Search
Total
3632 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-1402 | 1 Cisco | 16 Asa 5512-x, Asa 5515-x, Asa 5525-x and 13 more | 2021-05-10 | 7.8 HIGH | 8.6 HIGH |
| A vulnerability in the software-based SSL/TLS message handler of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient validation of SSL/TLS messages when the device performs software-based SSL decryption. An attacker could exploit this vulnerability by sending a crafted SSL/TLS message through an affected device. SSL/TLS messages sent to an affected device do not trigger this vulnerability. A successful exploit could allow the attacker to cause a process to crash. This crash would then trigger a reload of the device. No manual intervention is needed to recover the device after the reload. | |||||
| CVE-2017-11323 | 1 Estsoft | 1 Alzip | 2021-05-03 | 6.8 MEDIUM | 7.8 HIGH |
| Stack-based buffer overflow in ESTsoft ALZip 8.51 and earlier allows remote attackers to execute arbitrary code via a crafted MS-DOS device file, as demonstrated by use of "AUX" as the initial substring of a filename. | |||||
| CVE-2016-8866 | 2 Imagemagick, Opensuse | 3 Imagemagick, Leap, Opensuse | 2021-04-28 | 6.8 MEDIUM | 8.8 HIGH |
| The AcquireMagickMemory function in MagickCore/memory.c in ImageMagick 7.0.3.3 before 7.0.3.8 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation failure. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8862. | |||||
| CVE-2021-0227 | 1 Juniper | 22 Junos, Srx100, Srx110 and 19 more | 2021-04-27 | 5.0 MEDIUM | 7.5 HIGH |
| An improper restriction of operations within the bounds of a memory buffer vulnerability in Juniper Networks Junos OS J-Web on SRX Series devices allows an attacker to cause Denial of Service (DoS) by sending certain crafted HTTP packets. Continued receipt and processing of these packets will create a sustained Denial of Service (DoS) condition. When this issue occurs, web-management, NTP daemon (ntpd) and Layer 2 Control Protocol process (L2CPD) daemons might crash. This issue affects Juniper Networks Junos OS on SRX Series: 17.3 versions prior to 17.3R3-S9; 17.4 versions prior to 17.4R2-S11, 17.4R3-S2; 18.2 versions prior to 18.2R3-S5; 18.3 versions prior to 18.3R2-S4, 18.3R3-S3; 18.4 versions prior to 18.4R2-S5, 18.4R3-S4; 19.1 versions prior to 19.1R3-S2; 19.2 versions prior to 19.2R1-S5, 19.2R3; 19.3 versions prior to 19.3R3; 19.4 versions prior to 19.4R2-S1, 19.4R3; 20.1 versions prior to 20.1R1-S2, 20.1R2; | |||||
| CVE-2021-28878 | 2 Fedoraproject, Rust-lang | 2 Fedora, Rust | 2021-04-27 | 4.3 MEDIUM | 7.5 HIGH |
| In the standard library in Rust before 1.52.0, the Zip implementation calls __iterator_get_unchecked() more than once for the same index (under certain conditions) when next_back() and next() are used together. This bug could lead to a memory safety violation due to an unmet safety requirement for the TrustedRandomAccess trait. | |||||
| CVE-2017-8412 | 1 Dlink | 4 Dcs-1100, Dcs-1100 Firmware, Dcs-1130 and 1 more | 2021-04-26 | 5.8 MEDIUM | 8.8 HIGH |
| An issue was discovered on D-Link DCS-1100 and DCS-1130 devices. The device has a custom binary called mp4ts under the /var/www/video folder. It seems that this binary dumps the HTTP VERB in the system logs. As a part of doing that it retrieves the HTTP VERB sent by the user and uses a vulnerable sprintf function at address 0x0000C3D4 in the function sub_C210 to copy the value into a string and then into a log file. Since there is no bounds check being performed on the environment variable at address 0x0000C360 this results in a stack overflow and overwrites the PC register allowing an attacker to execute buffer overflow or even a command injection attack. | |||||
| CVE-2016-8862 | 2 Debian, Imagemagick | 2 Debian Linux, Imagemagick | 2021-04-26 | 6.8 MEDIUM | 8.8 HIGH |
| The AcquireMagickMemory function in MagickCore/memory.c in ImageMagick before 7.0.3.3 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation failure. | |||||
| CVE-2017-8414 | 1 Dlink | 4 Dcs-1100, Dcs-1100 Firmware, Dcs-1130 and 1 more | 2021-04-23 | 7.2 HIGH | 7.8 HIGH |
| An issue was discovered on D-Link DCS-1100 and DCS-1130 devices. The binary orthrus in /sbin folder of the device handles all the UPnP connections received by the device. It seems that the binary performs a sprintf operation at address 0x0000A3E4 with the value in the command line parameter "-f" and stores it on the stack. Since there is no length check, this results in corrupting the registers for the function sub_A098 which results in memory corruption. | |||||
