Total
95 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-28906 | 1 Cesnet | 1 Libyang | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| In function read_yin_leaf() in libyang <= v1.0.225, it doesn't check whether the value of retval->ext[r] is NULL. In some cases, it can be NULL, which leads to the operation of retval->ext[r]->flags that results in a crash. | |||||
| CVE-2021-28875 | 1 Rust-lang | 1 Rust | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| In the standard library in Rust before 1.50.0, read_to_end() does not validate the return value from Read in an unsafe context. This bug could lead to a buffer overflow. | |||||
| CVE-2021-21217 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
| Uninitialized data in PDFium in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted PDF file. | |||||
| CVE-2021-3673 | 2 Fedoraproject, Radare | 2 Fedora, Radare2 | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability was found in Radare2 in version 5.3.1. Improper input validation when reading a crafted LE binary can lead to resource exhaustion and DoS. | |||||
| CVE-2021-29853 | 1 Ibm | 1 Planning Analytics | 2023-12-10 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Planning Analytics 2.0 could expose information that could be used to to create attacks by not validating the return values from some methods or functions. IBM X-Force ID: 205529. | |||||
| CVE-2021-28902 | 1 Cesnet | 1 Libyang | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| In function read_yin_container() in libyang <= v1.0.225, it doesn't check whether the value of retval->ext[r] is NULL. In some cases, it can be NULL, which leads to the operation of retval->ext[r]->flags that results in a crash. | |||||
| CVE-2021-28675 | 2 Fedoraproject, Python | 2 Fedora, Pillow | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in Pillow before 8.2.0. PSDImagePlugin.PsdImageFile lacked a sanity check on the number of input layers relative to the size of the data block. This could lead to a DoS on Image.open prior to Image.load. | |||||
| CVE-2021-21219 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
| Uninitialized data in PDFium in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted PDF file. | |||||
| CVE-2021-29739 | 1 Ibm | 1 Planning Analytics Local | 2023-12-10 | 4.0 MEDIUM | 4.9 MEDIUM |
| IBM Planning Analytics Local 2.0 could allow a remote attacker to obtain sensitive information when a stack trace is returned in the browser. X-Force ID: 198846. | |||||
| CVE-2021-38114 | 2 Debian, Ffmpeg | 2 Debian Linux, Ffmpeg | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
| libavcodec/dnxhddec.c in FFmpeg 4.4 does not check the return value of the init_vlc function, a similar issue to CVE-2013-0868. | |||||
| CVE-2021-26958 | 1 Xcb Project | 1 Xcb | 2023-12-10 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in the xcb crate through 2021-02-04 for Rust. It has a soundness violation because transmutation to the wrong type can happen after xcb::base::cast_event uses std::mem::transmute to return a reference to an arbitrary type. | |||||
| CVE-2020-27898 | 1 Apple | 1 Macos | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
| A denial of service issue was addressed with improved state handling. This issue is fixed in macOS Big Sur 11.0.1. An attacker may be able to bypass Managed Frame Protection. | |||||
| CVE-2020-15191 | 2 Google, Opensuse | 2 Tensorflow, Leap | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
| In Tensorflow before versions 2.2.1 and 2.3.1, if a user passes an invalid argument to `dlpack.to_dlpack` the expected validations will cause variables to bind to `nullptr` while setting a `status` variable to the error condition. However, this `status` argument is not properly checked. Hence, code following these methods will bind references to null pointers. This is undefined behavior and reported as an error if compiling with `-fsanitize=null`. The issue is patched in commit 22e07fb204386768e5bcbea563641ea11f96ceb8 and is released in TensorFlow versions 2.2.1, or 2.3.1. | |||||
| CVE-2020-5359 | 2 Dell, Oracle | 3 Bsafe Micro-edition-suite, Database, Weblogic Server Proxy Plug-in | 2023-12-10 | 5.0 MEDIUM | 5.8 MEDIUM |
| Dell BSAFE Micro Edition Suite, versions prior to 4.5, are vulnerable to an Unchecked Return Value Vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability to modify and corrupt the encrypted data. | |||||
| CVE-1999-0199 | 1 Gnu | 1 Glibc | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| manual/search.texi in the GNU C Library (aka glibc) before 2.2 lacks a statement about the unspecified tdelete return value upon deletion of a tree's root, which might allow attackers to access a dangling pointer in an application whose developer was unaware of a documentation update from 1999. | |||||
| CVE-2021-26955 | 1 Xcb Project | 1 Xcb | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the xcb crate through 2021-02-04 for Rust. It has a soundness violation because xcb::xproto::GetAtomNameReply::name() calls std::str::from_utf8_unchecked() on unvalidated bytes from an X server. | |||||
| CVE-2020-4531 | 1 Ibm | 2 Business Automation Workflow, Business Process Manager | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM Business Automation Workflow 18.0, 19.0, and 20.0 and IBM Business Process Manager 8.0, 8.5, and 8.6 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 182715. | |||||
| CVE-2020-12372 | 1 Intel | 1 Graphics Drivers | 2023-12-10 | 2.1 LOW | 5.5 MEDIUM |
| Unchecked return value in some Intel(R) Graphics Drivers before version 26.20.100.8141 may allow a privileged user to potentially enable a denial of service via local access. | |||||
| CVE-2019-15523 | 2 Debian, Linbit | 2 Debian Linux, Csync2 | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in LINBIT csync2 through 2.0. It does not correctly check for the return value GNUTLS_E_WARNING_ALERT_RECEIVED of the gnutls_handshake() function. It neglects to call this function again, as required by the design of the API. | |||||
| CVE-2020-24074 | 1 Silk-v3-decoder Project | 1 Silk-v3-decoder | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| The decode program in silk-v3-decoder Version:20160922 Build By kn007 does not strictly check data, resulting in a buffer overflow. | |||||