433 more | 2021-09-22 | 7.8 HIGH | 7.5 HIGH |
| Possible out of bound read due to lack of length check of data while parsing the beacon or probe response in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking | |||||
| CVE-2021-1941 | 1 Qualcomm | 430 Apq8064au, Apq8064au Firmware, Apq8096au and 427 more | 2021-09-22 | 7.8 HIGH | 7.5 HIGH |
| Possible buffer over read issue due to improper length check on WPA IE string sent by peer in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking | |||||
| CVE-2021-25454 | 1 Google | 1 Android | 2021-09-22 | 4.3 MEDIUM | 5.5 MEDIUM |
| OOB read vulnerability in libsaacextractor.so library prior to SMR Sep-2021 Release 1 allows attackers to execute remote DoS via forged aac file. | |||||
| CVE-2021-25456 | 1 Google | 1 Android | 2021-09-22 | 4.3 MEDIUM | 5.5 MEDIUM |
| OOB read vulnerability in libswmfextractor.so library prior to SMR Sep-2021 Release 1 allows attackers to execute memcpy at arbitrary address via forged wmf file. | |||||
| CVE-2021-1974 | 1 Qualcomm | 380 Aqt1000, Aqt1000 Firmware, Ar8035 and 377 more | 2021-09-22 | 5.0 MEDIUM | 7.5 HIGH |
| Possible buffer over read due to lack of alignment between map or unmap length of IPA SMMU and WLAN SMMU in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking | |||||
| CVE-2019-20838 | 2 Apple, Pcre | 2 Macos, Pcre | 2021-09-22 | 4.3 MEDIUM | 7.5 HIGH |
| libpcre in PCRE before 8.43 allows a subject buffer over-read in JIT when UTF is disabled, and \X or \R has more than one fixed quantifier, a related issue to CVE-2019-20454. | |||||
| CVE-2021-36016 | 2 Adobe, Microsoft | 2 Media Encoder, Windows | 2021-09-21 | 4.3 MEDIUM | 3.3 LOW |
| Adobe Media Encoder version 15.2 (and earlier) is affected by an Out-of-bounds Read vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to read arbitrary file system information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2021-29473 | 3 Debian, Exiv2, Fedoraproject | 3 Debian Linux, Exiv2, Fedora | 2021-09-21 | 2.6 LOW | 2.5 LOW |
| Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. An out-of-bounds read was found in Exiv2 versions v0.27.3 and earlier. Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. The out-of-bounds read is triggered when Exiv2 is used to write metadata into a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service by crashing Exiv2, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is only triggered when writing the metadata, which is a less frequently used Exiv2 operation than reading the metadata. For example, to trigger the bug in the Exiv2 command-line application, you need to add an extra command-line argument such as `insert`. The bug is fixed in version v0.27.4. Please see our security policy for information about Exiv2 security. | |||||
| CVE-2021-37618 | 2 Exiv2, Fedoraproject | 2 Exiv2, Fedora | 2021-09-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An out-of-bounds read was found in Exiv2 versions v0.27.4 and earlier. The out-of-bounds read is triggered when Exiv2 is used to print the metadata of a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is only triggered when printing the image ICC profile, which is a less frequently used Exiv2 operation that requires an extra command line option (`-p C`). The bug is fixed in version v0.27.5. | |||||
| CVE-2021-37619 | 2 Exiv2, Fedoraproject | 2 Exiv2, Fedora | 2021-09-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An out-of-bounds read was found in Exiv2 versions v0.27.4 and earlier. The out-of-bounds read is triggered when Exiv2 is used to write metadata into a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service by crashing Exiv2, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is only triggered when writing the metadata, which is a less frequently used Exiv2 operation than reading the metadata. For example, to trigger the bug in the Exiv2 command-line application, you need to add an extra command-line argument such as insert. The bug is fixed in version v0.27.5. | |||||
| CVE-2021-33738 | 1 Siemens | 2 Jt2go, Teamcenter Visualization | 2021-09-21 | 4.3 MEDIUM | 3.3 LOW |
| A vulnerability has been identified in JT2Go (All versions < V13.2.0.2), Teamcenter Visualization (All versions < V13.2.0.2). The plmxmlAdapterSE70.dll library in affected applications lacks proper validation of user-supplied data when parsing PAR files. This could result in an out of bounds read past the end of an allocated buffer. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-13405) | |||||
| CVE-2021-1867 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2021-09-20 | 9.3 HIGH | 8.8 HIGH |
| An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 14.5 and iPadOS 14.5, macOS Big Sur 11.3. A malicious application may be able to execute arbitrary code with kernel privileges. | |||||
| CVE-2021-32078 | 1 Linux | 1 Linux Kernel | 2021-09-20 | 6.6 MEDIUM | 7.1 HIGH |
| An Out-of-Bounds Read was discovered in arch/arm/mach-footbridge/personal-pci.c in the Linux kernel through 5.12.11 because of the lack of a check for a value that shouldn't be negative, e.g., access to element -2 of an array, aka CID-298a58e165e4. | |||||
| CVE-2021-30660 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2021-09-20 | 7.8 HIGH | 7.5 HIGH |
| An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. A malicious application may be able to disclose kernel memory. | |||||
| CVE-2021-1877 | 1 Apple | 2 Ipados, Iphone Os | 2021-09-20 | 4.9 MEDIUM | 5.5 MEDIUM |
| An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 14.5 and iPadOS 14.5. A local user may be able to read kernel memory. | |||||
| CVE-2021-30687 | 1 Apple | 6 Ipados, Iphone Os, Mac Os X and 3 more | 2021-09-17 | 4.3 MEDIUM | 5.5 MEDIUM |
| An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in tvOS 14.6, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6, Security Update 2021-003 Catalina, macOS Big Sur 11.4, watchOS 7.5. Processing a maliciously crafted image may lead to disclosure of user information. | |||||
| CVE-2021-1881 | 1 Apple | 6 Ipados, Iphone Os, Mac Os X and 3 more | 2021-09-17 | 6.8 MEDIUM | 7.8 HIGH |
| An out-of-bounds read was addressed with improved input validation. This issue is fixed in Security Update 2021-002 Catalina, Security Update 2021-003 Mojave, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. Processing a maliciously crafted font file may lead to arbitrary code execution. | |||||