Total
8217 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-0525 | 1 Mruby | 1 Mruby | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
|
Out-of-bounds Read in Homebrew mruby prior to 3.2.
|
|||||
| CVE-2022-0497 | 1 Openscad | 1 Openscad | 2024-11-21 | N/A | 7.1 HIGH |
|
A vulnerbiility was found in Openscad, where a .scad file with no trailing newline could cause an out-of-bounds read during parsing of annotations.
|
|||||
| CVE-2022-0496 | 1 Openscad | 1 Openscad | 2024-11-21 | N/A | 5.5 MEDIUM |
|
A vulnerbiility was found in Openscad, where a DXF-format drawing with particular (not necessarily malformed!) properties may cause an out-of-bounds memory access when imported using import().
|
|||||
| CVE-2022-0400 | 1 Linux | 1 Linux Kernel | 2024-11-21 | N/A | 7.5 HIGH |
|
An out-of-bounds read vulnerability was discovered in linux kernel in the smc protocol stack, causing remote dos.
|
|||||
| CVE-2022-0393 | 2 Fedoraproject, Vim | 2 Fedora, Vim | 2024-11-21 | 5.8 MEDIUM | 7.1 HIGH |
|
Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.
|
|||||
| CVE-2022-0368 | 3 Apple, Debian, Vim | 3 Macos, Debian Linux, Vim | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.
|
|||||
| CVE-2022-0319 | 4 Apple, Canonical, Debian and 1 more | 4 Macos, Ubuntu Linux, Debian Linux and 1 more | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
Out-of-bounds Read in vim/vim prior to 8.2.
|
|||||
| CVE-2022-0284 | 1 Imagemagick | 1 Imagemagick | 2024-11-21 | N/A | 7.1 HIGH |
|
A heap-based-buffer-over-read flaw was found in ImageMagick's GetPixelAlpha() function of 'pixel-accessor.h'. This vulnerability is triggered when an attacker passes a specially crafted Tagged Image File Format (TIFF) image to convert it into a PICON file format. This issue can potentially lead to a denial of service and information disclosure.
|
|||||
| CVE-2022-0173 | 2 Fedoraproject, Radare | 2 Fedora, Radare2 | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
radare2 is vulnerable to Out-of-bounds Read
|
|||||
| CVE-2022-0128 | 2 Apple, Vim | 3 Mac Os X, Macos, Vim | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
vim is vulnerable to Out-of-bounds Read
|
|||||
| CVE-2022-0114 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2024-11-21 | 5.8 MEDIUM | 8.1 HIGH |
|
Out of bounds memory access in Blink Serial API in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page and virtual serial port driver.
|
|||||
| CVE-2021-4193 | 4 Apple, Debian, Fedoraproject and 1 more | 5 Mac Os X, Macos, Debian Linux and 2 more | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
vim is vulnerable to Out-of-bounds Read
|
|||||
| CVE-2021-4183 | 3 Fedoraproject, Oracle, Wireshark | 4 Fedora, Http Server, Zfs Storage Appliance Kit and 1 more | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
Crash in the pcapng file parser in Wireshark 3.6.0 allows denial of service via crafted capture file
|
|||||
| CVE-2021-4166 | 7 Apple, Debian, Fedoraproject and 4 more | 8 Mac Os X, Macos, Debian Linux and 5 more | 2024-11-21 | 5.8 MEDIUM | 7.1 HIGH |
|
vim is vulnerable to Out-of-bounds Read
|
|||||
| CVE-2021-4100 | 1 Google | 1 Chrome | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
Object lifecycle issue in ANGLE in Google Chrome prior to 96.0.4664.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
|
|||||
| CVE-2021-4093 | 4 Canonical, Fedoraproject, Linux and 1 more | 4 Ubuntu Linux, Fedora, Linux Kernel and 1 more | 2024-11-21 | 7.2 HIGH | 8.8 HIGH |
|
A flaw was found in the KVM's AMD code for supporting the Secure Encrypted Virtualization-Encrypted State (SEV-ES). A KVM guest using SEV-ES can trigger out-of-bounds reads and writes in the host kernel via a malicious VMGEXIT for a string I/O instruction (for example, outs or ins) using the exit reason SVM_EXIT_IOIO. This issue results in a crash of the entire system or a potential guest-to-host escape scenario.
|
|||||
| CVE-2021-4048 | 5 Fedoraproject, Julialang, Lapack Project and 2 more | 8 Fedora, Julia, Lapack and 5 more | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
|
An out-of-bounds read flaw was found in the CLARRV, DLARRV, SLARRV, and ZLARRV functions in lapack through version 3.10.0, as also used in OpenBLAS before version 0.3.18. Specially crafted inputs passed to these functions could cause an application using lapack to crash or possibly disclose portions of its memory.
|
|||||
| CVE-2021-47620 | 1 Linux | 1 Linux Kernel | 2024-11-21 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: refactor malicious adv data check
Check for out-of-bound read was being performed at the end of while
num_reports loop, and would fill journal with false positives. Added
check to beginning of loop processing so that it doesn't get checked
after ptr has been advanced.
|
|||||
| CVE-2021-47604 | 1 Linux | 1 Linux Kernel | 2024-11-21 | N/A | 7.1 HIGH |
|
In the Linux kernel, the following vulnerability has been resolved:
vduse: check that offset is within bounds in get_config()
This condition checks "len" but it does not check "offset" and that
could result in an out of bounds read if "offset > dev->config_size".
