Search
Total
994 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-33448 | 1 Cesanta | 1 Mjs | 2022-07-28 | N/A | 5.5 MEDIUM |
| An issue was discovered in mjs(mJS: Restricted JavaScript engine), ES6 (JavaScript version 6). There is stack buffer overflow at 0x7fffe9049390. | |||||
| CVE-2021-33443 | 1 Cesanta | 1 Mjs | 2022-07-28 | N/A | 5.5 MEDIUM |
| An issue was discovered in mjs (mJS: Restricted JavaScript engine), ES6 (JavaScript version 6). There is stack buffer overflow in mjs_execute() in mjs.c. | |||||
| CVE-2021-33438 | 1 Cesanta | 1 Mjs | 2022-07-28 | N/A | 5.5 MEDIUM |
| An issue was discovered in mjs (mJS: Restricted JavaScript engine), ES6 (JavaScript version 6). There is stack buffer overflow in json_parse_array() in mjs.c. | |||||
| CVE-2021-33464 | 1 Tortall | 1 Yasm | 2022-07-28 | N/A | 5.5 MEDIUM |
| An issue was discovered in yasm version 1.3.0. There is a heap-buffer-overflow in inc_fopen() in modules/preprocs/nasm/nasm-pp.c. | |||||
| CVE-2022-0976 | 1 Google | 1 Chrome | 2022-07-26 | N/A | 6.5 MEDIUM |
| Heap buffer overflow in GPU in Google Chrome prior to 99.0.4844.74 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2021-45943 | 3 Debian, Fedoraproject, Osgeo | 3 Debian Linux, Fedora, Gdal | 2022-07-25 | 4.3 MEDIUM | 5.5 MEDIUM |
| GDAL 3.3.0 through 3.4.0 has a heap-based buffer overflow in PCIDSK::CPCIDSKFile::ReadFromFile (called from PCIDSK::CPCIDSKSegment::ReadFromFile and PCIDSK::CPCIDSKBinarySegment::CPCIDSKBinarySegment). | |||||
| CVE-2021-42739 | 3 Debian, Fedoraproject, Linux | 3 Debian Linux, Fedora, Linux Kernel | 2022-07-25 | 4.6 MEDIUM | 6.7 MEDIUM |
| A heap-based buffer overflow flaw was found in the Linux kernel FireDTV media card driver, where the user calls the CA_SEND_MSG ioctl. This flaw allows a local user of the host machine to crash the system or escalate privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. | |||||
| CVE-2021-44170 | 1 Fortinet | 2 Fortios, Fortiproxy | 2022-07-25 | N/A | 6.7 MEDIUM |
| A stack-based buffer overflow vulnerability [CWE-121] in the command line interpreter of FortiOS before 7.0.4 and FortiProxy before 2.0.8 may allow an authenticated attacker to execute unauthorized code or commands via specially crafted command line arguments. | |||||
| CVE-2022-2380 | 1 Linux | 1 Linux Kernel | 2022-07-20 | N/A | 5.5 MEDIUM |
| The Linux kernel was found vulnerable out of bounds memory access in the drivers/video/fbdev/sm712fb.c:smtcfb_read() function. The vulnerability could result in local attackers being able to crash the kernel. | |||||
| CVE-2021-3695 | 3 Fedoraproject, Gnu, Redhat | 13 Fedora, Grub, Codeready Linux Builder and 10 more | 2022-07-15 | 4.4 MEDIUM | 4.5 MEDIUM |
| A crafted 16-bit grayscale PNG image may lead to a out-of-bounds write in the heap area. An attacker may take advantage of that to cause heap data corruption or eventually arbitrary code execution and circumvent secure boot protections. This issue has a high complexity to be exploited as an attacker needs to perform some triage over the heap layout to achieve signifcant results, also the values written into the memory are repeated three times in a row making difficult to produce valid payloads. This flaw affects grub2 versions prior grub-2.12. | |||||
| CVE-2021-3696 | 2 Gnu, Redhat | 12 Grub, Codeready Linux Builder, Developer Tools and 9 more | 2022-07-15 | 6.9 MEDIUM | 4.5 MEDIUM |
| A heap out-of-bounds write may heppen during the handling of Huffman tables in the PNG reader. This may lead to data corruption in the heap space. Confidentiality, Integrity and Availablity impact may be considered Low as it's very complex to an attacker control the encoding and positioning of corrupted Huffman entries to achieve results such as arbitrary code execution and/or secure boot circumvention. This flaw affects grub2 versions prior grub-2.12. | |||||
| CVE-2022-32208 | 1 Haxx | 1 Curl | 2022-07-15 | 4.3 MEDIUM | 5.9 MEDIUM |
