Total
12110 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-30530 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2024-02-04 | 6.8 MEDIUM | 8.8 HIGH |
| Out of bounds memory access in WebAudio in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. | |||||
| CVE-2020-20247 | 1 Mikrotik | 1 Routeros | 2024-02-04 | 4.0 MEDIUM | 6.5 MEDIUM |
| Mikrotik RouterOs before 6.46.5 (stable tree) suffers from a memory corruption vulnerability in the /nova/bin/traceroute process. An authenticated remote attacker can cause a Denial of Service due via the loop counter variable. | |||||
| CVE-2021-36077 | 2 Adobe, Microsoft | 2 Bridge, Windows | 2024-02-04 | 4.3 MEDIUM | 5.5 MEDIUM |
| Adobe Bridge version 11.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious SVG file, potentially resulting in local application denial of service in the context of the current user. User interaction is required to exploit this vulnerability. | |||||
| CVE-2020-28022 | 1 Exim | 1 Exim | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| Exim 4 before 4.94.2 has Improper Restriction of Write Operations within the Bounds of a Memory Buffer. This occurs when processing name=value pairs within MAIL FROM and RCPT TO commands. | |||||
| CVE-2021-21853 | 2 Debian, Gpac | 2 Debian Linux, Gpac | 2024-02-04 | 6.8 MEDIUM | 8.8 HIGH |
| Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow due to unchecked addition arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability. | |||||
| CVE-2021-0054 | 1 Intel | 154 Nuc 10 Performance Kit Nuc10i3fnh, Nuc 10 Performance Kit Nuc10i3fnh Firmware, Nuc 10 Performance Kit Nuc10i3fnhf and 151 more | 2024-02-04 | 4.6 MEDIUM | 6.7 MEDIUM |
| Improper buffer restrictions in system firmware for some Intel(R) NUCs may allow a privileged user to potentially enable escalation of privilege via local access. | |||||
| CVE-2021-32027 | 2 Postgresql, Redhat | 4 Postgresql, Enterprise Linux, Jboss Enterprise Application Platform and 1 more | 2024-02-04 | 6.5 MEDIUM | 8.8 HIGH |
| A flaw was found in postgresql in versions before 13.3, before 12.7, before 11.12, before 10.17 and before 9.6.22. While modifying certain SQL array values, missing bounds checks let authenticated database users write arbitrary bytes to a wide area of server memory. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | |||||
| CVE-2021-0227 | 1 Juniper | 22 Junos, Srx100, Srx110 and 19 more | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| An improper restriction of operations within the bounds of a memory buffer vulnerability in Juniper Networks Junos OS J-Web on SRX Series devices allows an attacker to cause Denial of Service (DoS) by sending certain crafted HTTP packets. Continued receipt and processing of these packets will create a sustained Denial of Service (DoS) condition. When this issue occurs, web-management, NTP daemon (ntpd) and Layer 2 Control Protocol process (L2CPD) daemons might crash. This issue affects Juniper Networks Junos OS on SRX Series: 17.3 versions prior to 17.3R3-S9; 17.4 versions prior to 17.4R2-S11, 17.4R3-S2; 18.2 versions prior to 18.2R3-S5; 18.3 versions prior to 18.3R2-S4, 18.3R3-S3; 18.4 versions prior to 18.4R2-S5, 18.4R3-S4; 19.1 versions prior to 19.1R3-S2; 19.2 versions prior to 19.2R1-S5, 19.2R3; 19.3 versions prior to 19.3R3; 19.4 versions prior to 19.4R2-S1, 19.4R3; 20.1 versions prior to 20.1R1-S2, 20.1R2; | |||||
| CVE-2021-21808 | 1 Accusoft | 1 Imagegear | 2024-02-04 | 6.8 MEDIUM | 8.8 HIGH |
| A memory corruption vulnerability exists in the PNG png_palette_process functionality of Accusoft ImageGear 19.9. A specially crafted malformed file can lead to a heap buffer overflow. An attacker can provide malicious inputs to trigger this vulnerability. | |||||
| CVE-2020-36445 | 1 Project | 1 Convec | 2024-02-04 | 6.8 MEDIUM | 8.1 HIGH |
