Search
Total
6424 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-28384 | 1 Siemens | 1 Solid Edge | 2021-12-10 | 6.8 MEDIUM | 7.8 HIGH |
| A vulnerability has been identified in Solid Edge SE2020 (All Versions < SE2020MP12), Solid Edge SE2021 (All Versions < SE2021MP2). Affected applications lack proper validation of user-supplied data when parsing PAR files. This could lead to a stack based buffer overflow. An attacker could leverage this vulnerability to execute code in the context of the current process. | |||||
| CVE-2020-28386 | 1 Siemens | 1 Solid Edge | 2021-12-10 | 6.8 MEDIUM | 7.8 HIGH |
| A vulnerability has been identified in Solid Edge SE2020 (All Versions < SE2020MP12), Solid Edge SE2021 (All Versions < SE2021MP2). Affected applications lack proper validation of user-supplied data when parsing DFT files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. | |||||
| CVE-2020-28385 | 1 Siemens | 1 Solid Edge | 2021-12-10 | 6.8 MEDIUM | 7.8 HIGH |
| A vulnerability has been identified in Solid Edge SE2020 (All versions < SE2020MP13), Solid Edge SE2021 (All Versions < SE2021MP4). Affected applications lack proper validation of user-supplied data when parsing DFT files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-12049) | |||||
| CVE-2021-27380 | 1 Siemens | 1 Solid Edge | 2021-12-10 | 6.8 MEDIUM | 7.8 HIGH |
| A vulnerability has been identified in Solid Edge SE2020 (All versions < SE2020MP13), Solid Edge SE2021 (All Versions < SE2021MP4). Affected applications lack proper validation of user-supplied data when parsing PAR files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-12532) | |||||
| CVE-2006-3897 | 1 Microsoft | 2 Internet Explorer, Windows 2000 | 2021-12-10 | 5.0 MEDIUM | N/A |
| Stack overflow in Microsoft Internet Explorer 6 on Windows 2000 allows remote attackers to cause a denial of service (application crash) by creating an NMSA.ASFSourceMediaDescription.1 ActiveX object with a long dispValue property. | |||||
| CVE-2019-9075 | 4 Canonical, F5, Gnu and 1 more | 18 Ubuntu Linux, Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager and 15 more | 2021-12-10 | 6.8 MEDIUM | 7.8 HIGH |
| An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is a heap-based buffer overflow in _bfd_archive_64_bit_slurp_armap in archive64.c. | |||||
| CVE-2021-39218 | 2 Bytecodealliance, Fedoraproject | 2 Wasmtime, Fedora | 2021-12-10 | 3.3 LOW | 6.3 MEDIUM |
| Wasmtime is an open source runtime for WebAssembly & WASI. In Wasmtime from version 0.26.0 and before version 0.30.0 is affected by a memory unsoundness vulnerability. There was an invalid free and out-of-bounds read and write bug when running Wasm that uses `externref`s in Wasmtime. To trigger this bug, Wasmtime needs to be running Wasm that uses `externref`s, the host creates non-null `externrefs`, Wasmtime performs a garbage collection (GC), and there has to be a Wasm frame on the stack that is at a GC safepoint where there are no live references at this safepoint, and there is a safepoint with live references earlier in this frame's function. Under this scenario, Wasmtime would incorrectly use the GC stack map for the safepoint from earlier in the function instead of the empty safepoint. This would result in Wasmtime treating arbitrary stack slots as `externref`s that needed to be rooted for GC. At the *next* GC, it would be determined that nothing was referencing these bogus `externref`s (because nothing could ever reference them, because they are not really `externref`s) and then Wasmtime would deallocate them and run `<ExternRef as Drop>::drop` on them. This results in a free of memory that is not necessarily on the heap (and shouldn't be freed