| When curl < 7.84.0 does FTP transfers secured by krb5, it handles message verification failures wrongly. This flaw makes it possible for a Man-In-The-Middle attack to go unnoticed and even allows it to inject data to the client. | |||||
| CVE-2022-32441 | 1 Hex-rays | 1 Ida | 2022-07-14 | 4.3 MEDIUM | 5.5 MEDIUM |
| A memory corruption in Hex Rays Ida Pro v6.6 allows attackers to cause a Denial of Service (DoS) via a crafted file. Related to Data from Faulting Address controls subsequent Write Address starting at msvcrt!memcpy+0x0000000000000056. | |||||
| CVE-2022-21787 | 2 Google, Mediatek | 13 Android, Mt6833, Mt6853 and 10 more | 2022-07-14 | 4.6 MEDIUM | 6.7 MEDIUM |
| In audio DSP, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06558844; Issue ID: ALPS06558844. | |||||
| CVE-2022-21785 | 2 Google, Mediatek | 22 Android, Mt6877, Mt6983 and 19 more | 2022-07-14 | 4.6 MEDIUM | 6.7 MEDIUM |
| In WLAN driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06807363; Issue ID: ALPS06807363. | |||||
| CVE-2022-21779 | 2 Google, Mediatek | 33 Android, Mt6761, Mt6779 and 30 more | 2022-07-13 | 4.6 MEDIUM | 6.7 MEDIUM |
| In WLAN driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06704526; Issue ID: ALPS06704393. | |||||
| CVE-2022-21780 | 2 Google, Mediatek | 33 Android, Mt6761, Mt6779 and 30 more | 2022-07-13 | 4.6 MEDIUM | 6.7 MEDIUM |
| In WLAN driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06704526; Issue ID: ALPS06704526. | |||||
| CVE-2022-21781 | 2 Google, Mediatek | 33 Android, Mt6761, Mt6779 and 30 more | 2022-07-13 | 4.6 MEDIUM | 6.7 MEDIUM |
| In WLAN driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06704526; Issue ID: ALPS06704433. | |||||
| CVE-2022-21782 | 2 Google, Mediatek | 33 Android, Mt6761, Mt6779 and 30 more | 2022-07-13 | 4.6 MEDIUM | 6.7 MEDIUM |
| In WLAN driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06704526; Issue ID: ALPS06704508. | |||||
| CVE-2022-21783 | 2 Google, Mediatek | 33 Android, Mt6761, Mt6779 and 30 more | 2022-07-13 | 4.6 MEDIUM | 6.7 MEDIUM |
| In WLAN driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06704526; Issue ID: ALPS06704482. | |||||
| CVE-2022-31601 | 1 Nvidia | 2 Dgx A100, Dgx A100 Firmware | 2022-07-13 | 4.6 MEDIUM | 6.7 MEDIUM |
| NVIDIA DGX A100 contains a vulnerability in SBIOS in the SmbiosPei, which may allow a highly privileged local attacker to cause an out-of-bounds write, which may lead to code execution, denial of service, compromised integrity, and information disclosure. | |||||
| CVE-2022-31602 | 1 Nvidia | 2 Dgx A100, Dgx A100 Firmware | 2022-07-13 | 4.4 MEDIUM | 6.7 MEDIUM |
| NVIDIA DGX A100 contains a vulnerability in SBIOS in the IpSecDxe, where a user with elevated privileges and a preconditioned heap can exploit an out-of-bounds write vulnerability, which may lead to code execution, denial of service, data integrity impact, and information disclosure. | |||||
| CVE-2020-21600 | 1 Libde265 | 1 Libde265 | 2022-07-10 | 4.3 MEDIUM | 6.5 MEDIUM |
| libde265 v1.0.4 contains a heap buffer overflow in the put_weighted_pred_avg_16_fallback function, which can be exploited via a crafted a file. | |||||
| CVE-2020-23707 | 1 Ok-file-formats Project | 1 Ok-file-formats | 2022-07-10 | 4.3 MEDIUM | 6.5 MEDIUM |
| A heap-based buffer overflow vulnerability in the function ok_jpg_decode_block_progressive() at ok_jpg.c:1054 of ok-file-formats through 2020-06-26 allows attackers to cause a Denial of Service (DOS) via a crafted jpeg file. | |||||
| CVE-2020-22033 | 2 Debian, Ffmpeg | 2 Debian Linux, Ffmpeg | 2022-07-10 | 4.3 MEDIUM | 6.5 MEDIUM |
| A heap-based Buffer Overflow Vulnerability exists FFmpeg 4.2 at libavfilter/vf_vmafmotion.c in convolution_y_8bit, which could let a remote malicious user cause a Denial of Service. | |||||
| CVE-2020-21602 | 1 Libde265 | 1 Libde265 | 2022-07-10 | 4.3 MEDIUM | 6.5 MEDIUM |
| libde265 v1.0.4 contains a heap buffer overflow in the put_weighted_bipred_16_fallback function, which can be exploited via a crafted a file. | |||||
