Total
6900 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-28021 | 3 Debian, Fedoraproject, Stb Project | 3 Debian Linux, Fedora, Stb | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| Buffer overflow vulnerability in function stbi__extend_receive in stb_image.h in stb 2.26 via a crafted JPEG file. | |||||
| CVE-2021-27954 | 1 Ecobee | 2 Ecobee3 Lite, Ecobee3 Lite Firmware | 2024-11-21 | 6.4 MEDIUM | 8.2 HIGH |
| A heap-based buffer overflow vulnerability exists on the ecobee3 lite 4.5.81.200 device in the HKProcessConfig function of the HomeKit Wireless Access Control setup process. A threat actor can exploit this vulnerability to force the device to connect to a SSID or cause a denial of service. | |||||
| CVE-2021-27799 | 1 Zint | 1 Barcode Generator | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| ean_leading_zeroes in backend/upcean.c in Zint Barcode Generator 2.9.1 has a stack-based buffer overflow that is reachable from the C API through an application that includes the Zint Barcode Generator library code. | |||||
| CVE-2021-27790 | 1 Broadcom | 1 Fabric Operating System | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| The command ipfilter in Brocade Fabric OS before Brocade Fabric OS v.9.0.1a, v8.2.3, and v8.2.0_CBN4, and v7.4.2h uses unsafe string function to process user input. Authenticated attackers can abuse this vulnerability to exploit stack-based buffer overflows, allowing execution of arbitrary code as the root user account. | |||||
| CVE-2021-27633 | 1 Sap | 1 Netweaver Abap | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| SAP NetWeaver AS for ABAP (RFC Gateway), versions - KRNL32NUC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL - 7.22,8.04,7.49,7.53,7.73,7.77,7.81,7.82,7.83, allows an unauthenticated attacker without specific knowledge of the system to send a specially crafted packet over a network which will trigger an internal error in the system due to improper input validation in method ThCPIC() causing the system to crash and rendering it unavailable. In this attack, no data in the system can be viewed or modified. | |||||
| CVE-2021-27628 | 1 Sap | 1 Netweaver As Abap | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| SAP NetWeaver ABAP Server and ABAP Platform (Dispatcher), versions - KRNL32NUC - 7.22,7.22EXT, KRNL32UC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL - 7.22,8.04,7.49,7.53,7.73,7.77,7.81,7.82,7.83, allows an unauthenticated attacker without specific knowledge of the system to send a specially crafted packet over a network which will trigger an internal error in the system due to improper input validation in method DpRTmPrepareReq() causing the system to crash and rendering it unavailable. In this attack, no data in the system can be viewed or modified. | |||||
| CVE-2021-27488 | 3 Datakit, Luxion, Siemens | 6 Crosscadware, Keyshot, Solid Edge Se2020 and 3 more | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| Datakit Software libraries CatiaV5_3dRead, CatiaV6_3dRead, Step3dRead, Ug3dReadPsr, Jt3dReadPsr modules in KeyShot Versions v10.1 and prior lack proper validation of user-supplied data when parsing CATPart files. This could result in an out-of-bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. | |||||
| CVE-2021-27477 | 1 Jtekt | 44 2port-efr, 2port-efr Firmware, Fl\/et-t-v2h and 41 more | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| When JTEKT Corporation TOYOPUC PLC versions PC10G-CPU, 2PORT-EFR, Plus CPU, Plus EX, Plus EX2, Plus EFR, Plus EFR2, Plus 2P-EFR, PC10P-DP, PC10P-DP-IO, Plus BUS-EX, Nano 10GX, Nano 2ET,PC10PE, PC10PE-16/16P, PC10E, FL/ET-T-V2H, PC10B,PC10B-P, Nano CPU, PC10P, and PC10GE receive an invalid frame, the outside area of a receive buffer for FL-net are overwritten. As a result, the PLC CPU detects a system error, and the affected products stop. | |||||
| CVE-2021-27413 | 1 Omron | 2 Cx-one, Cx-server | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| Omron CX-One Versions 4.60 and prior, including CX-Server Versions 5.0.29.0 and prior, are vulnerable to a stack-based buffer overflow, which may allow an attacker to execute arbitrary code. | |||||