| An issue was discovered in the convec crate through 2020-11-24 for Rust. There are unconditional implementations of Send and Sync for ConVec<T>. | |||||
| CVE-2021-20589 | 1 Mitsubishi | 12 Gs21, Gs21 Firmware, Gt21 and 9 more | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| Buffer access with incorrect length value vulnerability in GOT2000 series GT27 model communication driver versions 01.19.000 through 01.38.000, GT25 model communication driver versions 01.19.000 through 01.38.000, GT23 model communication driver versions 01.19.000 through 01.38.000 and GT21 model communication driver versions 01.21.000 through 01.39.000, GOT SIMPLE series GS21 model communication driver versions 01.21.000 through 01.39.000, GT SoftGOT2000 versions 1.170C through 1.250L and Tension Controller LE7-40GU-L Screen package data for MODBUS/TCP V1.00 allows a remote unauthenticated attacker to stop the communication function of the products via specially crafted packets. | |||||
| CVE-2020-8703 | 3 Intel, Netapp, Siemens | 368 B150, B250, B360 and 365 more | 2024-02-04 | 4.6 MEDIUM | 6.7 MEDIUM |
| Improper buffer restrictions in a subsystem in the Intel(R) CSME versions before 11.8.86, 11.12.86, 11.22.86, 12.0.81, 13.0.47, 13.30.17, 14.1.53, 14.5.32 and 15.0.22 may allow a privileged user to potentially enable escalation of privilege via local access. | |||||
| CVE-2021-21843 | 2 Debian, Gpac | 2 Debian Linux, Gpac | 2024-02-04 | 6.8 MEDIUM | 8.8 HIGH |
| Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. After validating the number of ranges, at [41] the library will multiply the count by the size of the GF_SubsegmentRangeInfo structure. On a 32-bit platform, this multiplication can result in an integer overflow causing the space of the array being allocated to be less than expected. An attacker can convince a user to open a video to trigger this vulnerability. | |||||
| CVE-2021-32537 | 1 Realtek | 1 Hda Driver | 2024-02-04 | 4.9 MEDIUM | 6.5 MEDIUM |
| Realtek HAD contains a driver crashed vulnerability which allows local side attackers to send a special string to the kernel driver in a user’s mode. Due to unexpected commands, the kernel driver will cause the system crashed. | |||||
| CVE-2020-27915 | 1 Apple | 1 Mac Os X | 2024-02-04 | 9.3 HIGH | 7.8 HIGH |
| A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1. A malicious application may be able to execute arbitrary code with system privileges. | |||||
| CVE-2021-1509 | 1 Cisco | 18 Vedge-100b, Vedge-100b Firmware, Vedge-cloud and 15 more | 2024-02-04 | 8.5 HIGH | 7.5 HIGH |
| Multiple vulnerabilities in Cisco SD-WAN vEdge Software could allow an attacker to execute arbitrary code as the root user or cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2021-0004 | 2 Fedoraproject, Intel | 3 Fedora, Ethernet Controller E810, Ethernet Controller E810 Firmware | 2024-02-04 | 2.1 LOW | 4.4 MEDIUM |
| Improper buffer restrictions in the firmware of Intel(R) Ethernet Adapters 800 Series Controllers and associated adapters before version 1.5.3.0 may allow a privileged user to potentially enable denial of service via local access. | |||||
| CVE-2020-11258 | 1 Qualcomm | 52 Ar7420, Ar7420 Firmware, Ar9580 and 49 more | 2024-02-04 | 7.2 HIGH | 8.8 HIGH |
| Memory corruption due to lack of validation of pointer arguments passed to Trustzone BSP in Snapdragon Wired Infrastructure and Networking | |||||
| CVE-2021-1479 | 1 Cisco | 1 Sd-wan Vmanage | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
| Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arbitrary code or allow an authenticated, local attacker to gain escalated privileges on an affected system. For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2021-22438 | 1 Huawei | 2 Emui, Magic Ui | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| There is a Memory Buffer Improper Operation Limit Vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause malicious code to be executed. | |||||