Total
6546 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-37203 | 1 Siemens | 2 Nx 1980, Solid Edge | 2021-11-18 | 5.8 MEDIUM | 7.1 HIGH |
| A vulnerability has been identified in NX 1980 Series (All versions < V1984), Solid Edge SE2021 (All versions < SE2021MP8). The plmxmlAdapterIFC.dll contains an out-of-bounds read while parsing user supplied IFC files which could result in a read past the end of an allocated buffer. This could allow an attacker to cause a denial-of-service condition or read sensitive information from memory locations. | |||||
| CVE-2020-12904 | 2 Amd, Microsoft | 2 Radeon Software, Windows 10 | 2021-11-18 | 2.1 LOW | 5.5 MEDIUM |
| Out of Bounds Read in AMD Graphics Driver for Windows 10 in Escape 0x3004203 may lead to arbitrary information disclosure. | |||||
| CVE-2020-12905 | 2 Amd, Microsoft | 2 Radeon Software, Windows 10 | 2021-11-18 | 2.1 LOW | 5.5 MEDIUM |
| Out of Bounds Read in AMD Graphics Driver for Windows 10 in Escape 0x3004403 may lead to arbitrary information disclosure. | |||||
| CVE-2021-43278 | 1 Opendesign | 1 Drawings Software Developemnt Kit | 2021-11-17 | 6.8 MEDIUM | 7.8 HIGH |
| An Out-of-bounds Read vulnerability exists in the OBJ file reading procedure in Open Design Alliance Drawings SDK before 2022.11. The lack of validating the input length can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. | |||||
| CVE-2021-43277 | 1 Opendesign | 1 Oda Prc Software Development Kit | 2021-11-17 | 6.8 MEDIUM | 7.8 HIGH |
| An out-of-bounds read vulnerability exists in the U3D file reading procedure in Open Design Alliance PRC SDK before 2022.10. Crafted data in a U3D file can trigger a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. | |||||
| CVE-2021-43276 | 1 Opendesign | 1 Oda Viewer | 2021-11-17 | 6.8 MEDIUM | 7.8 HIGH |
| An Out-of-bounds Read vulnerability exists in Open Design Alliance ODA Viewer before 2022.8. Crafted data in a DWF file can trigger a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process | |||||
| CVE-2021-1981 | 1 Qualcomm | 180 Apq8017, Apq8017 Firmware, Ar8035 and 177 more | 2021-11-16 | 6.4 MEDIUM | 9.1 CRITICAL |
| Possible buffer over read due to improper IE size check of Bearer capability IE in MT setup request from network in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile | |||||
| CVE-2021-41227 | 1 Google | 1 Tensorflow | 2021-11-10 | 2.1 LOW | 5.5 MEDIUM |
| TensorFlow is an open source platform for machine learning. In affected versions the `ImmutableConst` operation in TensorFlow can be tricked into reading arbitrary memory contents. This is because the `tstring` TensorFlow string class has a special case for memory mapped strings but the operation itself does not offer any support for this datatype. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range. | |||||
| CVE-2020-9272 | 3 Opensuse, Proftpd, Siemens | 7 Backports Sle, Leap, Proftpd and 4 more | 2021-11-09 | 5.0 MEDIUM | 7.5 HIGH |
| ProFTPD 1.3.7 has an out-of-bounds (OOB) read vulnerability in mod_cap via the cap_text.c cap_to_text function. | |||||
| CVE-2021-41219 | 1 Google | 1 Tensorflow | 2021-11-09 | 4.6 MEDIUM | 7.8 HIGH |
| TensorFlow is an open source platform for machine learning. In affected versions the code for sparse matrix multiplication is vulnerable to undefined behavior via binding a reference to `nullptr`. This occurs whenever the dimensions of `a` or `b` are 0 or less. In the case on one of these is 0, an empty output tensor should be allocated (to conserve the invariant that output tensors are always allocated when the operation is successful) but nothing should be written to it (that is, we should return early from the kernel implementation). Otherwise, attempts to write to this empty tensor would result in heap OOB access. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range. | |||||
