Total
8217 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-22809 | 1 Schneider-electric | 1 Guicon | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
A CWE-125:Out-of-Bounds Read vulnerability exists that could cause unintended data disclosure when a malicious *.gd1 configuration file is loaded into the GUIcon tool. Affected Product: Eurotherm by Schneider Electric GUIcon Version 2.0 (Build 683.003) and prior
|
|||||
| CVE-2021-22790 | 1 Schneider-electric | 49 Modicon M340 Bmxp341000, Modicon M340 Bmxp342010, Modicon M340 Bmxp342020 and 46 more | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
A CWE-125: Out-of-bounds Read vulnerability that could cause a Denial of Service on the Modicon PLC controller / simulator when updating the controller application with a specially crafted project file exists in Modicon M580 CPU (part numbers BMEP* and BMEH*, all versions), Modicon M340 CPU (part numbers BMXP34*, all versions), Modicon MC80 (part numbers BMKC80*, all versions), Modicon Momentum Ethernet CPU (part numbers 171CBU*, all versions), PLC Simulator for EcoStruxureª Control Expert, incl ...
Show More |
|||||
| CVE-2021-22757 | 1 Schneider-electric | 1 Interactive Graphical Scada System | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
A CWE-125: Out-of-bounds read vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in disclosure of information or remote code execution due to lack of sanity checks on user-supplied input data, when a malicious CGF file is imported to IGSS Definition.
|
|||||
| CVE-2021-22756 | 1 Schneider-electric | 1 Interactive Graphical Scada System | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
A CWE-125: Out-of-bounds read vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in disclosure of information or remote code execution due to lack of user-supplied data validation, when a malicious CGF file is imported to IGSS Definition.
|
|||||
| CVE-2021-22753 | 1 Schneider-electric | 1 Interactive Graphical Scada System | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
A CWE-125: Out-of-bounds read vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in loss of data or remote code execution due to missing length checks, when a malicious WSP file is being parsed by IGSS Definition.
|
|||||
| CVE-2021-22668 | 1 Deltaww | 1 Cncsoft Screeneditor | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Delta Industrial Automation CNCSoft ScreenEditor Versions 1.01.28 (with ScreenEditor Version 1.01.2) and prior are vulnerable to an out-of-bounds read while processing project files, which may allow an attacker to execute arbitrary code.
|
|||||
| CVE-2021-22663 | 2 Hornerautomation, Siemens | 2 Cscape, Cscape | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
Cscape (All versions prior to 9.90 SP3.5) lacks proper validation of user-supplied data when parsing project files. This could lead to an out-of-bounds read. An attacker could leverage this vulnerability to execute code in the context of the current process.
|
|||||
| CVE-2021-22660 | 1 Criticalmanufacturing | 1 Cncsoft-b | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
CNCSoft-B Versions 1.0.0.3 and prior is vulnerable to an out-of-bounds read, which may allow an attacker to execute arbitrary code.
|
|||||
| CVE-2021-22655 | 1 Fujielectric | 2 V-server, V-simulator | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
Multiple out-of-bounds read issues have been identified in the way the application processes project files, allowing an attacker to craft a special project file that may allow arbitrary code execution on the Tellus Lite V-Simulator and V-Server Lite (versions prior to 4.0.10.0).
|
|||||
| CVE-2021-22643 | 2 Luxion, Siemens | 8 Keyshot, Keyshot Network Rendering, Keyshot Viewer and 5 more | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions prior to 10.1, Luxion KeyShot Network Rendering versions prior to 10.1, and Luxion KeyVR versions prior to 10.1 are vulnerable to an out-of-bounds read while processing project files, which may allow an attacker to execute arbitrary code.
|
|||||
| CVE-2021-22638 | 1 Fatek | 1 Fvdesigner | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
Fatek FvDesigner Version 1.5.76 and prior is vulnerable to an out-of-bounds read while processing project files, allowing an attacker to craft a special project file that may permit arbitrary code execution.
|
|||||
| CVE-2021-22563 | 1 Libjxl Project | 1 Libjxl | 2024-11-21 | 3.6 LOW | 4.5 MEDIUM |
|
Invalid JPEG XL images using libjxl can cause an out of bounds access on a std::vector<std::vector<T>> when rendering splines. The OOB read access can either lead to a segfault, or rendering splines based on other process memory. It is recommended to upgrade past 0.6.0 or patch with https://github.com/libjxl/libjxl/pull/757
|
|||||
| CVE-2021-22552 | 1 Google | 1 Asylo | 2024-11-21 | 2.1 LOW | 5.3 MEDIUM |
|
An untrusted memory read vulnerability in Asylo versions up to 0.6.1 allows an untrusted attacker to pass a syscall number in MessageReader that is then used by sysno() and can bypass validation. This can allow the attacker to read memory from within the secure enclave. We recommend updating to Asylo 0.6.3 or past https://github.com/google/asylo/commit/90d7619e9dd99bcdb6cd28c7649d741d254d9a1a
|
|||||
| CVE-2021-22487 | 1 Huawei | 2 Emui, Magic Ui | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
There is an Out-of-bounds read vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may affect service availability.
