Total
2430 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-25498 | 1 Samsung | 1 Notes | 2024-02-28 | 4.6 MEDIUM | 7.8 HIGH |
A possible buffer overflow vulnerability in maetd_eco_cb_mode of libSPenBase library of Samsung Notes prior to Samsung Notes version 4.3.02.61 allows arbitrary code execution. | |||||
CVE-2021-35944 | 1 Couchbase | 1 Couchbase Server | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
Couchbase Server 6.5.x, 6.6.x through 6.6.2, and 7.0.0 has a Buffer Overflow. A specially crafted network packet sent from an attacker can crash memcached. | |||||
CVE-2021-0421 | 2 Google, Mediatek | 54 Android, Mt6580, Mt6582 90 and 51 more | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
In memory management driver, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05403499; Issue ID: ALPS05381235. | |||||
CVE-2020-24824 | 1 Libelfin Project | 1 Libelfin | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
A global buffer overflow issue in the dwarf::line_table::line_table function of Libelfin v0.3 allows attackers to cause a denial of service (DOS). | |||||
CVE-2020-22028 | 2 Debian, Ffmpeg | 2 Debian Linux, Ffmpeg | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
Buffer Overflow vulnerability exists in FFmpeg 4.2 in filter_vertically_8 at libavfilter/vf_avgblur.c, which could cause a remote Denial of Service. | |||||
CVE-2021-28185 | 1 Asus | 6 Asmb8-ikvm, Asmb8-ikvm Firmware, Z10pe-d16 Ws and 3 more | 2024-02-28 | 4.0 MEDIUM | 4.9 MEDIUM |
The specific function in ASUS BMC’s firmware Web management page (ActiveX configuration-1 acquisition) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service. | |||||
CVE-2020-19596 | 1 Coreftp | 1 Core Ftp | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
Buffer overflow vulnerability in Core FTP Server v1.2 Build 583, via a crafted username. | |||||
CVE-2021-37165 | 1 Swisslog-healthcare | 2 Hmi-3 Control Panel, Hmi-3 Control Panel Firmware | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
A buffer overflow issue was discovered in HMI3 Control Panel in Swisslog Healthcare Nexus Panel operated by released versions of software before Nexus Software 7.2.5.7. When a message is sent to the HMI TCP socket, it is forwarded to the hmiProcessMsg function through the pendingQ, and may lead to remote code execution. | |||||
CVE-2021-37716 | 2 Arubanetworks, Siemens | 4 Arubaos, Sd-wan, Scalance W1750d and 1 more | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
A remote buffer overflow vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.7.1.2, 8.6.0.8, 8.5.0.12, 8.3.0.15. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability. | |||||
CVE-2020-21678 | 1 Fig2dev Project | 1 Fig2dev | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
A global buffer overflow in the genmp_writefontmacro_latex component in genmp.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into mp format. | |||||
CVE-2020-22015 | 2 Debian, Ffmpeg | 2 Debian Linux, Ffmpeg | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
Buffer Overflow vulnerability in FFmpeg 4.2 in mov_write_video_tag due to the out of bounds in libavformat/movenc.c, which could let a remote malicious user obtain sensitive information, cause a Denial of Service, or execute arbitrary code. | |||||
CVE-2021-1915 | 1 Qualcomm | 808 Apq8096au, Apq8096au Firmware, Aqt1000 and 805 more | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
Buffer overflow can occur due to improper validation of NDP application information length in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking | |||||
CVE-2021-29202 | 1 Hp | 29 Integrated Lights-out 4, Integrated Lights-out 5, Proliant Bl460c Gen10 Server Blade and 26 more | 2024-02-28 | 4.6 MEDIUM | 6.7 MEDIUM |
A local buffer overflow vulnerability was discovered in HPE Integrated Lights-Out 4 (iLO 4); HPE SimpliVity 380 Gen9; HPE Integrated Lights-Out 5 (iLO 5) for HPE Gen10 Servers; HPE SimpliVity 380 Gen10; HPE SimpliVity 2600; HPE SimpliVity 380 Gen10 G; HPE SimpliVity 325; HPE SimpliVity 380 Gen10 H version(s): Prior to version 2.78. | |||||
CVE-2021-31535 | 2 Fedoraproject, X.org | 3 Fedora, Libx11, X Window System | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
LookupCol.c in X.Org X through X11R7.7 and libX11 before 1.7.1 might allow remote attackers to execute arbitrary code. The libX11 XLookupColor request (intended for server-side color lookup) contains a flaw allowing a client to send color-name requests with a name longer than the maximum size allowed by the protocol (and also longer than the maximum packet size for normal-sized packets). The user-controlled data exceeding the maximum size is then interpreted by the server as additional X protocol requests and executed, e.g., to disable X server authorization completely. For example, if the victim encounters malicious terminal control sequences for color codes, then the attacker may be able to take full control of the running graphical session. | |||||
CVE-2021-31661 | 1 Riot-os | 1 Riot | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
RIOT-OS 2021.01 before commit 609c9ada34da5546cffb632a98b7ba157c112658 contains a buffer overflow that could allow attackers to obtain sensitive information. | |||||
CVE-2021-30963 | 1 Apple | 2 Mac Os X, Macos | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in Security Update 2021-008 Catalina, macOS Big Sur 11.6.2. Parsing a maliciously crafted audio file may lead to disclosure of user information. | |||||
CVE-2021-34552 | 3 Debian, Fedoraproject, Python | 3 Debian Linux, Fedora, Pillow | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
Pillow through 8.2.0 and PIL (aka Python Imaging Library) through 1.1.7 allow an attacker to pass controlled parameters directly into a convert function to trigger a buffer overflow in Convert.c. | |||||
CVE-2020-11292 | 1 Qualcomm | 354 Apq8009, Apq8009 Firmware, Apq8009w and 351 more | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
Possible buffer overflow in voice service due to lack of input validation of parameters in QMI Voice API in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | |||||
CVE-2021-28182 | 1 Asus | 6 Asmb8-ikvm, Asmb8-ikvm Firmware, Z10pe-d16 Ws and 3 more | 2024-02-28 | 4.0 MEDIUM | 4.9 MEDIUM |
The Web Service configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service. | |||||
CVE-2021-37388 | 1 Dlink | 2 Dir-615, Dir-615 Firmware | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
A buffer overflow in D-Link DIR-615 C2 3.03WW. The ping_ipaddr parameter in ping_response.cgi POST request allows an attacker to crash the webserver and might even gain remote code execution. |