| CVE-2021-41210 | 1 Google | 1 Tensorflow | 2021-11-09 | 3.6 LOW | 7.1 HIGH |
| TensorFlow is an open source platform for machine learning. In affected versions the shape inference functions for `SparseCountSparseOutput` can trigger a read outside of bounds of heap allocated array. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range. | |||||
| CVE-2021-41223 | 1 Google | 1 Tensorflow | 2021-11-09 | 3.6 LOW | 7.1 HIGH |
| TensorFlow is an open source platform for machine learning. In affected versions the implementation of `FusedBatchNorm` kernels is vulnerable to a heap OOB access. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range. | |||||
| CVE-2021-41224 | 1 Google | 1 Tensorflow | 2021-11-09 | 3.6 LOW | 7.1 HIGH |
| TensorFlow is an open source platform for machine learning. In affected versions the implementation of `SparseFillEmptyRows` can be made to trigger a heap OOB access. This occurs whenever the size of `indices` does not match the size of `values`. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range. | |||||
| CVE-2021-41212 | 1 Google | 1 Tensorflow | 2021-11-09 | 3.6 LOW | 7.1 HIGH |
| TensorFlow is an open source platform for machine learning. In affected versions the shape inference code for `tf.ragged.cross` can trigger a read outside of bounds of heap allocated array. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range. | |||||
| CVE-2021-41226 | 1 Google | 1 Tensorflow | 2021-11-09 | 3.6 LOW | 7.1 HIGH |
| TensorFlow is an open source platform for machine learning. In affected versions the implementation of `SparseBinCount` is vulnerable to a heap OOB access. This is because of missing validation between the elements of the `values` argument and the shape of the sparse output. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range. | |||||
| CVE-2021-41211 | 1 Google | 1 Tensorflow | 2021-11-09 | 3.6 LOW | 7.1 HIGH |
| TensorFlow is an open source platform for machine learning. In affected versions the shape inference code for `QuantizeV2` can trigger a read outside of bounds of heap allocated array. This occurs whenever `axis` is a negative value less than `-1`. In this case, we are accessing data before the start of a heap buffer. The code allows `axis` to be an optional argument (`s` would contain an `error::NOT_FOUND` error code). Otherwise, it assumes that `axis` is a valid index into the dimensions of the `input` tensor. If `axis` is less than `-1` then this results in a heap OOB read. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, as this version is the only one that is also affected. | |||||
| CVE-2021-41205 | 1 Google | 1 Tensorflow | 2021-11-09 | 3.6 LOW | 7.1 HIGH |
| TensorFlow is an open source platform for machine learning. In affected versions the shape inference functions for the `QuantizeAndDequantizeV*` operations can trigger a read outside of bounds of heap allocated array. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range. | |||||
| CVE-2020-16048 | 1 Google | 1 Angle | 2021-11-04 | 4.3 MEDIUM | 6.5 MEDIUM |
| Out of bounds read in ANGLE allowed a remote attacker to obtain sensitive data via a crafted HTML page. | |||||
| CVE-2019-5432 | 1 Mqtt-packet Project | 1 Mqtt-packet | 2021-11-03 | 5.0 MEDIUM | 7.5 HIGH |
| A specifically malformed MQTT Subscribe packet crashes MQTT Brokers using the mqtt-packet module versions < 3.5.1, 4.0.0 - 4.1.3, 5.0.0 - 5.6.1, 6.0.0 - 6.1.2 for decoding. | |||||
| CVE-2019-18567 | 1 Hp | 1 Bromium | 2021-11-03 | 3.3 LOW | 6.3 MEDIUM |
| Bromium client version 4.0.3.2060 and prior to 4.1.7 Update 1 has an out of bound read results in race condition causing Kernel memory leaks or denial of service. | |||||