Total
2944 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-26461 | 1 Apache | 1 Nuttx | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Apache Nuttx Versions prior to 10.1.0 are vulnerable to integer wrap-around in functions malloc, realloc and memalign. This improper memory assignment can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execution.
|
|||||
| CVE-2021-26329 | 1 Amd | 114 Epyc 7232p, Epyc 7232p Firmware, Epyc 7251 and 111 more | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
AMD System Management Unit (SMU) may experience an integer overflow when an invalid length is provided which may result in a potential loss of resources.
|
|||||
| CVE-2021-26260 | 3 Debian, Fedoraproject, Openexr | 3 Debian Linux, Fedora, Openexr | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
An integer overflow leading to a heap-buffer overflow was found in the DwaCompressor of OpenEXR in versions before 3.0.1. An attacker could use this flaw to crash an application compiled with OpenEXR. This is a different flaw from CVE-2021-23215.
|
|||||
| CVE-2021-26109 | 1 Fortinet | 1 Fortios | 2024-11-21 | 7.5 HIGH | 8.1 HIGH |
|
An integer overflow or wraparound vulnerability in the memory allocator of SSLVPN in FortiOS before 7.0.1 may allow an unauthenticated attacker to corrupt control data on the heap via specifically crafted requests to SSLVPN, resulting in potentially arbitrary code execution.
|
|||||
| CVE-2021-25803 | 1 Videolan | 1 Vlc Media Player | 2024-11-21 | 5.8 MEDIUM | 7.1 HIGH |
|
A buffer overflow vulnerability in the vlc_input_attachment_New component of VideoLAN VLC Media Player 3.0.11 allows attackers to cause an out-of-bounds read via a crafted .avi file.
|
|||||
| CVE-2021-24036 | 1 Facebook | 2 Folly, Hhvm | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Passing an attacker controlled size when creating an IOBuf could cause integer overflow, leading to an out of bounds write on the heap with the possibility of remote code execution. This issue affects versions of folly prior to v2021.07.22.00. This issue affects HHVM versions prior to 4.80.5, all versions between 4.81.0 and 4.102.1, all versions between 4.103.0 and 4.113.0, and versions 4.114.0, 4.115.0, 4.116.0, 4.117.0, 4.118.0 and 4.118.1.
|
|||||
| CVE-2021-24025 | 1 Facebook | 1 Hhvm | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Due to incorrect string size calculations inside the preg_quote function, a large input string passed to the function can trigger an integer overflow leading to a heap overflow. This issue affects HHVM versions prior to 4.56.3, all versions between 4.57.0 and 4.80.1, all versions between 4.81.0 and 4.93.1, and versions 4.94.0, 4.95.0, 4.96.0, 4.97.0, 4.98.0.
|
|||||
| CVE-2021-23840 | 7 Debian, Fujitsu, Mcafee and 4 more | 27 Debian Linux, M10-1, M10-1 Firmware and 24 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissable length for an integer on the platform. In such cases the return value from the function call will be 1 (indicating success), but the output length value will be negative. This could cause applications to behave incorrectly or crash. OpenSSL versions 1.1.1i and below are affected by this issue. Users of these versions s ...
Show More |
|||||
| CVE-2021-23215 | 3 Debian, Fedoraproject, Openexr | 3 Debian Linux, Fedora, Openexr | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
An integer overflow leading to a heap-buffer overflow was found in the DwaCompressor of OpenEXR in versions before 3.0.1. An attacker could use this flaw to crash an application compiled with OpenEXR.
|
|||||
| CVE-2021-22684 | 1 Samsung | 1 Tizenrt | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Tizen RT RTOS version 3.0.GBB is vulnerable to integer wrap-around in functions_calloc and mm_zalloc. This improper memory assignment can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash
|
|||||
| CVE-2021-22680 | 1 Nxp | 1 Mqx | 2024-11-21 | 7.5 HIGH | 7.3 HIGH |
|
NXP MQX Versions 5.1 and prior are vulnerable to integer overflow in mem_alloc, _lwmem_alloc and _partition functions. This unverified memory assignment can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execution.
|
|||||
| CVE-2021-22679 | 1 Ti | 7 Cc3100 Software Development Kit, Cc3200 Software Development Kit, Simplelink Cc13x0 Software Development Kit and 4 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
The affected product is vulnerable to an integer overflow while processing HTTP headers, which may allow an attacker to remotely execute code on the SimpleLink Wi-Fi (MSP432E4 SDK: v4.20.00.12 and prior, CC32XX SDK v4.30.00.06 and prior, CC13X0 SDK versions prior to v4.10.03, CC13X2 and CC26XX SDK versions prior to v4.40.00, CC3200 SDK v1.5.0 and prior, CC3100 SDK v1.3.0 and prior).
