Total
13459 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-33930 | 1 Opensuse | 1 Libsolv | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Buffer overflow vulnerability in function pool_installable_whatprovides in src/repo.h in libsolv before 0.7.17 allows attackers to cause a Denial of Service.
|
|||||
| CVE-2021-33929 | 1 Opensuse | 1 Libsolv | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Buffer overflow vulnerability in function pool_disabled_solvable in src/repo.h in libsolv before 0.7.17 allows attackers to cause a Denial of Service.
|
|||||
| CVE-2021-33928 | 1 Opensuse | 1 Libsolv | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Buffer overflow vulnerability in function pool_installable in src/repo.h in libsolv before 0.7.17 allows attackers to cause a Denial of Service.
|
|||||
| CVE-2021-33913 | 1 Libspf2 Project | 1 Libspf2 | 2024-11-21 | 9.3 HIGH | 9.8 CRITICAL |
|
libspf2 before 1.2.11 has a heap-based buffer overflow that might allow remote attackers to execute arbitrary code (via an unauthenticated e-mail message from anywhere on the Internet) with a crafted SPF DNS record, because of SPF_record_expand_data in spf_expand.c. The amount of overflowed data depends on the relationship between the length of an entire domain name and the length of its leftmost label. The vulnerable code may be part of the supply chain of a site's e-mail infrastructure (e.g., ...
Show More |
|||||
| CVE-2021-33912 | 2 Debian, Libspf2 Project | 2 Debian Linux, Libspf2 | 2024-11-21 | 9.3 HIGH | 9.8 CRITICAL |
|
libspf2 before 1.2.11 has a four-byte heap-based buffer overflow that might allow remote attackers to execute arbitrary code (via an unauthenticated e-mail message from anywhere on the Internet) with a crafted SPF DNS record, because of incorrect sprintf usage in SPF_record_expand_data in spf_expand.c. The vulnerable code may be part of the supply chain of a site's e-mail infrastructure (e.g., with additional configuration, Exim can use libspf2; the Postfix web site links to unofficial patches f ...
Show More |
|||||
| CVE-2021-33909 | 6 Debian, Fedoraproject, Linux and 3 more | 8 Debian Linux, Fedora, Linux Kernel and 5 more | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
|
fs/seq_file.c in the Linux kernel 3.16 through 5.13.x before 5.13.4 does not properly restrict seq buffer allocations, leading to an integer overflow, an Out-of-bounds Write, and escalation to root by an unprivileged user, aka CID-8cae8cd89f05.
|
|||||
| CVE-2021-33889 | 1 Openthread | 1 Wpantund | 2024-11-21 | 4.6 MEDIUM | 6.8 MEDIUM |
|
OpenThread wpantund through 2021-07-02 has a stack-based Buffer Overflow because of an inconsistency in the integer data type for metric_len.
|
|||||
| CVE-2021-33834 | 1 Insyde | 2 H2offt, Iscflashx64.sys | 2024-11-21 | N/A | 7.1 HIGH |
|
An issue was discovered in iscflashx64.sys 3.9.3.0 in Insyde H2OFFT 6.20.00. When handling IOCTL 0x22229a, the input used to allocate a buffer and copy memory is mishandled. This could cause memory corruption or a system crash.
|
|||||
| CVE-2021-33833 | 2 Debian, Intel | 2 Debian Linux, Connection Manager | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
ConnMan (aka Connection Manager) 1.30 through 1.39 has a stack-based buffer overflow in uncompress in dnsproxy.c via NAME, RDATA, or RDLENGTH (for A or AAAA).
|
|||||
| CVE-2021-33793 | 1 Foxitsoftware | 2 Foxit Reader, Phantompdf | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Foxit Reader before 10.1.4 and PhantomPDF before 10.1.4 have an out-of-bounds write because the Cross-Reference table is mishandled during Office document conversion.
|
|||||
| CVE-2021-33792 | 1 Foxitsoftware | 2 Foxit Reader, Phantompdf | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
Foxit Reader before 10.1.4 and PhantomPDF before 10.1.4 have an out-of-bounds write via a crafted /Size key in the Trailer dictionary.
|
|||||
| CVE-2021-33684 | 1 Sap | 2 Netweaver Abap, Netweaver Application Server Abap | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
SAP NetWeaver AS ABAP and ABAP Platform, versions - KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, KRNL64UC 8.04, 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.53, KERNEL 8.04, 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.53, 7.77, 7.81, 7.84, allows an attacker to send overlong content in the RFC request type thereby crashing the corresponding work process because of memory corruption vulnerability. The work process will attempt to ...