| CVE-2017-8416 | 1 Dlink | 4 Dcs-1100, Dcs-1100 Firmware, Dcs-1130 and 1 more | 2021-04-23 | 8.3 HIGH | 8.8 HIGH |
| An issue was discovered on D-Link DCS-1100 and DCS-1130 devices. The device runs a custom daemon on UDP port 5978 which is called "dldps2121" and listens for broadcast packets sent on 255.255.255.255. This daemon handles custom D-Link UDP based protocol that allows D-Link mobile applications and desktop applications to discover D-Link devices on the local network. The binary processes the received UDP packets sent from any device in "main" function. One path in the function traverses towards a block of code that processing of packets which does an unbounded copy operation which allows to overflow the buffer. The custom protocol created by Dlink follows the following pattern: Packetlen, Type of packet; M=MAC address of device or broadcast; D=Device Type;C=base64 encoded command string;test=1111 We can see at address function starting at address 0x0000DBF8 handles the entire UDP packet and performs an insecure copy using strcpy function at address 0x0000DC88. This results in overflowing the stack pointer after 1060 characters and thus allows to control the PC register and results in code execution. The same form of communication can be initiated by any process including an attacker process on the mobile phone or the desktop and this allows a third-party application on the device to execute commands on the device without any authentication by sending just 1 UDP packet with custom base64 encoding. | |||||
| CVE-2021-28877 | 1 Rust-lang | 1 Rust | 2021-04-22 | 5.0 MEDIUM | 7.5 HIGH |
| In the standard library in Rust before 1.51.0, the Zip implementation calls __iterator_get_unchecked() for the same index more than once when nested. This bug can lead to a memory safety violation due to an unmet safety requirement for the TrustedRandomAccess trait. | |||||
| CVE-2020-36317 | 1 Rust-lang | 1 Rust | 2021-04-22 | 5.0 MEDIUM | 7.5 HIGH |
| In the standard library in Rust before 1.49.0, String::retain() function has a panic safety problem. It allows creation of a non-UTF-8 Rust string when the provided closure panics. This bug could result in a memory safety violation when other string APIs assume that UTF-8 encoding is used on the same string. | |||||
| CVE-2015-20001 | 1 Rust-lang | 1 Rust | 2021-04-22 | 5.0 MEDIUM | 7.5 HIGH |
| In the standard library in Rust before 1.2.0, BinaryHeap is not panic-safe. The binary heap is left in an inconsistent state when the comparison of generic elements inside sift_up or sift_down_range panics. This bug leads to a drop of zeroed memory as an arbitrary type, which can result in a memory safety violation. | |||||
| CVE-2021-1480 | 1 Cisco | 1 Sd-wan Vmanage | 2021-04-20 | 7.2 HIGH | 7.8 HIGH |
| Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arbitrary code or allow an authenticated, local attacker to gain escalated privileges on an affected system. For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2017-10869 | 1 Dena | 1 H2o | 2021-04-19 | 5.0 MEDIUM | 7.5 HIGH |
| Buffer overflow in H2O version 2.2.2 and earlier allows remote attackers to cause a denial-of-service in the server via unspecified vectors. | |||||
| CVE-2021-1308 | 1 Cisco | 22 Rv132w, Rv132w Firmware, Rv134w and 19 more | 2021-04-15 | 6.1 MEDIUM | 7.4 HIGH |
| Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business RV Series Routers. An unauthenticated, adjacent attacker could execute arbitrary code or cause an affected router to leak system memory or reload. A memory leak or device reload would cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). | |||||
| CVE-2021-1251 | 1 Cisco | 22 Rv132w, Rv132w Firmware, Rv134w and 19 more | 2021-04-14 | 6.1 MEDIUM | 7.4 HIGH |
| Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business RV Series Routers. An unauthenticated, adjacent attacker could execute arbitrary code or cause an affected router to leak system memory or reload. A memory leak or device reload would cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). | |||||
| CVE-2021-1309 | 1 Cisco | 22 Rv132w, Rv132w Firmware, Rv134w and 19 more | 2021-04-14 | 8.3 HIGH | 8.8 HIGH |
| Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business RV Series Routers. An unauthenticated, adjacent attacker could execute arbitrary code or cause an affected router to leak system memory or reload. A memory leak or device reload would cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). | |||||
| CVE-2021-1137 | 1 Cisco | 1 Sd-wan Vmanage | 2021-04-14 | 7.2 HIGH | 7.8 HIGH |
| Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arbitrary code or allow an authenticated, local attacker to gain escalated privileges on an affected system. For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2021-1767 | 1 Apple | 4 Ipados, Iphone Os, Mac Os X and 1 more | 2021-04-09 | 9.3 HIGH | 7.8 HIGH |
| This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to heap corruption. | |||||
| CVE-2020-27933 | 1 Apple | 6 Icloud, Ipados, Iphone Os and 3 more | 2021-04-09 | 6.8 MEDIUM | 7.8 HIGH |
| A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, iCloud for Windows 7.20, watchOS 6.2.8, tvOS 13.4.8, macOS Catalina 10.15.6, Security Update 2020-004 Mojave, Security Update 2020-004 High Sierra. Processing a maliciously crafted image may lead to arbitrary code execution. | |||||
| CVE-2020-27947 | 1 Apple | 2 Mac Os X, Macos | 2021-04-08 | 9.3 HIGH | 7.8 HIGH |
| A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave. An application may be able to execute arbitrary code with kernel privileges. | |||||
| CVE-2020-29616 | 1 Apple | 2 Mac Os X, Macos | 2021-04-07 | 6.8 MEDIUM | 7.8 HIGH |
| A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave. Processing a maliciously crafted image may lead to arbitrary code execution. | |||||
| CVE-2020-29624 | 1 Apple | 6 Ipados, Iphone Os, Mac Os X and 3 more | 2021-04-07 | 6.8 MEDIUM | 7.8 HIGH |
| A memory corruption issue existed in the processing of font files. This issue was addressed with improved input validation. This issue is fixed in watchOS 7.2, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, tvOS 14.3. Processing a maliciously crafted font file may lead to arbitrary code execution. | |||||
| CVE-2020-27944 | 1 Apple | 5 Ipad Os, Iphone Os, Macos and 2 more | 2021-04-07 | 6.8 MEDIUM | 7.8 HIGH |
| A memory corruption issue existed in the processing of font files. This issue was addressed with improved input validation. This issue is fixed in watchOS 7.2, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, tvOS 14.3. Processing a maliciously crafted font file may lead to arbitrary code execution. | |||||
| CVE-2020-27943 | 1 Apple | 5 Ipad Os, Iphone Os, Macos and 2 more | 2021-04-07 | 6.8 MEDIUM | 7.8 HIGH |
| A memory corruption issue existed in the processing of font files. This issue was addressed with improved input validation. This issue is fixed in tvOS 14.3, iOS 14.3 and iPadOS 14.3, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, watchOS 7.2. Processing a maliciously crafted font file may lead to arbitrary code execution. | |||||
| CVE-2020-27907 | 1 Apple | 1 Macos | 2021-04-07 | 9.3 HIGH | 7.8 HIGH |
| A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1. An application may be able to execute arbitrary code with kernel privileges. | |||||
| CVE-2020-27914 | 1 Apple | 1 Mac Os X | 2021-04-07 | 9.3 HIGH | 7.8 HIGH |
| A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1. A malicious application may be able to execute arbitrary code with system privileges. | |||||
| CVE-2020-27915 | 1 Apple | 1 Mac Os X | 2021-04-07 | 9.3 HIGH | 7.8 HIGH |
| A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1. A malicious application may be able to execute arbitrary code with system privileges. | |||||
| CVE-2020-27931 | 1 Apple | 5 Ipad Os, Iphone Os, Mac Os X and 2 more | 2021-04-06 | 6.8 MEDIUM | 7.8 HIGH |
| A memory corruption issue existed in the processing of font files. This issue was addressed with improved input validation. This issue is fixed in iOS 14.0 and iPadOS 14.0, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1, watchOS 7.0, tvOS 14.0. Processing a maliciously crafted font file may lead to arbitrary code execution. | |||||
| CVE-2017-6669 | 1 Cisco | 1 Webex Advanced Recording Format Player | 2021-04-06 | 6.8 MEDIUM | 7.8 HIGH |