|
|||||
| CVE-2021-22474 | 1 Huawei | 2 Emui, Magic Ui | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
There is an Out-of-bounds memory access in Huawei Smartphone.Successful exploitation of this vulnerability may cause process exceptions.
|
|||||
| CVE-2021-22469 | 1 Huawei | 1 Harmonyos | 2024-11-21 | 3.6 LOW | 7.1 HIGH |
|
A component of the HarmonyOS has a Out-of-bounds Read vulnerability. Local attackers may exploit this vulnerability to cause kernel out-of-bounds read.
|
|||||
| CVE-2021-22464 | 1 Huawei | 1 Harmonyos | 2024-11-21 | 4.6 MEDIUM | 3.3 LOW |
|
A component of the HarmonyOS has a Out-of-bounds Read vulnerability. Local attackers may exploit this vulnerability to cause system Soft Restart.
|
|||||
| CVE-2021-22458 | 1 Huawei | 1 Harmonyos | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
A component of the HarmonyOS has a Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability. Local attackers may exploit this vulnerability to cause arbitrary code execution.
|
|||||
| CVE-2021-22453 | 1 Huawei | 1 Harmonyos | 2024-11-21 | 2.1 LOW | 3.3 LOW |
|
A component of the HarmonyOS has a Improper Input Validation vulnerability. Local attackers may exploit this vulnerability to cause nearby process crash.
|
|||||
| CVE-2021-22383 | 1 Huawei | 4 Ecns280 Td, Ecns280 Td Firmware, Ese620x Vess and 1 more | 2024-11-21 | 6.8 MEDIUM | 4.9 MEDIUM |
|
There is an out-of-bounds read vulnerability in eCNS280_TD V100R005C10 and eSE620X vESS V100R001C10SPC200, V100R001C20SPC200, V200R001C00SPC300. The vulnerability is due to a message-handling function that contains an out-of-bounds read vulnerability. An attacker can exploit this vulnerability by sending a specific message to the target device, which could cause a Denial of Service (DoS).
|
|||||
| CVE-2021-22366 | 1 Huawei | 2 Ese620x Vess, Ese620x Vess Firmware | 2024-11-21 | 4.9 MEDIUM | 5.5 MEDIUM |
|
There is an out-of-bounds read vulnerability in eSE620X vESS V100R001C10SPC200, V100R001C20SPC200, V200R001C00SPC300. The vulnerability is due to a function that handles an internal message contains an out-of-bounds read vulnerability. An attacker could crafted messages between system process, successful exploit could cause Denial of Service (DoS).
|
|||||
| CVE-2021-22365 | 1 Huawei | 2 Ese620x Vess, Ese620x Vess Firmware | 2024-11-21 | 2.1 LOW | 3.3 LOW |
|
There is an out of bounds read vulnerability in eSE620X vESS V100R001C10SPC200, V100R001C20SPC200, V200R001C00SPC300. A local attacker can exploit this vulnerability by sending specific message to the target device. Due to insufficient validation of internal message, successful exploit may cause the process and the service abnormal.
|
|||||
| CVE-2021-22354 | 1 Huawei | 2 Emui, Magic Ui | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
|
There is an Information Disclosure Vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may cause out-of-bounds read.
|
|||||
| CVE-2021-22306 | 1 Huawei | 2 Mate 30, Mate 30 Firmware | 2024-11-21 | 2.1 LOW | 4.6 MEDIUM |
|
There is an out-of-bound read vulnerability in Mate 30 10.0.0.182(C00E180R6P2). A module does not verify the some input when dealing with messages. Attackers can exploit this vulnerability by sending malicious input through specific module. This could cause out-of-bound, compromising normal service.
|
|||||
| CVE-2021-22302 | 1 Huawei | 2 Taurus-al00a, Taurus-al00a Firmware | 2024-11-21 | 3.6 LOW | 7.1 HIGH |
|
There is an out-of-bound read vulnerability in Taurus-AL00A 10.0.0.1(C00E1R1P1). A module does not verify the some input. Attackers can exploit this vulnerability by sending malicious input through specific app. This could cause out-of-bound, compromising normal service.
|
|||||
| CVE-2021-21989 | 2 Microsoft, Vmware | 3 Windows, Horizon Client, Workstation | 2024-11-21 | 2.1 LOW | 6.5 MEDIUM |
|
VMware Workstation (16.x prior to 16.1.2) and Horizon Client for Windows (5.x prior to 5.5.2) contain out-of-bounds read vulnerability in the Cortado ThinPrint component (TTC Parser). A malicious actor with access to a virtual machine or remote desktop may be able to exploit these issues leading to information disclosure from the TPView process running on the system where Workstation or Horizon Client for Windows is installed.
