Vulnerabilities (CVE)

Filtered by CWE-787
Total 3735 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-3501 2 Linux, Redhat 2 Linux Kernel, Enterprise Linux 2021-06-18 3.6 LOW 7.1 HIGH
A flaw was found in the Linux kernel in versions before 5.12. The value of internal.ndata, in the KVM API, is mapped to an array index, which can be updated by a user process at anytime which could lead to an out-of-bounds write. The highest threat from this vulnerability is to data integrity and system availability.
CVE-2021-30547 1 Google 1 Chrome 2021-06-17 6.8 MEDIUM 8.8 HIGH
Out of bounds write in ANGLE in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.
CVE-2021-25407 2 Google, Samsung 5 Android, Exynos 2100, Exynos 980 and 2 more 2021-06-17 4.6 MEDIUM 7.8 HIGH
A possible out of bounds write vulnerability in NPU driver prior to SMR JUN-2021 Release 1 allows arbitrary memory write.
CVE-2021-27390 2021-06-17 N/A N/A
A vulnerability has been identified in JT2Go (All versions < V13.1.0.3), Teamcenter Visualization (All versions < V13.1.0.3). The TIFF_loader.dll library in affected applications lacks proper validation of user-supplied data when parsing TIFF files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13131)
CVE-2021-3546 1 Qemu 1 Qemu 2021-06-17 4.6 MEDIUM 8.2 HIGH
A flaw was found in vhost-user-gpu of QEMU in versions up to and including 6.0. An out-of-bounds write vulnerability can allow a malicious guest to crash the QEMU process on the host resulting in a denial of service or potentially execute arbitrary code on the host with the privileges of the QEMU process. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
CVE-2020-11267 1 Qualcomm 542 Apq8009, Apq8009 Firmware, Apq8009w and 539 more 2021-06-17 4.6 MEDIUM 7.8 HIGH
Stack out-of-bounds write occurs while setting up a cipher device if the provided IV length exceeds the max limit value in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
CVE-2020-35452 1 Apache 1 Http Server 2021-06-16 6.8 MEDIUM 7.3 HIGH
Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Digest nonce can cause a stack overflow in mod_auth_digest. There is no report of this overflow being exploitable, nor the Apache HTTP Server team could create one, though some particular compiler and/or compilation option might make it possible, with limited consequences anyway due to the size (a single byte) and the value (zero byte) of the overflow
CVE-2021-25387 1 Google 1 Android 2021-06-16 7.5 HIGH 10.0 CRITICAL
An improper input validation vulnerability in sflacfd_get_frm() in libsflacextractor library prior to SMR MAY-2021 Release 1 allows attackers to execute arbitrary code on mediaextractor process.
CVE-2021-25396 2 Google, Samsung 5 Android, Exynos 2100, Exynos 980 and 2 more 2021-06-16 4.6 MEDIUM 6.7 MEDIUM
An improper input validation vulnerability in NPU firmware prior to SMR MAY-2021 Release 1 allows arbitrary memory write and code execution.
CVE-2021-26195 1 Jerryscript 1 Jerryscript 2021-06-16 6.8 MEDIUM 8.8 HIGH
An issue was discovered in JerryScript 2.4.0. There is a heap-buffer-overflow in lexer_parse_number in js-lexer.c file.
CVE-2020-23323 1 Jerryscript 1 Jerryscript 2021-06-16 7.5 HIGH 9.8 CRITICAL
There is a heap-buffer-overflow at re-parser.c in re_parse_char_escape in JerryScript 2.2.0.
CVE-2020-23321 1 Jerryscript 1 Jerryscript 2021-06-16 7.5 HIGH 9.8 CRITICAL
There is a heap-buffer-overflow at lit-strings.c:431 in lit_read_code_unit_from_utf8 in JerryScript 2.2.0.
CVE-2020-23306 1 Jerryscript 1 Jerryscript 2021-06-16 7.5 HIGH 9.8 CRITICAL
There is a stack-overflow at ecma-regexp-object.c:535 in ecma_regexp_match in JerryScript 2.2.0.
CVE-2020-23303 1 Jerryscript 1 Jerryscript 2021-06-16 7.5 HIGH 9.8 CRITICAL
There is a heap-buffer-overflow at jmem-poolman.c:165 in jmem_pools_collect_empty in JerryScript 2.2.0.
CVE-2021-0113 1 Intel 2 Efi Bios 7215, Server Board M10jnp2sb 2021-06-16 3.3 LOW 6.5 MEDIUM
Out of bounds write in the BMC firmware for Intel(R) Server Board M10JNP2SB before version EFI BIOS 7215, BMC 8100.01.08 may allow an unauthenticated user to potentially enable a denial of service via adjacent access.
CVE-2021-31837 1 Mcafee 1 Getsusp 2021-06-16 6.1 MEDIUM 7.8 HIGH
Memory corruption vulnerability in the driver file component in McAfee GetSusp prior to 4.0.0 could allow a program being investigated on the local machine to trigger a buffer overflow in GetSusp, leading to the execution of arbitrary code, potentially triggering a BSOD.
CVE-2016-8713 1 Gonitro 1 Nitro Pdf Pro 2021-06-16 6.8 MEDIUM 7.8 HIGH
A remote out of bound write / memory corruption vulnerability exists in the PDF parsing functionality of Nitro Pro 10.5.9.9. A specially crafted PDF file can cause a vulnerability resulting in potential memory corruption. An attacker can send the victim a specific PDF file to trigger this vulnerability.
CVE-2021-31487 2021-06-15 N/A N/A
This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DWF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12715.
CVE-2021-31494 2021-06-15 N/A N/A
This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13305.
CVE-2021-31499 2021-06-15 N/A N/A
This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DWF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12745.