Vulnerabilities (CVE)

Filtered by CWE-120
Total 954 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-38297 1 Golang 1 Go 2021-10-21 7.5 HIGH 9.8 CRITICAL
Go before 1.16.9 and 1.17.x before 1.17.2 has a Buffer Overflow via large arguments in a function invocation from a WASM module, when GOARCH=wasm GOOS=js is used.
CVE-2020-21531 2 Debian, Xfig Project 2 Debian Linux, Fig2dev 2021-10-20 4.3 MEDIUM 5.5 MEDIUM
fig2dev 3.2.7b contains a global buffer overflow in the conv_pattern_index function in gencgm.c.
CVE-2020-21532 2 Debian, Xfig Project 2 Debian Linux, Fig2dev 2021-10-20 4.3 MEDIUM 5.5 MEDIUM
fig2dev 3.2.7b contains a global buffer overflow in the setfigfont function in genepic.c.
CVE-2020-21534 2 Debian, Xfig Project 2 Debian Linux, Fig2dev 2021-10-20 4.3 MEDIUM 5.5 MEDIUM
fig2dev 3.2.7b contains a global buffer overflow in the get_line function in read.c.
CVE-2021-3177 3 Fedoraproject, Netapp, Python 3 Fedora, Ontap Select Deploy Administration Utility, Python 2021-10-20 7.5 HIGH 9.8 CRITICAL
Python 3.x through 3.9.1 has a buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution in certain Python applications that accept floating-point numbers as untrusted input, as demonstrated by a 1e300 argument to c_double.from_param. This occurs because sprintf is used unsafely.
CVE-2021-3711 3 Debian, Netapp, Openssl 10 Debian Linux, Clustered Data Ontap, Clustered Data Ontap Antivirus Connector and 7 more 2021-10-20 7.5 HIGH 9.8 CRITICAL
In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt(). Typically an application will call this function twice. The first time, on entry, the "out" parameter can be NULL and, on exit, the "outlen" parameter is populated with the buffer size required to hold the decrypted plaintext. The application can then allocate a sufficiently sized buffer and call EVP_PKEY_decrypt() again, but this time passing a non-NULL value for the "out" parameter. A bug in the implementation of the SM2 decryption code means that the calculation of the buffer size required to hold the plaintext returned by the first call to EVP_PKEY_decrypt() can be smaller than the actual size required by the second call. This can lead to a buffer overflow when EVP_PKEY_decrypt() is called by the application a second time with a buffer that is too small. A malicious attacker who is able present SM2 content for decryption to an application could cause attacker chosen data to overflow the buffer by up to a maximum of 62 bytes altering the contents of other data held after the buffer, possibly changing application behaviour or causing the application to crash. The location of the buffer is application dependent but is typically heap allocated. Fixed in OpenSSL 1.1.1l (Affected 1.1.1-1.1.1k).
CVE-2020-27824 4 Debian, Fedoraproject, Redhat and 1 more 4 Debian Linux, Fedora, Enterprise Linux and 1 more 2021-10-20 4.3 MEDIUM 5.5 MEDIUM
A flaw was found in OpenJPEG’s encoder in the opj_dwt_calc_explicit_stepsizes() function. This flaw allows an attacker who can supply crafted input to decomposition levels to cause a buffer overflow. The highest threat from this vulnerability is to system availability.
CVE-2020-22026 2 Debian, Ffmpeg 2 Debian Linux, Ffmpeg 2021-10-20 4.3 MEDIUM 6.5 MEDIUM
Buffer Overflow vulnerability exists in FFmpeg 4.2 in the config_input function at libavfilter/af_tremolo.c, which could let a remote malicious user cause a Denial of Service.
CVE-2020-22035 1 Ffmpeg 1 Ffmpeg 2021-10-20 6.8 MEDIUM 8.8 HIGH
A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 in get_block_row at libavfilter/vf_bm3d.c, which might lead to memory corruption and other potential consequences.