| Multiple buffer overflow vulnerabilities exist in the Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) files. An attacker could exploit these vulnerabilities by providing a user with a malicious ARF file via email or URL and convincing the user to launch the file. Exploitation of these vulnerabilities could cause an affected player to crash and, in some cases, could allow arbitrary code execution on the system of a targeted user. The Cisco WebEx Network Recording Player is an application that is used to play back WebEx meeting recordings that have been recorded on the computer of an online meeting attendee. The player can be automatically installed when the user accesses a recording file that is hosted on a WebEx server. The following client builds are affected by this vulnerability: Cisco WebEx Business Suite (WBS29) client builds prior to T29.13.130, Cisco WebEx Business Suite (WBS30) client builds prior to T30.17, Cisco WebEx Business Suite (WBS31) client builds prior to T31.10. Cisco Bug IDs: CSCvc47758 CSCvc51227 CSCvc51242. | |||||
| CVE-2017-8927 | 1 Cgmlarson | 1 Vizex Reader | 2021-04-01 | 6.8 MEDIUM | 7.8 HIGH |
| Buffer overflow in Larson VizEx Reader 9.7.5 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .tif file. | |||||
| CVE-2021-1433 | 1 Cisco | 1 Ios Xe | 2021-03-29 | 9.3 HIGH | 8.1 HIGH |
| A vulnerability in the vDaemon process in Cisco IOS XE SD-WAN Software could allow an unauthenticated, remote attacker to cause a buffer overflow on an affected device. This vulnerability is due to insufficient bounds checking when the device processes traffic. An attacker could exploit this vulnerability by sending crafted traffic to the device. The attacker must have a man-in-the-middle position between Cisco vManage and an associated device that is running an affected version of Cisco IOS XE SD-WAN Software. An exploit could allow the attacker to conduct a controllable buffer overflow attack (and possibly execute arbitrary commands as the root user) or cause a device reload, resulting in a denial of service (DoS) condition. | |||||
| CVE-2017-15950 | 1 Flexense | 1 Syncbreeze | 2021-03-29 | 6.8 MEDIUM | 7.8 HIGH |
| Flexense SyncBreeze Enterprise version 10.1.16 is vulnerable to a buffer overflow that can be exploited for arbitrary code execution. The flaw is triggered by providing a long input into the "Destination directory" field, either within an XML document or through use of passive mode. | |||||
| CVE-2015-8620 | 1 Avast | 4 Avast Free Antivirus, Avast Internet Security, Avast Premier and 1 more | 2021-03-26 | 7.2 HIGH | 7.8 HIGH |
| Heap-based buffer overflow in the Avast virtualization driver (aswSnx.sys) in Avast Internet Security, Pro Antivirus, Premier, and Free Antivirus before 11.1.2253 allows local users to gain privileges via a Unicode file path in an IOCTL request. | |||||
| CVE-2021-3410 | 2 Debian, Libcaca Project | 2 Debian Linux, Libcaca | 2021-03-25 | 4.6 MEDIUM | 7.8 HIGH |
| A flaw was found in libcaca v0.99.beta19. A buffer overflow issue in caca_resize function in libcaca/caca/canvas.c may lead to local execution of arbitrary code in the user context. | |||||
| CVE-2017-8785 | 1 Faststone | 1 Image Viewer | 2021-03-24 | 6.8 MEDIUM | 7.8 HIGH |
| FastStone Image Viewer 6.2 has a "Data from Faulting Address may be used as a return value" issue. This issue can be triggered by a malformed JPEG 2000 file that is mishandled by FSViewer.exe. Attackers could exploit this issue for DoS (Access Violation) or possibly unspecified other impact. | |||||
| CVE-2017-8826 | 1 Faststone | 1 Image Viewer | 2021-03-24 | 6.8 MEDIUM | 7.8 HIGH |
| FastStone Image Viewer 6.2 has a "User Mode Write AV" issue, possibly related to the jpeg_mem_term function in jmemnobs.c in libjpeg. This issue can be triggered by a malformed JPEG file that is mishandled by FSViewer.exe. Attackers could exploit this issue for DoS (Access Violation) or possibly unspecified other impact. | |||||
| CVE-2021-22710 | 1 Schneider-electric | 1 Interactive Graphical Scada System | 2021-03-18 | 9.3 HIGH | 7.8 HIGH |
| A CWE-119:Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists in Interactive Graphical SCADA System (IGSS) Definition (Def.exe) V15.0.0.21041 and prior, which could cause remote code execution when malicious CGF (Configuration Group File) file is imported to IGSS Definition. | |||||
| CVE-2020-1899 | 1 Facebook | 1 Hhvm | 2021-03-18 | 5.0 MEDIUM | 7.5 HIGH |
