Total
9525 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-30734 | 1 Apple | 6 Ipados, Iphone Os, Macos and 3 more | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. Processing maliciously crafted web content may lead to arbitrary code execution. | |||||
CVE-2021-39263 | 2 Debian, Tuxera | 2 Debian Linux, Ntfs-3g | 2023-12-10 | 6.9 MEDIUM | 7.8 HIGH |
A crafted NTFS image can trigger a heap-based buffer overflow, caused by an unsanitized attribute in ntfs_get_attribute_value, in NTFS-3G < 2021.8.22. | |||||
CVE-2021-27041 | 3 Autodesk, Iconics, Mitsubishielectric | 13 Advance Steel, Autocad, Autocad Architecture and 10 more | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
A maliciously crafted DWG file can be used to write beyond the allocated buffer while parsing DWG files. This vulnerability can be exploited to execute arbitrary code | |||||
CVE-2021-20494 | 1 Ibm | 1 Security Identity Manager Adapter | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
IBM Security Identity Manager Adapters 6.0 and 7.0 are vulnerable to a heap based buffer overflow, caused by improper bounds. An authenticared user could overflow the buffer and cause the service to crash. IBM X-Force ID: 197882. | |||||
CVE-2021-27242 | 1 Parallels | 1 Parallels Desktop | 2023-12-10 | 4.6 MEDIUM | 8.8 HIGH |
This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.0.1-48919. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the Toolgate component. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of the hypervisor. Was ZDI-CAN-11926. | |||||
CVE-2021-34310 | 1 Siemens | 2 Jt2go, Teamcenter Visualization | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The Tiff_loader.dll library in affected applications lacks proper validation of user-supplied data when parsing TIFF files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13351) | |||||
CVE-2019-25051 | 3 Debian, Fedoraproject, Gnu | 3 Debian Linux, Fedora, Aspell | 2023-12-10 | 4.6 MEDIUM | 7.8 HIGH |
objstack in GNU Aspell 0.60.8 has a heap-based buffer overflow in acommon::ObjStack::dup_top (called from acommon::StringMap::add and acommon::Config::lookup_list). | |||||
CVE-2019-25050 | 1 Osgeo | 1 Gdal | 2023-12-10 | 4.6 MEDIUM | 7.8 HIGH |
netCDF in GDAL 2.4.2 through 3.0.4 has a stack-based buffer overflow in nc4_get_att (called from nc4_get_att_tc and nc_get_att_text) and in uffd_cleanup (called from netCDFDataset::~netCDFDataset and netCDFDataset::~netCDFDataset). | |||||
CVE-2021-30799 | 1 Apple | 3 Iphone Os, Mac Os X, Macos | 2023-12-10 | 9.3 HIGH | 8.8 HIGH |
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave. Processing maliciously crafted web content may lead to arbitrary code execution. | |||||
CVE-2021-3517 | 6 Debian, Fedoraproject, Netapp and 3 more | 29 Debian Linux, Fedora, Active Iq Unified Manager and 26 more | 2023-12-10 | 7.5 HIGH | 8.6 HIGH |
There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11. An attacker who is able to supply a crafted file to be processed by an application linked with the affected functionality of libxml2 could trigger an out-of-bounds read. The most likely impact of this flaw is to application availability, with some potential impact to confidentiality and integrity if an attacker is able to use memory information to further exploit the application. | |||||
CVE-2021-27624 | 1 Sap | 1 Netweaver As Internet Graphics Server | 2023-12-10 | 4.3 MEDIUM | 5.9 MEDIUM |
SAP Internet Graphics Service, versions - 7.20,7.20EXT,7.53,7.20_EX2,7.81, allows an unauthenticated attacker after retrieving an existing system state value can submit a malicious IGS request over a network which due to insufficient input validation in method CiXMLIStreamRawBuffer::readRaw () which will trigger an internal memory corruption error in the system causing the system to crash and rendering it unavailable. In this attack, no data in the system can be viewed or modified. | |||||
CVE-2021-21793 | 1 Accusoft | 1 Imagegear | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
An out-of-bounds write vulnerability exists in the JPG sof_nb_comp header processing functionality of Accusoft ImageGear 19.8 and 19.9. A specially crafted malformed file can lead to memory corruption. An attacker can provide a malicious file to trigger this vulnerability. | |||||
CVE-2021-0545 | 1 Google | 1 Android | 2023-12-10 | 4.6 MEDIUM | 6.7 MEDIUM |
In phNxpNciHal_print_res_status of phNxpNciHal.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege in the NFC server with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-169258884 | |||||
CVE-2020-23706 | 1 Ok-file-formats Project | 1 Ok-file-formats | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
A heap-based buffer overflow vulnerability in the function ok_jpg_decode_block_subsequent_scan() ok_jpg.c:1102 of ok-file-formats through 2020-06-26 allows attackers to cause a Denial of Service (DOS) via a crafted jpeg file. | |||||
CVE-2021-30472 | 1 Podofo Project | 1 Podofo | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
A flaw was found in PoDoFo 0.9.7. A stack-based buffer overflow in PdfEncryptMD5Base::ComputeOwnerKey function in PdfEncrypt.cpp is possible because of a improper check of the keyLength value. | |||||
CVE-2020-27823 | 3 Debian, Fedoraproject, Uclouvain | 3 Debian Linux, Fedora, Openjpeg | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
A flaw was found in OpenJPEG’s encoder. This flaw allows an attacker to pass specially crafted x,y offset input to OpenJPEG to use during encoding. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. | |||||
CVE-2021-28136 | 1 Espressif | 2 Esp-idf, Esp32 | 2023-12-10 | 3.3 LOW | 6.5 MEDIUM |
The Bluetooth Classic implementation in Espressif ESP-IDF 4.4 and earlier does not properly handle the reception of multiple LMP IO Capability Request packets during the pairing process, allowing attackers in radio range to trigger memory corruption (and consequently a crash) in ESP32 via a replayed (duplicated) LMP packet. | |||||
CVE-2021-0530 | 1 Google | 1 Android | 2023-12-10 | 4.6 MEDIUM | 7.8 HIGH |
In memory management driver, there is a possible out of bounds write due to uninitialized data. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-185196175 | |||||
CVE-2021-3501 | 4 Fedoraproject, Linux, Netapp and 1 more | 27 Fedora, Linux Kernel, Cloud Backup and 24 more | 2023-12-10 | 3.6 LOW | 7.1 HIGH |
A flaw was found in the Linux kernel in versions before 5.12. The value of internal.ndata, in the KVM API, is mapped to an array index, which can be updated by a user process at anytime which could lead to an out-of-bounds write. The highest threat from this vulnerability is to data integrity and system availability. | |||||
CVE-2020-24829 | 1 Gpac | 1 Gpac | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
An issue was discovered in GPAC v0.8.0, as demonstrated by MP4Box. It contains a heap-based buffer overflow in gf_m2ts_section_complete in media_tools/mpegts.c that can cause a denial of service (DOS) via a crafted MP4 file. |