Total
95 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-42780 | 3 Fedoraproject, Opensc Project, Redhat | 3 Fedora, Opensc, Enterprise Linux | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
A use after return issue was found in Opensc before version 0.22.0 in insert_pin function that could potentially crash programs using the library. | |||||
CVE-2022-23806 | 3 Debian, Golang, Netapp | 6 Debian Linux, Go, Beegfs Csi Driver and 3 more | 2024-02-04 | 6.4 MEDIUM | 9.1 CRITICAL |
Curve.IsOnCurve in crypto/elliptic in Go before 1.16.14 and 1.17.x before 1.17.7 can incorrectly return true in situations with a big.Int value that is not a valid field element. | |||||
CVE-2022-30783 | 3 Debian, Fedoraproject, Tuxera | 3 Debian Linux, Fedora, Ntfs-3g | 2024-02-04 | 4.6 MEDIUM | 6.7 MEDIUM |
An invalid return code in fuse_kern_mount enables intercepting of libfuse-lite protocol traffic between NTFS-3G and the kernel in NTFS-3G through 2021.8.22 when using libfuse-lite. | |||||
CVE-2022-21211 | 1 Posix Project | 1 Posix | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
This affects all versions of package posix. When invoking the toString method, it will fallback to 0x0 value, as the value of toString is not invokable (not a function), and then it will crash with type-check. | |||||
CVE-2021-0107 | 2 Intel, Netapp | 681 Atom C3308, Atom C3336, Atom C3338 and 678 more | 2024-02-04 | 4.6 MEDIUM | 6.7 MEDIUM |
Unchecked return value in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. | |||||
CVE-2021-34585 | 1 Codesys | 1 Codesys | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
In the CODESYS V2 web server prior to V1.1.9.22 crafted web server requests can trigger a parser error. Since the parser result is not checked under all conditions, a pointer dereference with an invalid address can occur. This leads to a denial of service situation. | |||||
CVE-2021-34405 | 2 Google, Nvidia | 2 Android, Shield Experience | 2024-02-04 | 4.9 MEDIUM | 5.5 MEDIUM |
NVIDIA Linux distributions contain a vulnerability in TrustZone’s TEE_Malloc function, where an unchecked return value causing a null pointer dereference may lead to denial of service. | |||||
CVE-2022-23626 | 1 Blog Project | 1 Blog | 2024-02-04 | 6.5 MEDIUM | 8.8 HIGH |
m1k1o/blog is a lightweight self-hosted facebook-styled PHP blog. Errors from functions `imagecreatefrom*` and `image*` have not been checked properly. Although PHP issued warnings and the upload function returned `false`, the original file (that could contain a malicious payload) was kept on the disk. Users are advised to upgrade as soon as possible. There are no known workarounds for this issue. | |||||
CVE-2021-39643 | 1 Google | 1 Android | 2024-02-04 | 4.6 MEDIUM | 6.7 MEDIUM |
In ic_startRetrieveEntryValue of acropora/app/identity/ic.c, there is a possible bypass of defense-in-depth due to missing validation of the return value. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-195573629References: N/A | |||||
CVE-2021-3911 | 2 Cloudflare, Debian | 2 Octorpki, Debian Linux | 2024-02-04 | 4.3 MEDIUM | 6.5 MEDIUM |
If the ROA that a repository returns contains too many bits for the IP address then OctoRPKI will crash. | |||||
CVE-2021-40401 | 3 Debian, Fedoraproject, Gerbv Project | 3 Debian Linux, Fedora, Gerbv | 2024-02-04 | 6.8 MEDIUM | 8.6 HIGH |
A use-after-free vulnerability exists in the RS-274X aperture definition tokenization functionality of Gerbv 2.7.0 and dev (commit b5f1eacd) and Gerbv forked 2.7.1. A specially-crafted gerber file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. | |||||
CVE-2021-31366 | 1 Juniper | 17 Junos, Mx10, Mx10003 and 14 more | 2024-02-04 | 3.3 LOW | 6.5 MEDIUM |
