Total
2430 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-28198 | 1 Asus | 88 Asmb9-ikvm, Asmb9-ikvm Firmware, E700 G4 and 85 more | 2024-02-28 | 4.0 MEDIUM | 4.9 MEDIUM |
The Firmware protocol configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service. | |||||
CVE-2021-28175 | 1 Asus | 6 Asmb8-ikvm, Asmb8-ikvm Firmware, Z10pe-d16 Ws and 3 more | 2024-02-28 | 4.0 MEDIUM | 4.9 MEDIUM |
The Radius configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service. | |||||
CVE-2021-22129 | 1 Fortinet | 1 Fortimail | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
Multiple instances of incorrect calculation of buffer size in the Webmail and Administrative interface of FortiMail before 6.4.5 may allow an authenticated attacker with regular webmail access to trigger a buffer overflow and to possibly execute unauthorized code or commands via specifically crafted HTTP requests. | |||||
CVE-2021-30941 | 1 Apple | 4 Ipados, Iphone Os, Mac Os X and 1 more | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.1, iOS 15.2 and iPadOS 15.2, macOS Big Sur 11.6.2, Security Update 2021-008 Catalina. Processing a maliciously crafted USD file may disclose memory contents. | |||||
CVE-2021-25149 | 2 Arubanetworks, Siemens | 3 Instant, Scalance W1750d, Scalance W1750d Firmware | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
A remote buffer overflow vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.16 and below; Aruba Instant 8.3.x: 8.3.0.12 and below; Aruba Instant 8.5.x: 8.5.0.6 and below; Aruba Instant 8.6.x: 8.6.0.2 and below. Aruba has released patches for Aruba Instant that address this security vulnerability. | |||||
CVE-2020-19716 | 2 Debian, Exiv2 | 2 Debian Linux, Exiv2 | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
A buffer overflow vulnerability in the Databuf function in types.cpp of Exiv2 v0.27.1 leads to a denial of service (DOS). | |||||
CVE-2020-21682 | 1 Fig2dev Project | 1 Fig2dev | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
A global buffer overflow in the set_fill component in genge.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into ge format. | |||||
CVE-2021-27343 | 1 Serenityos | 1 Serenityos | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
SerenityOS Unspecified is affected by: Buffer Overflow. The impact is: obtain sensitive information (context-dependent). The component is: /Userland/Libraries/LibCrypto/ASN1/DER.h Crypto::der_decode_sequence() function. The attack vector is: Parsing RSA Key ASN.1. | |||||
CVE-2021-26805 | 1 Tsmuxer Project | 1 Tsmuxer | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
Buffer Overflow in tsMuxer 2.6.16 allows attackers to cause a Denial of Service (DoS) by running the application with a malicious WAV file. | |||||
CVE-2020-22886 | 1 Artifex | 1 Mujs | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
Buffer overflow vulnerability in function jsG_markobject in jsgc.c in mujs before 1.0.8, allows remote attackers to cause a denial of service. | |||||
CVE-2021-28188 | 1 Asus | 6 Asmb8-ikvm, Asmb8-ikvm Firmware, Z10pe-d16 Ws and 3 more | 2024-02-28 | 4.0 MEDIUM | 4.9 MEDIUM |
The specific function in ASUS BMC’s firmware Web management page (Modify user’s information function) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service. | |||||
CVE-2021-37166 | 1 Swisslog-healthcare | 2 Hmi-3 Control Panel, Hmi-3 Control Panel Firmware | 2024-02-28 | 7.8 HIGH | 7.5 HIGH |
A buffer overflow issue leading to denial of service was discovered in HMI3 Control Panel in Swisslog Healthcare Nexus Panel operated by released versions of software before Nexus Software 7.2.5.7. When HMI3 starts up, it binds a local service to a TCP port on all interfaces of the device, and takes extensive time for the GUI to connect to the TCP socket, allowing the connection to be hijacked by an external attacker. | |||||
CVE-2021-28189 | 1 Asus | 6 Asmb8-ikvm, Asmb8-ikvm Firmware, Z10pe-d16 Ws and 3 more | 2024-02-28 | 4.0 MEDIUM | 4.9 MEDIUM |
The SMTP configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service. | |||||
CVE-2021-25144 | 2 Arubanetworks, Siemens | 3 Instant, Scalance W1750d, Scalance W1750d Firmware | 2024-02-28 | 9.0 HIGH | 8.8 HIGH |
A remote buffer overflow vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.16 and below; Aruba Instant 8.3.x: 8.3.0.12 and below; Aruba Instant 8.5.x: 8.5.0.6 and below; Aruba Instant 8.6.x: 8.6.0.2 and below. Aruba has released patches for Aruba Instant that address this security vulnerability. | |||||
CVE-2021-30045 | 1 Serenityos | 1 Serenityos | 2024-02-28 | 6.4 MEDIUM | 9.1 CRITICAL |
SerenityOS 2021-03-27 contains a buffer overflow vulnerability in the EndOfCentralDirectory::read() function. | |||||
CVE-2021-24022 | 1 Fortinet | 2 Fortianalyzer, Fortimanager | 2024-02-28 | 2.1 LOW | 4.4 MEDIUM |
A buffer overflow vulnerability in FortiAnalyzer CLI 6.4.5 and below, 6.2.7 and below, 6.0.x and FortiManager CLI 6.4.5 and below, 6.2.7 and below, 6.0.x may allow an authenticated, local attacker to perform a Denial of Service attack by running the `diagnose system geoip-city` command with a large ip value. | |||||
CVE-2021-31663 | 1 Riot-os | 1 Riot | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
RIOT-OS 2021.01 before commit bc59d60be60dfc0a05def57d74985371e4f22d79 contains a buffer overflow which could allow attackers to obtain sensitive information. | |||||
CVE-2021-30736 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2024-02-28 | 9.3 HIGH | 7.8 HIGH |
A buffer overflow was addressed with improved size validation. This issue is fixed in macOS Big Sur 11.4, tvOS 14.6, watchOS 7.5, iOS 14.6 and iPadOS 14.6. An application may be able to execute arbitrary code with kernel privileges. | |||||
CVE-2020-19719 | 1 Axiosys | 1 Bento4 | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
A buffer overflow vulnerability in Ap4ElstAtom.cpp of Bento 1.5.1-628 leads to a denial of service (DOS). | |||||
CVE-2021-39602 | 1 Miniftpd Project | 1 Miniftpd | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
A Buffer Overflow vulnerabilty exists in Miniftpd 1.0 in the do_mkd function in the ftpproto.c file, which could let a remote malicious user cause a Denial of Service. |