at this moment even if it was), as well as potential out-of-bounds reads and writes. Even though support for `externref`s (via the reference types proposal) is enabled by default, unless you are creating non-null `externref`s in your host code or explicitly triggering GCs, you cannot be affected by this bug. We have reason to believe that the effective impact of this bug is relatively small because usage of `externref` is currently quite rare. This bug has been patched and users should upgrade to Wasmtime version 0.30.0. If you cannot upgrade Wasmtime at this time, you can avoid this bug by disabling the reference types proposal by passing `false` to `wasmtime::Config::wasm_reference_types`. | |||||
| CVE-2021-44352 | 1 Tendacn | 2 Ac15, Ac15 Firmware | 2021-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| A Stack-based Buffer Overflow vulnerability exists in the Tenda AC15 V15.03.05.18_multi device via the list parameter in a post request in goform/SetIpMacBind. | |||||
| CVE-2021-20221 | 3 Debian, Qemu, Redhat | 3 Debian Linux, Qemu, Enterprise Linux | 2021-12-10 | 2.1 LOW | 6.0 MEDIUM |
| An out-of-bounds heap buffer access issue was found in the ARM Generic Interrupt Controller emulator of QEMU up to and including qemu 4.2.0on aarch64 platform. The issue occurs because while writing an interrupt ID to the controller memory area, it is not masked to be 4 bits wide. It may lead to the said issue while updating controller state fields and their subsequent processing. A privileged guest user may use this flaw to crash the QEMU process on the host resulting in DoS scenario. | |||||
| CVE-2021-21155 | 3 Fedoraproject, Google, Microsoft | 3 Fedora, Chrome, Windows | 2021-12-10 | 6.8 MEDIUM | 9.6 CRITICAL |
| Heap buffer overflow in Tab Strip in Google Chrome on Windows prior to 88.0.4324.182 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. | |||||
| CVE-2021-21154 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2021-12-10 | 6.8 MEDIUM | 9.6 CRITICAL |
| Heap buffer overflow in Tab Strip in Google Chrome prior to 88.0.4324.182 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. | |||||
| CVE-2021-21152 | 3 Fedoraproject, Google, Linux | 3 Fedora, Chrome, Linux Kernel | 2021-12-10 | 6.8 MEDIUM | 8.8 HIGH |
| Heap buffer overflow in Media in Google Chrome on Linux prior to 88.0.4324.182 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2021-21153 | 3 Fedoraproject, Google, Linux | 3 Fedora, Chrome, Linux Kernel | 2021-12-10 | 6.8 MEDIUM | 8.8 HIGH |
| Stack buffer overflow in GPU Process in Google Chrome on Linux prior to 88.0.4324.182 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. | |||||
| CVE-2021-21149 | 3 Fedoraproject, Google, Linux | 3 Fedora, Chrome, Linux Kernel | 2021-12-10 | 6.8 MEDIUM | 8.8 HIGH |
| Stack buffer overflow in Data Transfer in Google Chrome on Linux prior to 88.0.4324.182 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. | |||||
| CVE-2020-14386 | 4 Debian, Fedoraproject, Linux and 1 more | 4 Debian Linux, Fedora, Linux Kernel and 1 more | 2021-12-10 | 7.2 HIGH | 7.8 HIGH |
| A flaw was found in the Linux kernel before 5.9-rc4. Memory corruption can be exploited to gain root privileges from unprivileged processes. The highest threat from this vulnerability is to data confidentiality and integrity. | |||||
| CVE-2021-30568 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2021-12-10 | 6.8 MEDIUM | 8.8 HIGH |
| Heap buffer overflow in WebGL in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2021-30575 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2021-12-10 | 6.8 MEDIUM | 8.8 HIGH |