|
|||||
| CVE-2021-22677 | 1 Ti | 7 Cc3100 Software Development Kit, Cc3200 Software Development Kit, Simplelink Cc13x0 Software Development Kit and 4 more | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
An integer overflow exists in the APIs of the host MCU while trying to connect to a WIFI network may lead to issues such as a denial-of-service condition or code execution on the SimpleLink Wi-Fi (MSP432E4 SDK: v4.20.00.12 and prior, CC32XX SDK v4.30.00.06 and prior, CC13X0 SDK versions prior to v4.10.03, CC13X2 and CC26XX SDK versions prior to v4.40.00, CC3200 SDK v1.5.0 and prior, CC3100 SDK v1.3.0 and prior).
|
|||||
| CVE-2021-22675 | 1 Ti | 7 Cc3100 Software Development Kit, Cc3200 Software Development Kit, Simplelink Cc13x0 Software Development Kit and 4 more | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
|
The affected product is vulnerable to integer overflow while parsing malformed over-the-air firmware update files, which may allow an attacker to remotely execute code on SimpleLink Wi-Fi (MSP432E4 SDK: v4.20.00.12 and prior, CC32XX SDK v4.30.00.06 and prior, CC13X0 SDK versions prior to v4.10.03, CC13X2 and CC26XX SDK versions prior to v4.40.00, CC3200 SDK v1.5.0 and prior, CC3100 SDK v1.3.0 and prior).
|
|||||
| CVE-2021-22671 | 1 Ti | 7 Cc3100 Software Development Kit, Cc3200 Software Development Kit, Simplelink Cc13x0 Software Development Kit and 4 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Multiple integer overflow issues exist while processing long domain names, which may allow an attacker to remotely execute code on the SimpleLink Wi-Fi (MSP432E4 SDK: v4.20.00.12 and prior, CC32XX SDK v4.30.00.06 and prior, CC13X0 SDK versions prior to v4.10.03, CC13X2 and CC26XX SDK versions prior to v4.40.00, CC3200 SDK v1.5.0 and prior, CC3100 SDK v1.3.0 and prior).
|
|||||
| CVE-2021-22636 | 1 Ti | 14 Cc3200, Cc3220r, Cc3220s and 11 more | 2024-11-21 | N/A | 7.4 HIGH |
|
Texas Instruments TI-RTOS, when configured to use HeapMem heap(default), malloc returns a valid pointer to a small buffer on extremely large values, which can trigger an integer overflow vulnerability in 'HeapMem_allocUnprotected' and result in code execution.
|
|||||
| CVE-2021-22556 | 1 Google | 1 Fuchsia | 2024-11-21 | 4.6 MEDIUM | 5.3 MEDIUM |
|
The Security Team discovered an integer overflow bug that allows an attacker with code execution to issue memory cache invalidation operations on pages that they don’t own, allowing them to control kernel memory from userspace. We recommend upgrading to kernel version 4.1 or beyond.
|
|||||
| CVE-2021-22480 | 1 Huawei | 1 Harmonyos | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
The interface of a certain HarmonyOS module has an integer overflow vulnerability. Successful exploitation of this vulnerability may lead to heap memory overflow.
|
|||||
| CVE-2021-22455 | 1 Huawei | 1 Harmonyos | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
A component of the HarmonyOS has a Integer Overflow or Wraparound vulnerability. Local attackers may exploit this vulnerability to cause the memory which is not released.
|
|||||
| CVE-2021-22451 | 1 Huawei | 1 Harmonyos | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
A component of the HarmonyOS has a Integer Overflow or Wraparound vulnerability. Local attackers may exploit this vulnerability to cause memory overwriting.
|
|||||
| CVE-2021-22441 | 1 Huawei | 1 Harmonyos | 2024-11-21 | 4.9 MEDIUM | 5.5 MEDIUM |
|
Some Huawei products have an integer overflow vulnerability. Successful exploitation of this vulnerability may lead to kernel crash.
|
|||||
| CVE-2021-22437 | 1 Huawei | 2 Emui, Magic Ui | 2024-11-21 | 6.9 MEDIUM | 7.0 HIGH |
|
There is a software integer overflow leading to a TOCTOU condition in smartphones. Successful exploitation of this vulnerability may cause random address access.