|
|||||
| CVE-2021-21988 | 2 Microsoft, Vmware | 3 Windows, Horizon Client, Workstation | 2024-11-21 | 2.1 LOW | 6.5 MEDIUM |
|
VMware Workstation (16.x prior to 16.1.2) and Horizon Client for Windows (5.x prior to 5.5.2) contain out-of-bounds read vulnerability in the Cortado ThinPrint component (JPEG2000 Parser). A malicious actor with access to a virtual machine or remote desktop may be able to exploit these issues leading to information disclosure from the TPView process running on the system where Workstation or Horizon Client for Windows is installed.
|
|||||
| CVE-2021-21987 | 2 Microsoft, Vmware | 3 Windows, Horizon Client, Workstation | 2024-11-21 | 2.1 LOW | 6.5 MEDIUM |
|
VMware Workstation (16.x prior to 16.1.2) and Horizon Client for Windows (5.x prior to 5.5.2) contain out-of-bounds read vulnerability in the Cortado ThinPrint component (TTC Parser). A malicious actor with access to a virtual machine or remote desktop may be able to exploit these issues leading to information disclosure from the TPView process running on the system where Workstation or Horizon Client for Windows is installed.
|
|||||
| CVE-2021-21777 | 1 Opener Project | 1 Opener | 2024-11-21 | 9.4 HIGH | 10.0 CRITICAL |
|
An information disclosure vulnerability exists in the Ethernet/IP UDP handler functionality of EIP Stack Group OpENer 2.3 and development commit 8c73bf3. A specially crafted network request can lead to an out-of-bounds read.
|
|||||
| CVE-2021-21704 | 2 Netapp, Php | 2 Clustered Data Ontap, Php | 2024-11-21 | 4.3 MEDIUM | 5.0 MEDIUM |
|
In PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21 and 8.0.x below 8.0.8, when using Firebird PDO driver extension, a malicious database server could cause crashes in various database functions, such as getAttribute(), execute(), fetch() and others by returning invalid response data that is not parsed correctly by the driver. This can result in crashes, denial of service or potentially memory corruption.
|
|||||
| CVE-2021-21557 | 1 Dell | 62 Poweredge C4140, Poweredge C4140 Firmware, Poweredge C6420 and 59 more | 2024-11-21 | 7.2 HIGH | 8.1 HIGH |
|
Dell PowerEdge Server BIOS and select Dell Precision Rack BIOS contain an out-of-bounds array access vulnerability. A local malicious user with high privileges may potentially exploit this vulnerability, leading to a denial of service, arbitrary code execution, or information disclosure in System Management Mode.
|
|||||
| CVE-2021-21463 | 1 Sap | 1 3d Visual Enterprise Viewer | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated PCX file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.
|
|||||
| CVE-2021-21410 | 1 Contiki-ng | 1 Contiki-ng | 2024-11-21 | 6.4 MEDIUM | 8.2 HIGH |
|
Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. An out-of-bounds read can be triggered by 6LoWPAN packets sent to devices running Contiki-NG 4.6 and prior. The IPv6 header decompression function (<code>uncompress_hdr_iphc</code>) does not perform proper boundary checks when reading from the packet buffer. Hence, it is possible to construct a compressed 6LoWPAN packet that will read more bytes than what is available from the packet buffer. As of time ...
Show More |
|||||
| CVE-2021-21200 | 1 Google | 1 Chrome | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Out of bounds read in WebUI Settings in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chrome security severity: Low)
|
|||||
| CVE-2021-21198 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2024-11-21 | 4.3 MEDIUM | 7.4 HIGH |
|
Out of bounds read in IPC in Google Chrome prior to 89.0.4389.114 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
|
|||||
| CVE-2021-21091 | 2 Adobe, Microsoft | 2 Bridge, Windows | 2024-11-21 | 4.3 MEDIUM | 3.3 LOW |
|
Adobe Bridge versions 10.1.1 (and earlier) and 11.0.1 (and earlier) are affected by an Out-of-bounds read vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to disclose sensitive memory information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2021-21089 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Macos and 1 more | 2024-11-21 | 4.3 MEDIUM | 3.3 LOW |
|
Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by an out-of-bounds Read vulnerability. An unauthenticated attacker could leverage this vulnerability to locally escalate privileges in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2021-21076 | 2 Adobe, Microsoft | 2 Animate, Windows | 2024-11-21 | 5.8 MEDIUM | 7.1 HIGH |
|
Adobe Animate version 21.0.3 (and earlier) is affected by an Out-of-bounds Read vulnerability. An unauthenticated attacker could leverage this vulnerability to disclose sensitive information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2021-21075 | 2 Adobe, Microsoft | 2 Animate, Windows | 2024-11-21 | 5.8 MEDIUM | 7.1 HIGH |
|
Adobe Animate version 21.0.3 (and earlier) is affected by an Out-of-bounds Read vulnerability. An unauthenticated attacker could leverage this vulnerability to disclose sensitive information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2021-21074 | 2 Adobe, Microsoft | 2 Animate, Windows | 2024-11-21 | 5.8 MEDIUM | 7.1 HIGH |
|
Adobe Animate version 21.0.3 (and earlier) is affected by an Out-of-bounds Read vulnerability. An unauthenticated attacker could leverage this vulnerability to disclose sensitive information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||