The problem is that since both variables are unsigned the
"dev->config_size - offset" subtraction would result in a very high
unsigned value.
I think these checks might not be necessary because "len" and "offset"
are supposed to alre ...
Show More |
|||||
| CVE-2021-46954 | 1 Linux | 1 Linux Kernel | 2024-11-21 | N/A | 7.1 HIGH |
|
In the Linux kernel, the following vulnerability has been resolved:
net/sched: sch_frag: fix stack OOB read while fragmenting IPv4 packets
when 'act_mirred' tries to fragment IPv4 packets that had been previously
re-assembled using 'act_ct', splats like the following can be observed on
kernels built with KASAN:
BUG: KASAN: stack-out-of-bounds in ip_do_fragment+0x1b03/0x1f60
Read of size 1 at addr ffff888147009574 by task ping/947
CPU: 0 PID: 947 Comm: ping Not tainted 5.12.0-rc6+ #418
Ha ...
Show More |
|||||
| CVE-2021-46952 | 1 Linux | 1 Linux Kernel | 2024-11-21 | N/A | 7.1 HIGH |
|
In the Linux kernel, the following vulnerability has been resolved:
NFS: fs_context: validate UDP retrans to prevent shift out-of-bounds
Fix shift out-of-bounds in xprt_calc_majortimeo(). This is caused
by a garbage timeout (retrans) mount option being passed to nfs mount,
in this case from syzkaller.
If the protocol is XPRT_TRANSPORT_UDP, then 'retrans' is a shift
value for a 64-bit long integer, so 'retrans' cannot be >= 64.
If it is >= 64, fail the mount and return an error.
|
|||||
| CVE-2021-46814 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
The video framework has an out-of-bounds memory read/write vulnerability. Successful exploitation of this vulnerability may affect system availability.
|
|||||
| CVE-2021-46671 | 2 Atftp Project, Debian | 2 Atftp, Debian Linux | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
options.c in atftp before 0.7.5 reads past the end of an array, and consequently discloses server-side /etc/group data to a remote client.
|
|||||
| CVE-2021-46654 | 1 Bentley | 2 Microstation, View | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DGN files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjun ...
Show More |
|||||
| CVE-2021-46651 | 1 Bentley | 3 Microstation, Microstation Connect, View | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DGN files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverag ...
Show More |
|||||
| CVE-2021-46650 | 1 Bentley | 3 Microstation, Microstation Connect, View | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DGN files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverag ...
Show More |
|||||
| CVE-2021-46649 | 1 Bentley | 3 Microstation, Microstation Connect, View | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DGN files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverag ...
Show More |
|||||
| CVE-2021-46642 | 1 Bentley | 2 Microstation, View | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DGN files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjun ...
Show More |
|||||
| CVE-2021-46641 | 1 Bentley | 2 Microstation, View | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DGN file. Crafted data in a DNG file can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZD ...
Show More |
|||||
| CVE-2021-46637 | 1 Bentley | 3 Microstation, Microstation Connect, View | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DGN files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverag ...
Show More |
|||||
| CVE-2021-46636 | 1 Bentley | 3 Microstation, Microstation Connect, View | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DGN files. Crafted data in a DGN file can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the curren ...
Show More |
|||||
| CVE-2021-46632 | 1 Bentley | 2 Microstation, View | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JP2 images. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conju ...
Show More |
|||||
| CVE-2021-46630 | 1 Bentley | 2 Microstation, View | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of FBX files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjun ...
Show More |
|||||
| CVE-2021-46629 | 1 Bentley | 2 Microstation, View | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of BMP images. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conju ...
Show More |
|||||
| CVE-2021-46628 | 1 Bentley | 2 Microstation, View | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of BMP images. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conju ...
Show More |
|||||
| CVE-2021-46626 | 1 Bentley | 2 Microstation, View | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of J2K images. Crafted data in a J2K image can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ...
Show More |
|||||
| CVE-2021-46624 | 1 Bentley | 2 Microstation, View | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DWG files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjun ...
Show More |
|||||
| CVE-2021-46623 | 1 Bentley | 2 Microstation, View | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of 3DS files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjun ...
Show More |
|||||
| CVE-2021-46622 | 1 Bentley | 3 Microstation, Microstation Connect, View | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of J2K images. Crafted data in a J2K image can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the curr ...
Show More |
|||||
| CVE-2021-46620 | 1 Bentley | 3 Microstation, Microstation Connect, View | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of FBX files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverag ...
Show More |
|||||