Total
2593 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-42728 | 2 Adobe, Microsoft | 2 Bridge, Windows | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| Adobe Bridge 11.1.1 (and earlier) is affected by a stack overflow vulnerability due to insecure handling of a crafted file, potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file in Bridge. | |||||
| CVE-2021-42716 | 2 Fedoraproject, Nothings | 2 Fedora, Stb Image.h | 2024-11-21 | 5.8 MEDIUM | 7.1 HIGH |
| An issue was discovered in stb stb_image.h 2.27. The PNM loader incorrectly interpreted 16-bit PGM files as 8-bit when converting to RGBA, leading to a buffer overflow when later reinterpreting the result as a 16-bit buffer. An attacker could potentially have crashed a service using stb_image, or read up to 1024 bytes of non-consecutive heap data without control over the read location. | |||||
| CVE-2021-42687 | 1 Accops | 1 Hyworks Windows Client | 2024-11-21 | 7.2 HIGH | 8.8 HIGH |
| A Buffer Overflow vulnerability exists in Accops HyWorks Windows Client prior to v 3.2.8.200. The IOCTL Handler 0x22005B allows local attackers to execute arbitrary code in kernel mode or cause a denial of service (memory corruption and OS crash) via specially crafted I/O Request Packet. | |||||
| CVE-2021-42683 | 1 Accops | 1 Hyworks Windows Client | 2024-11-21 | 7.2 HIGH | 8.8 HIGH |
| A Buffer Overflow vulnerability exists in Accops HyWorks Windows Client prior to v 3.2.8.200. The IOCTL Handler 0x22001B allows local attackers to execute arbitrary code in kernel mode or cause a denial of service (memory corruption and OS crash) via specially crafted I/O Request Packet. | |||||
| CVE-2021-42681 | 1 Accops | 1 Hyworks Dvm Tools | 2024-11-21 | 7.2 HIGH | 8.8 HIGH |
| A Buffer Overflow vulnerability exists in Accops HyWorks DVM Tools prior to v3.3.1.105. The IOCTL Handler 0x22001B allows local attackers to execute arbitrary code in kernel mode or cause a denial of service (memory corruption and OS crash) via specially crafted I/O Request Packet. | |||||
| CVE-2021-42624 | 1 Miniftpd Project | 1 Miniftpd | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| A local buffer overflow vulnerability exists in the latest version of Miniftpd in ftpproto.c through the tmp variable, where a crafted payload can be sent to the affected function. | |||||
| CVE-2021-42553 | 1 St | 1 Stm32 Mw Usb Host | 2024-11-21 | N/A | 6.8 MEDIUM |
| A buffer overflow vulnerability in stm32_mw_usb_host of STMicroelectronics in versions before 3.5.1 allows an attacker to execute arbitrary code when the descriptor contains more endpoints than USBH_MAX_NUM_ENDPOINTS. The library is typically integrated when using a RTOS such as FreeRTOS on STM32 MCUs. | |||||
| CVE-2021-41794 | 1 Open5gs | 1 Open5gs | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| ogs_fqdn_parse in Open5GS 1.0.0 through 2.3.3 inappropriately trusts a client-supplied length value, leading to a buffer overflow. The attacker can send a PFCP Session Establishment Request with "internet" as the PDI Network Instance. The first character is interpreted as a length value to be used in a memcpy call. The destination buffer is only 100 bytes long on the stack. Then, 'i' gets interpreted as 105 bytes to copy from the source buffer to the destination buffer. | |||||
| CVE-2021-41751 | 1 Jerryscript | 1 Jerryscript | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Buffer overflow vulnerability in file ecma-builtin-array-prototype.c:909 in function ecma_builtin_array_prototype_object_slice in Jerryscript before commit e1ce7dd7271288be8c0c8136eea9107df73a8ce2 on Oct 20, 2021. | |||||
| CVE-2021-41499 | 1 Pyo Project | 1 Pyo | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Buffer Overflow Vulnerability exists in ajaxsoundstudio.com n Pyo < 1.03 in the Server_debug function, which allows remote attackers to conduct DoS attacks by deliberately passing on an overlong audio file name. | |||||
| CVE-2021-41498 | 1 Pyo Project | 1 Pyo | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Buffer overflow in ajaxsoundstudio.com Pyo < and 1.03 in the Server_jack_init function. which allows attackers to conduct Denial of Service attacks by arbitrary constructing a overlong server name. | |||||
| CVE-2021-41496 | 1 Numpy | 1 Numpy | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| Buffer overflow in the array_from_pyobj function of fortranobject.c in NumPy < 1.19, which allows attackers to conduct a Denial of Service attacks by carefully constructing an array with negative values. NOTE: The vendor does not agree this is a vulnerability; the negative dimensions can only be created by an already privileged user (or internally) | |||||
| CVE-2021-41413 | 1 Ok-file-formats Project | 1 Ok-file-formats | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| ok-file-formats master 2021-9-12 is affected by a buffer overflow in ok_jpg_convert_data_unit_grayscale and ok_jpg_convert_YCbCr_to_RGB. | |||||
| CVE-2021-41054 | 2 Atftp Project, Debian | 2 Atftp, Debian Linux | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| tftpd_file.c in atftp through 0.7.4 has a buffer overflow because buffer-size handling does not properly consider the combination of data, OACK, and other options. | |||||
| CVE-2021-40818 | 1 Glewlwyd Sso Server Project | 1 Glewlwyd Sso Server | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| scheme/webauthn.c in Glewlwyd SSO server through 2.5.3 has a buffer overflow during FIDO2 signature validation in webauthn registration. | |||||
| CVE-2021-40709 | 3 Adobe, Apple, Microsoft | 4 Photoshop 2020, Photoshop 2021, Macos and 1 more | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
| Adobe Photoshop versions 21.2.11 (and earlier) and 22.5 (and earlier) are affected by a Buffer Overflow vulnerability when parsing a specially crafted SVG file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2021-40568 | 1 Gpac | 1 Gpac | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| A buffer overflow vulnerability exists in Gpac through 1.0.1 via a malformed MP4 file in the svc_parse_slice function in av_parsers.c, which allows attackers to cause a denial of service, even code execution and escalation of privileges. | |||||
| CVE-2021-40284 | 1 Dlink | 2 Dsl-3782, Dsl-3782 Firmware | 2024-11-21 | 6.8 MEDIUM | 6.5 MEDIUM |
| D-Link DSL-3782 EU v1.01:EU v1.03 is affected by a buffer overflow which can cause a denial of service. This vulnerability exists in the web interface "/cgi-bin/New_GUI/Igmp.asp". Authenticated remote attackers can trigger this vulnerability by sending a long string in parameter 'igmpsnoopEnable' via an HTTP request. | |||||
| CVE-2021-40241 | 1 Xfig Project | 1 Xfig | 2024-11-21 | N/A | 9.8 CRITICAL |
| xfig 3.2.7 is vulnerable to Buffer Overflow. | |||||
| CVE-2021-40239 | 1 Miniftpd Project | 1 Miniftpd | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A Buffer Overflow vulnerability exists in the latest version of Miniftpd in the do_retr function in ftpproto.c | |||||