Total
13458 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-36070 | 2 Adobe, Microsoft | 2 Media Encoder, Windows | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
|
Adobe Media Encoder version 15.1 (and earlier) is affected by an improper memory access vulnerability when parsing a crafted .SVG file. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2021-36069 | 2 Adobe, Microsoft | 2 Bridge, Windows | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
|
Adobe Bridge version 11.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious Bridge file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.
|
|||||
| CVE-2021-36068 | 2 Adobe, Microsoft | 2 Bridge, Windows | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
|
Adobe Bridge version 11.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious Bridge file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.
|
|||||
| CVE-2021-36067 | 2 Adobe, Microsoft | 2 Bridge, Windows | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
|
Adobe Bridge version 11.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious Bridge file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.
|
|||||
| CVE-2021-36059 | 2 Adobe, Microsoft | 2 Bridge, Windows | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
|
Adobe Bridge version 11.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious Bridge file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.
|
|||||
| CVE-2021-35098 | 1 Qualcomm | 172 Apq8053, Apq8053 Firmware, Apq8096au and 169 more | 2024-11-21 | 4.6 MEDIUM | 6.7 MEDIUM |
|
Improper validation of session id in PCM routing process can lead to memory corruption in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
|
|||||
| CVE-2021-34934 | 1 Bentley | 2 Bentley View, Microstation | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code i ...
Show More |
|||||
| CVE-2021-34874 | 1 Bentley | 2 Bentley View, Microstation | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of 3DS files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute co ...
Show More |
|||||
| CVE-2021-34859 | 1 Teamviewer | 1 Teamviewer | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
This vulnerability allows remote attackers to execute arbitrary code on affected installations of TeamViewer 15.16.8.0. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of TVS files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in ...
Show More |
|||||
| CVE-2021-34856 | 1 Parallels | 1 Parallels Desktop | 2024-11-21 | 4.6 MEDIUM | 8.8 HIGH |
|
This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.3 (49160). An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the virtio-gpu virtual device. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerabili ...
Show More |
|||||
| CVE-2021-34783 | 1 Cisco | 18 Adaptive Security Appliance Software, Asa 5505, Asa 5505 Firmware and 15 more | 2024-11-21 | 7.8 HIGH | 8.6 HIGH |
|
A vulnerability in the software-based SSL/TLS message handler of Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. This vulnerability is due to insufficient validation of SSL/TLS messages when the device performs software-based SSL/TLS decryption. An attacker could exploit this vulnerability by sending a crafted SSL/TL ...
Show More |
|||||
| CVE-2021-34781 | 1 Cisco | 3 Firepower Management Center Virtual Appliance, Firepower Threat Defense, Sourcefire Defense Center | 2024-11-21 | 7.1 HIGH | 8.6 HIGH |
|
A vulnerability in the processing of SSH connections for multi-instance deployments of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on the affected device. This vulnerability is due to a lack of proper error handling when an SSH session fails to be established. An attacker could exploit this vulnerability by sending a high rate of crafted SSH connections to the instance. A successful exploit could allow ...
Show More |
|||||
| CVE-2021-34550 | 1 Torproject | 1 Tor | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
An issue was discovered in Tor before 0.4.6.5, aka TROVE-2021-006. The v3 onion service descriptor parsing allows out-of-bounds memory access, and a client crash, via a crafted onion service descriptor
|
|||||
| CVE-2021-34378 | 1 Nvidia | 9 Jetson Agx Xavier 16gb, Jetson Agx Xavier 32gb, Jetson Agx Xavier 8gb and 6 more | 2024-11-21 | 4.6 MEDIUM | 7.7 HIGH |
|
Trusty contains a vulnerability in the HDCP service TA where bounds checking in command 11 is missing. Improper restriction of operations within the bounds of a memory buffer might lead to information disclosure, denial of service, or escalation of privileges.
|
|||||
| CVE-2021-34377 | 1 Nvidia | 9 Jetson Agx Xavier 16gb, Jetson Agx Xavier 32gb, Jetson Agx Xavier 8gb and 6 more | 2024-11-21 | 4.6 MEDIUM | 7.7 HIGH |
|
Trusty contains a vulnerability in the HDCP service TA where bounds checking in command 9 is missing. Improper restriction of operations within the bounds of a memory buffer might lead to escalation of privileges, information disclosure, and denial of service.