Show More |
|||||
| CVE-2021-33681 | 1 Sap | 1 3d Visual Enterprise Viewer | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated CGM file received from untrusted sources which causes out of bounds write and causes the application to crash and becoming temporarily unavailable until the user restarts the application.
|
|||||
| CVE-2021-33657 | 1 Libsdl | 1 Simple Directmedia Layer | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
There is a heap overflow problem in video/SDL_pixels.c in SDL (Simple DirectMedia Layer) 2.x to 2.0.18 versions. By crafting a malicious .BMP file, an attacker can cause the application using this library to crash, denial of service or Code execution.
|
|||||
| CVE-2021-33655 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2024-11-21 | N/A | 6.7 MEDIUM |
|
When sending malicous data to kernel by ioctl cmd FBIOPUT_VSCREENINFO,kernel will write memory out of bounds.
|
|||||
| CVE-2021-33647 | 1 Mindspore | 1 Mindspore | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
When performing the inference shape operation of the Tile operator, if the input data type is not int or int32, it will access data outside of bounds of heap allocated buffers.
|
|||||
| CVE-2021-33545 | 1 Geutebrueck | 32 G-cam Ebc-2110, G-cam Ebc-2110 Firmware, G-cam Ebc-2111 and 29 more | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
|
Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to a stack-based buffer overflow condition in the counter parameter which may allow an attacker to remotely execute arbitrary code.
|
|||||
| CVE-2021-33485 | 1 Codesys | 7 Control, Control Rte, Control Runtime System Toolkit and 4 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
CODESYS Control Runtime system before 3.5.17.10 has a Heap-based Buffer Overflow.
|
|||||
| CVE-2021-33481 | 1 Optical Character Recognition Project | 1 Optical Character Recognition | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
A stack-based buffer overflow vulnerability was discovered in gocr through 0.53-20200802 in try_to_divide_boxes() in pgm2asc.c.
|
|||||
| CVE-2021-33479 | 1 Optical Character Recognition Project | 1 Optical Character Recognition | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
A stack-based buffer overflow vulnerability was discovered in gocr through 0.53-20200802 in measure_pitch() in pgm2asc.c.
|
|||||
| CVE-2021-33464 | 1 Tortall | 1 Yasm | 2024-11-21 | N/A | 5.5 MEDIUM |
|
An issue was discovered in yasm version 1.3.0. There is a heap-buffer-overflow in inc_fopen() in modules/preprocs/nasm/nasm-pp.c.
|
|||||
| CVE-2021-33448 | 1 Cesanta | 1 Mjs | 2024-11-21 | N/A | 5.5 MEDIUM |
|
An issue was discovered in mjs(mJS: Restricted JavaScript engine), ES6 (JavaScript version 6). There is stack buffer overflow at 0x7fffe9049390.
|
|||||
| CVE-2021-33443 | 1 Cesanta | 1 Mjs | 2024-11-21 | N/A | 5.5 MEDIUM |
|
An issue was discovered in mjs (mJS: Restricted JavaScript engine), ES6 (JavaScript version 6). There is stack buffer overflow in mjs_execute() in mjs.c.
|
|||||
| CVE-2021-33438 | 1 Cesanta | 1 Mjs | 2024-11-21 | N/A | 5.5 MEDIUM |
|
An issue was discovered in mjs (mJS: Restricted JavaScript engine), ES6 (JavaScript version 6). There is stack buffer overflow in json_parse_array() in mjs.c.
|
|||||
| CVE-2021-33388 | 1 Dpic Project | 1 Dpic | 2024-11-21 | N/A | 9.8 CRITICAL |
|
dpic 2021.04.10 has a Heap Buffer Overflow in themakevar() function in dpic.y
|
|||||
| CVE-2021-33362 | 1 Gpac | 1 Gpac | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
Stack buffer overflow in the hevc_parse_vps_extension function in MP4Box in GPAC 1.0.1 allows attackers to cause a denial of service or execute arbitrary code via a crafted file.
|
|||||
| CVE-2021-33289 | 3 Debian, Fedoraproject, Tuxera | 3 Debian Linux, Fedora, Ntfs-3g | 2024-11-21 | 6.9 MEDIUM | 7.8 HIGH |
|
In NTFS-3G versions < 2021.8.22, when a specially crafted MFT section is supplied in an NTFS image a heap buffer overflow can occur and allow for code execution.
