Total
107 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-39377 | 3 Debian, Fedoraproject, Sysstat Project | 3 Debian Linux, Fedora, Sysstat | 2024-02-28 | N/A | 7.8 HIGH |
| sysstat is a set of system performance tools for the Linux operating system. On 32 bit systems, in versions 9.1.16 and newer but prior to 12.7.1, allocate_structures contains a size_t overflow in sa_common.c. The allocate_structures function insufficiently checks bounds before arithmetic multiplication, allowing for an overflow in the size allocated for the buffer representing system activities. This issue may lead to Remote Code Execution (RCE). This issue has been patched in version 12.7.1. | |||||
| CVE-2022-26474 | 2 Google, Mediatek | 6 Android, Mt6789, Mt6855 and 3 more | 2024-02-28 | N/A | 6.7 MEDIUM |
| In sensorhub, there is a possible out of bounds write due to an incorrect calculation of buffer size. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07129717; Issue ID: ALPS07129717. | |||||
| CVE-2022-2520 | 2 Debian, Libtiff | 2 Debian Linux, Libtiff | 2024-02-28 | N/A | 6.5 MEDIUM |
| A flaw was found in libtiff 4.4.0rc1. There is a sysmalloc assertion fail in rotateImage() at tiffcrop.c:8621 that can cause program crash when reading a crafted input. | |||||
| CVE-2021-35134 | 1 Qualcomm | 59 Qca6391, Qca6391 Firmware, Qcm6490 and 56 more | 2024-02-28 | N/A | 8.4 HIGH |
| Due to insufficient validation of ELF headers, an Incorrect Calculation of Buffer Size can occur in Boot leading to memory corruption in Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile | |||||
| CVE-2021-4155 | 1 Linux | 1 Linux Kernel | 2024-02-28 | N/A | 5.5 MEDIUM |
| A data leak flaw was found in the way XFS_IOC_ALLOCSP IOCTL in the XFS filesystem allowed for size increase of files with unaligned size. A local attacker could use this flaw to leak data on the XFS filesystem otherwise not accessible to them. | |||||
| CVE-2021-38435 | 1 Rti | 2 Connext Dds Professional, Connext Dds Secure | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| RTI Connext DDS Professional and Connext DDS Secure Versions 4.2x to 6.1.0 not correctly calculate the size when allocating the buffer, which may result in a buffer overflow. | |||||
| CVE-2021-40048 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2024-02-28 | 7.8 HIGH | 7.5 HIGH |
| There is an incorrect buffer size calculation vulnerability in the video framework. Successful exploitation of this vulnerability will affect availability. | |||||
| CVE-2021-38423 | 1 Gurum | 1 Gurumdds | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| All versions of GurumDDS improperly calculate the size to be used when allocating the buffer, which may result in a buffer overflow. | |||||
| CVE-2021-40052 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2024-02-28 | 7.8 HIGH | 7.5 HIGH |
| There is an incorrect buffer size calculation vulnerability in the video framework.Successful exploitation of this vulnerability may affect availability. | |||||
| CVE-2021-44510 | 1 Fisglobal | 1 Gt.m | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in FIS GT.M through V7.0-000 (related to the YottaDB code base). Using crafted input, attackers can cause a calculation of the size of calls to memset in op_fnj3 in sr_port/op_fnj3.c to result in an extremely large value in order to cause a segmentation fault and crash the application. | |||||
| CVE-2022-22137 | 1 Accusoft | 1 Imagegear | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
| A memory corruption vulnerability exists in the ioca_mys_rgb_allocate functionality of Accusoft ImageGear 19.10. A specially-crafted malformed file can lead to an arbitrary free. An attacker can provide a malicious file to trigger this vulnerability. | |||||
| CVE-2021-4206 | 3 Debian, Qemu, Redhat | 3 Debian Linux, Qemu, Enterprise Linux | 2024-02-28 | 4.6 MEDIUM | 8.2 HIGH |
| A flaw was found in the QXL display device emulation in QEMU. An integer overflow in the cursor_alloc() function can lead to the allocation of a small cursor object followed by a subsequent heap-based buffer overflow. This flaw allows a malicious privileged guest user to crash the QEMU process on the host or potentially execute arbitrary code within the context of the QEMU process. | |||||