| Out of bounds write in Autofill in Google Chrome prior to 92.0.4515.107 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2021-20043 | 1 Sonicwall | 10 Sma 200, Sma 200 Firmware, Sma 210 and 7 more | 2021-12-10 | 6.5 MEDIUM | 8.8 HIGH |
| A Heap-based buffer overflow vulnerability in SonicWall SMA100 getBookmarks method allows a remote authenticated attacker to potentially execute code as the nobody user in the appliance. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances. | |||||
| CVE-2021-27365 | 4 Debian, Linux, Netapp and 1 more | 5 Debian Linux, Linux Kernel, Solidfire Baseboard Management Controller and 2 more | 2021-12-10 | 4.6 MEDIUM | 7.8 HIGH |
| An issue was discovered in the Linux kernel through 5.11.3. Certain iSCSI data structures do not have appropriate length constraints or checks, and can exceed the PAGE_SIZE value. An unprivileged user can send a Netlink message that is associated with iSCSI, and has a length up to the maximum length of a Netlink message. | |||||
| CVE-2021-36173 | 1 Fortinet | 14 Fortigate-1100e, Fortigate-200f, Fortigate-2600f and 11 more | 2021-12-10 | 6.8 MEDIUM | 8.8 HIGH |
| A heap-based buffer overflow in the firmware signature verification function of FortiOS versions 7.0.1, 7.0.0, 6.4.0 through 6.4.6, 6.2.0 through 6.2.9, and 6.0.0 through 6.0.13 may allow an attacker to execute arbitrary code via specially crafted installation images. | |||||
| CVE-2021-41017 | 1 Fortinet | 1 Fortiweb | 2021-12-10 | 6.5 MEDIUM | 8.8 HIGH |
| Multiple heap-based buffer overflow vulnerabilities in some web API controllers of FortiWeb 6.4.1, 6.4.0, and 6.3.0 through 6.3.15 may allow a remote authenticated attacker to execute arbitrary code or commands via specifically crafted HTTP requests. | |||||
| CVE-2021-36194 | 1 Fortinet | 1 Fortiweb | 2021-12-10 | 6.5 MEDIUM | 8.8 HIGH |
| Multiple stack-based buffer overflows in the API controllers of FortiWeb 6.4.1, 6.4.0, and 6.3.0 through 6.3.15 may allow an authenticated attacker to achieve arbitrary code execution via specially crafted requests. | |||||
| CVE-2021-43071 | 1 Fortinet | 1 Fortiweb | 2021-12-10 | 6.5 MEDIUM | 8.8 HIGH |
| A heap-based buffer overflow in Fortinet FortiWeb version 6.4.1 and 6.4.0, version 6.3.15 and below, version 6.2.6 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests to the LogReport API controller. | |||||
| CVE-2021-41027 | 1 Fortinet | 1 Fortiweb | 2021-12-09 | 4.6 MEDIUM | 7.8 HIGH |
| A stack-based buffer overflow in Fortinet FortiWeb version 6.4.1 and 6.4.0, allows an authenticated attacker to execute unauthorized code or commands via crafted certificates loaded into the device. | |||||
| CVE-2021-37049 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2021-12-09 | 7.5 HIGH | 9.8 CRITICAL |
| There is a Heap-based buffer overflow vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may rewrite the memory of adjacent objects. | |||||
| CVE-2020-9144 | 1 Huawei | 2 Emui, Magic Ui | 2021-12-09 | 7.5 HIGH | 9.8 CRITICAL |
| There is a heap overflow vulnerability in some Huawei smartphone, attackers can exploit this vulnerability to cause heap overflows due to improper restriction of operations within the bounds of a memory buffer. | |||||
| CVE-2021-22427 | 1 Huawei | 2 Emui, Magic Ui | 2021-12-09 | 6.8 MEDIUM | 8.1 HIGH |
| There is a Heap-based Buffer Overflow Vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to authentication bypass. | |||||
| CVE-2021-22414 | 1 Huawei | 2 Emui, Magic Ui | 2021-12-09 | 5.0 MEDIUM | 7.5 HIGH |
| There is a Memory Buffer Errors Vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause the system to reset. | |||||
| CVE-2021-37011 | 1 Huawei | 1 Harmonyos | 2021-12-09 | 9.4 HIGH | 9.1 CRITICAL |
