Total
9630 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2020-12358 | 3 Intel, Netapp, Siemens | 548 Bios, Core I3-l13g4, Core I5-l16g7 and 545 more | 2023-12-10 | 2.1 LOW | 4.4 MEDIUM |
Out of bounds write in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable denial of service via local access. | |||||
CVE-2021-27410 | 1 Hillrom | 9 Connex Central Station, Connex Device Integration Suite Network Connectivity Engine, Connex Integrated Wall System and 6 more | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
The affected product is vulnerable to an out-of-bounds write, which may result in corruption of data or code execution on the Welch Allyn medical device management tools (Welch Allyn Service Tool: versions prior to v1.10, Welch Allyn Connex Device Integration Suite – Network Connectivity Engine (NCE): versions prior to v5.3, Welch Allyn Software Development Kit (SDK): versions prior to v3.2, Welch Allyn Connex Central Station (CS): versions prior to v1.8.6, Welch Allyn Service Monitor: versions prior to v1.7.0.0, Welch Allyn Connex Vital Signs Monitor (CVSM): versions prior to v2.43.02, Welch Allyn Connex Integrated Wall System (CIWS): versions prior to v2.43.02, Welch Allyn Connex Spot Monitor (CSM): versions prior to v1.52, Welch Allyn Spot Vital Signs 4400 Device (Spot 4400) / Welch Allyn Spot 4400 Vital Signs Extended Care Device: versions prior to v1.11.00). | |||||
CVE-2021-36049 | 1 Adobe | 1 Bridge | 2023-12-10 | 9.3 HIGH | 7.8 HIGH |
Adobe Bridge version 11.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious Bridge file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability. | |||||
CVE-2021-21871 | 1 Poweriso | 1 Poweriso | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
A memory corruption vulnerability exists in the DMG File Format Handler functionality of PowerISO 7.9. A specially crafted DMG file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability. The vendor fixed it in a bug-release of the current version. | |||||
CVE-2021-28591 | 2 Adobe, Microsoft | 2 Illustrator, Windows | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
Adobe Illustrator version 25.2.3 (and earlier) is affected by an Out-of-bounds Write vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
CVE-2020-22016 | 2 Debian, Ffmpeg | 2 Debian Linux, Ffmpeg | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
A heap-based Buffer Overflow vulnerability in FFmpeg 4.2 at libavcodec/get_bits.h when writing .mov files, which might lead to memory corruption and other potential consequences. | |||||
CVE-2021-0557 | 1 Google | 1 Android | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
In setRange of ABuffer.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-179046129 | |||||
CVE-2020-23303 | 1 Jerryscript | 1 Jerryscript | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
There is a heap-buffer-overflow at jmem-poolman.c:165 in jmem_pools_collect_empty in JerryScript 2.2.0. | |||||
CVE-2021-1504 | 1 Cisco | 2 Adaptive Security Appliance Software, Firepower Threat Defense | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
Multiple vulnerabilities in Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. These vulnerabilities are due to lack of proper input validation of the HTTPS request. An attacker could exploit these vulnerabilities by sending a crafted HTTPS request to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. Note: This vulnerability affects only specific AnyConnect and WebVPN configurations. For more information, see the Vulnerable Products section. | |||||
CVE-2021-33833 | 2 Debian, Intel | 2 Debian Linux, Connection Manager | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
ConnMan (aka Connection Manager) 1.30 through 1.39 has a stack-based buffer overflow in uncompress in dnsproxy.c via NAME, RDATA, or RDLENGTH (for A or AAAA). | |||||
CVE-2021-34326 | 1 Siemens | 3 Jt2go, Solid Edge, Teamcenter Visualization | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
A vulnerability has been identified in JT2Go (All versions < V13.2), Solid Edge SE2021 (All Versions < SE2021MP5), Teamcenter Visualization (All versions < V13.2). The plmxmlAdapterSE70.dll library in affected applications lacks proper validation of user-supplied data when parsing PAR files. This could result in an out of bounds write past the fixed-length heap-based buffer. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13422) | |||||
CVE-2020-22031 | 2 Debian, Ffmpeg | 2 Debian Linux, Ffmpeg | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
A Heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 at libavfilter/vf_w3fdif.c in filter16_complex_low, which might lead to memory corruption and other potential consequences. | |||||
CVE-2021-29998 | 2 Siemens, Windriver | 71 Ruggedcom Win Subscriber Station, Ruggedcom Win Subscriber Station Firmware, Scalance X200-4 P Irt and 68 more | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
An issue was discovered in Wind River VxWorks before 6.5. There is a possible heap overflow in dhcp client. | |||||
CVE-2021-36000 | 2 Adobe, Microsoft | 2 Character Animator, Windows | 2023-12-10 | 9.3 HIGH | 7.8 HIGH |
Adobe Character Animator version 4.2 (and earlier) is affected by a memory corruption vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
CVE-2021-35990 | 2 Adobe, Microsoft | 2 Bridge, Windows | 2023-12-10 | 9.3 HIGH | 7.8 HIGH |
Adobe Bridge version 11.0.2 (and earlier) is affected by an Out-of-bounds Write vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
CVE-2021-32490 | 2 Debian, Djvulibre Project | 2 Debian Linux, Djvulibre | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
A flaw was found in djvulibre-3.5.28 and earlier. An out of bounds write in function DJVU::filter_bv() via crafted djvu file may lead to application crash and other consequences. | |||||
CVE-2020-36366 | 1 Cesanta | 1 Mjs | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
Stack overflow vulnerability in parse_value Cesanta MJS 1.20.1, allows remote attackers to cause a Denial of Service (DoS) via a crafted file. | |||||
CVE-2021-3569 | 2 Libtpms Project, Redhat | 2 Libtpms, Enterprise Linux | 2023-12-10 | 2.1 LOW | 5.5 MEDIUM |
A stack corruption bug was found in libtpms in versions before 0.7.2 and before 0.8.0 while decrypting data using RSA. This flaw could result in a SIGBUS (bad memory access) and termination of swtpm. The highest threat from this vulnerability is to system availability. | |||||
CVE-2021-30909 | 1 Apple | 7 Ipad Os, Ipados, Iphone Os and 4 more | 2023-12-10 | 9.3 HIGH | 7.8 HIGH |
A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 15.1 and iPadOS 15.1, macOS Monterey 12.0.1, iOS 14.8.1 and iPadOS 14.8.1, tvOS 15.1, watchOS 8.1, Security Update 2021-007 Catalina, macOS Big Sur 11.6.1. An application may be able to execute arbitrary code with kernel privileges. | |||||
CVE-2021-31916 | 3 Debian, Linux, Redhat | 3 Debian Linux, Linux Kernel, Enterprise Linux | 2023-12-10 | 6.1 MEDIUM | 6.7 MEDIUM |
An out-of-bounds (OOB) memory write flaw was found in list_devices in drivers/md/dm-ioctl.c in the Multi-device driver module in the Linux kernel before 5.12. A bound check failure allows an attacker with special user (CAP_SYS_ADMIN) privilege to gain access to out-of-bounds memory leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to system availability. |