| CVE-2021-40526 | 1 Onepeloton | 2 Ttr01, Ttr01 Firmware | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
| Incorrect calculation of buffer size vulnerability in Peleton TTR01 up to and including PTV55G allows a remote attacker to trigger a Denial of Service attack through the GymKit daemon process by exploiting a heap overflow in the network server handling the Apple GymKit communication. This can lead to an Apple MFI device not being able to authenticate with the Peleton Bike | |||||
| CVE-2021-22415 | 1 Huawei | 2 Emui, Magic Ui | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| There is an Incorrect Calculation of Buffer Size Vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause kernel exceptions with the code. | |||||
| CVE-2020-36475 | 3 Arm, Debian, Siemens | 14 Mbed Tls, Debian Linux, Logo\! Cmr2020 and 11 more | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Mbed TLS before 2.25.0 (and before 2.16.9 LTS and before 2.7.18 LTS). The calculations performed by mbedtls_mpi_exp_mod are not limited; thus, supplying overly large parameters could lead to denial of service when generating Diffie-Hellman key pairs. | |||||
| CVE-2020-11240 | 1 Qualcomm | 686 Apq8009w, Apq8009w Firmware, Apq8017 and 683 more | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
| Memory corruption due to ioctl command size was incorrectly set to the size of a pointer and not enough storage is allocated for the copy of the user argument in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | |||||
| CVE-2021-29521 | 1 Google | 1 Tensorflow | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
| TensorFlow is an end-to-end open source platform for machine learning. Specifying a negative dense shape in `tf.raw_ops.SparseCountSparseOutput` results in a segmentation fault being thrown out from the standard library as `std::vector` invariants are broken. This is because the implementation(https://github.com/tensorflow/tensorflow/blob/8f7b60ee8c0206a2c99802e3a4d1bb55d2bc0624/tensorflow/core/kernels/count_ops.cc#L199-L213) assumes the first element of the dense shape is always positive and uses it to initialize a `BatchedMap<T>` (i.e., `std::vector<absl::flat_hash_map<int64,T>>`(https://github.com/tensorflow/tensorflow/blob/8f7b60ee8c0206a2c99802e3a4d1bb55d2bc0624/tensorflow/core/kernels/count_ops.cc#L27)) data structure. If the `shape` tensor has more than one element, `num_batches` is the first value in `shape`. Ensuring that the `dense_shape` argument is a valid tensor shape (that is, all elements are non-negative) solves this issue. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2 and TensorFlow 2.3.3. | |||||
| CVE-2021-22391 | 1 Huawei | 2 Emui, Magic Ui | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| There is an Incorrect Calculation of Buffer Size in Huawei Smartphone.Successful exploitation of this vulnerability may cause the system to reset. | |||||
| CVE-2021-29608 | 1 Google | 1 Tensorflow | 2024-02-28 | 4.6 MEDIUM | 7.8 HIGH |
| TensorFlow is an end-to-end open source platform for machine learning. Due to lack of validation in `tf.raw_ops.RaggedTensorToTensor`, an attacker can exploit an undefined behavior if input arguments are empty. The implementation(https://github.com/tensorflow/tensorflow/blob/656e7673b14acd7835dc778867f84916c6d1cac2/tensorflow/core/kernels/ragged_tensor_to_tensor_op.cc#L356-L360) only checks that one of the tensors is not empty, but does not check for the other ones. There are multiple `DCHECK` validations to prevent heap OOB, but these are no-op in release builds, hence they don't prevent anything. The fix will be included in TensorFlow 2.5.0. We will also cherrypick these commits on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range. | |||||
| CVE-2021-22392 | 1 Huawei | 2 Emui, Magic Ui | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| There is an Incorrect Calculation of Buffer Size in Huawei Smartphone.Successful exploitation of this vulnerability may cause verification bypass and directions to abnormal addresses. | |||||