| CVE-2021-27399 | 1 Siemens | 1 Simcenter Femap | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| A vulnerability has been identified in Simcenter Femap 2020.2 (All versions < V2020.2.MP3), Simcenter Femap 2021.1 (All versions < V2021.1.MP3). The femap.exe application lacks proper validation of user-supplied data when parsing FEMAP files. This could result in an out of bounds write past the end of an allocated structure, a different vulnerability than CVE-2021-27387. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-12820) | |||||
| CVE-2021-27397 | 1 Siemens | 1 Tecnomatix Plant Simulation | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V16.0.5). The PlantSimCore.dll library lacks proper validation of user-supplied data when parsing SPP files. This could result in a memory corruption condition. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13287) | |||||
| CVE-2021-27390 | 1 Siemens | 2 Jt2go, Teamcenter Visualization | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| A vulnerability has been identified in JT2Go (All versions < V13.1.0.3), Teamcenter Visualization (All versions < V13.1.0.3). The TIFF_loader.dll library in affected applications lacks proper validation of user-supplied data when parsing TIFF files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13131) | |||||
| CVE-2021-27387 | 1 Siemens | 1 Simcenter Femap | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| A vulnerability has been identified in Simcenter Femap 2020.2 (All versions < V2020.2.MP3), Simcenter Femap 2021.1 (All versions < V2021.1.MP3). The femap.exe application lacks proper validation of user-supplied data when parsing FEMAP files. This could result in an out of bounds write past the end of an allocated structure, a different vulnerability than CVE-2021-27399. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-12819) | |||||
| CVE-2021-27380 | 1 Siemens | 1 Solid Edge | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| A vulnerability has been identified in Solid Edge SE2020 (All versions < SE2020MP13), Solid Edge SE2021 (All Versions < SE2021MP4). Affected applications lack proper validation of user-supplied data when parsing PAR files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-12532) | |||||
| CVE-2021-27365 | 4 Debian, Linux, Netapp and 1 more | 5 Debian Linux, Linux Kernel, Solidfire Baseboard Management Controller and 2 more | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| An issue was discovered in the Linux kernel through 5.11.3. Certain iSCSI data structures do not have appropriate length constraints or checks, and can exceed the PAGE_SIZE value. An unprivileged user can send a Netlink message that is associated with iSCSI, and has a length up to the maximum length of a Netlink message. | |||||
| CVE-2021-27271 | 2 Foxitsoftware, Microsoft | 3 Foxit Reader, Phantompdf, Windows | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 10.1.0.37527. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of U3D objects embedded in PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12438. | |||||
| CVE-2021-27269 | 2 Foxitsoftware, Microsoft | 3 Foxit Reader, Phantompdf, Windows | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 10.1.0.37527. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of U3D objects in PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process Was ZDI-CAN-12390. | |||||
| CVE-2021-27253 | 1 Netgear | 84 Br200, Br200 Firmware, Br500 and 81 more | 2024-11-21 | 8.3 HIGH | 8.8 HIGH |
| This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR Nighthawk R7800. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of the rc_service parameter provided to apply_bind.cgi. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-12303. | |||||
| CVE-2021-27242 | 1 Parallels | 1 Parallels Desktop | 2024-11-21 | 4.6 MEDIUM | 8.8 HIGH |
| This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.0.1-48919. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the Toolgate component. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of the hypervisor. Was ZDI-CAN-11926. | |||||
| CVE-2021-27232 | 1 Pelco | 1 Digital Sentry Server | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| The RTSPLive555.dll ActiveX control in Pelco Digital Sentry Server 7.18.72.11464 has a SetCameraConnectionParameter stack-based buffer overflow. This can be exploited by a remote attacker to potentially execute arbitrary attacker-supplied code. The victim would have to visit a malicious webpage using Internet Explorer where the exploit could be triggered. | |||||