Vulnerabilities (CVE)

Filtered by CWE-1284
Total 134 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-44158 1 Asus 2 Rt-ax56u, Rt-ax56u Firmware 2024-02-28 7.7 HIGH 8.0 HIGH
ASUS RT-AX56U Wi-Fi Router is vulnerable to stack-based buffer overflow due to improper validation for httpd parameter length. An authenticated local area network attacker can launch arbitrary code execution to control the system or disrupt service.
CVE-2021-21951 1 Anker 2 Eufy Homebase 2, Eufy Homebase 2 Firmware 2024-02-28 10.0 HIGH 10.0 CRITICAL
An out-of-bounds write vulnerability exists in the CMD_DEVICE_GET_SERVER_LIST_REQUEST functionality of the home_security binary of Anker Eufy Homebase 2 2.1.6.9h in function read_udp_push_config_file. A specially-crafted network packet can lead to code execution.
CVE-2021-21960 1 Sealevel 2 Seaconnect 370w, Seaconnect 370w Firmware 2024-02-28 7.5 HIGH 10.0 CRITICAL
A stack-based buffer overflow vulnerability exists in both the LLMNR functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. A specially-crafted network packet can lead to remote code execution. An attacker can send a malicious packet to trigger this vulnerability.
CVE-2021-1083 6 Citrix, Linux, Microsoft and 3 more 6 Hypervisor, Linux Kernel, Windows and 3 more 2024-02-28 4.6 MEDIUM 7.8 HIGH
NVIDIA vGPU software contains a vulnerability in the guest kernel mode driver and Virtual GPU Manager (vGPU plugin), in which an input length is not validated, which may lead to information disclosure, tampering of data, or denial of service. This affects vGPU version 12.x (prior to 12.2) and version 11.x (prior to 11.4).
CVE-2021-37674 1 Google 1 Tensorflow 2024-02-28 2.1 LOW 5.5 MEDIUM
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can trigger a denial of service via a segmentation fault in `tf.raw_ops.MaxPoolGrad` caused by missing validation. The [implementation](https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/core/kernels/maxpooling_op.cc) misses some validation for the `orig_input` and `orig_output` tensors. The fixes for CVE-2021-29579 were incomplete. We have patched the issue in GitHub commit 136b51f10903e044308cf77117c0ed9871350475. The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range.
CVE-2021-1081 7 Citrix, Linux, Microsoft and 4 more 7 Hypervisor, Linux Kernel, Windows and 4 more 2024-02-28 4.6 MEDIUM 7.8 HIGH
NVIDIA vGPU software contains a vulnerability in the guest kernel mode driver and Virtual GPU manager (vGPU plugin), in which an input length is not validated, which may lead to information disclosure, tampering of data, or denial of service. This affects vGPU version 12.x (prior to 12.2), version 11.x (prior to 11.4) and version 8.x (prior 8.7).
CVE-2021-1082 5 Citrix, Nutanix, Nvidia and 2 more 5 Hypervisor, Ahv, Virtual Gpu Manager and 2 more 2024-02-28 4.6 MEDIUM 7.8 HIGH
NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), in which an input length is not validated, which may lead to information disclosure, tampering of data, or denial of service. vGPU version 12.x (prior to 12.2), version 11.x (prior to 11.4) and version 8.x (prior to 8.7)
CVE-2021-39193 1 Parity 1 Frontier 2024-02-28 5.0 MEDIUM 5.3 MEDIUM
Frontier is Substrate's Ethereum compatibility layer. Prior to commit number 0b962f218f0cdd796dadfe26c3f09e68f7861b26, a bug in `pallet-ethereum` can cause invalid transactions to be included in the Ethereum block state in `pallet-ethereum` due to not validating the input data size. Any invalid transactions included this way have no possibility to alter the internal Ethereum or Substrate state. The transaction will appear to have be included, but is of no effect as it is rejected by the EVM engine. The impact is further limited by Substrate extrinsic size constraints. A patch is available in commit number 0b962f218f0cdd796dadfe26c3f09e68f7861b26. There are no workarounds aside from applying the patch.
CVE-2021-31556 2 Fedoraproject, Mediawiki 2 Fedora, Mediawiki 2024-02-28 7.5 HIGH 9.8 CRITICAL
An issue was discovered in the Oauth extension for MediaWiki through 1.35.2. MWOAuthConsumerSubmitControl.php does not ensure that the length of an RSA key will fit in a MySQL blob.
CVE-2021-37677 1 Google 1 Tensorflow 2024-02-28 2.1 LOW 5.5 MEDIUM
TensorFlow is an end-to-end open source platform for machine learning. In affected versions the shape inference code for `tf.raw_ops.Dequantize` has a vulnerability that could trigger a denial of service via a segfault if an attacker provides invalid arguments. The shape inference [implementation](https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/core/ops/array_ops.cc#L2999-L3014) uses `axis` to select between two different values for `minmax_rank` which is then used to retrieve tensor dimensions. However, code assumes that `axis` can be either `-1` or a value greater than `-1`, with no validation for the other values. We have patched the issue in GitHub commit da857cfa0fde8f79ad0afdbc94e88b5d4bbec764. The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range.
CVE-2021-1058 7 Citrix, Linux, Microsoft and 4 more 7 Hypervisor, Linux Kernel, Windows and 4 more 2024-02-28 3.6 LOW 7.1 HIGH
NVIDIA vGPU software contains a vulnerability in the guest kernel mode driver and vGPU plugin, in which an input data size is not validated, which may lead to tampering of data or denial of service. This affects vGPU version 8.x (prior to 8.6) and version 11.0 (prior to 11.3).
CVE-2021-1062 5 Citrix, Nutanix, Nvidia and 2 more 5 Hypervisor, Ahv, Virtual Gpu Manager and 2 more 2024-02-28 3.6 LOW 7.1 HIGH
NVIDIA vGPU manager contains a vulnerability in the vGPU plugin, in which an input data length is not validated, which may lead to tampering of data or denial of service. This affects vGPU version 8.x (prior to 8.6) and version 11.0 (prior to 11.3).
CVE-2008-2374 2 Bluez, Fedoraproject 3 Bluez-libs, Bluez-utils, Fedora 2024-02-28 7.5 HIGH N/A
src/sdp.c in bluez-libs 3.30 in BlueZ, and other bluez-libs before 3.34 and bluez-utils before 3.34 versions, does not validate string length fields in SDP packets, which allows remote SDP servers to cause a denial of service or possibly have unspecified other impact via a crafted length field that triggers excessive memory allocation or a buffer over-read.
CVE-2008-1440 1 Microsoft 2 Windows Server 2003, Windows Xp 2024-02-28 7.1 HIGH N/A
Microsoft Windows XP SP2 and SP3, and Server 2003 SP1 and SP2, does not properly validate the option length field in Pragmatic General Multicast (PGM) packets, which allows remote attackers to cause a denial of service (infinite loop and system hang) via a crafted PGM packet, aka the "PGM Invalid Length Vulnerability."