Total
6546 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-31431 | 1 Parallels | 1 Parallels Desktop | 2021-05-06 | 2.1 LOW | 6.0 MEDIUM |
| This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 15.1.5-47309. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the IDE virtual device. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the hypervisor. Was ZDI-CAN-13189. | |||||
| CVE-2021-31430 | 1 Parallels | 1 Parallels Desktop | 2021-05-06 | 2.1 LOW | 6.0 MEDIUM |
| This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 15.1.5-47309. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the IDE virtual device. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the hypervisor. Was ZDI-CAN-13188. | |||||
| CVE-2021-22663 | 2 Hornerautomation, Siemens | 2 Cscape, Cscape | 2021-05-03 | 6.8 MEDIUM | 7.8 HIGH |
| Cscape (All versions prior to 9.90 SP3.5) lacks proper validation of user-supplied data when parsing project files. This could lead to an out-of-bounds read. An attacker could leverage this vulnerability to execute code in the context of the current process. | |||||
| CVE-2019-10574 | 1 Qualcomm | 102 Apq8009, Apq8009 Firmware, Apq8016 and 99 more | 2021-04-30 | 3.6 LOW | 7.1 HIGH |
| Lack of boundary checks for data offsets received from HLOS can lead to out-of-bound read in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8016, APQ8017, APQ8053, APQ8076, APQ8096, APQ8096AU, APQ8098, MDM9150, MDM9205, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MDM9655, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, QCM2150, QCS605, QM215, Rennell, SC7180, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SM6150, SM7150, SM8150, SXR1130, SXR2130 | |||||
| CVE-2016-7799 | 2 Debian, Imagemagick | 2 Debian Linux, Imagemagick | 2021-04-28 | 4.3 MEDIUM | 6.5 MEDIUM |
| MagickCore/profile.c in ImageMagick before 7.0.3-2 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file. | |||||
| CVE-2019-10714 | 1 Imagemagick | 1 Imagemagick | 2021-04-28 | 4.3 MEDIUM | 6.5 MEDIUM |
| LocaleLowercase in MagickCore/locale.c in ImageMagick before 7.0.8-32 allows out-of-bounds access, leading to a SIGSEGV. | |||||
| CVE-2017-17504 | 3 Canonical, Debian, Imagemagick | 3 Ubuntu Linux, Debian Linux, Imagemagick | 2021-04-28 | 4.3 MEDIUM | 6.5 MEDIUM |
| ImageMagick before 7.0.7-12 has a coders/png.c Magick_png_read_raw_profile heap-based buffer over-read via a crafted file, related to ReadOneMNGImage. | |||||
| CVE-2017-13769 | 3 Canonical, Debian, Imagemagick | 3 Ubuntu Linux, Debian Linux, Imagemagick | 2021-04-28 | 4.3 MEDIUM | 6.5 MEDIUM |
| The WriteTHUMBNAILImage function in coders/thumbnail.c in ImageMagick through 7.0.6-10 allows an attacker to cause a denial of service (buffer over-read) by sending a crafted JPEG file. | |||||
| CVE-2016-7101 | 1 Imagemagick | 1 Imagemagick | 2021-04-28 | 4.3 MEDIUM | 6.5 MEDIUM |
| The SGI coder in ImageMagick before 7.0.2-10 allows remote attackers to cause a denial of service (out-of-bounds read) via a large row value in an sgi file. | |||||
| CVE-2016-5842 | 2 Imagemagick, Oracle | 2 Imagemagick, Solaris | 2021-04-28 | 5.0 MEDIUM | 7.5 HIGH |
| MagickCore/property.c in ImageMagick before 7.0.2-1 allows remote attackers to obtain sensitive memory information via vectors involving the q variable, which triggers an out-of-bounds read. | |||||
| CVE-2021-27244 | 1 Parallels | 1 Parallels Desktop | 2021-04-27 | 2.1 LOW | 6.5 MEDIUM |
| This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 16.0.1-48919. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the Toolgate component. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the hypervisor. Was ZDI-CAN-11925. | |||||
| CVE-2016-3178 | 1 Miniupnp Project | 1 Minissdpd | 2021-04-23 | 2.1 LOW | 5.5 MEDIUM |
| The processRequest function in minissdpd.c in MiniSSDPd 1.2.20130907-3 allows local users to cause a denial of service (out-of-bounds memory access and daemon crash) via vectors involving a negative length value. | |||||
| CVE-2021-27260 | 1 Parallels | 1 Parallels Desktop | 2021-04-23 | 2.1 LOW | 3.2 LOW |
| This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 16.0.1-48919. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the Toolgate component. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the hypervisor. Was ZDI-CAN-12068. | |||||
| CVE-2021-30139 | 1 Alpinelinux | 1 Apk-tools | 2021-04-22 | 5.0 MEDIUM | 7.5 HIGH |
| In Alpine Linux apk-tools before 2.12.5, the tarball parser allows a buffer overflow and crash. | |||||
| CVE-2021-27247 | 1 Tencent | 1 Wechat | 2021-04-22 | 4.3 MEDIUM | 6.5 MEDIUM |
| This vulnerability allows remote attackers to disclose sensitive information on affected installations of Tencent WeChat 2.9.5 desktop version. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the WXAM decoder. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-11907. | |||||
| CVE-2021-0471 | 1 Google | 1 Android | 2021-04-19 | 2.1 LOW | 5.5 MEDIUM |
| In decrypt_1_2 of CryptoPlugin.cpp, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-176444786 | |||||
| CVE-2021-0431 | 1 Google | 1 Android | 2021-04-16 | 5.0 MEDIUM | 7.5 HIGH |
| In avrc_msg_cback of avrc_api.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure to a paired device with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-174149901 | |||||
| CVE-2021-3328 | 1 Aprelium | 1 Abyss Web Server X1 | 2021-04-14 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Aprelium Abyss Web Server X1 2.12.1 and 2.14. A crafted HTTP request can lead to an out-of-bounds read that crashes the application. | |||||
| CVE-2021-1753 | 1 Apple | 4 Ipad Os, Iphone Os, Mac Os X and 1 more | 2021-04-13 | 6.8 MEDIUM | 7.8 HIGH |
| An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to arbitrary code execution. | |||||
| CVE-2016-6520 | 1 Imagemagick | 1 Imagemagick | 2021-04-13 | 6.4 MEDIUM | 9.1 CRITICAL |
| Buffer overflow in MagickCore/enhance.c in ImageMagick before 7.0.2-7 allows remote attackers to have unspecified impact via vectors related to pixel cache morphology. | |||||