| CVE-2020-21050 | 1 Libsixel Project | 1 Libsixel | 2022-07-10 | 4.3 MEDIUM | 6.5 MEDIUM |
| Libsixel prior to v1.8.3 contains a stack buffer overflow in the function gif_process_raster at fromgif.c. | |||||
| CVE-2020-21676 | 2 Debian, Fig2dev Project | 2 Debian Linux, Fig2dev | 2022-07-10 | 4.3 MEDIUM | 5.5 MEDIUM |
| A stack-based buffer overflow in the genpstrx_text() component in genpstricks.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into pstricks format. | |||||
| CVE-2020-23886 | 1 Xnview | 1 Xnview Mp | 2022-07-10 | 4.3 MEDIUM | 5.5 MEDIUM |
| XnView MP v0.96.4 was discovered to contain a heap overflow which allows attackers to cause a denial of service (DoS) via a crafted pict file. Related to a User Mode Write AV starting at ntdll!RtlpLowFragHeapFree. | |||||
| CVE-2020-21675 | 2 Debian, Fig2dev Project | 2 Debian Linux, Fig2dev | 2022-07-10 | 4.3 MEDIUM | 5.5 MEDIUM |
| A stack-based buffer overflow in the genptk_text component in genptk.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into ptk format. | |||||
| CVE-2020-19721 | 1 Axiosys | 1 Bento4 | 2022-07-10 | 4.3 MEDIUM | 6.5 MEDIUM |
| A heap buffer overflow vulnerability in Ap4TrunAtom.cpp of Bento 1.5.1-628 may lead to an out-of-bounds write while running mp42aac, leading to system crashes and a denial of service (DOS). | |||||
| CVE-2021-40942 | 1 Gpac | 1 Gpac | 2022-07-07 | 4.3 MEDIUM | 5.5 MEDIUM |
| In GPAC MP4Box v1.1.0, there is a heap-buffer-overflow in the function filter_parse_dyn_args function in filter_core/filter.c:1454, as demonstrated by GPAC. This can cause a denial of service (DOS). | |||||
| CVE-2020-16305 | 3 Artifex, Canonical, Debian | 3 Ghostscript, Ubuntu Linux, Debian Linux | 2022-06-29 | 4.3 MEDIUM | 5.5 MEDIUM |
| A buffer overflow vulnerability in pcx_write_rle() in contrib/japanese/gdev10v.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51. | |||||
| CVE-2020-16304 | 3 Artifex, Canonical, Debian | 3 Ghostscript, Ubuntu Linux, Debian Linux | 2022-06-29 | 4.3 MEDIUM | 5.5 MEDIUM |
| A buffer overflow vulnerability in image_render_color_thresh() in base/gxicolor.c of Artifex Software GhostScript v9.50 allows a remote attacker to escalate privileges via a crafted eps file. This is fixed in v9.51. | |||||
| CVE-2020-17538 | 3 Artifex, Canonical, Debian | 3 Ghostscript, Ubuntu Linux, Debian Linux | 2022-06-29 | 4.3 MEDIUM | 5.5 MEDIUM |
| A buffer overflow vulnerability in GetNumSameData() in contrib/lips4/gdevlips.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51. | |||||
| CVE-2020-16309 | 3 Artifex, Canonical, Debian | 3 Ghostscript, Ubuntu Linux, Debian Linux | 2022-06-29 | 4.3 MEDIUM | 5.5 MEDIUM |
| A buffer overflow vulnerability in lxm5700m_print_page() in devices/gdevlxm.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted eps file. This is fixed in v9.51. | |||||
| CVE-2020-16308 | 3 Artifex, Canonical, Debian | 3 Ghostscript, Ubuntu Linux, Debian Linux | 2022-06-29 | 4.3 MEDIUM | 5.5 MEDIUM |
| A buffer overflow vulnerability in p_print_image() in devices/gdevcdj.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51. | |||||
| CVE-2021-46822 | 1 Libjpeg-turbo | 1 Libjpeg-turbo | 2022-06-28 | 4.3 MEDIUM | 5.5 MEDIUM |
| The PPM reader in libjpeg-turbo through 2.0.90 mishandles use of tjLoadImage for loading a 16-bit binary PPM file into a grayscale buffer and loading a 16-bit binary PGM file into an RGB buffer. This is related to a heap-based buffer overflow in the get_word_rgb_row function in rdppm.c. | |||||
| CVE-2014-125025 | 1 Ffmpeg | 1 Ffmpeg | 2022-06-27 | 4.3 MEDIUM | 5.5 MEDIUM |
| A vulnerability classified as problematic has been found in FFmpeg 2.0. This affects the function decode_pulses. The manipulation leads to memory corruption. It is possible to initiate the attack remotely. It is recommended to apply a patch to fix this issue. | |||||
| CVE-2014-125023 | 1 Ffmpeg | 1 Ffmpeg | 2022-06-27 | 4.3 MEDIUM | 5.5 MEDIUM |