|
|||||
| CVE-2021-33286 | 2 Debian, Tuxera | 2 Debian Linux, Ntfs-3g | 2024-11-21 | 6.9 MEDIUM | 7.8 HIGH |
|
In NTFS-3G versions < 2021.8.22, when a specially crafted unicode string is supplied in an NTFS image a heap buffer overflow can occur and allow for code execution.
|
|||||
| CVE-2021-33274 | 1 Dlink | 2 Dir-809, Dir-809 Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_20190410 were discovered to contain a stack buffer overflow vulnerability in the function FUN_80040af8 in /formWlanSetup. This vulnerability is triggered via a crafted POST request.
|
|||||
| CVE-2021-33271 | 1 Dlink | 2 Dir-809, Dir-809 Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_20190410 were discovered to contain a stack buffer overflow vulnerability in the function sub_80046EB4 in /formSetPortTr. This vulnerability is triggered via a crafted POST request.
|
|||||
| CVE-2021-33270 | 1 Dlink | 2 Dir-809, Dir-809 Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_20190410 were discovered to contain a stack buffer overflow vulnerability in the function FUN_800462c4 in /formAdvFirewall. This vulnerability is triggered via a crafted POST request.
|
|||||
| CVE-2021-33269 | 1 Dlink | 2 Dir-809, Dir-809 Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_20190410 were discovered to contain a stack buffer overflow vulnerability in the function FUN_8004776c in /formVirtualServ. This vulnerability is triggered via a crafted POST request.
|
|||||
| CVE-2021-33268 | 1 Dlink | 2 Dir-809, Dir-809 Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_20190410 were discovered to contain a stack buffer overflow vulnerability in the function sub_8003183C in /fromLogin. This vulnerability is triggered via a crafted POST request.
|
|||||
| CVE-2021-33267 | 1 Dlink | 2 Dir-809, Dir-809 Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_20190410 were discovered to contain a stack buffer overflow vulnerability in the function FUN_80034d60 in /formStaticDHCP. This vulnerability is triggered via a crafted POST request.
|
|||||
| CVE-2021-33266 | 1 Dlink | 2 Dir-809, Dir-809 Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_20190410 were discovered to contain a stack buffer overflow vulnerability in the function FUN_8004776c in /formVirtualApp. This vulnerability is triggered via a crafted POST request.
|
|||||
| CVE-2021-33265 | 1 Dlink | 2 Dir-809, Dir-809 Firmware | 2024-11-21 | 7.2 HIGH | 9.8 CRITICAL |
|
D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_20190410 were discovered to contain a stack buffer overflow vulnerability in the function FUN_80046eb4 in /formSetPortTr. This vulnerability is triggered via a crafted POST request.
|
|||||
| CVE-2021-33217 | 1 Commscope | 1 Ruckus Iot Controller | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
|
An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. The Web Application allows Arbitrary Read/Write actions by authenticated users. The API allows an HTTP POST of arbitrary content into any file on the filesystem as root.
|
|||||
| CVE-2021-33200 | 3 Fedoraproject, Linux, Netapp | 19 Fedora, Linux Kernel, Cloud Backup and 16 more | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
|
kernel/bpf/verifier.c in the Linux kernel through 5.12.7 enforces incorrect limits for pointer arithmetic operations, aka CID-bb01a1bba579. This can be abused to perform out-of-bounds reads and writes in kernel memory, leading to local privilege escalation to root. In particular, there is a corner case where the off reg causes a masking direction change, which then results in an incorrect final aux->alu_limit.
|
|||||
| CVE-2021-33186 | 1 Serenityos | 1 Serenityos | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
SerenityOS in test-crypto.cpp contains a stack buffer overflow which could allow attackers to obtain sensitive information.
|
|||||
| CVE-2021-33086 | 1 Intel | 206 Nuc 10 Performance Kit Nuc10i3fnh, Nuc 10 Performance Kit Nuc10i3fnh Firmware, Nuc 10 Performance Kit Nuc10i3fnhf and 203 more | 2024-11-21 | 4.9 MEDIUM | 5.5 MEDIUM |
|
Out-of-bounds write in firmware for some Intel(R) NUCs may allow an authenticated user to potentially enable denial of service via local access.
|
|||||