Total
12110 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-36068 | 2 Adobe, Microsoft | 2 Bridge, Windows | 2024-02-04 | 9.3 HIGH | 7.8 HIGH |
| Adobe Bridge version 11.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious Bridge file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability. | |||||
| CVE-2021-36076 | 2 Adobe, Microsoft | 2 Bridge, Windows | 2024-02-04 | 9.3 HIGH | 7.8 HIGH |
| Adobe Bridge version 11.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious Bridge file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability. | |||||
| CVE-2020-36446 | 1 Signal-simple Project | 1 Signal-simple | 2024-02-04 | 6.8 MEDIUM | 8.1 HIGH |
| An issue was discovered in the signal-simple crate through 2020-11-15 for Rust. There are unconditional implementations of Send and Sync for SyncChannel<T>. | |||||
| CVE-2021-22705 | 1 Schneider-electric | 9 Ecostruxure Machine Expert, Harmony Gk, Harmony Gto and 6 more | 2024-02-04 | 4.6 MEDIUM | 7.8 HIGH |
| Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could cause denial of service or unauthorized access to system information when interacting directly with a driver installed by Vijeo Designer or EcoStruxure Machine Expert | |||||
| CVE-2020-11288 | 1 Qualcomm | 636 Aqt1000, Aqt1000 Firmware, Ar8031 and 633 more | 2024-02-04 | 7.2 HIGH | 7.8 HIGH |
| Out of bound write can occur in playready while processing command due to lack of input validation in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music | |||||
| CVE-2020-36442 | 1 Beef Project | 1 Beef | 2024-02-04 | 6.8 MEDIUM | 8.1 HIGH |
| An issue was discovered in the beef crate before 0.5.0 for Rust. beef::Cow has no Sync bound on its Send trait. | |||||
| CVE-2021-36754 | 1 Powerdns | 1 Authoritative Server | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| PowerDNS Authoritative Server 4.5.0 before 4.5.1 allows anybody to crash the process by sending a specific query (QTYPE 65535) that causes an out-of-bounds exception. | |||||
| CVE-2021-1890 | 1 Qualcomm | 316 Apq8017, Apq8017 Firmware, Apq8037 and 313 more | 2024-02-04 | 7.2 HIGH | 7.8 HIGH |
| Improper length check of public exponent in RSA import key function could cause memory corruption. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Voice & Music, Snapdragon Wearables | |||||
| CVE-2021-25217 | 5 Debian, Fedoraproject, Isc and 2 more | 26 Debian Linux, Fedora, Dhcp and 23 more | 2024-02-04 | 3.3 LOW | 7.4 HIGH |
| In ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16, ISC DHCP 4.4.0 -> 4.4.2 (Other branches of ISC DHCP (i.e., releases in the 4.0.x series or lower and releases in the 4.3.x series) are beyond their End-of-Life (EOL) and no longer supported by ISC. From inspection it is clear that the defect is also present in releases from those series, but they have not been officially tested for the vulnerability), The outcome of encountering the defect while reading a lease that will trigger it varies, according to: the component being affected (i.e., dhclient or dhcpd) whether the package was built as a 32-bit or 64-bit binary whether the compiler flag -fstack-protection-strong was used when compiling In dhclient, ISC has not successfully reproduced the error on a 64-bit system. However, on a 32-bit system it is possible to cause dhclient to crash when reading an improper lease, which could cause network connectivity problems for an affected system due to the absence of a running DHCP client process. In dhcpd, when run in DHCPv4 or DHCPv6 mode: if the dhcpd server binary was built for a 32-bit architecture AND the -fstack-protection-strong flag was specified to the compiler, dhcpd may exit while parsing a lease file containing an objectionable lease, resulting in lack of service to clients. Additionally, the offending lease and the lease immediately following it in the lease database may be improperly deleted. if the dhcpd server binary was built for a 64-bit architecture OR if the -fstack-protection-strong compiler flag was NOT specified, the crash will not occur, but it is possible for the offending lease and the lease which immediately followed it to be improperly deleted. | |||||
