Total
3735 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-3501 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2021-06-18 | 3.6 LOW | 7.1 HIGH |
| A flaw was found in the Linux kernel in versions before 5.12. The value of internal.ndata, in the KVM API, is mapped to an array index, which can be updated by a user process at anytime which could lead to an out-of-bounds write. The highest threat from this vulnerability is to data integrity and system availability. | |||||
| CVE-2021-30547 | 1 Google | 1 Chrome | 2021-06-17 | 6.8 MEDIUM | 8.8 HIGH |
| Out of bounds write in ANGLE in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. | |||||
| CVE-2021-25407 | 2 Google, Samsung | 5 Android, Exynos 2100, Exynos 980 and 2 more | 2021-06-17 | 4.6 MEDIUM | 7.8 HIGH |
| A possible out of bounds write vulnerability in NPU driver prior to SMR JUN-2021 Release 1 allows arbitrary memory write. | |||||
| CVE-2021-27390 | 2021-06-17 | N/A | N/A | ||
| A vulnerability has been identified in JT2Go (All versions < V13.1.0.3), Teamcenter Visualization (All versions < V13.1.0.3). The TIFF_loader.dll library in affected applications lacks proper validation of user-supplied data when parsing TIFF files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13131) | |||||
| CVE-2021-3546 | 1 Qemu | 1 Qemu | 2021-06-17 | 4.6 MEDIUM | 8.2 HIGH |
| A flaw was found in vhost-user-gpu of QEMU in versions up to and including 6.0. An out-of-bounds write vulnerability can allow a malicious guest to crash the QEMU process on the host resulting in a denial of service or potentially execute arbitrary code on the host with the privileges of the QEMU process. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | |||||
| CVE-2020-11267 | 1 Qualcomm | 542 Apq8009, Apq8009 Firmware, Apq8009w and 539 more | 2021-06-17 | 4.6 MEDIUM | 7.8 HIGH |
| Stack out-of-bounds write occurs while setting up a cipher device if the provided IV length exceeds the max limit value in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking | |||||
| CVE-2020-35452 | 1 Apache | 1 Http Server | 2021-06-16 | 6.8 MEDIUM | 7.3 HIGH |
| Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Digest nonce can cause a stack overflow in mod_auth_digest. There is no report of this overflow being exploitable, nor the Apache HTTP Server team could create one, though some particular compiler and/or compilation option might make it possible, with limited consequences anyway due to the size (a single byte) and the value (zero byte) of the overflow | |||||
| CVE-2021-25387 | 1 Google | 1 Android | 2021-06-16 | 7.5 HIGH | 10.0 CRITICAL |
| An improper input validation vulnerability in sflacfd_get_frm() in libsflacextractor library prior to SMR MAY-2021 Release 1 allows attackers to execute arbitrary code on mediaextractor process. | |||||
| CVE-2021-25396 | 2 Google, Samsung | 5 Android, Exynos 2100, Exynos 980 and 2 more | 2021-06-16 | 4.6 MEDIUM | 6.7 MEDIUM |
| An improper input validation vulnerability in NPU firmware prior to SMR MAY-2021 Release 1 allows arbitrary memory write and code execution. | |||||
| CVE-2021-26195 | 1 Jerryscript | 1 Jerryscript | 2021-06-16 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in JerryScript 2.4.0. There is a heap-buffer-overflow in lexer_parse_number in js-lexer.c file. | |||||
| CVE-2020-23323 | 1 Jerryscript | 1 Jerryscript | 2021-06-16 | 7.5 HIGH | 9.8 CRITICAL |
| There is a heap-buffer-overflow at re-parser.c in re_parse_char_escape in JerryScript 2.2.0. | |||||
| CVE-2020-23321 | 1 Jerryscript | 1 Jerryscript | 2021-06-16 | 7.5 HIGH | 9.8 CRITICAL |
| There is a heap-buffer-overflow at lit-strings.c:431 in lit_read_code_unit_from_utf8 in JerryScript 2.2.0. | |||||
| CVE-2020-23306 | 1 Jerryscript | 1 Jerryscript | 2021-06-16 | 7.5 HIGH | 9.8 CRITICAL |
| There is a stack-overflow at ecma-regexp-object.c:535 in ecma_regexp_match in JerryScript 2.2.0. | |||||
| CVE-2020-23303 | 1 Jerryscript | 1 Jerryscript | 2021-06-16 | 7.5 HIGH | 9.8 CRITICAL |
| There is a heap-buffer-overflow at jmem-poolman.c:165 in jmem_pools_collect_empty in JerryScript 2.2.0. | |||||
| CVE-2021-0113 | 1 Intel | 2 Efi Bios 7215, Server Board M10jnp2sb | 2021-06-16 | 3.3 LOW | 6.5 MEDIUM |
| Out of bounds write in the BMC firmware for Intel(R) Server Board M10JNP2SB before version EFI BIOS 7215, BMC 8100.01.08 may allow an unauthenticated user to potentially enable a denial of service via adjacent access. | |||||
| CVE-2021-31837 | 1 Mcafee | 1 Getsusp | 2021-06-16 | 6.1 MEDIUM | 7.8 HIGH |
| Memory corruption vulnerability in the driver file component in McAfee GetSusp prior to 4.0.0 could allow a program being investigated on the local machine to trigger a buffer overflow in GetSusp, leading to the execution of arbitrary code, potentially triggering a BSOD. | |||||
| CVE-2016-8713 | 1 Gonitro | 1 Nitro Pdf Pro | 2021-06-16 | 6.8 MEDIUM | 7.8 HIGH |
| A remote out of bound write / memory corruption vulnerability exists in the PDF parsing functionality of Nitro Pro 10.5.9.9. A specially crafted PDF file can cause a vulnerability resulting in potential memory corruption. An attacker can send the victim a specific PDF file to trigger this vulnerability. | |||||
| CVE-2021-31487 | 2021-06-15 | N/A | N/A | ||
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DWF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12715. | |||||
| CVE-2021-31494 | 2021-06-15 | N/A | N/A | ||
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13305. | |||||
| CVE-2021-31499 | 2021-06-15 | N/A | N/A | ||
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DWF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12745. | |||||