An Unchecked Return Value vulnerability in the authd (authentication daemon) of Juniper Networks Junos OS on MX Series configured for subscriber management / BBE allows an adjacent attacker to cause a crash by sending a specific username. This impacts authentication, authorization, and accounting (AAA) services on the MX devices and leads to a Denial of Service (DoS) condition. Continued receipted of these PPP login request will create a sustained Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS 15.1 versions prior to 15.1R7-S9; 17.3 versions prior to 17.3R3-S12; 17.4 versions prior to 17.4R3-S5; 18.1 versions prior to 18.1R3-S13; 18.2 versions prior to 18.2R3-S8; 18.3 versions prior to 18.3R3-S5; 18.4 versions prior to 18.4R3-S9; 19.1 versions prior to 19.1R3-S6; 19.2 versions prior to 19.2R1-S7, 19.2R3-S3; 19.3 versions prior to 19.3R2-S6, 19.3R3-S3; 19.4 versions prior to 19.4R3-S3; 20.1 versions prior to 20.1R3; 20.2 versions prior to 20.2R3-S1; 20.3 versions prior to 20.3R3; 20.4 versions prior to 20.4R3; 21.1 versions prior to 21.1R2. | |||||
CVE-2021-28875 | 1 Rust-lang | 1 Rust | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
In the standard library in Rust before 1.50.0, read_to_end() does not validate the return value from Read in an unsafe context. This bug could lead to a buffer overflow. | |||||
CVE-2021-28904 | 1 Cesnet | 1 Libyang | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
In function ext_get_plugin() in libyang <= v1.0.225, it doesn't check whether the value of revision is NULL. If revision is NULL, the operation of strcmp(revision, ext_plugins[u].revision) will lead to a crash. | |||||
CVE-2021-21217 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2024-02-04 | 4.3 MEDIUM | 5.5 MEDIUM |
Uninitialized data in PDFium in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted PDF file. | |||||
CVE-2021-21219 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2024-02-04 | 4.3 MEDIUM | 5.5 MEDIUM |
Uninitialized data in PDFium in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted PDF file. | |||||
CVE-2021-29739 | 1 Ibm | 1 Planning Analytics Local | 2024-02-04 | 4.0 MEDIUM | 4.9 MEDIUM |
IBM Planning Analytics Local 2.0 could allow a remote attacker to obtain sensitive information when a stack trace is returned in the browser. X-Force ID: 198846. | |||||
CVE-2021-29853 | 1 Ibm | 1 Planning Analytics | 2024-02-04 | 4.0 MEDIUM | 4.3 MEDIUM |
IBM Planning Analytics 2.0 could expose information that could be used to to create attacks by not validating the return values from some methods or functions. IBM X-Force ID: 205529. | |||||
CVE-2021-28675 | 2 Fedoraproject, Python | 2 Fedora, Pillow | 2024-02-04 | 4.3 MEDIUM | 5.5 MEDIUM |
An issue was discovered in Pillow before 8.2.0. PSDImagePlugin.PsdImageFile lacked a sanity check on the number of input layers relative to the size of the data block. This could lead to a DoS on Image.open prior to Image.load. | |||||
CVE-2021-37625 | 1 Skytable | 1 Skytable | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
Skytable is an open source NoSQL database. In versions prior to 0.6.4 an incorrect check of return value of the accept function in the run-loop for a TCP socket/TLS socket/TCP+TLS multi-socket causes an early exit from the run loop that should continue infinitely unless terminated by a local user, effectively causing the whole database server to shut down. This has severe impact and can be used to easily cause DoS attacks without the need to use much bandwidth. The attack vectors include using an incomplete TLS connection for example by not providing the certificate for the connection and using a specially crafted TCP packet that triggers the application layer backoff algorithm. |