Total
11612 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-21856 | 1 Gpac | 1 Gpac | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
| Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow due to unchecked addition arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability. | |||||
| CVE-2021-36078 | 2 Adobe, Microsoft | 2 Bridge, Windows | 2024-02-28 | 9.3 HIGH | 7.8 HIGH |
| Adobe Bridge version 11.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious Bridge file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability. | |||||
| CVE-2021-20284 | 2 Gnu, Netapp | 3 Binutils, Cloud Backup, Ontap Select Deploy Administration Utility | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
| A flaw was found in GNU Binutils 2.35.1, where there is a heap-based buffer overflow in _bfd_elf_slurp_secondary_reloc_section in elf.c due to the number of symbols not calculated correctly. The highest threat from this vulnerability is to system availability. | |||||
| CVE-2021-32537 | 1 Realtek | 1 Hda Driver | 2024-02-28 | 4.9 MEDIUM | 6.5 MEDIUM |
| Realtek HAD contains a driver crashed vulnerability which allows local side attackers to send a special string to the kernel driver in a user’s mode. Due to unexpected commands, the kernel driver will cause the system crashed. | |||||
| CVE-2021-0227 | 1 Juniper | 22 Junos, Srx100, Srx110 and 19 more | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| An improper restriction of operations within the bounds of a memory buffer vulnerability in Juniper Networks Junos OS J-Web on SRX Series devices allows an attacker to cause Denial of Service (DoS) by sending certain crafted HTTP packets. Continued receipt and processing of these packets will create a sustained Denial of Service (DoS) condition. When this issue occurs, web-management, NTP daemon (ntpd) and Layer 2 Control Protocol process (L2CPD) daemons might crash. This issue affects Juniper Networks Junos OS on SRX Series: 17.3 versions prior to 17.3R3-S9; 17.4 versions prior to 17.4R2-S11, 17.4R3-S2; 18.2 versions prior to 18.2R3-S5; 18.3 versions prior to 18.3R2-S4, 18.3R3-S3; 18.4 versions prior to 18.4R2-S5, 18.4R3-S4; 19.1 versions prior to 19.1R3-S2; 19.2 versions prior to 19.2R1-S5, 19.2R3; 19.3 versions prior to 19.3R3; 19.4 versions prior to 19.4R2-S1, 19.4R3; 20.1 versions prior to 20.1R1-S2, 20.1R2; | |||||
| CVE-2021-1509 | 1 Cisco | 16 Vedge 100, Vedge 1000, Vedge 1000 Firmware and 13 more | 2024-02-28 | 8.5 HIGH | 7.5 HIGH |
| Multiple vulnerabilities in Cisco SD-WAN vEdge Software could allow an attacker to execute arbitrary code as the root user or cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2021-28878 | 2 Fedoraproject, Rust-lang | 2 Fedora, Rust | 2024-02-28 | 4.3 MEDIUM | 7.5 HIGH |
| In the standard library in Rust before 1.52.0, the Zip implementation calls __iterator_get_unchecked() more than once for the same index (under certain conditions) when next_back() and next() are used together. This bug could lead to a memory safety violation due to an unmet safety requirement for the TrustedRandomAccess trait. | |||||
| CVE-2021-36077 | 2 Adobe, Microsoft | 2 Bridge, Windows | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
| Adobe Bridge version 11.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious SVG file, potentially resulting in local application denial of service in the context of the current user. User interaction is required to exploit this vulnerability. | |||||
| CVE-2021-1510 | 1 Cisco | 16 Vedge 100, Vedge 1000, Vedge 1000 Firmware and 13 more | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| Multiple vulnerabilities in Cisco SD-WAN vEdge Software could allow an attacker to execute arbitrary code as the root user or cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2021-32020 | 1 Amazon | 1 Freertos | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| The kernel in Amazon Web Services FreeRTOS before 10.4.3 has insufficient bounds checking during management of heap memory. | |||||
| CVE-2021-21862 | 1 Gpac | 1 Gpac | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