| There is a Stack-based Buffer Overflow vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to Out-of-bounds read. | |||||
| CVE-2021-30565 | 3 Fedoraproject, Google, Linux | 4 Fedora, Chrome, Chrome Os and 1 more | 2021-12-08 | 6.8 MEDIUM | 8.8 HIGH |
| Out of bounds write in Tab Groups in Google Chrome on Linux and ChromeOS prior to 92.0.4515.107 allowed an attacker who convinced a user to install a malicious extension to perform an out of bounds memory write via a crafted HTML page. | |||||
| CVE-2021-30566 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2021-12-08 | 6.8 MEDIUM | 8.8 HIGH |
| Stack buffer overflow in Printing in Google Chrome prior to 92.0.4515.107 allowed a remote attacker who had compromised the renderer process to potentially exploit stack corruption via a crafted HTML page. | |||||
| CVE-2021-27034 | 1 Autodesk | 1 Design Review | 2021-12-08 | 6.8 MEDIUM | 7.8 HIGH |
| A heap-based buffer overflow could occur while parsing PICT, PCX, RCL or TIFF files in Autodesk Design Review 2018, 2017, 2013, 2012, 2011. This vulnerability can be exploited to execute arbitrary code. | |||||
| CVE-2021-24041 | 1 Whatsapp | 2 Whatsapp, Whatsapp Business | 2021-12-08 | 7.5 HIGH | 9.8 CRITICAL |
| A missing bounds check in image blurring code prior to WhatsApp for Android v2.21.22.7 and WhatsApp Business for Android v2.21.22.7 could have allowed an out-of-bounds write if a user sent a malicious image. | |||||
| CVE-2021-44048 | 1 Opendesign | 1 Drawings Explorer | 2021-12-07 | 6.8 MEDIUM | 7.8 HIGH |
| An out-of-bounds write vulnerability exists when reading a TIF file using Open Design Alliance (ODA) Drawings Explorer before 2022.11. The specific issue exists after loading TIF files. Crafted data in a TIF file can trigger a write operation past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. | |||||
| CVE-2021-44046 | 1 Opendesign | 1 Prc Sdk | 2021-12-07 | 6.8 MEDIUM | 7.8 HIGH |
| An out-of-bounds write vulnerability exists when reading U3D files in Open Design Alliance PRC SDK before 2022.11. An unchecked return value of a function (verifying input data from a U3D file) leads to an out-of-bounds write. An attacker can leverage this vulnerability to execute code in the context of the current process. | |||||
| CVE-2021-44045 | 1 Opendesign | 1 Drawings Sdk | 2021-12-07 | 6.8 MEDIUM | 7.8 HIGH |
| An out-of-bounds write vulnerability exists when reading a DGN file using Open Design Alliance Drawings SDK before 2022.11. The specific issue exists within the parsing of DGN files. Crafted data in a DGN file and lack of proper validation for the XFAT sectors count can trigger a write operation past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. | |||||
| CVE-2021-44044 | 1 Opendesign | 1 Drawings Sdk | 2021-12-07 | 6.8 MEDIUM | 7.8 HIGH |
| An out-of-bounds write vulnerability exists when reading a JPG file using Open Design Alliance Drawings SDK before 2022.11. The specific issue exists with parsing JPG files. Crafted data in a JPG (4 extraneous bytes before the marker 0xca) can trigger a write operation past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. | |||||
| CVE-2021-35344 | 1 Tsmuxer Project | 1 Tsmuxer | 2021-12-06 | 7.5 HIGH | 9.8 CRITICAL |
| tsMuxer v2.6.16 was discovered to contain a heap-based buffer overflow via the function BitStreamReader::getCurVal in bitStream.h. | |||||
| CVE-2021-35346 | 1 Tsmuxer Project | 1 Tsmuxer | 2021-12-06 | 7.5 HIGH | 9.8 CRITICAL |
| tsMuxer v2.6.16 was discovered to contain a heap-based buffer overflow via the function HevcSpsUnit::short_term_ref_pic_set(int) in hevc.cpp. | |||||
| CVE-2021-28237 | 1 Gnu | 1 Libredwg | 2021-12-06 | 7.5 HIGH | 9.8 CRITICAL |
| LibreDWG v0.12.3 was discovered to contain a heap-buffer overflow via decode_preR13. | |||||
