Total
11965 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-9101 | 1 Lame Project | 1 Lame | 2021-03-26 | 4.3 MEDIUM | 5.5 MEDIUM |
| The fill_buffer_resample function in util.c in libmp3lame.a in LAME 3.98.4, 3.98.2, 3.98, 3.99, 3.99.1, 3.99.2, 3.99.3, 3.99.4 and 3.99.5 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted audio file. | |||||
| CVE-2015-8620 | 1 Avast | 4 Avast Free Antivirus, Avast Internet Security, Avast Premier and 1 more | 2021-03-26 | 7.2 HIGH | 7.8 HIGH |
| Heap-based buffer overflow in the Avast virtualization driver (aswSnx.sys) in Avast Internet Security, Pro Antivirus, Premier, and Free Antivirus before 11.1.2253 allows local users to gain privileges via a Unicode file path in an IOCTL request. | |||||
| CVE-2020-11305 | 1 Qualcomm | 40 Apq8009, Apq8009 Firmware, Apq8053 and 37 more | 2021-03-25 | 4.6 MEDIUM | 6.8 MEDIUM |
| Integer overflow in boot due to improper length check on arguments received in Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music | |||||
| CVE-2017-8826 | 1 Faststone | 1 Image Viewer | 2021-03-24 | 6.8 MEDIUM | 7.8 HIGH |
| FastStone Image Viewer 6.2 has a "User Mode Write AV" issue, possibly related to the jpeg_mem_term function in jmemnobs.c in libjpeg. This issue can be triggered by a malformed JPEG file that is mishandled by FSViewer.exe. Attackers could exploit this issue for DoS (Access Violation) or possibly unspecified other impact. | |||||
| CVE-2017-8785 | 1 Faststone | 1 Image Viewer | 2021-03-24 | 6.8 MEDIUM | 7.8 HIGH |
| FastStone Image Viewer 6.2 has a "Data from Faulting Address may be used as a return value" issue. This issue can be triggered by a malformed JPEG 2000 file that is mishandled by FSViewer.exe. Attackers could exploit this issue for DoS (Access Violation) or possibly unspecified other impact. | |||||
| CVE-2017-12424 | 2 Debian, Shadow Project | 2 Debian Linux, Shadow | 2021-03-23 | 7.5 HIGH | 9.8 CRITICAL |
| In shadow before 4.5, the newusers tool could be made to manipulate internal data structures in ways unintended by the authors. Malformed input may lead to crashes (with a buffer overflow or other memory corruption) or other unspecified behaviors. This crosses a privilege boundary in, for example, certain web-hosting environments in which a Control Panel allows an unprivileged user account to create subaccounts. | |||||
| CVE-2021-22710 | 1 Schneider-electric | 1 Interactive Graphical Scada System | 2021-03-18 | 9.3 HIGH | 7.8 HIGH |
| A CWE-119:Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists in Interactive Graphical SCADA System (IGSS) Definition (Def.exe) V15.0.0.21041 and prior, which could cause remote code execution when malicious CGF (Configuration Group File) file is imported to IGSS Definition. | |||||
| CVE-2020-1899 | 1 Facebook | 1 Hhvm | 2021-03-18 | 5.0 MEDIUM | 7.5 HIGH |
| The unserialize() function supported a type code, "S", which was meant to be supported only for APC serialization. This type code allowed arbitrary memory addresses to be accessed as if they were static StringData objects. This issue affected HHVM prior to v4.32.3, between versions 4.33.0 and 4.56.0, 4.57.0, 4.58.0, 4.58.1, 4.59.0, 4.60.0, 4.61.0, 4.62.0. | |||||
| CVE-2021-22711 | 1 Schneider-electric | 1 Interactive Graphical Scada System | 2021-03-17 | 9.3 HIGH | 7.8 HIGH |
| A CWE-119:Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists in Interactive Graphical SCADA System (IGSS) Definition (Def.exe) V15.0.0.21041 and prior, which could result in arbitrary read or write conditions when malicious CGF (Configuration Group File) file is imported to IGSS Definition due to missing validation of input data. | |||||
| CVE-2021-22709 | 1 Schneider-electric | 1 Interactive Graphical Scada System | 2021-03-17 | 9.3 HIGH | 7.8 HIGH |
