Vulnerabilities (CVE)

Filtered by CWE-787
Total 9498 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-32490 2 Debian, Djvulibre Project 2 Debian Linux, Djvulibre 2023-12-10 6.8 MEDIUM 7.8 HIGH
A flaw was found in djvulibre-3.5.28 and earlier. An out of bounds write in function DJVU::filter_bv() via crafted djvu file may lead to application crash and other consequences.
CVE-2021-26419 1 Microsoft 9 Internet Explorer, Windows 10, Windows 7 and 6 more 2023-12-10 7.6 HIGH 7.5 HIGH
Scripting Engine Memory Corruption Vulnerability
CVE-2020-36366 1 Cesanta 1 Mjs 2023-12-10 4.3 MEDIUM 5.5 MEDIUM
Stack overflow vulnerability in parse_value Cesanta MJS 1.20.1, allows remote attackers to cause a Denial of Service (DoS) via a crafted file.
CVE-2021-3569 2 Libtpms Project, Redhat 2 Libtpms, Enterprise Linux 2023-12-10 2.1 LOW 5.5 MEDIUM
A stack corruption bug was found in libtpms in versions before 0.7.2 and before 0.8.0 while decrypting data using RSA. This flaw could result in a SIGBUS (bad memory access) and termination of swtpm. The highest threat from this vulnerability is to system availability.
CVE-2021-30909 1 Apple 7 Ipad Os, Ipados, Iphone Os and 4 more 2023-12-10 9.3 HIGH 7.8 HIGH
A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 15.1 and iPadOS 15.1, macOS Monterey 12.0.1, iOS 14.8.1 and iPadOS 14.8.1, tvOS 15.1, watchOS 8.1, Security Update 2021-007 Catalina, macOS Big Sur 11.6.1. An application may be able to execute arbitrary code with kernel privileges.
CVE-2021-31916 3 Debian, Linux, Redhat 3 Debian Linux, Linux Kernel, Enterprise Linux 2023-12-10 6.1 MEDIUM 6.7 MEDIUM
An out-of-bounds (OOB) memory write flaw was found in list_devices in drivers/md/dm-ioctl.c in the Multi-device driver module in the Linux kernel before 5.12. A bound check failure allows an attacker with special user (CAP_SYS_ADMIN) privilege to gain access to out-of-bounds memory leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to system availability.
CVE-2021-34383 1 Nvidia 9 Jetson Agx Xavier 16gb, Jetson Agx Xavier 32gb, Jetson Agx Xavier 8gb and 6 more 2023-12-10 4.6 MEDIUM 6.7 MEDIUM
Bootloader contains a vulnerability in NVIDIA MB2 where a potential heap overflow might lead to denial of service or escalation of privileges.
CVE-2021-31486 1 Opentext 1 Brava\! Desktop 2023-12-10 6.8 MEDIUM 7.8 HIGH
This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DWF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12712.
CVE-2021-28561 3 Adobe, Apple, Microsoft 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more 2023-12-10 6.8 MEDIUM 8.8 HIGH
Acrobat Reader DC versions versions 2021.001.20150 (and earlier), 2020.001.30020 (and earlier) and 2017.011.30194 (and earlier) are affected by a memory corruption vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2021-34068 1 Tsmuxer Project 1 Tsmuxer 2023-12-10 4.3 MEDIUM 5.5 MEDIUM
Heap based buffer overflow in tsMuxer 2.6.16 allows attackers to cause a Denial of Service (DoS) by running the application with a crafted file.