| The unserialize() function supported a type code, "S", which was meant to be supported only for APC serialization. This type code allowed arbitrary memory addresses to be accessed as if they were static StringData objects. This issue affected HHVM prior to v4.32.3, between versions 4.33.0 and 4.56.0, 4.57.0, 4.58.0, 4.58.1, 4.59.0, 4.60.0, 4.61.0, 4.62.0. | |||||
| CVE-2021-22711 | 1 Schneider-electric | 1 Interactive Graphical Scada System | 2021-03-17 | 9.3 HIGH | 7.8 HIGH |
| A CWE-119:Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists in Interactive Graphical SCADA System (IGSS) Definition (Def.exe) V15.0.0.21041 and prior, which could result in arbitrary read or write conditions when malicious CGF (Configuration Group File) file is imported to IGSS Definition due to missing validation of input data. | |||||
| CVE-2021-22709 | 1 Schneider-electric | 1 Interactive Graphical Scada System | 2021-03-17 | 9.3 HIGH | 7.8 HIGH |
| A CWE-119:Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists in Interactive Graphical SCADA System (IGSS) Definition (Def.exe) V15.0.0.21041 and prior, which could result in loss of data or remote code execution when malicious CGF (Configuration Group File) file is imported to IGSS Definition. | |||||
| CVE-2021-22712 | 1 Schneider-electric | 1 Interactive Graphical Scada System | 2021-03-17 | 9.3 HIGH | 7.8 HIGH |
| A CWE-119:Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists in Interactive Graphical SCADA System (IGSS) Definition (Def.exe) V15.0.0.21041 and prior, which could result in arbitrary read or write conditions when malicious CGF (Configuration Group File) file is imported to IGSS Definition due to an unchecked pointer address. | |||||
| CVE-2017-11882 | 1 Microsoft | 1 Office | 2021-03-16 | 9.3 HIGH | 7.8 HIGH |
| Microsoft Office 2007 Service Pack 3, Microsoft Office 2010 Service Pack 2, Microsoft Office 2013 Service Pack 1, and Microsoft Office 2016 allow an attacker to run arbitrary code in the context of the current user by failing to properly handle objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11884. | |||||
| CVE-2018-13381 | 1 Fortinet | 2 Fortios, Fortiproxy | 2021-03-16 | 5.0 MEDIUM | 7.5 HIGH |
| A buffer overflow vulnerability in Fortinet FortiOS 6.0.0 through 6.0.4, 5.6.0 through 5.6.7, 5.4 and earlier versions and FortiProxy 2.0.0, 1.2.8 and earlier versions under SSL VPN web portal allows a non-authenticated attacker to perform a Denial-of-service attack via special craft message payloads. | |||||
| CVE-2021-21118 | 2 Google, Microsoft | 2 Chrome, Edge Chromium | 2021-03-15 | 6.8 MEDIUM | 8.8 HIGH |
| Insufficient data validation in V8 in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. | |||||
| CVE-2021-28036 | 1 Quinn Project | 1 Quinn | 2021-03-05 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in the quinn crate before 0.7.0 for Rust. It may have invalid memory access for certain versions of the standard library because it relies on a direct cast of std::net::SocketAddrV4 and std::net::SocketAddrV6 data structures. | |||||
| CVE-2016-10093 | 1 Libtiff | 1 Libtiff | 2021-03-05 | 6.8 MEDIUM | 7.8 HIGH |
| Integer overflow in tools/tiffcp.c in LibTIFF 4.0.7, 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5 and 4.0.6 allows remote attackers to have unspecified impact via a crafted image, which triggers a heap-based buffer overflow. | |||||
| CVE-2016-10092 | 1 Libtiff | 1 Libtiff | 2021-03-05 | 6.8 MEDIUM | 7.8 HIGH |
| Heap-based buffer overflow in the readContigStripsIntoBuffer function in tif_unix.c in LibTIFF 4.0.7, 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5 and 4.0.6 allows remote attackers to have unspecified impact via a crafted image. | |||||
| CVE-2020-25690 | 1 Fontforge | 1 Fontforge | 2021-03-01 | 6.8 MEDIUM | 8.8 HIGH |
| An out-of-bounds write flaw was found in FontForge in versions before 20200314 while parsing SFD files containing certain LayerCount tokens. This flaw allows an attacker to manipulate the memory allocated on the heap, causing the application to crash or execute arbitrary code. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. | |||||
| CVE-2021-21449 | 1 Sap | 1 3d Visual Enterprise Viewer | 2021-02-19 | 6.8 MEDIUM | 8.8 HIGH |
| SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated IFF file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation. | |||||