Total
6546 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-22607 | 1 Apple | 1 Xcode | 2022-03-23 | 6.8 MEDIUM | 7.8 HIGH |
| An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Xcode 13.3. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution. | |||||
| CVE-2022-22606 | 1 Apple | 1 Xcode | 2022-03-23 | 6.8 MEDIUM | 7.8 HIGH |
| An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Xcode 13.3. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution. | |||||
| CVE-2022-22608 | 1 Apple | 1 Xcode | 2022-03-23 | 6.8 MEDIUM | 7.8 HIGH |
| An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Xcode 13.3. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution. | |||||
| CVE-2021-39717 | 1 Google | 1 Android | 2022-03-23 | 2.1 LOW | 4.4 MEDIUM |
| In iaxxx_btp_write_words of iaxxx-btp.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-198653629References: N/A | |||||
| CVE-2021-39722 | 1 Google | 1 Android | 2022-03-22 | 2.1 LOW | 4.4 MEDIUM |
| In ProtocolStkProactiveCommandAdapter::Init of protocolstkadapter.cpp, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-204585345References: N/A | |||||
| CVE-2021-39724 | 1 Google | 1 Android | 2022-03-22 | 2.1 LOW | 4.4 MEDIUM |
| In TuningProviderBase::GetTuningTreeSet of tuning_provider_base.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-205753190References: N/A | |||||
| CVE-2021-42720 | 1 Adobe | 1 Bridge | 2022-03-22 | 6.8 MEDIUM | 7.8 HIGH |
| Adobe Bridge version 11.1.1 (and earlier) is affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2021-42722 | 1 Adobe | 1 Bridge | 2022-03-22 | 4.4 MEDIUM | 7.8 HIGH |
| Adobe Bridge version 11.1.1 (and earlier) is affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2021-40766 | 3 Adobe, Apple, Microsoft | 3 Character Animator, Macos, Windows | 2022-03-22 | 4.3 MEDIUM | 3.3 LOW |
| Adobe Character Animator version 4.4 (and earlier versions) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2022-24090 | 3 Adobe, Apple, Microsoft | 3 Photoshop, Macos, Windows | 2022-03-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| Adobe Photoshop versions 23.1.1 (and earlier) and 22.5.5 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2022-25819 | 2 Google, Samsung | 2 Android, Exynos | 2022-03-16 | 2.1 LOW | 5.5 MEDIUM |
| OOB read vulnerability in hdcp2 device node prior to SMR Mar-2022 Release 1 allow an attacker to view Kernel stack memory. | |||||
| CVE-2022-25821 | 2 Google, Samsung | 2 Android, Exynos | 2022-03-16 | 3.6 LOW | 7.1 HIGH |
| Improper use of SMS buffer pointer in Shannon baseband prior to SMR Mar-2022 Release 1 allows OOB read. | |||||
| CVE-2022-21219 | 1 Omron | 1 Cx-programmer | 2022-03-14 | 6.8 MEDIUM | 7.8 HIGH |
| Out-of-bounds read vulnerability in CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite allows an attacker to cause information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file. | |||||
| CVE-2021-40050 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2022-03-14 | 10.0 HIGH | 9.8 CRITICAL |
| There is an out-of-bounds read vulnerability in the IFAA module. Successful exploitation of this vulnerability may cause stack overflow. | |||||
| CVE-2021-32492 | 2 Debian, Djvulibre Project | 2 Debian Linux, Djvulibre | 2022-03-09 | 6.8 MEDIUM | 7.8 HIGH |
| A flaw was found in djvulibre-3.5.28 and earlier. An out of bounds read in function DJVU::DataPool::has_data() via crafted djvu file may lead to application crash and other consequences. | |||||
| CVE-2019-18307 | 1 Siemens | 1 Sppa-t3000 Ms3000 Migration Server | 2022-03-04 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a Denial-of-Service condition by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18290, CVE-2019-18291, CVE-2019-18292, CVE-2019-18294, CVE-2019-18298, CVE-2019-18299, CVE-2019-18300, CVE-2019-18301, CVE-2019-18302, CVE-2019-18303, CVE-2019-18304, CVE-2019-18305, and CVE-2019-18306. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. | |||||
| CVE-2019-18306 | 1 Siemens | 1 Sppa-t3000 Ms3000 Migration Server | 2022-03-04 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a Denial-of-Service condition by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18290, CVE-2019-18291, CVE-2019-18292, CVE-2019-18294, CVE-2019-18298, CVE-2019-18299, CVE-2019-18300, CVE-2019-18301, CVE-2019-18302, CVE-2019-18303, CVE-2019-18304, CVE-2019-18305, and CVE-2019-18307. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. | |||||
| CVE-2022-0717 | 1 Mruby | 1 Mruby | 2022-03-02 | 6.4 MEDIUM | 9.1 CRITICAL |
| Out-of-bounds Read in GitHub repository mruby/mruby prior to 3.2. | |||||
| CVE-2017-9055 | 1 Libdwarf Project | 1 Libdwarf | 2022-03-01 | 7.5 HIGH | 9.8 CRITICAL |
| An issue, also known as DW201703-001, was discovered in libdwarf 2017-03-21. In dwarf_formsdata() a few data types were not checked for being in bounds, leading to a heap-based buffer over-read. | |||||
| CVE-2016-9276 | 1 Libdwarf Project | 1 Libdwarf | 2022-03-01 | 5.0 MEDIUM | 7.5 HIGH |
| The dwarf_get_aranges_list function in dwarf_arrange.c in Libdwarf before 20161124 allows remote attackers to cause a denial of service (out-of-bounds read). | |||||