|
|||||
| CVE-2021-34376 | 1 Nvidia | 9 Jetson Agx Xavier 16gb, Jetson Agx Xavier 32gb, Jetson Agx Xavier 8gb and 6 more | 2024-11-21 | 4.6 MEDIUM | 7.7 HIGH |
|
Trusty contains a vulnerability in the HDCP service TA where bounds checking in command 5 is missing. Improper restriction of operations within the bounds of a memory buffer might lead to denial of service, escalation of privileges, and information disclosure.
|
|||||
| CVE-2021-34306 | 1 Siemens | 2 Jt2go, Teamcenter Visualization | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The BMP_Loader.dll library in affected applications lacks proper validation of user-supplied data when parsing BMP files. This could result in a memory corruption condition. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13342)
|
|||||
| CVE-2021-33737 | 1 Siemens | 12 Simatic Cp343-1, Simatic Cp343-1 Advanced, Simatic Cp 343-1 Advanced Firmware and 9 more | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
|
A vulnerability has been identified in SIMATIC CP 343-1 (incl. SIPLUS variants) (All versions), SIMATIC CP 343-1 Advanced (incl. SIPLUS variants) (All versions), SIMATIC CP 343-1 ERPC (All versions), SIMATIC CP 343-1 Lean (incl. SIPLUS variants) (All versions), SIMATIC CP 443-1 (All versions < V3.3), SIMATIC CP 443-1 (All versions < V3.3), SIMATIC CP 443-1 Advanced (All versions < V3.3), SIPLUS NET CP 443-1 (All versions < V3.3), SIPLUS NET CP 443-1 Advanced (All versions < V3.3). Sending a spec ...
Show More |
|||||
| CVE-2021-33481 | 1 Optical Character Recognition Project | 1 Optical Character Recognition | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
A stack-based buffer overflow vulnerability was discovered in gocr through 0.53-20200802 in try_to_divide_boxes() in pgm2asc.c.
|
|||||
| CVE-2021-33479 | 1 Optical Character Recognition Project | 1 Optical Character Recognition | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
A stack-based buffer overflow vulnerability was discovered in gocr through 0.53-20200802 in measure_pitch() in pgm2asc.c.
|
|||||
| CVE-2021-33478 | 1 Cisco | 15 Ip Phone 8800 Firmware, Ip Phone 8800 Series With Multiplatform Firmware, Ip Phone 8811 Firmware and 12 more | 2024-11-21 | 4.6 MEDIUM | 6.8 MEDIUM |
|
The TrustZone implementation in certain Broadcom MediaxChange firmware could allow an unauthenticated, physically proximate attacker to achieve arbitrary code execution in the TrustZone Trusted Execution Environment (TEE) of an affected device. This, for example, affects certain Cisco IP Phone and Wireless IP Phone products before 2021-07-07. Exploitation is possible only when the attacker can disassemble the device in order to control the voltage/current for chip pins.
|
|||||
| CVE-2021-33004 | 1 Advantech | 1 Webaccess\/hmi Designer | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
The affected product is vulnerable to memory corruption condition due to lack of proper validation of user supplied files, which may allow an attacker to execute arbitrary code. User interaction is required on the WebAccess HMI Designer (versions 2.1.9.95 and prior).
|
|||||
| CVE-2021-32994 | 1 Softing | 1 Opc Ua C\+\+ Software Development Kit | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Softing OPC UA C++ SDK (Software Development Kit) versions from 5.59 to 5.64 exported library functions don't properly validate received extension objects, which may allow an attacker to crash the software by sending a variety of specially crafted packets to access several unexpected memory locations.
|
|||||
| CVE-2021-32992 | 1 Fatek | 1 Winproladder | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
FATEK Automation WinProladder Versions 3.30 and prior do not properly restrict operations within the bounds of a memory buffer, which may allow an attacker to execute arbitrary code.