CVE-2021-0254 1 Juniper 1 Junos 2023-12-10 7.5 HIGH 9.8 CRITICAL
A buffer size validation vulnerability in the overlayd service of Juniper Networks Junos OS may allow an unauthenticated remote attacker to send specially crafted packets to the device, triggering a partial Denial of Service (DoS) condition, or leading to remote code execution (RCE). Continued receipt and processing of these packets will sustain the partial DoS. The overlayd daemon handles Overlay OAM packets, such as ping and traceroute, sent to the overlay. The service runs as root by default and listens for UDP connections on port 4789. This issue results from improper buffer size validation, which can lead to a buffer overflow. Unauthenticated attackers can send specially crafted packets to trigger this vulnerability, resulting in possible remote code execution. overlayd runs by default in MX Series, ACX Series, and QFX Series platforms. The SRX Series does not support VXLAN and is therefore not vulnerable to this issue. Other platforms are also vulnerable if a Virtual Extensible LAN (VXLAN) overlay network is configured. This issue affects Juniper Networks Junos OS: 15.1 versions prior to 15.1R7-S9; 17.3 versions prior to 17.3R3-S11; 17.4 versions prior to 17.4R2-S13, 17.4R3-S4; 18.1 versions prior to 18.1R3-S12; 18.2 versions prior to 18.2R2-S8, 18.2R3-S7; 18.3 versions prior to 18.3R3-S4; 18.4 versions prior to 18.4R1-S8, 18.4R2-S7, 18.4R3-S7; 19.1 versions prior to 19.1R2-S2, 19.1R3-S4; 19.2 versions prior to 19.2R1-S6, 19.2R3-S2; 19.3 versions prior to 19.3R3-S1; 19.4 versions prior to 19.4R2-S4, 19.4R3-S1; 20.1 versions prior to 20.1R2-S1, 20.1R3; 20.2 versions prior to 20.2R2, 20.2R2-S1, 20.2R3; 20.3 versions prior to 20.3R1-S1.
CVE-2020-22017 2 Debian, Ffmpeg 2 Debian Linux, Ffmpeg 2023-12-10 6.8 MEDIUM 8.8 HIGH
A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 at ff_fill_rectangle in libavfilter/drawutils.c, which might lead to memory corruption and other potential consequences.
CVE-2021-28211 1 Tianocore 1 Edk2 2023-12-10 4.6 MEDIUM 6.7 MEDIUM
A heap overflow in LzmaUefiDecompressGetInfo function in EDK II.
CVE-2021-21197 2 Fedoraproject, Google 2 Fedora, Chrome 2023-12-10 6.8 MEDIUM 8.8 HIGH
Heap buffer overflow in TabStrip in Google Chrome prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2020-15744 1 Govicture 2 Pc420, Pc420 Firmware 2023-12-10 10.0 HIGH 9.8 CRITICAL
Stack-based Buffer Overflow vulnerability in the ONVIF server component of Victure PC420 smart camera allows an attacker to execute remote code on the target device. This issue affects: Victure PC420 firmware version 1.2.2 and prior versions.
CVE-2021-0543 1 Google 1 Android 2023-12-10 4.6 MEDIUM 6.7 MEDIUM
In phNxpNciHal_process_ext_rsp of phNxpNciHal_ext.cc, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-169258743
CVE-2021-36066 3 Adobe, Apple, Microsoft 3 Photoshop, Macos, Windows 2023-12-10 9.3 HIGH 7.8 HIGH
Adobe Photoshop versions 21.2.10 (and earlier) and 22.4.3 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2020-20227 1 Mikrotik 1 Routeros 2023-12-10 4.0 MEDIUM 6.5 MEDIUM
Mikrotik RouterOs stable 6.47 suffers from a memory corruption vulnerability in the /nova/bin/diskd process. An authenticated remote attacker can cause a Denial of Service due to invalid memory access.
CVE-2021-30526 2 Fedoraproject, Google 2 Fedora, Chrome 2023-12-10 6.8 MEDIUM 8.8 HIGH
Out of bounds write in TabStrip in Google Chrome prior to 91.0.4472.77 allowed an attacker who convinced a user to install a malicious extension to perform an out of bounds memory write via a crafted HTML page.
CVE-2021-36015 2 Adobe, Microsoft 2 Media Encoder, Windows 2023-12-10 9.3 HIGH 7.8 HIGH
Adobe Media Encoder version 15.2 (and earlier) is affected by a memory corruption vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.