| CVE-2019-17041 | 4 Debian, Fedoraproject, Opensuse and 1 more | 4 Debian Linux, Fedora, Leap and 1 more | 2021-12-06 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Rsyslog v8.1908.0. contrib/pmaixforwardedfrom/pmaixforwardedfrom.c has a heap overflow in the parser for AIX log messages. The parser tries to locate a log message delimiter (in this case, a space or a colon) but fails to account for strings that do not satisfy this constraint. If the string does not match, then the variable lenMsg will reach the value zero and will skip the sanity check that detects invalid log messages. The message will then be considered valid, and the parser will eat up the nonexistent colon delimiter. In doing so, it will decrement lenMsg, a signed integer, whose value was zero and now becomes minus one. The following step in the parser is to shift left the contents of the message. To do this, it will call memmove with the right pointers to the target and destination strings, but the lenMsg will now be interpreted as a huge value, causing a heap overflow. | |||||
| CVE-2020-0110 | 2 Google, Intel | 279 Android, Core I3-1000g1, Core I3-1000g1 Firmware and 276 more | 2021-12-06 | 4.6 MEDIUM | 7.8 HIGH |
| In psi_write of psi.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-148159562References: Upstream kernel | |||||
| CVE-2020-6361 | 1 Sap | 1 3d Visual Enterprise Viewer | 2021-12-06 | 4.3 MEDIUM | 4.3 MEDIUM |
| SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated RLE files received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation. | |||||
| CVE-2020-6360 | 1 Sap | 1 3d Visual Enterprise Viewer | 2021-12-06 | 4.3 MEDIUM | 4.3 MEDIUM |
| SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated DIB file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation. | |||||
| CVE-2020-6359 | 1 Sap | 1 3d Visual Enterprise Viewer | 2021-12-06 | 4.3 MEDIUM | 4.3 MEDIUM |
| SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated PLT file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation. | |||||
| CVE-2020-6358 | 1 Sap | 1 3d Visual Enterprise Viewer | 2021-12-06 | 4.3 MEDIUM | 4.3 MEDIUM |
| SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated FBX file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation. | |||||
| CVE-2021-20305 | 5 Debian, Fedoraproject, Netapp and 2 more | 6 Debian Linux, Fedora, Active Iq Unified Manager and 3 more | 2021-12-06 | 6.8 MEDIUM | 8.1 HIGH |
| A flaw was found in Nettle in versions before 3.7.2, where several Nettle signature verification functions (GOST DSA, EDDSA & ECDSA) result in the Elliptic Curve Cryptography point (ECC) multiply function being called with out-of-range scalers, possibly resulting in incorrect results. This flaw allows an attacker to force an invalid signature, causing an assertion failure or possible validation. The highest threat to this vulnerability is to confidentiality, integrity, as well as system availability. | |||||
| CVE-2020-6357 | 1 Sap | 1 3d Visual Enterprise Viewer | 2021-12-06 | 4.3 MEDIUM | 4.3 MEDIUM |
| SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated U3D file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation. | |||||
| CVE-2020-6356 | 1 Sap | 1 3d Visual Enterprise Viewer | 2021-12-04 | 4.3 MEDIUM | 4.3 MEDIUM |
| SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated BMP file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation. | |||||
| CVE-2020-6355 | 1 Sap | 1 3d Visual Enterprise Viewer | 2021-12-04 | 4.3 MEDIUM | 4.3 MEDIUM |
| SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated TGA file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation. | |||||