|
|||||
| CVE-2021-32537 | 1 Realtek | 1 Hda Driver | 2024-11-21 | 4.9 MEDIUM | 6.5 MEDIUM |
|
Realtek HAD contains a driver crashed vulnerability which allows local side attackers to send a special string to the kernel driver in a user’s mode. Due to unexpected commands, the kernel driver will cause the system crashed.
|
|||||
| CVE-2021-32493 | 2 Debian, Djvulibre Project | 2 Debian Linux, Djvulibre | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
A flaw was found in djvulibre-3.5.28 and earlier. A heap buffer overflow in function DJVU::GBitmap::decode() via crafted djvu file may lead to application crash and other consequences.
|
|||||
| CVE-2021-32492 | 2 Debian, Djvulibre Project | 2 Debian Linux, Djvulibre | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
A flaw was found in djvulibre-3.5.28 and earlier. An out of bounds read in function DJVU::DataPool::has_data() via crafted djvu file may lead to application crash and other consequences.
|
|||||
| CVE-2021-32490 | 2 Debian, Djvulibre Project | 2 Debian Linux, Djvulibre | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
A flaw was found in djvulibre-3.5.28 and earlier. An out of bounds write in function DJVU::filter_bv() via crafted djvu file may lead to application crash and other consequences.
|
|||||
| CVE-2021-32020 | 1 Amazon | 1 Freertos | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
The kernel in Amazon Web Services FreeRTOS before 10.4.3 has insufficient bounds checking during management of heap memory.
|
|||||
| CVE-2021-31977 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2024-11-21 | 5.0 MEDIUM | 8.6 HIGH |
|
Windows Hyper-V Denial of Service Vulnerability
|
|||||
| CVE-2021-31883 | 1 Siemens | 16 Apogee Modular Building Controller, Apogee Modular Building Controller Firmware, Apogee Modular Equiment Controller and 13 more | 2024-11-21 | 5.0 MEDIUM | 7.1 HIGH |
|
A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions < V2303). When processing a DHCP ACK message, the DHCP client application does not validate the length of the Vendor option(s), leading to Denial-of-Service conditions. (FSMD-2021-0013)
|
|||||
| CVE-2021-31882 | 1 Siemens | 16 Apogee Modular Building Controller, Apogee Modular Building Controller Firmware, Apogee Modular Equiment Controller and 13 more | 2024-11-21 | 5.0 MEDIUM | 6.5 MEDIUM |
|
A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions < V2303). The DHCP client application does not validate the length of the Domain Name Server IP option(s) (0x06) when processing DHCP ACK packets. This may lead to Denial-of-Service conditions. (FSMD-2021-0011)
|
|||||
| CVE-2021-31617 | 1 Stormshield | 1 Stormshield Network Security | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
In ASQ in Stormshield Network Security (SNS) 1.0.0 through 2.7.8, 2.8.0 through 2.16.0, 3.0.0 through 3.7.20, 3.8.0 through 3.11.8, and 4.0.1 through 4.2.2, mishandling of memory management can lead to remote code execution.
|
|||||
| CVE-2021-31495 | 1 Opentext | 1 Brava\! Desktop | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to exe ...
Show More |
|||||
| CVE-2021-31493 | 1 Opentext | 1 Brava\! Desktop | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to exe ...
Show More |
|||||
| CVE-2021-31472 | 2 Foxitsoftware, Microsoft | 2 3d, Windows | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of U3D objects in PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leve ...
Show More |
|||||
| CVE-2021-31261 | 1 Gpac | 1 Gpac | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
The gf_hinter_track_new function in GPAC 1.0.1 allows attackers to read memory via a crafted file in the MP4Box command.
|
|||||
| CVE-2021-30530 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
Out of bounds memory access in WebAudio in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page.
|
|||||
| CVE-2021-30472 | 1 Podofo Project | 1 Podofo | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
A flaw was found in PoDoFo 0.9.7. A stack-based buffer overflow in PdfEncryptMD5Base::ComputeOwnerKey function in PdfEncrypt.cpp is possible because of a improper check of the keyLength value.
|
|||||
| CVE-2021-30454 | 1 Outer Cgi Project | 1 Outer Cgi | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
An issue was discovered in the outer_cgi crate before 0.2.1 for Rust. A user-provided Read instance receives an uninitialized memory buffer from KeyValueReader.
|
|||||