Total
7228 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-23168 | 1 Intel | 36 Dual Band Wireless-ac 3165, Dual Band Wireless-ac 3165 Firmware, Dual Band Wireless-ac 3168 and 33 more | 2024-11-21 | N/A | 6.5 MEDIUM |
| Out of bounds read for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi products may allow an unauthenticated user to potentially enable denial of service via adjacent access. | |||||
| CVE-2021-22918 | 2 Nodejs, Siemens | 2 Node.js, Sinec Infrastructure Network Services | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Node.js before 16.4.1, 14.17.2, 12.22.2 is vulnerable to an out-of-bounds read when uv__idna_toascii() is used to convert strings to ASCII. The pointer p is read and increased without checking whether it is beyond pe, with the latter holding a pointer to the end of the buffer. This can lead to information disclosures or crashes. This function can be triggered via uv_getaddrinfo(). | |||||
| CVE-2021-22809 | 1 Schneider-electric | 1 Guicon | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| A CWE-125:Out-of-Bounds Read vulnerability exists that could cause unintended data disclosure when a malicious *.gd1 configuration file is loaded into the GUIcon tool. Affected Product: Eurotherm by Schneider Electric GUIcon Version 2.0 (Build 683.003) and prior | |||||
| CVE-2021-22790 | 1 Schneider-electric | 49 Modicon M340 Bmxp341000, Modicon M340 Bmxp342010, Modicon M340 Bmxp342020 and 46 more | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| A CWE-125: Out-of-bounds Read vulnerability that could cause a Denial of Service on the Modicon PLC controller / simulator when updating the controller application with a specially crafted project file exists in Modicon M580 CPU (part numbers BMEP* and BMEH*, all versions), Modicon M340 CPU (part numbers BMXP34*, all versions), Modicon MC80 (part numbers BMKC80*, all versions), Modicon Momentum Ethernet CPU (part numbers 171CBU*, all versions), PLC Simulator for EcoStruxureª Control Expert, including all Unity Pro versions (former name of EcoStruxureª Control Expert, all versions), PLC Simulator for EcoStruxureª Process Expert including all HDCS versions (former name of EcoStruxureª Process Expert, all versions), Modicon Quantum CPU (part numbers 140CPU*, all versions), Modicon Premium CPU (part numbers TSXP5*, all versions). | |||||
| CVE-2021-22757 | 1 Schneider-electric | 1 Interactive Graphical Scada System | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| A CWE-125: Out-of-bounds read vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in disclosure of information or remote code execution due to lack of sanity checks on user-supplied input data, when a malicious CGF file is imported to IGSS Definition. | |||||
| CVE-2021-22756 | 1 Schneider-electric | 1 Interactive Graphical Scada System | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| A CWE-125: Out-of-bounds read vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in disclosure of information or remote code execution due to lack of user-supplied data validation, when a malicious CGF file is imported to IGSS Definition. | |||||
| CVE-2021-22753 | 1 Schneider-electric | 1 Interactive Graphical Scada System | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| A CWE-125: Out-of-bounds read vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in loss of data or remote code execution due to missing length checks, when a malicious WSP file is being parsed by IGSS Definition. | |||||
| CVE-2021-22668 | 1 Deltaww | 1 Cncsoft Screeneditor | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Delta Industrial Automation CNCSoft ScreenEditor Versions 1.01.28 (with ScreenEditor Version 1.01.2) and prior are vulnerable to an out-of-bounds read while processing project files, which may allow an attacker to execute arbitrary code. | |||||
| CVE-2021-22663 | 2 Hornerautomation, Siemens | 2 Cscape, Cscape | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| Cscape (All versions prior to 9.90 SP3.5) lacks proper validation of user-supplied data when parsing project files. This could lead to an out-of-bounds read. An attacker could leverage this vulnerability to execute code in the context of the current process. | |||||
| CVE-2021-22660 | 1 Criticalmanufacturing | 1 Cncsoft-b | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| CNCSoft-B Versions 1.0.0.3 and prior is vulnerable to an out-of-bounds read, which may allow an attacker to execute arbitrary code. | |||||
| CVE-2021-22655 | 1 Fujielectric | 2 V-server, V-simulator | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| Multiple out-of-bounds read issues have been identified in the way the application processes project files, allowing an attacker to craft a special project file that may allow arbitrary code execution on the Tellus Lite V-Simulator and V-Server Lite (versions prior to 4.0.10.0). | |||||
| CVE-2021-22643 | 2 Luxion, Siemens | 8 Keyshot, Keyshot Network Rendering, Keyshot Viewer and 5 more | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions prior to 10.1, Luxion KeyShot Network Rendering versions prior to 10.1, and Luxion KeyVR versions prior to 10.1 are vulnerable to an out-of-bounds read while processing project files, which may allow an attacker to execute arbitrary code. | |||||
| CVE-2021-22638 | 1 Fatek | 1 Fvdesigner | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| Fatek FvDesigner Version 1.5.76 and prior is vulnerable to an out-of-bounds read while processing project files, allowing an attacker to craft a special project file that may permit arbitrary code execution. | |||||
| CVE-2021-22563 | 1 Libjxl Project | 1 Libjxl | 2024-11-21 | 3.6 LOW | 4.5 MEDIUM |
| Invalid JPEG XL images using libjxl can cause an out of bounds access on a std::vector<std::vector<T>> when rendering splines. The OOB read access can either lead to a segfault, or rendering splines based on other process memory. It is recommended to upgrade past 0.6.0 or patch with https://github.com/libjxl/libjxl/pull/757 | |||||
| CVE-2021-22552 | 1 Google | 1 Asylo | 2024-11-21 | 2.1 LOW | 5.3 MEDIUM |
| An untrusted memory read vulnerability in Asylo versions up to 0.6.1 allows an untrusted attacker to pass a syscall number in MessageReader that is then used by sysno() and can bypass validation. This can allow the attacker to read memory from within the secure enclave. We recommend updating to Asylo 0.6.3 or past https://github.com/google/asylo/commit/90d7619e9dd99bcdb6cd28c7649d741d254d9a1a | |||||
| CVE-2021-22487 | 1 Huawei | 2 Emui, Magic Ui | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| There is an Out-of-bounds read vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may affect service availability. | |||||
| CVE-2021-22474 | 1 Huawei | 2 Emui, Magic Ui | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| There is an Out-of-bounds memory access in Huawei Smartphone.Successful exploitation of this vulnerability may cause process exceptions. | |||||
| CVE-2021-22469 | 1 Huawei | 1 Harmonyos | 2024-11-21 | 3.6 LOW | 7.1 HIGH |
| A component of the HarmonyOS has a Out-of-bounds Read vulnerability. Local attackers may exploit this vulnerability to cause kernel out-of-bounds read. | |||||
| CVE-2021-22464 | 1 Huawei | 1 Harmonyos | 2024-11-21 | 4.6 MEDIUM | 3.3 LOW |
| A component of the HarmonyOS has a Out-of-bounds Read vulnerability. Local attackers may exploit this vulnerability to cause system Soft Restart. | |||||
| CVE-2021-22458 | 1 Huawei | 1 Harmonyos | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| A component of the HarmonyOS has a Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability. Local attackers may exploit this vulnerability to cause arbitrary code execution. | |||||