| Multiple exploitable integer truncation vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an improper memory allocation resulting in a heap-based buffer overflow that causes memory corruption The implementation of the parser used for the “Xtra” FOURCC code is handled. An attacker can convince a user to open a video to trigger this vulnerability. | |||||
| CVE-2021-34377 | 1 Nvidia | 9 Jetson Agx Xavier 16gb, Jetson Agx Xavier 32gb, Jetson Agx Xavier 8gb and 6 more | 2024-02-28 | 4.6 MEDIUM | 6.7 MEDIUM |
| Trusty contains a vulnerability in the HDCP service TA where bounds checking in command 9 is missing. Improper restriction of operations within the bounds of a memory buffer might lead to escalation of privileges, information disclosure, and denial of service. | |||||
| CVE-2021-21838 | 2 Debian, Gpac | 2 Debian Linux, Gpac | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
| Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability. | |||||
| CVE-2021-38190 | 1 Dimforge | 1 Nalgebra | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the nalgebra crate before 0.27.1 for Rust. It allows out-of-bounds memory access because it does not ensure that the number of elements is equal to the product of the row count and column count. | |||||
| CVE-2020-11259 | 1 Qualcomm | 52 Ar7420, Ar7420 Firmware, Ar9580 and 49 more | 2024-02-28 | 7.2 HIGH | 8.8 HIGH |
| Memory corruption due to lack of validation of pointer arguments passed to Trustzone BSP in Snapdragon Wired Infrastructure and Networking | |||||
| CVE-2021-3507 | 3 Debian, Qemu, Redhat | 3 Debian Linux, Qemu, Enterprise Linux | 2024-02-28 | 3.6 LOW | 6.1 MEDIUM |
| A heap buffer overflow was found in the floppy disk emulator of QEMU up to 6.0.0 (including). It could occur in fdctrl_transfer_handler() in hw/block/fdc.c while processing DMA read data transfers from the floppy drive to the guest system. A privileged guest user could use this flaw to crash the QEMU process on the host resulting in DoS scenario, or potential information leakage from the host memory. | |||||
| CVE-2021-21858 | 2 Debian, Gpac | 2 Debian Linux, Gpac | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
| Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow due to unchecked addition arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability. | |||||
| CVE-2020-27738 | 1 Siemens | 6 Nucleus Net, Nucleus Readystart V3, Nucleus Readystart V4 and 3 more | 2024-02-28 | 5.8 MEDIUM | 7.4 HIGH |
| A vulnerability has been identified in APOGEE PXC Compact (BACnet) (All versions < V3.5.5), APOGEE PXC Compact (P2 Ethernet) (All versions < V2.8.20), APOGEE PXC Modular (BACnet) (All versions < V3.5.5), APOGEE PXC Modular (P2 Ethernet) (All versions < V2.8.20), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.3), Nucleus ReadyStart V4 (All versions < V4.1.0), Nucleus Source Code (Versions including affected DNS modules), SIMOTICS CONNECT 400 (All versions < V0.5.0.0), TALON TC Compact (BACnet) (All versions < V3.5.5), TALON TC Modular (BACnet) (All versions < V3.5.5). The DNS domain name record decompression functionality does not properly validate the pointer offset values. The parsing of malformed responses could result in a read access past the end of an allocated structure. An attacker with a privileged position in the network could leverage this vulnerability to cause a denial-of-service condition. | |||||
| CVE-2021-3598 | 3 Debian, Openexr, Redhat | 3 Debian Linux, Openexr, Enterprise Linux | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
| There's a flaw in OpenEXR's ImfDeepScanLineInputFile functionality in versions prior to 3.0.5. An attacker who is able to submit a crafted file to an application linked with OpenEXR could cause an out-of-bounds read. The greatest risk from this flaw is to application availability. | |||||
| CVE-2021-1511 | 1 Cisco | 16 Vedge 100, Vedge 1000, Vedge 1000 Firmware and 13 more | 2024-02-28 | 6.8 MEDIUM | 6.5 MEDIUM |
| Multiple vulnerabilities in Cisco SD-WAN vEdge Software could allow an attacker to execute arbitrary code as the root user or cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. | |||||