Vulnerabilities (CVE)

Filtered by CWE-125
Total 7258 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-27045 1 Autodesk 1 Navisworks 2024-11-21 6.8 MEDIUM 7.8 HIGH
A maliciously crafted PDF file in Autodesk Navisworks 2019, 2020, 2021, 2022 can be forced to read beyond allocated boundaries when parsing the PDF file. This vulnerability can be exploited to execute arbitrary code.
CVE-2021-27044 1 Autodesk 1 Fbx Review 2024-11-21 6.8 MEDIUM 7.8 HIGH
A Out-Of-Bounds Read/Write Vulnerability in Autodesk FBX Review version 1.4.0 may lead to remote code execution through maliciously crafted DLL files or information disclosure.
CVE-2021-27040 3 Autodesk, Iconics, Mitsubishielectric 13 Advance Steel, Autocad, Autocad Architecture and 10 more 2024-11-21 4.3 MEDIUM 3.3 LOW
A maliciously crafted DWG file can be forced to read beyond allocated boundaries when parsing the DWG file. This vulnerability can be exploited to execute arbitrary code.
CVE-2021-27027 1 Autodesk 1 Fbx Review 2024-11-21 6.8 MEDIUM 7.8 HIGH
An Out-Of-Bounds Read Vulnerability in Autodesk FBX Review version 1.5.0 and prior may lead to code execution through maliciously crafted DLL files or information disclosure.
CVE-2021-26957 1 Xcb Project 1 Xcb 2024-11-21 7.5 HIGH 9.8 CRITICAL
An issue was discovered in the xcb crate through 2021-02-04 for Rust. It has a soundness violation because there is an out-of-bounds read in xcb::xproto::change_property(), as demonstrated by a format=32 T=u8 situation where out-of-bounds bytes are sent to an X server.
CVE-2021-26926 2 Fedoraproject, Jasper Project 2 Fedora, Jasper 2024-11-21 5.8 MEDIUM 7.1 HIGH
A flaw was found in jasper before 2.0.25. An out of bounds read issue was found in jp2_decode function whic may lead to disclosure of information or program crash.
CVE-2021-26623 2 Bandisoft, Microsoft 2 Bandizip, Windows 2024-11-21 7.5 HIGH 7.8 HIGH
A remote code execution vulnerability due to incomplete check for 'xheader_decode_path_record' function's parameter length value in the ark library. Remote attackers can induce exploit malicious code using this function.
CVE-2021-26388 1 Amd 213 Epyc 7232p, Epyc 7232p Firmware, Epyc 7252 and 210 more 2024-11-21 4.9 MEDIUM 5.5 MEDIUM
Improper validation of the BIOS directory may allow for searches to read beyond the directory table copy in RAM, exposing out of bounds memory contents, resulting in a potential denial of service.
CVE-2021-26384 1 Amd 104 Athlon Gold 3150u, Athlon Gold 3150u Firmware, Athlon Silver 3050u and 101 more 2024-11-21 N/A 7.8 HIGH
A malformed SMI (System Management Interface) command may allow an attacker to establish a corrupted SMI Trigger Info data structure, potentially leading to out-of-bounds memory reads and writes when triggering an SMI resulting in a potential loss of resources.
CVE-2021-26345 1 Amd 180 Epyc 7203, Epyc 7203 Firmware, Epyc 7203p and 177 more 2024-11-21 N/A 1.9 LOW
Failure to validate the value in APCB may allow a privileged attacker to tamper with the APCB token to force an out-of-bounds memory read potentially resulting in a denial of service.
CVE-2021-25901 1 Lazy-init Project 1 Lazy-init 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
An issue was discovered in the lazy-init crate through 2021-01-17 for Rust. Lazy lacks a Send bound, leading to a data race.
CVE-2021-25848 1 Moxa 32 Vport 06ec-2v26m, Vport 06ec-2v26m Firmware, Vport 06ec-2v36m-ct and 29 more 2024-11-21 8.5 HIGH 9.1 CRITICAL
Improper validation of the length field of LLDP-MED TLV in userdisk/vport_lldpd in Moxa Camera VPort 06EC-2V Series, version 1.1, allows information disclosure to attackers due to using fixed loop counter variable without checking the actual available length via a crafted lldp packet.
CVE-2021-25847 1 Moxa 32 Vport 06ec-2v26m, Vport 06ec-2v26m Firmware, Vport 06ec-2v36m-ct and 29 more 2024-11-21 8.5 HIGH 9.1 CRITICAL
Improper validation of the length field of LLDP-MED TLV in userdisk/vport_lldpd in Moxa Camera VPort 06EC-2V Series, version 1.1, allows information disclosure to attackers due to controllable loop counter variable via a crafted lldp packet.
CVE-2021-25802 1 Videolan 1 Vlc Media Player 2024-11-21 5.8 MEDIUM 7.1 HIGH
A buffer overflow vulnerability in the AVI_ExtractSubtitle component of VideoLAN VLC Media Player 3.0.11 allows attackers to cause an out-of-bounds read via a crafted .avi file.
CVE-2021-25801 1 Videolan 1 Vlc Media Player 2024-11-21 5.8 MEDIUM 7.1 HIGH
A buffer overflow vulnerability in the __Parse_indx component of VideoLAN VLC Media Player 3.0.11 allows attackers to cause an out-of-bounds read via a crafted .avi file.
CVE-2021-25492 1 Samsung 1 Notes 2024-11-21 3.6 LOW 7.3 HIGH
Lack of boundary checking of a buffer in libSPenBase library of Samsung Notes prior to Samsung Note version 4.3.02.61 allows OOB read.
CVE-2021-25488 2 Google, Samsung 2 Android, Exynos 2024-11-21 2.1 LOW 5.5 MEDIUM
Lack of boundary checking of a buffer in recv_data() of modem interface driver prior to SMR Oct-2021 Release 1 allows OOB read.
CVE-2021-25483 1 Google 1 Android 2024-11-21 5.0 MEDIUM 4.0 MEDIUM
Lack of boundary checking of a buffer in livfivextractor library prior to SMR Oct-2021 Release 1 allows OOB read.
CVE-2021-25456 1 Google 1 Android 2024-11-21 4.3 MEDIUM 5.5 MEDIUM
OOB read vulnerability in libswmfextractor.so library prior to SMR Sep-2021 Release 1 allows attackers to execute memcpy at arbitrary address via forged wmf file.
CVE-2021-25455 1 Google 1 Android 2024-11-21 4.3 MEDIUM 3.3 LOW
OOB read vulnerability in libsaviextractor.so library prior to SMR Sep-2021 Release 1 allows attackers to access arbitrary address through pointer via forged avi file.