Total
7258 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-27045 | 1 Autodesk | 1 Navisworks | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
A maliciously crafted PDF file in Autodesk Navisworks 2019, 2020, 2021, 2022 can be forced to read beyond allocated boundaries when parsing the PDF file. This vulnerability can be exploited to execute arbitrary code. | |||||
CVE-2021-27044 | 1 Autodesk | 1 Fbx Review | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
A Out-Of-Bounds Read/Write Vulnerability in Autodesk FBX Review version 1.4.0 may lead to remote code execution through maliciously crafted DLL files or information disclosure. | |||||
CVE-2021-27040 | 3 Autodesk, Iconics, Mitsubishielectric | 13 Advance Steel, Autocad, Autocad Architecture and 10 more | 2024-11-21 | 4.3 MEDIUM | 3.3 LOW |
A maliciously crafted DWG file can be forced to read beyond allocated boundaries when parsing the DWG file. This vulnerability can be exploited to execute arbitrary code. | |||||
CVE-2021-27027 | 1 Autodesk | 1 Fbx Review | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
An Out-Of-Bounds Read Vulnerability in Autodesk FBX Review version 1.5.0 and prior may lead to code execution through maliciously crafted DLL files or information disclosure. | |||||
CVE-2021-26957 | 1 Xcb Project | 1 Xcb | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
An issue was discovered in the xcb crate through 2021-02-04 for Rust. It has a soundness violation because there is an out-of-bounds read in xcb::xproto::change_property(), as demonstrated by a format=32 T=u8 situation where out-of-bounds bytes are sent to an X server. | |||||
CVE-2021-26926 | 2 Fedoraproject, Jasper Project | 2 Fedora, Jasper | 2024-11-21 | 5.8 MEDIUM | 7.1 HIGH |
A flaw was found in jasper before 2.0.25. An out of bounds read issue was found in jp2_decode function whic may lead to disclosure of information or program crash. | |||||
CVE-2021-26623 | 2 Bandisoft, Microsoft | 2 Bandizip, Windows | 2024-11-21 | 7.5 HIGH | 7.8 HIGH |
A remote code execution vulnerability due to incomplete check for 'xheader_decode_path_record' function's parameter length value in the ark library. Remote attackers can induce exploit malicious code using this function. | |||||
CVE-2021-26388 | 1 Amd | 213 Epyc 7232p, Epyc 7232p Firmware, Epyc 7252 and 210 more | 2024-11-21 | 4.9 MEDIUM | 5.5 MEDIUM |
Improper validation of the BIOS directory may allow for searches to read beyond the directory table copy in RAM, exposing out of bounds memory contents, resulting in a potential denial of service. | |||||
CVE-2021-26384 | 1 Amd | 104 Athlon Gold 3150u, Athlon Gold 3150u Firmware, Athlon Silver 3050u and 101 more | 2024-11-21 | N/A | 7.8 HIGH |
A malformed SMI (System Management Interface) command may allow an attacker to establish a corrupted SMI Trigger Info data structure, potentially leading to out-of-bounds memory reads and writes when triggering an SMI resulting in a potential loss of resources. | |||||
CVE-2021-26345 | 1 Amd | 180 Epyc 7203, Epyc 7203 Firmware, Epyc 7203p and 177 more | 2024-11-21 | N/A | 1.9 LOW |
Failure to validate the value in APCB may allow a privileged attacker to tamper with the APCB token to force an out-of-bounds memory read potentially resulting in a denial of service. | |||||
CVE-2021-25901 | 1 Lazy-init Project | 1 Lazy-init | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
An issue was discovered in the lazy-init crate through 2021-01-17 for Rust. Lazy lacks a Send bound, leading to a data race. | |||||
CVE-2021-25848 | 1 Moxa | 32 Vport 06ec-2v26m, Vport 06ec-2v26m Firmware, Vport 06ec-2v36m-ct and 29 more | 2024-11-21 | 8.5 HIGH | 9.1 CRITICAL |
Improper validation of the length field of LLDP-MED TLV in userdisk/vport_lldpd in Moxa Camera VPort 06EC-2V Series, version 1.1, allows information disclosure to attackers due to using fixed loop counter variable without checking the actual available length via a crafted lldp packet. | |||||
CVE-2021-25847 | 1 Moxa | 32 Vport 06ec-2v26m, Vport 06ec-2v26m Firmware, Vport 06ec-2v36m-ct and 29 more | 2024-11-21 | 8.5 HIGH | 9.1 CRITICAL |
Improper validation of the length field of LLDP-MED TLV in userdisk/vport_lldpd in Moxa Camera VPort 06EC-2V Series, version 1.1, allows information disclosure to attackers due to controllable loop counter variable via a crafted lldp packet. | |||||
CVE-2021-25802 | 1 Videolan | 1 Vlc Media Player | 2024-11-21 | 5.8 MEDIUM | 7.1 HIGH |
A buffer overflow vulnerability in the AVI_ExtractSubtitle component of VideoLAN VLC Media Player 3.0.11 allows attackers to cause an out-of-bounds read via a crafted .avi file. | |||||
CVE-2021-25801 | 1 Videolan | 1 Vlc Media Player | 2024-11-21 | 5.8 MEDIUM | 7.1 HIGH |
A buffer overflow vulnerability in the __Parse_indx component of VideoLAN VLC Media Player 3.0.11 allows attackers to cause an out-of-bounds read via a crafted .avi file. | |||||
CVE-2021-25492 | 1 Samsung | 1 Notes | 2024-11-21 | 3.6 LOW | 7.3 HIGH |
Lack of boundary checking of a buffer in libSPenBase library of Samsung Notes prior to Samsung Note version 4.3.02.61 allows OOB read. | |||||
CVE-2021-25488 | 2 Google, Samsung | 2 Android, Exynos | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
Lack of boundary checking of a buffer in recv_data() of modem interface driver prior to SMR Oct-2021 Release 1 allows OOB read. | |||||
CVE-2021-25483 | 1 Google | 1 Android | 2024-11-21 | 5.0 MEDIUM | 4.0 MEDIUM |
Lack of boundary checking of a buffer in livfivextractor library prior to SMR Oct-2021 Release 1 allows OOB read. | |||||
CVE-2021-25456 | 1 Google | 1 Android | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
OOB read vulnerability in libswmfextractor.so library prior to SMR Sep-2021 Release 1 allows attackers to execute memcpy at arbitrary address via forged wmf file. | |||||
CVE-2021-25455 | 1 Google | 1 Android | 2024-11-21 | 4.3 MEDIUM | 3.3 LOW |
OOB read vulnerability in libsaviextractor.so library prior to SMR Sep-2021 Release 1 allows attackers to access arbitrary address through pointer via forged avi file. |