| CVE-2020-36437 | 1 Conqueue Project | 1 Conqueue | 2024-02-04 | 6.8 MEDIUM | 8.1 HIGH |
| An issue was discovered in the conqueue crate before 0.4.0 for Rust. There are unconditional implementations of Send and Sync for QueueSender<T>. | |||||
| CVE-2021-20019 | 1 Sonicwall | 2 Sonicos, Sonicosv | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability in SonicOS where the HTTP server response leaks partial memory by sending a crafted HTTP request, this can potentially lead to an internal sensitive data disclosure vulnerability. | |||||
| CVE-2021-0607 | 1 Google | 1 Android | 2024-02-04 | 4.6 MEDIUM | 7.8 HIGH |
| In iaxxx_calc_i2s_div of iaxxx-codec.c, there is a possible hardware port write with user controlled data due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-180950209 | |||||
| CVE-2021-22350 | 1 Huawei | 2 Emui, Magic Ui | 2024-02-04 | 7.8 HIGH | 7.5 HIGH |
| There is a Memory Buffer Improper Operation Limit Vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may cause the device to crash and restart. | |||||
| CVE-2020-20267 | 1 Mikrotik | 1 Routeros | 2024-02-04 | 4.0 MEDIUM | 6.5 MEDIUM |
| Mikrotik RouterOs before 6.47 (stable tree) suffers from a memory corruption vulnerability in the /nova/bin/resolver process. An authenticated remote attacker can cause a Denial of Service due to invalid memory access. | |||||
| CVE-2021-22761 | 1 Schneider-electric | 1 Interactive Graphical Scada System | 2024-02-04 | 6.8 MEDIUM | 7.8 HIGH |
| A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in disclosure of information or remote code e+F15xecution due to missing length check on user supplied data, when a malicious CGF file is imported to IGSS Definition. | |||||
| CVE-2021-21840 | 2 Debian, Gpac | 2 Debian Linux, Gpac | 2024-02-04 | 6.8 MEDIUM | 8.8 HIGH |
| An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input used to process an atom using the “saio” FOURCC code cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability. | |||||
| CVE-2020-36441 | 1 Abox Project | 1 Abox | 2024-02-04 | 6.8 MEDIUM | 8.1 HIGH |
| An issue was discovered in the abox crate before 0.4.1 for Rust. It implements Send and Sync for AtomicBox<T> with no requirement for T: Send and T: Sync. | |||||
| CVE-2021-28878 | 2 Fedoraproject, Rust-lang | 2 Fedora, Rust | 2024-02-04 | 4.3 MEDIUM | 7.5 HIGH |
| In the standard library in Rust before 1.52.0, the Zip implementation calls __iterator_get_unchecked() more than once for the same index (under certain conditions) when next_back() and next() are used together. This bug could lead to a memory safety violation due to an unmet safety requirement for the TrustedRandomAccess trait. | |||||
| CVE-2021-28877 | 1 Rust-lang | 1 Rust | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| In the standard library in Rust before 1.51.0, the Zip implementation calls __iterator_get_unchecked() for the same index more than once when nested. This bug can lead to a memory safety violation due to an unmet safety requirement for the TrustedRandomAccess trait. | |||||
| CVE-2021-22789 | 1 Schneider-electric | 49 Modicon M340 Bmxp341000, Modicon M340 Bmxp342010, Modicon M340 Bmxp342020 and 46 more | 2024-02-04 | 4.0 MEDIUM | 6.5 MEDIUM |
| A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability that could cause a Denial of Service on the Modicon PLC controller / simulator when updating the controller application with a specially crafted project file exists in Modicon M580 CPU (part numbers BMEP* and BMEH*, all versions), Modicon M340 CPU (part numbers BMXP34*, all versions), Modicon MC80 (part numbers BMKC80*, all versions), Modicon Momentum Ethernet CPU (part numbers 171CBU*, all versions), PLC Simulator for EcoStruxureª Control Expert, including all Unity Pro versions (former name of EcoStruxureª Control Expert, all versions), PLC Simulator for EcoStruxureª Process Expert including all HDCS versions (former name of EcoStruxureª Process Expert, all versions), Modicon Quantum CPU (part numbers 140CPU*, all versions), Modicon Premium CPU (part numbers TSXP5*, all versions). | |||||