| A CWE-119:Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists in Interactive Graphical SCADA System (IGSS) Definition (Def.exe) V15.0.0.21041 and prior, which could result in loss of data or remote code execution when malicious CGF (Configuration Group File) file is imported to IGSS Definition. | |||||
| CVE-2021-22712 | 1 Schneider-electric | 1 Interactive Graphical Scada System | 2021-03-17 | 9.3 HIGH | 7.8 HIGH |
| A CWE-119:Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists in Interactive Graphical SCADA System (IGSS) Definition (Def.exe) V15.0.0.21041 and prior, which could result in arbitrary read or write conditions when malicious CGF (Configuration Group File) file is imported to IGSS Definition due to an unchecked pointer address. | |||||
| CVE-2018-13381 | 1 Fortinet | 2 Fortios, Fortiproxy | 2021-03-16 | 5.0 MEDIUM | 7.5 HIGH |
| A buffer overflow vulnerability in Fortinet FortiOS 6.0.0 through 6.0.4, 5.6.0 through 5.6.7, 5.4 and earlier versions and FortiProxy 2.0.0, 1.2.8 and earlier versions under SSL VPN web portal allows a non-authenticated attacker to perform a Denial-of-service attack via special craft message payloads. | |||||
| CVE-2021-21118 | 2 Google, Microsoft | 2 Chrome, Edge Chromium | 2021-03-15 | 6.8 MEDIUM | 8.8 HIGH |
| Insufficient data validation in V8 in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. | |||||
| CVE-2021-28036 | 1 Quinn Project | 1 Quinn | 2021-03-05 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in the quinn crate before 0.7.0 for Rust. It may have invalid memory access for certain versions of the standard library because it relies on a direct cast of std::net::SocketAddrV4 and std::net::SocketAddrV6 data structures. | |||||
| CVE-2016-10093 | 1 Libtiff | 1 Libtiff | 2021-03-05 | 6.8 MEDIUM | 7.8 HIGH |
| Integer overflow in tools/tiffcp.c in LibTIFF 4.0.7, 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5 and 4.0.6 allows remote attackers to have unspecified impact via a crafted image, which triggers a heap-based buffer overflow. | |||||
| CVE-2016-10092 | 1 Libtiff | 1 Libtiff | 2021-03-05 | 6.8 MEDIUM | 7.8 HIGH |
| Heap-based buffer overflow in the readContigStripsIntoBuffer function in tif_unix.c in LibTIFF 4.0.7, 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5 and 4.0.6 allows remote attackers to have unspecified impact via a crafted image. | |||||
| CVE-2020-25690 | 1 Fontforge | 1 Fontforge | 2021-03-01 | 6.8 MEDIUM | 8.8 HIGH |
| An out-of-bounds write flaw was found in FontForge in versions before 20200314 while parsing SFD files containing certain LayerCount tokens. This flaw allows an attacker to manipulate the memory allocated on the heap, causing the application to crash or execute arbitrary code. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. | |||||
| CVE-2021-21140 | 2 Google, Microsoft | 2 Chrome, Edge | 2021-02-25 | 4.6 MEDIUM | 6.8 MEDIUM |
| Uninitialized use in USB in Google Chrome prior to 88.0.4324.96 allowed a local attacker to potentially perform out of bounds memory access via via a USB device. | |||||
| CVE-2021-27376 | 1 Nb-connect Project | 1 Nb-connect | 2021-02-25 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the nb-connect crate before 1.0.3 for Rust. It may have invalid memory access for certain versions of the standard library because it relies on a direct cast of std::net::SocketAddrV4 and std::net::SocketAddrV6 data structures. | |||||
| CVE-2016-2148 | 3 Busybox, Canonical, Debian | 3 Busybox, Ubuntu Linux, Debian Linux | 2021-02-22 | 7.5 HIGH | 9.8 CRITICAL |
| Heap-based buffer overflow in the DHCP client (udhcpc) in BusyBox before 1.25.0 allows remote attackers to have unspecified impact via vectors involving OPTION_6RD parsing. | |||||