| A vulnerability was found in FFmpeg 2.0. It has been declared as problematic. Affected by this vulnerability is the function truemotion1_decode_header of the component Truemotion1 Handler. The manipulation leads to memory corruption. The attack can be launched remotely. It is recommended to apply a patch to fix this issue. | |||||
| CVE-2014-125022 | 1 Ffmpeg | 1 Ffmpeg | 2022-06-27 | 4.3 MEDIUM | 5.5 MEDIUM |
| A vulnerability was found in FFmpeg 2.0. It has been classified as problematic. Affected is the function shorten_decode_frame of the component Bitstream Buffer. The manipulation leads to memory corruption. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue. | |||||
| CVE-2014-125021 | 1 Ffmpeg | 1 Ffmpeg | 2022-06-27 | 4.3 MEDIUM | 5.5 MEDIUM |
| A vulnerability was found in FFmpeg 2.0 and classified as problematic. This issue affects the function cmv_process_header. The manipulation leads to memory corruption. The attack may be initiated remotely. It is recommended to apply a patch to fix this issue. | |||||
| CVE-2014-125019 | 1 Ffmpeg | 1 Ffmpeg | 2022-06-27 | 4.3 MEDIUM | 5.5 MEDIUM |
| A vulnerability, which was classified as problematic, was found in FFmpeg 2.0. This affects the function decode_nal_unit of the component Slice Segment Handler. The manipulation leads to memory corruption. It is possible to initiate the attack remotely. It is recommended to apply a patch to fix this issue. | |||||
| CVE-2014-125018 | 1 Ffmpeg | 1 Ffmpeg | 2022-06-27 | 4.3 MEDIUM | 5.5 MEDIUM |
| A vulnerability, which was classified as problematic, has been found in FFmpeg 2.0. Affected by this issue is the function decode_slice_header. The manipulation leads to memory corruption. The attack may be launched remotely. It is recommended to apply a patch to fix this issue. | |||||
| CVE-2014-125005 | 1 Ffmpeg | 1 Ffmpeg | 2022-06-27 | 4.3 MEDIUM | 5.5 MEDIUM |
| A vulnerability, which was classified as problematic, was found in FFmpeg 2.0. This affects the function decode_vol_header of the file libavcodec/mpeg4videodec.c. The manipulation leads to memory corruption. It is possible to initiate the attack remotely. It is recommended to apply a patch to fix this issue. | |||||
| CVE-2014-125007 | 1 Ffmpeg | 1 Ffmpeg | 2022-06-27 | 4.3 MEDIUM | 5.5 MEDIUM |
| A vulnerability classified as problematic was found in FFmpeg 2.0. Affected by this vulnerability is the function intra_pred of the file libavcodec/hevcpred_template.c. The manipulation leads to memory corruption. The attack can be launched remotely. It is recommended to apply a patch to fix this issue. | |||||
| CVE-2014-125006 | 1 Ffmpeg | 1 Ffmpeg | 2022-06-27 | 4.3 MEDIUM | 5.5 MEDIUM |
| A vulnerability, which was classified as problematic, has been found in FFmpeg 2.0. Affected by this issue is the function output_frame of the file libavcodec/h264.c. The manipulation leads to memory corruption. The attack may be launched remotely. It is recommended to apply a patch to fix this issue. | |||||
| CVE-2014-125004 | 1 Ffmpeg | 1 Ffmpeg | 2022-06-27 | 4.3 MEDIUM | 5.5 MEDIUM |
| A vulnerability has been found in FFmpeg 2.0 and classified as problematic. This vulnerability affects the function decode_hextile of the file libavcodec/vmnc.c. The manipulation leads to memory corruption. The attack can be initiated remotely. It is recommended to apply a patch to fix this issue. | |||||
| CVE-2014-125002 | 1 Ffmpeg | 1 Ffmpeg | 2022-06-27 | 4.3 MEDIUM | 5.5 MEDIUM |
| A vulnerability was found in FFmpeg 2.0. It has been classified as problematic. Affected is the function dnxhd_init_rc of the file libavcodec/dnxhdenc.c. The manipulation leads to memory corruption. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue. | |||||
| CVE-2014-125003 | 1 Ffmpeg | 1 Ffmpeg | 2022-06-27 | 4.3 MEDIUM | 5.5 MEDIUM |
| A vulnerability was found in FFmpeg 2.0 and classified as problematic. This issue affects the function get_siz of the file libavcodec/jpeg2000dec.c. The manipulation leads to memory corruption. The attack may be initiated remotely. It is recommended to apply a patch to fix this issue. | |||||