Total
6546 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-3444 | 3 Canonical, Debian, Linux | 3 Ubuntu Linux, Debian Linux, Linux Kernel | 2021-12-02 | 4.6 MEDIUM | 7.8 HIGH |
| The bpf verifier in the Linux kernel did not properly handle mod32 destination register truncation when the source register was known to be 0. A local attacker with the ability to load bpf programs could use this gain out-of-bounds reads in kernel memory leading to information disclosure (kernel memory), and possibly out-of-bounds writes that could potentially lead to code execution. This issue was addressed in the upstream kernel in commit 9b00f1b78809 ("bpf: Fix truncation handling for mod32 dst reg wrt zero") and in Linux stable kernels 5.11.2, 5.10.19, and 5.4.101. | |||||
| CVE-2020-6341 | 1 Sap | 1 3d Visual Enterprise Viewer | 2021-12-02 | 4.3 MEDIUM | 4.3 MEDIUM |
| SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated EPS file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation. | |||||
| CVE-2020-6330 | 1 Sap | 1 3d Visual Enterprise Viewer | 2021-12-01 | 4.3 MEDIUM | 4.3 MEDIUM |
| SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated 3DM file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation. | |||||
| CVE-2020-6322 | 1 Sap | 1 3d Visual Enterprise Viewer | 2021-12-01 | 4.3 MEDIUM | 4.3 MEDIUM |
| SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated 3DM file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation. | |||||
| CVE-2021-25291 | 1 Python | 1 Pillow | 2021-12-01 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is an out-of-bounds read in TiffreadRGBATile via invalid tile boundaries. | |||||
| CVE-2021-25293 | 1 Python | 1 Pillow | 2021-12-01 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Pillow before 8.1.1. There is an out-of-bounds read in SGIRleDecode.c. | |||||
| CVE-2018-10392 | 3 Debian, Redhat, Xiph.org | 6 Debian Linux, Enterprise Linux, Enterprise Linux Eus and 3 more | 2021-11-30 | 6.8 MEDIUM | 8.8 HIGH |
| mapping0_forward in mapping0.c in Xiph.Org libvorbis 1.3.6 does not validate the number of channels, which allows remote attackers to cause a denial of service (heap-based buffer overflow or over-read) or possibly have unspecified other impact via a crafted file. | |||||
| CVE-2017-12598 | 2 Debian, Opencv | 2 Debian Linux, Opencv | 2021-11-30 | 6.8 MEDIUM | 8.8 HIGH |
| OpenCV (Open Source Computer Vision Library) through 3.3 has an out-of-bounds read error in the cv::RBaseStream::readBlock function in modules/imgcodecs/src/bitstrm.cpp when reading an image file by using cv::imread, as demonstrated by the 8-opencv-invalid-read-fread test case. | |||||
| CVE-2017-12599 | 2 Debian, Opencv | 2 Debian Linux, Opencv | 2021-11-30 | 6.8 MEDIUM | 8.8 HIGH |
| OpenCV (Open Source Computer Vision Library) through 3.3 has an out-of-bounds read error in the function icvCvt_BGRA2BGR_8u_C4C3R when reading an image file by using cv::imread. | |||||
| CVE-2018-10393 | 3 Debian, Redhat, Xiph.org | 6 Debian Linux, Enterprise Linux, Enterprise Linux Eus and 3 more | 2021-11-30 | 5.0 MEDIUM | 7.5 HIGH |
| bark_noise_hybridmp in psy.c in Xiph.Org libvorbis 1.3.6 has a stack-based buffer over-read. | |||||
| CVE-2018-9988 | 2 Arm, Debian | 2 Mbed Tls, Debian Linux | 2021-11-30 | 5.0 MEDIUM | 7.5 HIGH |
| ARM mbed TLS before 2.1.11, before 2.7.2, and before 2.8.0 has a buffer over-read in ssl_parse_server_key_exchange() that could cause a crash on invalid input. | |||||
| CVE-2021-43273 | 1 Opendesign | 1 Drawings Sdk | 2021-11-30 | 4.3 MEDIUM | 3.3 LOW |
| An Out-of-bounds Read vulnerability exists in the DGN file reading procedure in Open Design Alliance Drawings SDK before 2022.11. Crafted data in a DGN file and lack of verification of input data can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. | |||||
| CVE-2021-39995 | 1 Huawei | 4 Ecns280 Td, Ecns280 Td Firmware, Ese620x Vess and 1 more | 2021-11-30 | 6.8 MEDIUM | 6.5 MEDIUM |
| Some Huawei products use the OpenHpi software for hardware management. A function that parses data returned by OpenHpi contains an out-of-bounds read vulnerability that could lead to a denial of service. Affected product versions include: eCNS280_TD V100R005C10; eSE620X vESS V100R001C10SPC200, V100R001C20SPC200, V200R001C00SPC300. | |||||
| CVE-2019-7665 | 5 Canonical, Debian, Elfutils Project and 2 more | 11 Ubuntu Linux, Debian Linux, Elfutils and 8 more | 2021-11-30 | 4.3 MEDIUM | 5.5 MEDIUM |
| In elfutils 0.175, a heap-based buffer over-read was discovered in the function elf32_xlatetom in elf32_xlatetom.c in libelf. A crafted ELF input can cause a segmentation fault leading to denial of service (program crash) because ebl_core_note does not reject malformed core file notes. | |||||
| CVE-2019-7150 | 5 Canonical, Debian, Elfutils Project and 2 more | 11 Ubuntu Linux, Debian Linux, Elfutils and 8 more | 2021-11-30 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in elfutils 0.175. A segmentation fault can occur in the function elf64_xlatetom in libelf/elf32_xlatetom.c, due to dwfl_segment_report_module not checking whether the dyn data read from a core file is truncated. A crafted input can cause a program crash, leading to denial-of-service, as demonstrated by eu-stack. | |||||
| CVE-2020-36330 | 5 Apple, Debian, Netapp and 2 more | 6 Ipados, Iphone Os, Debian Linux and 3 more | 2021-11-30 | 6.4 MEDIUM | 9.1 CRITICAL |
| A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ChunkVerifyAndAssign. The highest threat from this vulnerability is to data confidentiality and to the service availability. | |||||
| CVE-2018-9989 | 2 Arm, Debian | 2 Mbed Tls, Debian Linux | 2021-11-30 | 5.0 MEDIUM | 7.5 HIGH |
| ARM mbed TLS before 2.1.11, before 2.7.2, and before 2.8.0 has a buffer over-read in ssl_parse_server_psk_hint() that could cause a crash on invalid input. | |||||
| CVE-2020-0034 | 2 Debian, Google | 2 Debian Linux, Android | 2021-11-29 | 7.8 HIGH | 7.5 HIGH |
| In vp8_decode_frame of decodeframe.c, there is a possible out of bounds read due to improper input validation. This could lead to remote information disclosure if error correction were turned on, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1Android ID: A-62458770 | |||||
| CVE-2021-37007 | 1 Huawei | 1 Harmonyos | 2021-11-29 | 7.8 HIGH | 7.5 HIGH |
| There is a Out-of-bounds Read vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability will cause kernel crash. | |||||
| CVE-2021-37016 | 1 Huawei | 1 Harmonyos | 2021-11-29 | 8.5 HIGH | 9.1 CRITICAL |
| There is a Out-of-bounds Read vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability will cause Information Disclosure or Denial of Service. | |||||