CVE-2020-21041 2 Debian, Ffmpeg 2 Debian Linux, Ffmpeg 2021-10-20 5.0 MEDIUM 7.5 HIGH
Buffer Overflow vulnerability exists in FFmpeg 4.1 via apng_do_inverse_blend in libavcodec/pngenc.c, which could let a remote malicious user cause a Denial of Service
CVE-2020-22015 2 Debian, Ffmpeg 2 Debian Linux, Ffmpeg 2021-10-20 6.8 MEDIUM 8.8 HIGH
Buffer Overflow vulnerability in FFmpeg 4.2 in mov_write_video_tag due to the out of bounds in libavformat/movenc.c, which could let a remote malicious user obtain sensitive information, cause a Denial of Service, or execute arbitrary code.
CVE-2020-22019 1 Ffmpeg 1 Ffmpeg 2021-10-20 4.3 MEDIUM 6.5 MEDIUM
Buffer Overflow vulnerability in FFmpeg 4.2 at convolution_y_10bit in libavfilter/vf_vmafmotion.c, which could let a remote malicious user cause a Denial of Service.
CVE-2020-22021 2 Debian, Ffmpeg 2 Debian Linux, Ffmpeg 2021-10-20 4.3 MEDIUM 6.5 MEDIUM
Buffer Overflow vulnerability in FFmpeg 4.2 at filter_edges function in libavfilter/vf_yadif.c, which could let a remote malicious user cause a Denial of Service.
CVE-2020-12723 5 Fedoraproject, Netapp, Opensuse and 2 more 6 Fedora, Oncommand Workflow Automation, Snap Creator Framework and 3 more 2021-10-20 5.0 MEDIUM 7.5 HIGH
regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted regular expression because of recursive S_study_chunk calls.
CVE-2020-22028 2 Debian, Ffmpeg 2 Debian Linux, Ffmpeg 2021-10-20 4.3 MEDIUM 6.5 MEDIUM
Buffer Overflow vulnerability exists in FFmpeg 4.2 in filter_vertically_8 at libavfilter/vf_avgblur.c, which could cause a remote Denial of Service.
CVE-2020-22020 2 Debian, Ffmpeg 2 Debian Linux, Ffmpeg 2021-10-20 4.3 MEDIUM 6.5 MEDIUM
Buffer Overflow vulnerability in FFmpeg 4.2 in the build_diff_map function in libavfilter/vf_fieldmatch.c, which could let a remote malicious user cause a Denial of Service.
CVE-2021-40239 1 Miniftpd Project 1 Miniftpd 2021-10-19 7.5 HIGH 9.8 CRITICAL
A Buffer Overflow vulnerability exists in the latest version of Miniftpd in the do_retr function in ftpproto.c
CVE-2021-37726 1 Arubanetworks 1 Aruba Instant 2021-10-19 10.0 HIGH 9.8 CRITICAL
A remote buffer overflow vulnerability was discovered in HPE Aruba Instant (IAP) version(s): Aruba Instant 8.7.x.x: 8.7.0.0 through 8.7.1.2. Aruba has released patches for Aruba Instant (IAP) that address this security vulnerability.
CVE-2020-27372 1 Brandy Project 1 Brandy 2021-10-18 7.5 HIGH 9.8 CRITICAL
A buffer overflow vulnerability exists in Brandy Basic V Interpreter 1.21 in the run_interpreter function.
CVE-2021-33909 4 Debian, Fedoraproject, Linux and 1 more 5 Debian Linux, Fedora, Linux Kernel and 2 more 2021-10-18 7.2 HIGH 7.8 HIGH
fs/seq_file.c in the Linux kernel 3.16 through 5.13.x before 5.13.4 does not properly restrict seq buffer allocations, leading to an integer overflow, an Out-of-bounds Write, and escalation to root by an unprivileged user, aka CID-8cae8cd89f05.