|
|||||
| CVE-2021-22422 | 1 Huawei | 1 Harmonyos | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
|
A component of the HarmonyOS has a Integer Overflow or Wraparound vulnerability. Local attackers may exploit this vulnerability to cause memory overwriting.
|
|||||
| CVE-2021-22418 | 1 Huawei | 1 Harmonyos | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
|
A component of the HarmonyOS has a Integer Overflow or Wraparound vulnerability. Local attackers may exploit this vulnerability to cause memory overwriting.
|
|||||
| CVE-2021-22413 | 1 Huawei | 2 Emui, Magic Ui | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
There is an Integer Overflow Vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause the system to reset.
|
|||||
| CVE-2021-22412 | 1 Huawei | 2 Emui, Magic Ui | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
There is an Integer Overflow Vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause random kernel address access.
|
|||||
| CVE-2021-22388 | 1 Huawei | 2 Emui, Magic Ui | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
There is an Integer Overflow Vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause certain codes to be executed.
|
|||||
| CVE-2021-22323 | 1 Huawei | 2 Emui, Magic Ui | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
There is an Integer Overflow Vulnerability in Huawei Smartphone. Successful exploitation of these vulnerabilities may escalate the permission to that of the root user.
|
|||||
| CVE-2021-22319 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
There is an improper verification vulnerability in smartphones. Successful exploitation of this vulnerability may cause integer overflows.
|
|||||
| CVE-2021-21948 | 2 Anycubic, Chitubox | 2 Chitubox, Chitubox Basic | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
A heap-based buffer overflow vulnerability exists in the readDatHeadVec functionality of AnyCubic Chitubox AnyCubic Plugin 1.0.0. A specially-crafted GF file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.
|
|||||
| CVE-2021-21914 | 1 Accusoft | 1 Imagegear | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
A heap-based buffer overflow vulnerability exists in the DecoderStream::Append functionality of Accusoft ImageGear 19.10. A specially-crafted file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.
|
|||||
| CVE-2021-21859 | 2 Debian, Gpac | 2 Debian Linux, Gpac | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
An exploitable integer truncation vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. The stri_box_read function is used when processing atoms using the 'stri' FOURCC code. An attacker can convince a user to open a video to trigger this vulnerability.
|
|||||
| CVE-2021-21852 | 1 Gpac | 1 Gpac | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input at “stss” decoder can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability.
|
|||||
| CVE-2021-21851 | 1 Gpac | 1 Gpac | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input at “csgp” decoder sample group description indices can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability.
|
|||||
| CVE-2021-21850 | 2 Debian, Gpac | 2 Debian Linux, Gpac | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow when the library encounters an atom using the “trun” FOURCC code due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability.
|
|||||
| CVE-2021-21837 | 2 Debian, Gpac | 2 Debian Linux, Gpac | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability.
|
|||||
| CVE-2021-21832 | 1 Disc-soft | 1 Daemon Tools | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
A memory corruption vulnerability exists in the ISO Parsing functionality of Disc Soft Ltd Deamon Tools Pro 8.3.0.0767. A specially crafted malformed file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability.
|
|||||
| CVE-2021-21807 | 1 Accusoft | 1 Imagegear | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
An integer overflow vulnerability exists in the DICOM parse_dicom_meta_info functionality of Accusoft ImageGear 19.9. A specially crafted malformed file can lead to a stack-based buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.
|
|||||
| CVE-2021-21783 | 2 Genivia, Oracle | 6 Gsoap, Communications Diameter Signaling Router, Communications Eagle Application Processor and 3 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
A code execution vulnerability exists in the WS-Addressing plugin functionality of Genivia gSOAP 2.8.107. A specially crafted SOAP request can lead to remote code execution. An attacker can send an HTTP request to trigger this vulnerability.
|
|||||
| CVE-2021-21704 | 2 Netapp, Php | 2 Clustered Data Ontap, Php | 2024-11-21 | 4.3 MEDIUM | 5.0 MEDIUM |
|
In PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21 and 8.0.x below 8.0.8, when using Firebird PDO driver extension, a malicious database server could cause crashes in various database functions, such as getAttribute(), execute(), fetch() and others by returning invalid response data that is not parsed correctly by the driver. This can result in crashes, denial of service or potentially memory corruption.
|
|||||